![]() ![]() When someone alludes to the increasingly popular tactic, others often post messages to the effect of, “I don’t condone any illegal activities.” Yet, two longtime members, who go by Ace (who is listed as one of the moderators of the forum) and Thug, told me that SIM swapping is a common method OGUSERS members use to steal usernames. ![]() Users on the site are not allowed to discuss SIM swapping. About 1,000 active users log in each day. What hackers do once they have control of your phone number depends on precisely what they’re after.Īs of June of this year, OGUSERS had more than 55,000 registered users and 3.2 million posts. A phone number provides the key to the kingdom for most services and accounts today.” It was never intended as such, just like Social Security Numbers were never meant as credentials. “Our phone number has become an almost irrevocable credential. This is very, very bad,” Schouwenberg wrote. ![]() “Most systems aren’t designed to deal with attackers taking over phone numbers. That’s troubling because cell phone numbers have become “master keys” to our whole online identity, as he argued in a blog post last year. “A determined and resourced criminal actor will be able to get at least temporary access to a number, which is often enough to successfully complete a heist.” “Any type of number can be ported,” Schouwenberg told me. In his opinion, no phone number is completely safe, and consumers need to realize that. Got a tip? You can contact this reporter securely on Signal at +1 9, OTR chat at or email Schouwenberg, the director of intelligence and research at Celsus Advisory Group, has done research on issues like SIM swapping, bypassing two-factor authentication, and abusing account recovery mechanisms. Taylor, who now works at security firm Path Network, told me that having a phone number linked to any of your online accounts makes you “vulnerable to basically 13- to 16-year-old kids taking over your accounts just by taking over your phone within five minutes of calling your fucking provider.” ( Read our guide on how to protect your phone number, and the accounts linked to it, from hackers.)Įric Taylor, a hacker formerly known as CosmoTheGod, used this technique for some of his most famous exploits, like the time he hacked into the email account of CloudFlare’s CEO in 2012. That’s because if hackers take over a target’s number, they can skirt two-factor and seize their Instagram account without even knowing the account’s password. And the hackers can reset the victim’s accounts and can often bypass security measures like two-factor authentication by using the phone number as a recovery method.Ĭertain services, including Instagram, require that users provide a phone number when setting up two-factor, a stipulation with the unintended effect of giving hackers another method of getting into an account. That late summer night in 2017, the Ostlunds were talking to a pair of these hackers who’d commandeered Rachel’s Instagram, which had the handle They were now asking Rachel and Adam to give up her Twitter account.įrom there, the victim loses service, given only one SIM card can be connected to the cell phone network with any given number at a time. The couple didn’t know it yet, but they had just become the latest victims of hackers who hijack phone numbers in order to steal valuable Instagram usernames and sell them for Bitcoin. “We’re fucking you, we’re raping you, and we’re in the process of destroying your life.” ![]() “What would happen if we hurt them? What would happen if we destroyed their credit and then we left them a message saying it was because of you?” “We’re going to destroy your credit,” the person continued, naming some of Rachel and Adam’s relatives and their addresses, which the couple thinks the caller obtained from Rachel’s Amazon account. “If you know what's good for you, put your wife on the phone.” “We’re fucking you, we’re raping you, and we’re in the process of destroying your life,” the caller said. “Right now.”Īdam said no, and asked what was going on. “Put Rachel on the phone,” demanded a voice on the other end of the line. Rachel, meanwhile, logged into her email and noticed someone was resetting the passwords on many of her accounts. It rang, but the phone in Rachel’s hands didn’t light up. Adam tried to call Rachel’s number using his cell phone. She walked upstairs and told her husband Adam that her phone wasn’t working. Rachel did what most people would have done in that situation: she turned the phone off and on again. ![]()
0 Comments
Leave a Reply. |