8 votes

Hackers claim they breached T-Mobile more than 100 times in 2022

5 comments

  1. [5]
    skybrian
    Link
    From the article: […]

    From the article:

    Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device.

    The conclusions above are based on an extensive analysis of Telegram chat logs from three distinct cybercrime groups or actors that have been identified by security researchers as particularly active in and effective at “SIM-swapping,” which involves temporarily seizing control over a target’s mobile phone number.

    […]

    All three SIM-swapping entities that were tracked for this story remain active in 2023, and they all conduct business in open channels on the instant messaging platform Telegram. KrebsOnSecurity is not naming those channels or groups here because they will simply migrate to more private servers if exposed publicly, and for now those servers remain a useful source of intelligence about their activities.

    2 votes
    1. [4]
      vord
      Link Parent
      This statement, right here, proves how mass dragnets can still be effective even if data is E2E and on-the-wire encrypted. Metadata analysis can piece together all sorts of detailed information,...

      The conclusions above are based on an extensive analysis of Telegram chat logs from three distinct cybercrime groups or actors that have been identified by security researchers as particularly active in and effective at “SIM-swapping,” which involves temporarily seizing control over a target’s mobile phone number.

      This statement, right here, proves how mass dragnets can still be effective even if data is E2E and on-the-wire encrypted. Metadata analysis can piece together all sorts of detailed information, especially if cross-referenced with location data.

      1. [3]
        Diff
        Link Parent
        Don't think you can gather that from the article. Telegram isn't E2E by default, and the article mentions "other seasoned cybercriminals" in the same space who aren't aligned with the TMobile...

        Don't think you can gather that from the article. Telegram isn't E2E by default, and the article mentions "other seasoned cybercriminals" in the same space who aren't aligned with the TMobile people, meaning it's likely a public Telegram channel. Sounds like the researchers just joined the channel.

        3 votes
        1. [2]
          vord
          Link Parent
          Man, I woulda hoped people involved in cybercrime would have the foresight to turn that on. /shrug

          Man, I woulda hoped people involved in cybercrime would have the foresight to turn that on.

          /shrug

          1. Diff
            Link Parent
            Foresight doesn't enter into it here, Telegram's public channels and even just private group chats aren't able to make use of E2E encryption at all. Even the existing one-on-one secret chats have...

            Foresight doesn't enter into it here, Telegram's public channels and even just private group chats aren't able to make use of E2E encryption at all. Even the existing one-on-one secret chats have a few heavy drawbacks to be aware of that really make them more of a temporary or specific-purpose thing rather than just a checkbox to tick in the settings.

            2 votes