Posted on September 6, 2019 at 6:26 PM
If the CEO of a global company like Twitter is vulnerable to hacking attacks, then everybody is. That means people need to take every precautionary measure to protect their accounts, privacy, and critical information from cybercriminals.
Jack Dorsey, Twitter’s co-founder and current Chief Executive Officer, was the victim of a hacking attack last week. The cybercriminals that perpetrated the offense used an increasingly popular approach, which is also very hard to stop and can provide these individuals or entities with complete access to several accounts such as social media, banking, and email.
What is the SIM Swapping Attack?
The SIM swapping technique refers to actions performed by hackers in which they take over of their target’s phone number and use it to hijack their online identity. Recently, the SIM swapping approach has been implemented to take control of politicians, celebrities, influencers, and other notable people’s accounts, such as Dorsey’s. The intentions can range from stealing money internationally to just harassing people.
It doesn’t matter how high-profile victims may be: a successful defense against the SIM swapping attack hasn’t been developed yet, and in some cases, the offenses are repetitive and recurrent.
According to Allison Nixon, the director of research at the security company Flashpoint, SIM swapping represents a bothersome practice for cybersecurity specialists because there is nothing that the average person can do to put a halt to it, even though it doesn’t require particular skills to perform.
This is how the practice works: cybercriminals have convinced providers such as T-Mobile or AT&T to switch a phone number to a new device under their control. The switch is conducted via a SIM (Subscriber Identity Module) card in the victim’s device to a SIM card in another mobile.
A common practice performed by hackers is to call customer support for a specific carrier and pretend to be the intended target and that way, they collect phone numbers. Another thing they have done recently is paying employees of these phone companies to perform the switches for them. Sometimes, $100 in cash would be enough to entice them.
When the cybercriminal has control over the phone number, they ask platforms such as Twitter or Google to send a login code through SMS to the victim’s device. The vast majority of Internet services are willing to send them as a way of helping users who have lost access to their accounts. However, it will be sent to the hacker, which will allow him or her to gain access to that specific account.
The attack has existed for years, but its popularity is increasing. Phone carriers have actually been aware of its existence for years, but the single standard solution they could come up with, which is offering PIN codes that only the phone owner could provide to switch devices, has been rendered useless since hackers can pay the companies’ employees to obtain the codes.
A Lack of Effort
Erin West, a deputy district attorney in Santa Clara County (California) and an active member of a law enforcement institution focusing on the SIN swapping issue, stated that the phone carriers in the world are making a concerted effort to find a solution.
She says she lives in constant fear knowing that she could be next in any minute because the SIM swap is relatively easy to perform. Millions of people around the world have a similar sentiment.
To make matters worse, there are no American companies or institutions keeping track on the number of SIM swapping attacks being performed. However, Ms. West is doing her best to keep track of cases of the ever-increasing practice and warns that there have been lots of cases in 2019.
Meanwhile, T-Mobile’s spokeswoman Paula Jacinto explains that account takeover is a problem pertaining to the whole industry. In the case of the company she works in, it implements a number of safeguards to help protect customers against the SIM swapping and also provides several ways to protect information for clients.
Among the notable people that have suffered the attack are Dorsey, award-winning actress Jessica Alba, and online personalities Shane Dawson and Amanda Cerny, who has been a victim two times already.