Hackers have targeted approximately 20 Israeli crypto executives in early September, and demanding payments of digital currency.
October 6, 2020 | AtoZ Markets – Malicious attackers have tried to get Israeli executives working for 20 digital currency firms to pay cryptocurrency by sending them messages after hacking their phones and stealing their online identities.
Israeli news source Haaretz reported that the failed attack took place at the beginning of September and that all the companies involved were using Partner Communications, a major Israeli telecommunications company.
How hackers gain access to the Israeli crypto executives’ details
The Israeli internal security service that is known as the Israel Security Agency, Mossad, and Israel’s National Cyber Security Authority investigated the incidence.
It quoted Tzahi Ganot, the co-founder of Pandora, a security firm which provides protection for workers in sensitive positions, as saying that the attackers appeared to have used the cellular networks of EE, a division of BT, to gain access to the executives’ details.
Ganot said the attack was likely to have been an SMSC (short message service center) spoofing attack; this uses the roaming function and the attackers need access to a cellular network that interacts with Israeli networks.
“It’s a rare assault. The hackers send a message from a foreign cell network to an Israeli one, updating the client’s location. For example: ‘The client has just landed in Tbilisi, he has registered with our network. Please route his SMS messages via this network’,” Ganot explained.
“This is a necessary procedure for people entering a foreign country, whose cell phones are in ‘roaming’ mode.”
He explained that the attackers were likely to be from another country, and they had managed to hack into the EE cellular network in the UK; this was probably the origin of the attack.
AtoZ Markets understands that Ganot reached this conclusion due to a misreading of the routing numbers. An EE spokesperson denied that the company was involved.
“We have not identified any evidence of this issue taking place on EE infrastructure, and believe this issue has not involved EE’s network in any way, but is actually based on a misread of a routing number range in network identifier records,” the spokesperson said.
How Ganot’s company came into the picture
Ganot’s company was brought into the picture on September 7 by one of the executives, who contacted him after his phone was hacked and his Telegram account compromised.
The attackers had sent messages to his Telegram contacts, asking them to send cryptocurrency.
After Ganot posted news about this to his clients and also some digital currency groups, he received a flood of messages, all complaining of similar hacks.
Ganot, who formerly worked for the NSO Group, a firm that makes surveillance software, told Haaretz that the identity theft had been carried out by using SMS verification.
He said he had contacted Partner about the incident and claimed the telco had mishandled it from the start.
“Partner replied to our queries with ‘what does it have to do with us?’ ‘We don’t have a data security team,’ and ‘we have sales or customer service’,” he said.
“One representative even suggested I join their anti-virus service for five shekels (A$2.06) a month.”
He said he had then contacted Partner’s data security director Yaniv Sabag. “He asked for the victims’ details and phone numbers but afterward he asked that each one of them approach customer services separately and open a call, otherwise he wouldn’t be able to look into their cases,” Ganot said.
“I can tell you that to this moment I haven’t been able to ‘open a call’ in Partner and I’m a business client of theirs – or, more accurately, I used to be one.
“Finally, Sabag said they were checking out the incident – but a few days later they cut off all communication, not only with us, but also with their hacked clients, and didn’t answer their queries.”
A Partner spokesperson told Haaretz: “There is no connection between this incident and Partner. Incidents like these can take place — especially during the coronavirus — to clients of other firms as well.”
The newspaper said it had made inquiries with EE but had not received any response.
Think we missed something? Let us know in the comment section below.