Cyber ​​fraudsters hack into mobile operators to get to phone numbers of subscribers

Virtual desktops (RDP) are a convenient thing when you need to do something on the computer, but there is no physical opportunity to sit in front of it. Or when you need to get good performance, working from an old or not too powerful device. Cloud provider Cloud4Y provides this service to many companies. And I couldn’t get past the news about how scammers engaged in hijacking (swapping, swapping) SIM cards switched from bribing telecommunications companies to using RDP to gain access to the internal databases of T-Mobile, AT&T and Sprint.

Cyber ​​fraudsters (the hand does not rise to call them hackers) are increasingly forcing employees of mobile operators to launch software that allows them to penetrate the internal databases of companies and steal mobile phone numbers of subscribers. A special investigation recently conducted by Motherboard, an online magazine, suggested that at least three companies were attacked: T-Mobile, AT&T, and Sprint.

This is a real revolution in the field of SIM card thefts (they are stolen so that fraudsters can use the victim’s phone number to gain access to email, social networks, cryptocurrency accounts, etc.). Previously, scammers bribed employees of mobile operators to swap SIM cards or use social engineering in order to lure the necessary information, posing as a real client. Now they are acting brazenly and roughly, breaking into IT systems of operators and performing the necessary fraud on their own.

Speech about a new method of fraud was raised in January 2020, when several American senators asked the chairman of the Federal Communications Commission, Ajit Pai, what his organization was doing to protect consumers from an ongoing wave of attacks. The fact that this is not an empty panic is evidenced by recent a business about stealing $ 23 million from a crypto account via SIM swap. Accused – 22 year old

Some ordinary employees and their managers are completely inert and stupid. They give us access to all the data, and we begin to steal”, One of the attackers involved in theft of SIM cards told the online magazine on anonymity basis.

How it works

Crackers use the capabilities of the Remote Desktop Protocol (RDP). RDP allows the user to control the computer virtually from anywhere else. Typically, this technology is used for peaceful purposes. For example, when technical support helps a client configure a computer. Or when working in a cloud infrastructure.

But attackers also appreciated the capabilities of this software. The scheme looks quite simple: a fraudster, disguised as a tech support employee, calls an ordinary person and tells him about the infection of a computer with dangerous software. To solve the problem, the victim must turn on the RDP and let the fake support representative into his car. And then – a matter of technology. The fraudster gets the opportunity to do with the computer everything that the soul desires. And she usually wants to visit an online bank and steal money.

It’s funny that scammers reoriented themselves from ordinary people to employees of telecom operators, urging them to install or activate RDP, and then remotely open spaces They study the contents of databases by stealing SIM-cards of individual users.

Such an activity is possible, as some employees of the mobile operator have the right to “transfer” the phone number from one SIM card to another. When changing the SIM card, the victim’s number is transferred to the SIM card controlled by the fraudster. And then he can get the victim’s two-factor authentication codes or password reset prompts via SMS. T-Mobile uses a tool to change the number QuickviewAT & T has Opus.

According to one of the scammers with whom reporters managed to communicate, the most popular RDP program Splashtop. It works with any carrier, but for attacks on T-Mobile, AT&T it is most often used.

Representatives of the operators do not deny this information. So, AT&T said they knew about this specific hacking scheme and took steps to prevent similar incidents in the future. Representatives of T-Mobile and Sprint also confirmed that the company is aware of the method of hijacking SIM cards through RDP, but for security reasons did not disclose the measures taken. Verizon did not comment on this information.


What conclusions can be drawn from what is happening if you do not use foul language? On the one hand, I’m glad that users have become more educated, since criminals switched to company employees. On the other hand, there is still no data security. On Habré and on other sites articles about the fraudulent actions committed by means of substitution of SIM-cards slipped. So the most effective way to protect your data is to refuse to provide it anywhere. Alas, this is almost impossible to do.

What else is useful to read on the blog Cloud4y

→ CRISPR-resistant viruses build shelters to protect genomes from DNA-penetrating enzymes
→ How the bank broke
→ The Great Snowflake Theory
→ Internet by balloons
→ Pentesters at the forefront of cybersecurity

Subscribe to our Telegram-channel, so as not to miss another article! We write no more than twice a week and only on business.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *