To be clear, KrebsOnSecurity is not aware of specific SIM-swapping incidents tied to any of these breach claims. The prices advertised for a SIM-swap against T-Mobile customers in the latter half of 2022 ranged between USD $1,000 and $1,500, while SIM-swaps offered against AT&T and Verizon customers often cost well more than twice that amount. And when those offers do materialize, they are considerably more expensive. While it is true that each of these cybercriminal actors periodically offer SIM-swapping services for other mobile phone providers - including AT&T, Verizon and smaller carriers - those solicitations appear far less frequently in these group chats than T-Mobile swap offers. We are also focused on gathering threat intelligence data, like what you have shared, to help further strengthen these ongoing efforts.” TMO UP! “We have continued to drive enhancements that further protect against unauthorized access, including enhancing multi-factor authentication controls, hardening environments, limiting access to data, apps or services, and more. “And we are constantly working to fight against it,” the statement reads. But in a written statement, T-Mobile said this type of activity affects the entire wireless industry. The company declined to confirm or deny any of these claimed intrusions. KrebsOnSecurity shared a large amount of data gathered for this story with T-Mobile. The 104 days in the latter half of 2022 in which different known SIM-swapping groups claimed access to T-Mobile employee tools. The tally shows that in the last seven-and-a-half months of 2022, these groups collectively made SIM-swapping claims against T-Mobile on 104 separate days - often with multiple groups claiming access on the same days. 31, 2022.īut by the time we got to claims made in the middle of May 2022, completing the rest of the year’s timeline seemed unnecessary. Initially, the goal of this project was to count how many times each entity claimed access to T-Mobile throughout 2022, by cataloging the various “Tmo up!” posts from each day and working backwards from Dec. The information required from the customer of the SIM-swapping service includes the target’s phone number, and the serial number tied to the new SIM card that will be used to receive text messages and phone calls from the hijacked phone number. Other information in the announcements includes the price for a single SIM-swap request, and the handle of the person who takes the payment and information about the targeted subscriber. At a minimum, every SIM-swapping opportunity is announced with a brief “ Tmobile up!” or “ Tmo up!” message to channel participants. KrebsOnSecurity is not naming those channels or groups here because they will simply migrate to more private servers if exposed publicly, and for now those servers remain a useful source of intelligence about their activities.Įach advertises their claimed access to T-Mobile systems in a similar way. This means that stealing someone’s phone number often can let cybercriminals hijack the target’s entire digital life in short order - including access to any financial, email and social media accounts tied to that phone number.Īll three SIM-swapping entities that were tracked for this story remain active in 2023, and they all conduct business in open channels on the instant messaging platform Telegram. The conclusions above are based on an extensive analysis of Telegram chat logs from three distinct cybercrime groups or actors that have been identified by security researchers as particularly active in and effective at “ SIM-swapping,” which involves temporarily seizing control over a target’s mobile phone number.Ĭountless websites and online services use SMS text messages for both password resets and multi-factor authentication. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to internal company tools, and then convert that access into a cybercrime service that could be hired to divert any T-Mobile user’s text messages and phone calls to another device. Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests.
0 Comments
Leave a Reply. |