Hackers are currently trying to exploit the weakest link in online security - mobile phone numbers. In a series of identity thefts that were already becoming regular occurrences during 2016, the hackers have concentrated on stealing phone numbers of people they realize are involved in bitcoin currency trading. Their method of operation is terrifyingly simple. They would call cell phone companies insisting that a certain Phone Number be transferred to another mobile device. From there on, they would use it to enter other devices of the original owner, tablets, computers, and from there on, all available accounts, particularly those connected to virtual currency trading.
Bitcoin transactions are irreversible
Currently, mobile phone numbers are the most used method of online security identification. At the same time, they seem to be the easiest to be stolen and misused. While big companies like Apple and Samsung are vying for mobile payment customers, the number of reported Bitcoin thefts through hacking mobile phone numbers, like that of Bithumb Bitcoin exchange is on an alarming rise. According to the data from the Federal Trade Commission, as far back as January 2016, there were 2,658 incidents of mobile phone number thefts, representing at that time 6.3% of all reports of identity theft.
The reason behind hijackers concentrating on virtual currency trade lies in the fact that all Bitcoin transactions are irreversible.
It seems something that something that is supposed to be the strongest element of Bitcoin trade actually turns out to be the one that hackers can really exploit to make serious virtual currency thefts. In the mentioned Bithumb heist, only one customer lost over $1 million. In some other reported cases, Bitcoin traders like Chris Burniske lost sums equivalent to $150,00.
Unfortunately, the number of reported incidents is much smaller than those that actually took place as the victims of these attacks to acknowledge them publicly because they fear that would provoke their adversaries.
Detailed methods of operation
Cell phone number hijackers seem to be operating as well organized groups and have a detailed plan of operation.
Most of which are currently reported to be in the Philippines, Turkey and the US. As explained by Chris Handagy from "Social-Engineer" and education oriented security company, these hackers mainly use so called social engineering. The hackers would closely follow all social media to see who is involved in virtual currency trades and would focus on finding out their mobile phone numbers.
Hackers would then make persistent attempts to switch such numbers to another mobile device by constantly calling providers like T-Mobile, Sprint or any other. That would include staging up a scene with crying babies or similar to back up the reason why they want such a witch. Since the regulation of using mobile phone numbers as an element of online security is left to providers, all the hackers have to do is wait for a lax customer representative to achieve their goal.
The number of reported cases of identity thefts geared towards virtual currency trade keeps on growing, often leaving bewildered original owners of mobile phone numbers to watch their financial assets stolen from them in front of their own eyes. An obvious need for further strengthening the security of mobile phone numbers is needed, but in the meantime, the users need to take their own precautionary measures like using a passcode on the account and disabling online access to their wireless accounts.