A number of hackers have compromised the Telegram accounts and email accounts of multiple cryptocurrency executives in the previous month, by exploiting a vulnerability in a decades old protocol which had been built back in 1975.
Telegram Account Hacks: The Modus Operandi
The fraudsters aimed at trying to intercept the two-factor authentication codes of victims by conducting an attack on Israel-based telecommunications provider Partner Communications Company which is formerly known as Orange Israel.
According to cybersecurity publication Bleeping Computer, a total of 20 crypto executives and customers of the Israeli telecommunications company or Orange company, were targeted and compromised in this well planned SS7 (Signaling System 7) attack which took place last month.
What is SS7 And What Does It Have to do With Telegram?
SS7 comprises a set of protocols that are used to facilitate the exchange of information within public switched telephone networks. Here, the interaction takes place over digital signaling networks. Hackers can exploit SS7 in order to intercept text messages and calls by using a roaming feature and by “updating the location of their device as if it registered to a different network.” The SS7 protocol which had first been developed back in 1975, is currently in widespread use on a global level.
Investigation and outcome
These attacks are currently being investigated by Israel’s National Cyber Security Authority and national intelligence agency Mossad. Israel-based cybersecurity firm Pandora Security’s analysis of the event entailed that the national governments must update their telecommunications infrastructure to protect against modern security threats. Pandora co-founder Tsashi Ganot said the hackers had also impersonated their victims on Telegram in unsuccessful attempts to lure close acquaintances into making crypto trades.
“In some cases, the hackers posed as the victims in their [Telegram] accounts and wrote to some of their acquaintances, asking to exchange BTC for ETC and the like […] as far as we’re aware no one fell for the bait.”Tashi Ganot to CoinTelegraph
The SS7 attacks are results of SIM-swapping that reassigns the phone number associated with a victim’s SIM-card to a device under the hackers’ control. The telecom providers based in the US have faced multiple lawsuits from crypto executive clients who have been targeted by SIM-swap attacks, previously.
To protect yourself from Telegram scams, check our guide here.