UPDATED 23:36 EST / DECEMBER 21 2016

INFRA

Report: Hackers stealing millions in bitcoin via phone hijacking

In a growing trend, hackers are hijacking phone numbers as a new way to steal funds from bitcoin and other accounts.

According to a report by Forbes, hackers were able to fake the identity of Colombian man Jered Kenna then subsequently transfer his mobile phone number from T-Mobile to another carrier linked to a Google Voice account to which the hacker had access.

On gaining control, hackers received calls and messages from Kenna’s phone, allowing them to reset the passwords for his email address by having SMS codes sent to the rerouted phone. With this access, the hackers could change the passwords on all Kenna’s accounts, including two banks, two bitcoin wallets, a PayPal account and even his Windows account.

The hacks into the bank account were easily reversible. However, the same was not the case for his bitcoin account. Hackers stole “millions of dollars” of the cryptocurrency. “I was one of the first people to actually do anything in bitcoin and I no longer have any bitcoin to speak of,” Kenna said. “I’ve got, like, 60 coins or something, which is nothing.”

According to the report, the U.S. Federal Trade Commission received 2,658 reports of cases such as these in January 2016, 6.3 percent of all case involving identity theft, up from 1,038 or 3.2 percent for the same period in 2013. Forbes notes that it’s difficult to put an actual figure on the number of hacks targeting digital currencies but notes that bitcoin exchange Coinbase Inc. believes the number will double from November to December among its customers.

“The security weakness being exploited here is not one that only affects cryptocurrency industry players — they are simply being targeted first because such transactions cannot be undone,” the report warned. “The security loophole these hackers are milking can be used against anyone who uses their phone number for security for services as common as Google, iCloud, a plethora of banks, PayPal, Dropbox, Evernote, Facebook, Twitter, and many others.”

This isn’t the first time security issues around using two factor authentication via SMS message has been in the spotlight. The National Institute of Standards and Technology recommended in August that 2fa SMS systems should not be used because of their inherent insecurity.

Image credit: Pixabay/Public Domain CC0

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.