fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

SIM Swap Scammer Pleads Guilty to Instagram Account Hijacks, Crypto Theft

SIM Swap Scammer Pleads Guilty to Instagram Account Hijacks, Crypto Theft

Declan Harrington, a Massachusetts man charged two years ago for his alleged involvement in a series of SIM swapping attacks, pleaded guilty to stealing cryptocurrency from multiple victims and hijacking the Instagram account of others. 

SIM swapping (aka SIM hijacking) attacks make it possible for malicious actors to take control of their targets’ mobile phone numbers by tricking or bribing employees of mobile phone service providers to reassign the numbers to attacker-controlled SIM cards.

This allows the crooks to completely take control of victims’ phone numbers and use them to bypass SMS-based multi-factor authentication (MFA), steal credentials, and hijack online accounts.

Swim swap and death threat combo

Harrington was charged with Eric Meiggs in November 2019 for targeting the owners of high-value (‘OG’ or ‘Original Gangster’) Instagram and Tumblr accounts.

They also went after cryptocurrency companies’ executives and several other targets with significant quantities of cryptocurrency in their Coinbase or Block.io wallets.

In all, through multiple SIM swapping attacks and death threats, the two defendants stole more than $530,000 worth of cryptocurrency from at least ten victims across the US and took control of multiple OG social media accounts.

Also Read: Lessons from PDPC Incident and Undertaking: August 2021 Cases

According to court documents, tactics and methods allegedly used by the two defendants during their attacks included:

  • Identifying potential victims who likely had significant amounts of cryptocurrency and researching the potential victims using online tools.
  • Engaging in “SIM swapping” in order to take control of victims’ cell phone numbers.
  • Leveraging the victims’ hijacked phone numbers to gain unauthorized access to their online accounts, including email accounts, social media accounts, and cryptocurrency accounts.
  • Using their access to victims’ accounts to take over and steal their account handles and their cryptocurrency.
  • Selling or otherwise transferring victims’ log-in credentials, account handles, and cryptocurrency.
  • Using victims’ hacked online accounts to ask for money and cryptocurrency from victims’ friends and families.
  • Using multiple online accounts to hide their identities and evade detection by law enforcement.

Meiggs, Harrington’s co-conspirator, also pleaded guilty on April 28, 2021, and is scheduled to be sentenced next year, on May 24. A sentencing date for Harrington is yet to be scheduled by the Court.

How to protect against SIM swapping attacks

The US Federal Trade Commission (FTC) issued guidance on how to protect against SIM swapping attacks in October, listing the following list of protection measures:

  • Don’t reply to calls, emails, or text messages that request personal information. These could be phishing attempts by scammers looking to get personal information to access your cellular, bank, credit or other accounts. 
  • Limit the personal information you share online. If possible, avoid posting your full name, address, or phone number on public sites.
  • Set up a PIN or password on your cellular account. This could help protect your account from unauthorized changes. 
  • Consider using stronger authentication on accounts with sensitive personal or financial information. If you do use multi-factor authentication (MFA), keep in mind that text message verification may not stop a SIM card swap. If you’re concerned about SIM card swapping, use an authentication app or a security key.

The FBI issued a SIM swapping alert with guidance on defending against such attacks after warning of an increase in the number of SIM jacking attacks.

Also Read: Data Minimization; Why Bigger is Not Always Better

The FTC also provides detailed guidance on how to secure personal information on your phone and keep personal info secure online.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us