Hackers Fool Telco Staff into Installing Remote Desktop Software, Claims Magazine

Hackers are now getting telecom employees to run software that lets the hackers directly reach into the internal systems of U.S. telecom companies to take over customer cell phone numbers

This is the alarming claim made by Joseph Cox, writing for Vice.

Multiple sources in and familiar with the SIM swapping community as well as screenshots shared with Motherboard suggest at least AT&T, T-Mobile, and Sprint have been impacted.

We are all familiar with the concept of customers being tricked by hackers into installing Remote Desktop Protocol (RDP) software on their computers, effectively handing unlimited access and control to criminals. Cox writes that telco employees are also falling for the same trick at work. Hackers obtain access to the telco’s systems and then reportedly use them to take over the phone accounts of the telco’s customers.

Little information was presented by Cox, ostensibly because he was dealing with criminals and did not want others to copy their techniques, but also because he appears to be relying upon the word of a single self-described SIM swapper and an ‘independent security researcher’ who seemingly showed photos of computers running software used inside telcos. However, representatives of AT&T and Sprint gave credibility to the Cox’s claims by saying they were ‘aware’ of this method being used by hackers who seek to execute SIM swaps.

You can read the Vice article here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.