20.5k unique visitors in the last 3 days

SS7 Used to Hack Messages of 20 Cryptocurrency Execs

Hackers took control of Telegram, Gmail and Yahoo accounts with the intention of tricking the victim's business associates.

Agents of Israel’s national security agencies have investigated a sophisticated hack that exploited vulnerabilities in SS7 signaling to obtain access to email and messaging services used by 20 Israeli executives, all of whom worked for businesses associated with cryptocurrency. Hackers gained access to the Telegram, Gmail and Yahoo mail accounts of the executives, all of whom were subscribers of Partner, a leading mobile operator in Israel. Haaretz reported that consulting company Pandora Security was asked to investigate by one of the executives, and their findings were startling:

Pandora’s investigation revealed that the incident was most likely what is termed an SMSC spoofing attack… In this kind of attack, which uses a phone’s roaming function, hackers need access to some cellular network in the world that interacts with Israeli cellular networks

Tzahi Ganot, co-founder of Pandora Security, went on to explain:

It’s a rare assault. The hackers send a message from a foreign cell network to an Israeli one, updating the client’s location. For example: ‘The client has just landed in Tbilisi, he has registered with our network. Please route his SMS messages via this network.’

Conversations within the cryptocurrency community revealed that other executives had been hacked in the same way. It is not known if there were any victims who work for other kinds of businesses because police and intelligence agencies have not shared any insights. Ganot speculated that the hacks all occurred on Partner because other networks have installed a firewall. He also criticized the way Partner responded to their customers:

Ganot says Partner mishandled the incident from the start. “Partner replied to our queries with ‘what does it have to do with us?’ ‘We don’t have a data security team,’ and ‘we have sales or customer service.’ One representative even suggested I join their anti-virus service for five shekels a month,” he says.

Partner disputed Ganot’s account. They responded to queries from Haaretz journalists by observing that customers of other networks also get hacked.

Ganot elaborated on the hackers’ motives in a subsequent interview with Bleeping Computer, suggesting that they tried to trick associates of the executives into sending them one kind of cryptocurrency in exchange for another, but that none of the recipients of these messages were fooled into responding.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email