SS7 Used to Hack Messages of 20 Cryptocurrency Execs

Agents of Israel’s national security agencies have investigated a sophisticated hack that exploited vulnerabilities in SS7 signaling to obtain access to email and messaging services used by 20 Israeli executives, all of whom worked for businesses associated with cryptocurrency. Hackers gained access to the Telegram, Gmail and Yahoo mail accounts of the executives, all of whom were subscribers of Partner, a leading mobile operator in Israel. Haaretz reported that consulting company Pandora Security was asked to investigate by one of the executives, and their findings were startling:

Pandora’s investigation revealed that the incident was most likely what is termed an SMSC spoofing attack… In this kind of attack, which uses a phone’s roaming function, hackers need access to some cellular network in the world that interacts with Israeli cellular networks

Tzahi Ganot, co-founder of Pandora Security, went on to explain:

It’s a rare assault. The hackers send a message from a foreign cell network to an Israeli one, updating the client’s location. For example: ‘The client has just landed in Tbilisi, he has registered with our network. Please route his SMS messages via this network.’

Conversations within the cryptocurrency community revealed that other executives had been hacked in the same way. It is not known if there were any victims who work for other kinds of businesses because police and intelligence agencies have not shared any insights. Ganot speculated that the hacks all occurred on Partner because other networks have installed a firewall. He also criticized the way Partner responded to their customers:

Ganot says Partner mishandled the incident from the start. “Partner replied to our queries with ‘what does it have to do with us?’ ‘We don’t have a data security team,’ and ‘we have sales or customer service.’ One representative even suggested I join their anti-virus service for five shekels a month,” he says.

Partner disputed Ganot’s account. They responded to queries from Haaretz journalists by observing that customers of other networks also get hacked.

Ganot elaborated on the hackers’ motives in a subsequent interview with Bleeping Computer, suggesting that they tried to trick associates of the executives into sending them one kind of cryptocurrency in exchange for another, but that none of the recipients of these messages were fooled into responding.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.