identity thieves hijack cellphone accounts to go after virtual currency
Hackers found that one of the core elements of network security -- Mobile phone number- It is also the easiest to steal. In more and more cyber attacks, hackers have been giving T-Mobile U. S. , Sprint and AT&T, and asked them to transfer control of the victim\'s phone number to a device controlled by the hacker. Once they control the phone number, they can reset the password on each account that uses the phone number as a secure backup As services like Google, Twitter and Facebook show. \"My iPad was restarted, my phone was restarted, my computer was restarted, and when I was sweating, I thought, \'O. K. \"It\'s really serious,\" said Chris Burniske, a virtual currency investor, who lost control of his phone number at the end of last year. A wide variety of people complained about being successfully targeted by such attacks, including a black life activist and chief technical expert from the Federal Trade Commission. According to the Commission\'s own data, The so-called phone hijacking is on the rise. There were 1,038 such incidents reported in January 2013; By January 2016, the number had increased to 2,658. But a particularly concentrated wave of attacks hit those with the most obvious and valuable online accounts: Mr. Burniske. Within a few minutes after getting Mr. control Burniske\'s phone, his attacker has changed the password on his virtual currency wallet and emptied the contents of it -- It\'s about $150,000 at today\'s value. Most of the victims of these attacks in the virtual currency community do not want to publicly acknowledge this because they are afraid to provoke their opponents. But in interviews, dozens of prominent people in the industry acknowledged that they had been hurt in recent months. \"Everyone I know in the cryptocurrency field has stolen their phone numbers,\" said bitcoin entrepreneur Joby Weeks . \". Mr. At the end of last year, Zhou lost his phone number and virtual currency worth about millions of dollars, although after his wife and parents lost control of the phone number, he had sought from the mobile provider The attacker seems to be following anyone who talks on social media about having virtual money, or anyone who is known to invest in virtual money companies, such as venture capitalists. The design of virtual currency trading is irreversible. Accounts of institutions such as banks and brokerage firms are less vulnerable to these attacks, because if they are found within a few days, they can generally reverse unexpected or malicious transactions. But these attacks expose a vulnerability that can be exploited by almost anyone with valuable emails or other digital files -- Including politicians, activists and journalists. Last year, hackers took over DeRay Mckesson\'s Twitter account, the leader of the important movement for black life, by first getting his phone number. In some cases involving digital currency enthusiasts, the attacker held an email file to ask for a ransom -- Threatened to publish nude photos in one case and details of the victim\'s sexual fetish in another. Even sophisticated programmers and security experts are vulnerable to these attacks, setting a disturbing precedent for attackers to track down unskilled victims. Security experts worry that these types of attacks will become more common if mobile phone operators do not make major changes to their security procedures. \"It really highlights the insecurity of using any type of phone -- Based on security, \"said Michael Perklin, chief information security officer at the virtual currency exchange, many of its employees and customers were attacked. Mobile phone operators say they are taking steps to block attacks by adding more complex personal identification numbers or pins to their accounts. However, these measures are not sufficient to prevent the spread and success of criminals. According to Forbes, after the first wave of phone transplant attacks on the virtual currency community last winter, their frequency appears to have risen. Perklin and other security experts said. In recent cases, hackers confiscated phone numbers even when victims knew they were attacked and alerted their mobile phone providers. After learning that the attacker had called 13 times to try to transfer his number to a new phone, Adam poconki, managing partner of crypto chain capital, Verizon asked Verizon to take additional security measures against his account. But just a day later, he said the attacker persuaded another Verizon agent to change The number of Pokornicky for the new PIN is not required. Verizon spokesman Richard Young said the company could not comment on specific cases, but mobile phone transplants are not common. \"While we strive to ensure that customer accounts are kept safe, there are times when there is a lack of automated processes or manpower performance,\" he said . \". \"We strive to rectify these problems quickly and look for other ways to improve security. ”Mr. Perklin, who worked with a mobile phone operator in Canada before joining the shape movement, said that most phone companies would write any additional security requests in Notes on customer accounts. He said, but the agent can usually act on his own, and it is easy to miss the contents of the notes, regardless of what is in the notes. The vulnerability of phone numbers is the unintended consequence of the security industry\'s widespread push for a practice known as \"two people\" Factor authentication, which should help make the account more secure. Many email providers and financial companies ask customers to connect their online accounts with their phone numbers to verify their identity. But this system usually also allows people with phone numbers to reset passwords on these accounts without knowing the original password. The hacker just clicked \"forgot password? And sent a new code to the mobile phone that was requisitioned. Mr. Pokornicky was online when his phone number was taken away and he watched the attacker confiscate all of his main online accounts within minutes. \"It feels like they \'ve been a step ahead of me,\" he said . \". The speed at which attackers move leads people who are investigating hackers to believe that these attacks are usually carried out by groups of hackers working together. Danny Yang, founder of block seer, a virtual currency security company, said he tracked several cyber attacks in the Philippines, although computers in Turkey and the United States were also hit by other attacks. Mr. Perklin and other people investigating recent hackers said that the attackers usually succeeded in providing sad stories about emergencies, asking for the transfer of phone numbers to new devices -- Try it many times until you find an agent who is gullible. \"These guys will sit there and call 600 times and call an idiot\'s agent,\" Mr. Weeks said. Coinbase, one of the most widely used Bitcoin wallets, encourages customers to disconnect their phones from their Coinbase accounts. But some losing clients say the companies need to do more, such as delaying transfers from accounts that have recently changed passwords. \"The coin bank looks like a bank that stores millions of dollars like a bank, but before being robbed thousands of dollars in a few minutes, you won\'t realize how weak its default protection is, cody Brown, a virtual reality developer hacked, said. Mr. Brown wrote a widely circulated article about his experience, in which, as he sat on the Internet to watch, he lost about 8,000 of his money base account to coinbase or Verizon\'s customer service without any response. A spokesman for Coinbase said the company \"invested a lot of resources to build internal tools to help protect our customers from hacking and account acquisitions, including reaching a compromise through a phone transplant. The irrevocable nature of Bitcoin transactions is often hailed as one of the most important qualities of virtual currency, as it makes it harder for banks and governments to intervene in transactions. But Mr. Pokornicky said the virtual currency industry needs to alert new users to the additional risks posed by the new features of the technology. \"It\'s powerful to be able to control your money and move things without any permission,\" he said . \". \"But this particular right requires a clear understanding of its negative impact.