Alleged SIM Swap Fraudster Stole $1m from Exec

By: Phil Muncaster

A Manhattan man is alleged to have stolen $1m in cryptocurrency from a Silicon Valley executive in a classic SIM swapping attack.

Nicholas Truglia, 21, allegedly targeted several victims including Saswata Basu, CEO of blockchain service 0Chain Myles Danielsen, vice-president of Hall Capital Partners and Gabrielle Katsnelson, co-founder of startup SMBX.

He was apparently able to hijack all of their mobile phone accounts, convincing carrier staff to transfer their numbers to new SIMs, but didn’t managed to grab any funds as a result.

However, a fourth victim wasn’t so lucky. San Francisco father-of-two, Robert Ross, also had his account hijacked and this time Truglia was allegedly able to use it to access $500,000 in a Coinbase account and $500,000 in a Gemini account.

Typically, this is possible because SIM swap attackers are able to intercept the two-factor authentication codes sent via text message to ‘enhance’ account security.

Truglia was arrested at his West 42nd Street high-rise apartment where police were able to recover $300,000 in stolen funds. He now faces 21 counts related to six victims, according to reports.

The case highlights the growing pressure on mobile operator staff to ensure they carry out the appropriate identity checks on the phone or in store, when individuals request numbers to be ported to new SIMs.

However, sometimes the scammers may get help from individuals working on the inside.

More: https://www.infosecurity-magazine.com/news/alleged-sim-swap-fraudster-stole/

SIKURPhone – Beyond a Cryptocurrency Wallet and Ready for Financial Transactions

By: sikur

Whilst Sikurs competitors are promising to release secure blockchain devices, Sikur is already delivering a full and innovative operating system experience. SikurOS is powering devices that can deliver much more than secure cryptocurrency wallets and other gadgets to protect assets.

2018 has been an incredible year for us – from the rush of launching SIKURPhone at Mobile World Congress, in Barcelona, to porting SikurOS to different hardware. It has been an exciting journey and we still have more to come, said Alexandre Vasconcelos, Sikurs COO.

SikurOS is a very innovative model, although its concepts are widely available. An operating system that is capable of effectively protecting user data is an approach that has taken SIKURPhone to the next level. Combining safety with convenience is a challenge that Sikurs research and development team face every day.

According to Group-IB, more than $882 million in cryptocurrency assets was lost to fraud and hacks in 2017 and 2018, mostly in the Asian market, including the over $500 million hack of Japanese Cryptocurrency Exchange Coincheck. Protecting cryptocurrency coins for the regular investor with simplicity and usability is already possible with SIKURPhone.

After passing rigorous tests by HackerOne with a bug bounty program, securing cryptocurrency is a challenge that SIKURPhone has already overcome. Sikur is now daring to take it a step further with the Trading Station concept.

More: https://www.globalbankingandfinance.com/sikurphone-beyond-a-cryptocurrency-wallet-and-ready-for-financial-transactions/

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Sikur lança solução que traz camada adicional para aplicações críticas

By: TI Inside Online

Embora os concorrentes da Sikur estejam prometendo lançar dispositivos blockchain seguros, a Sikur já está oferecendo um sistema operacional completo para uso de carteiras de criptomoedas seguras e outros gadgets para proteger ativos.

“2018 tem sido um ano incrível para nós – desde a corrida de lançamento do SIKURPhone no Mobile World Congress, em Barcelona, ??até a portabilidade do SikurOS para diferentes hardwares. Foi uma jornada emocionante e ainda temos mais por vir”, disse Alexandre Vasconcelos, COO da Sikur.

“O SikurOS é um modelo muito inovador, embora seus conceitos estejam amplamente disponíveis. Um sistema operacional capaz de proteger efetivamente os dados do usuário é uma abordagem que levou o SIKURPhone a combinar segurança com conveniência, um desafio que a equipe de pesquisa e desenvolvimento da Sikur enfrenta todos os dias”, completa.

De acordo com o Group-IB, mais de US$ 882 milhões em ativos de criptomoeda foram perdidos para fraudes e hackers em 2017 e 2018, principalmente no mercado asiático, incluindo os mais de US$ 500 milhões do Japanese Cryptocurrency Exchange Coincheck. Proteger moedas de criptomoedas para o investidor regular com simplicidade e usabilidade é o que promete o SIKURPhone.

Depois de passar por testes rigorosos da HackerOne com um programa de recompensas de bugs, garantir a criptomoeda é um desafio que a SIKURPhone já superou. Sikur está agora se atrevendo a dar um passo adiante com o conceito de Trading Station.

“O mercado financeiro é dinâmico e está em constante mudança. Os números de fraude e perda continuam aumentando à medida que a variedade de métodos de transação digital cresce. As soluções existentes não fornecem flexibilidade, usabilidade e segurança suficientes para o usuário moderno. A Sikur’s Trading Station usa a força do SikurOS e fornece camadas extras de segurança para aplicativos financeiros que exigem proteção máxima. Também introduz liberdade e flexibilidade para realizar operações de qualquer lugar, sem a necessidade de estar em escritórios ou redes altamente protegidas. As ações de trading, mobile banking e mPOS (Mobile Point of Sale) são alguns exemplos do mundo real onde a SIKURPhone pode fazer uma grande diferença para a indústria”, disse Fabio Fischer, vice-presidente executivo da Sikur.

Proteger dados localmente e na nuvem é uma alta prioridade para empresas e governos. Portanto, ter aplicativos conhecidos nesses dispositivos está se tornando obrigatório, pois a segurança preocupa mais pessoas a cada ano.

“Na Sikur, a inovação faz parte do nosso DNA. Estamos sempre procurando criar. Essa energia dá a todos mais poder e determinação para progredir. O conceito de Trading Station vem dessa maneira de pensar”, diz Alexandre Stumpf, CTO da Sikur.

Mais: http://tiinside.com.br/tiinside/seguranca/mercado-seguranca/31/10/2018/sikur

Group-IB: 14 cyber attacks on crypto exchanges resulted in a loss of $882 million

By: Pierluigi Paganini

Group-IB has estimated that crypto exchanges suffered a total loss of $882 million due to targeted attacks between 2017 and 2018.

Group-IB, an international company that specializes in preventing cyber attacks,has estimated that cryptocurrency exchanges suffered a total loss of $882 million due to targeted attacks in 2017 and in the first three quarters of 2018. According to Group-IB experts, at least 14 crypto exchanges were hacked. Five attacks have been linked to North Korean hackers from Lazarus state-sponsored group, including the infamous attack on Japanese crypto exchange Coincheck, when $534million in crypto was stolen.

This data was included in the annual Hi-Tech Crime Trends 2018 report, presented by Group-IB CTO, Dmitry Volkov, at the sixth international CyberСrimeCon conference. A separate report chapter is dedicated to the analysis of hackers’ and fraudsters’ activity in crypto industry.

Crypto exchanges: in the footsteps of Lazarus 

In most cases, cybercriminals, while attacking cryptocurrency exchanges, use traditional tools and methods, such as spear phishing, social engineering, distribution of malware, and website defacement. One successful attack could bring hackers tens of millions of dollars in crypto funds, whilst reducing the risks of being caught to a minimum:  the anonymity of transactions allows cybercriminals to withdraw stolen funds without putting themselves at greater risk.

Spear phishing remains the major vector of attack on corporate networks. For instance, fraudsters deliver malware under the cover of CV spam: they send an email containing a fake CV with the subject line “Engineering Manager for Crypto Currency job” or the file «Investment Proposal.doc» in attachment, that has a malware embedded in the document.

In the last year and a half, the North-Korean state-sponsored Lazarus group attacked at least five cryptocurrency exchanges: Yapizon, Coins, YouBit, Bithumb, Coinckeck. After the local network is successfully compromised, the hackers browse the local network to find workstations and servers used working with private cryptocurrency wallets.

More: https://securityaffairs.co/wordpress/77213/hacking/cyber-attacks-crypto-exchanges.html

Sikur turned a Sony smartphone into a cryptocurrency vault

By: Stan Schroeder

If you need to carry a substantial amount of cryptocurrency on you at all times, but you just don’t trust the average smartphone, a company called Sikur might have a solution.

On Wednesday, Sikur launched the SIKURPhone, a customized variant of a Sony smartphone, its Android enhanced with the secure, crypto-oriented SikurOS software.

SikurOS comes with a cryptocurrency wallet and numerous security-oriented features, such as the ability to remotely wipe the device, and Sikur’s own Secure App Store (launching later this year) which should host only vetted and thoroughly checked apps. A security-oriented chat app and browser are also on board.

The phone comes in two flavors: One is based on Sony’s XZ1, a 5.2-inch smartphone with a Snapdragon 835 chip, 4GB of RAM, 64GB of storage, a 2,700mAh battery and a 19-megapixel camera on the back paired with a 13-megapixel selfie camera.

The other is based on Sony’s mid-range XA2, which has a Snapdragon 630 chip, 3GB of RAM, 32GB of storage, a 23-megapixel rear camera, and 8-megapixel selfie camera, and a 3,300mAh battery.

Neither of these devices are particularly new — Sony launched two more XZ-series flagships after the XZ1 — but their specs are still good enough to hold their own against most modern phones.

If you’ve followed Sikur over the past couple of years, this launch is probably quite confusing. The company’s original SIKURPhone, launched in February 2018, had both its hardware and software built by Sikur. Now, the company appears to have pivoted to building only software which it will deploy on phones made by other manufacturers.

More: https://www.yahoo.com/news/sikur-turned-sony-smartphone-cryptocurrency-080440484.html

Sikur Launches Sony-Based Secure Android Smartphones, SikurPhone XZ1 & XA2

By: Alexander Maxham

 

In short: Sikur has announced that its SikurOS is now compatible with all Android smartphones, and it is also launching two highly secure smartphones that are based off of Sony’s more popular devices – the Xperia XZ1 and XA2. In fact these smartphones, even share those names as well. With the SikurPhone XZ1 and SikurPhone XA2. The hardware is the same as when Sony debuted these smartphones back in 2017, the only difference is the fact that it runs on Sikur’s highly secure Android software. Both of these devices have “several layers” of security, and it also has a pretty locked down app store. You cannot install third-party apps using the Unknown Sources feature that you would find on other smartphones. There are very few apps that are compatible with Sikur’s software. Sikur also has a cryptocurrency wallet, so if you are the type that owns some cryptocurrency, the SikurPhone is going to keep it nice and safe and away from hackers.

Why crypto investors might want to think twice about giving out their phone numbers

By: Kate Rooney

It’s a familiar scenario.

You forget a password to a website or log in from a new computer, and get locked out of your account. The website or your bank sends a text to confirm it’s you. Most of the time it is.

But the person receiving that text could be a hacker. Criminals are using a method known as “SIM swapping” to take over phone number accounts by duping wireless carriers, and in some cases stealing millions of dollars worth of cryptocurrency.

“In online banking, if someone gets into your account there’s ways to get the money back,” said Kyle Samani, managing partner at crypto hedge fund Multicoin Capital. “In crypto, if hackers get access to your your private keys, they own your money and you’re screwed.”

This week, a California man sued AT&T for $224 million after hackers used his number to steal $24 million worth of cryptocurrency stored on an online exchange. The plaintiff Michael Terpin accused AT&T of negligence, and likened it to “a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewelry in the safe from the rightful owner.”

Terpin is hardly the only one to suffer a hack. The total in cryptocurrency lost by individuals hit $1.6 billion at the end of June, according to CoinDesk’s 2018 State of Blockchain Report.

In order to stop the trend, cybersecurity and industry experts say investors should guard their cellphone numbers with the same paranoia with which they guard their social security numbers.

Swapping digits

Wireless store employees can assign your phone number to any device, with the right authorization. To confirm, they ask for pieces of private information like a birthday or a social security number. But those can be easily accessed for a price.

“Data is being bought, sold and traded on the dark web,” said Aaron Higbee, chief technology officer and co-founder of anti-phishing company Cofense. “If your phone number is of a sufficient age, you’re on a database somewhere.”

While one piece of data like a birthday might not be valuable on its own, combined with your phone number or address it can be used to answer those security questions from a wireless store employee.

After a criminal hacks into the person’s email or cryptocurrency account from their own devices, what’s known as “two-factor identification” will send a text code to the phone number as a form of security, and to prevent any sort of unauthorized log in. But because the hacker now controls that phone number, there’s no way of the rightful owner regaining control or stopping the hack.

This happened to a New York-based venture capitalist who invests in early stage tech companies. He asked not to be named for this story because he did not want to be targeted again, and feared he might egg on the hackers.

He was in his office on Monday when he was suddenly logged out of both his personal and business email accounts. When he turned on his AT&T phone, the device had no signal. Because of his experience in cryptocurrency and the tech world, he recognized it as a SIM swap attack. He immediately called his wireless carrier through Skype, and quickly went to the store to regain access to his cell phone but “not quickly enough.”

“This was the perfect storm,” he said. “If I was on vacation or didn’t know what to do immediately, they would have taken everything in my bank account.”

He was able to regain control of his email but not his Coinbase account. Hackers had already moved the cryptocurrency he held to another account, and had attempted to wire money from his CitiBank account, which was refunded by the bank, he said.

The total amount stolen was roughly $5,000 — which he says is no where near the total of his crypto holdings because the rest was stored offline.

More: https://www-cnbc-com.cdn.ampproject.org

Cryptocurrency investor robbed via his cellphone account sues AT&T for $224 million over loss

By: Kate Rooney

A U.S. investor filed a $224 million lawsuit against AT&T on Wednesday, accusing the telecommunications giant of negligence that allegedly caused the California resident to lose roughly $24 million in cryptocurrency.

In a 69-page complaint filed in U.S. District Court in Los Angeles, Michael Terpin claimed that because of “AT&T’s willing cooperation with the hacker, gross negligence, violation of its statutory duties, and failure to adhere to its commitments in its Privacy Policy,” he lost nearly $24 million worth of cryptocurrency.

Terpin, who was using AT&T as his service provider, said the digital tokens were stolen through a “digital identity theft” of his cellphone account. Terpin was the victim of two hacks within seven months.

After the first hack, Terpin alleged that an impostor was able to get his phone number from an “insider cooperating with the hacker” without an AT&T store employee requiring him to show valid identification or provide a required password. That phone number was later used to access Terpin’s cryptocurrency accounts, according to the complaint.

“What AT&T did was like a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewelry in the safe from the rightful owner,” the complaint alleged.

In an emailed statement, AT&T said “we dispute these allegations and look forward to presenting our case in court.”

More: https://www-cnbc-com.cdn.ampproject.org/c/s/www.cnbc.com/amp/2018/08/15/

The SIM Hijackers

By: Lorenzo Franceschi-Bicchierai

Meet the hackers who flip seized Instagram handles and cryptocurrency in a shady, buzzing underground market for stolen accounts and usernames. Their victims’ weakness? Phone numbers.


It seemed like any other warm September night in the suburbs of Salt Lake City. Rachel Ostlund had just put her kids to bed and was getting ready to go to sleep herself. She was texting with her sister when, unexpectedly, her cell phone lost service. The last message Rachel received was from T-Mobile, her carrier. The SIM card for her phone number, the message read, had been “updated.”

Rachel did what most people would have done in that situation: she turned the phone off and on again. It didn’t help.

She walked upstairs and told her husband Adam that her phone wasn’t working. Adam tried to call Rachel’s number using his cell phone. It rang, but the phone in Rachel’s hands didn’t light up. Nobody answered. Rachel, meanwhile, logged into her email and noticed someone was resetting the passwords on many of her accounts. An hour later, Adam got a call.

“Put Rachel on the phone,” demanded a voice on the other end of the line. “Right now.”

Adam said no, and asked what was going on.

“We’re fucking you, we’re raping you, and we’re in the process of destroying your life,” the caller said. “If you know what’s good for you, put your wife on the phone.”

Adam refused.

“We’re going to destroy your credit,” the person continued, naming some of Rachel and Adam’s relatives and their addresses, which the couple thinks the caller obtained from Rachel’s Amazon account. “What would happen if we hurt them? What would happen if we destroyed their credit and then we left them a message saying it was because of you?”

The couple didn’t know it yet, but they had just become the latest victims of hackers who hijack phone numbers in order to steal valuable Instagram usernames and sell them for Bitcoin. That late summer night in 2017, the Ostlunds were talking to a pair of these hackers who’d commandeered Rachel’s Instagram, which had the handle @Rainbow. They were now asking Rachel and Adam to give up her @Rainbow Twitter account.

More: https://motherboard.vice.com/en_us/article/vbqax3/hackers-sim-swapping-steal-phone-numbers-instagram-bitcoin

Hackers have stolen more than $1 billion from cryptocurrency exchanges in 2018

By: Sam Jacobs

The popularity of cryptocurrency has also given rise to a proliferation in the number of crypto exchanges.

The website coinmmarketcap.com lists 205 crypto exchanges, with Japan-based Binance topping the rankings for 24-hour transaction volume.

Clearly, there’s an opportunity in the space to make a profit by clipping the ticket on crypto trades.

At the same time, more transaction providers in the nascent, largely unregulated market for cryptocurrencies means more targets for hackers. So far in 2018, the hackers have been busy.

A report in the Wall Street Journal shows more than $US800 million ($AU1.08 bn) worth of cryptocurrency has been stolen by hackers this year.

The figures are based on an investigation by Autonomous Research, an independent research provider for the finance industry.

The biggest hack this year took place on Coincheck, a Japanese-based exchange which had more than $US500 million worth of crypto stolen in late-January.

Last month, South Korean exchange Bithumb was targeted, as hackers made off with around $US30 million while the company suspended operations and moved its crypto holdings to cold storage.

While companies such as Binance, Coincheck and Bithumb are usually referred to as exchanges, their functions differ from traditional stock exchanges such as the ASX.

Earlier this year, the chair of the Australian Digital Commerce Association (ADCA), Loretta Joseph, told Business Insider that exchanges should be referred to as “digital marketplaces”, given that they aren’t regulated and merely provide a forum for buyers and sellers to exchange crypto independently.

Another way in which crypto exchange companies differ from stock exchanges is that they often provide a vehicle to store users’ cryptocurrency, which is also what makes them a target for hackers.

Going back to 2011, there’s been a total of 56 cyber attacks across currency exchanges and initial coin offerings.

Autonomous Research said there’s been seven crypto exchange hacks so far this year, four of them in Asia.

More: https://www.businessinsider.com.au/cryptocurrency-exchange-hackers-2018