If you’re lucky enough to be famous, rich, or both, you might want to be more wary of your digital life than the average person. That is the lesson after a series of arrests in Europe. Authorities say a gang of hackers have swapped and / or faked celebrities̵
It’s a good tactic: because two-factor authentication and password recovery are so often tied to a phone number, that SIM card can effectively take over the person’s email, followed by social accounts, bank accounts, and backup data. It is a personal, targeted variant of identity theft. According to a combined task force for the UK’s National Crime Agency and Europol, the hackers in question targeted celebrities and other wealthy people, with lucrative results: Their hacks resulted in more than $ 100 million in losses in transferred cryptocurrency alone. More conventional bank transfers and stolen personal information were also among the losses.
The hackers used a combination of techniques, including calling phone service providers claiming to be the real users to link their phone numbers to a dual SIM card. In some cases, hackers seem to have worked with an “inside man,” a telephone company employee who can target specific accounts and have them transferred or duplicated without warning standard defense mechanisms.
Authorities arrested eight suspects in the UK, plus two more in Malta and Belgium respectively. Global police forces in the UK, Canada, Belgium and Malta were involved, including the Secret Service, the FBI, Homeland Security and a California prosecutor in the U.S. The attacks targeted the rich and famous around the world: actors , musicians, sports stars and social media influencers.
But even those of us who probably never make headlines can be vulnerable. Since the hackers were targeting cryptocurrency specifically, it would make sense to advise anyone active in crypto trading to take extra precautions. Beware of posting any personal information used for password verification online and keep an eye out for social engineering attempts or phishing attacks.
Source: Ars Technica, Europol, National Crime Agency