A SIM swap is when a cellphone carrier transfers a phone number to a new SIM card. This happens all the time for legitimate reasons when customers change phones or carriers and want to keep their number, or when they lose their phone. [...] Sometimes, criminals perform these hacks by tricking customer representatives into believing they are the targets. Other times, according to several people involved in the SIM hijacking community, researchers who have investigated it, and one recent reported case, criminals use what they call "plugs": telecom company insiders who get paid to perform illegal swaps.
"Everyone uses them," someone who claimed to be a SIM hijacker told me in a recent chat. "When you tell someone they can make money, they do it."
How criminals find the employees in the first place can vary. Some SIM hijackers I spoke to told me they approach them through shared friends in real life, others told me they just comb LinkedIn, Reddit or social media sites, such as it happened with Dixon.
[...] "This is not new," Dixon told me, referring to SIM swapping. "T-Mobile has had this issue for years and they seem to not be doing anything about it."
It's unclear how long these "plugs" last. In theory, carriers should have systems in place to check which employee was behind an unauthorized port out or SIM swap. Moe The God, a hacker who recently took over the Twitter account of a pro wrestler by hijacking his phone number, told me he has one insider at AT&T and one at Verizon. The first has been working for him since February, the second one since April.
"I just pay them," the hacker told me in an online chat.
Source: MotherBoard
(Score: 0) by Anonymous Coward on Monday August 06 2018, @09:29AM
Be careful what you wish for, remember the law of unintended consequences.