SS7 Hackers Targeted High Ranking Crypto Chiefs

Reading Time: 2 minutes
  • Last month, hackers gamed the SS7 mobile system network system and were able to impersonate individuals in high ranking positions in the crypto industry
  • The SS7 hackers were able to intercept texts and phone calls of their victims, including two-factor authentication
  • The goal was to obtain cryptocurrency but it doesn’t seem to have worked

Hackers targeted high-ranking individuals within the cryptocurrency sector last month by manipulating the Signaling System 7 (SS7) used for connecting mobile networks. The SS7 hackers were able to gain access to their victims’ Telegram and email data, although their primary goal seems to have been two-factor authentication (2FA) login codes delivered via SMS.

High Ranking Crypto Individuals Targeted

Tech website Bleeping Computer revealed the details of the hack on Monday, saying that it took place in September and targeted at least 20 members of Partner Communications Company (formerly Orange Israel), all of whom were “involved at a higher level in cryptocurrency projects.”

Bleeping Computer cites Tsachi Ganot, the co-founder of Pandora Security who investigated the incident, as saying that all clues point to an SS7 attack, with these individuals presumably selected because of the likelihood that they had access to large amounts of cryptocurrency, either directly or indirectly.

SS7 Hackers Intercepted Texts and Phone Calls

SS7 hackers can intercept text messages and phone calls of their target by updating the location of their device as if it is registered to a different network, which Ganot said is what they did:

The SS7 hackers likely spoofed the short message service center (SMSC) of a mobile network operator…to send an update location request for the targeted phone numbers to Partner. The update request essentially asked Partner to send to the fake MSC all the voice calls and SMS messages intended for the victims.

Fortunately it doesn’t seem as if the SS7 hackers’ attempts garnered much success, with Ganot saying that the hackers tried to use the accounts to solicit cryptocurrencies through Telegram and directly through acquaintances by “asking to exchange BTC for ETC and the like”, but that “as far as we’re aware no one fell for the bait.”