The unique scheme of hacking mobile phones in Russia - how it worked
Yesterday, the first channel and many other media outlets talked about millionaire hackers who were able to “hack into the networks” of various operators and remotely control the victims ’phones by writing off money from them. The number of reservations and outright misunderstanding, lies, in this story exceeds reasonable limits. Let's see what exactly happened and what is so unique in the scheme that the thieves used. I hasten to reassure, there are no miracles and the GSM standard is not compromised by the current attack.
Facts set out by the press service of K
- The criminal group was detained in Moscow, their development was carried out for about six months.
- 50,000 people suffered throughout the country for the year. The amount of damage is about 3 million rubles
- Fraudsters used the car from which they hacked phones
- Equipment illegally and smuggled into the Russian Federation was installed in the car
- The video also showed two laptops installed in the car
- The programmer was sitting on the apartment and remotely hacked phones, he was not in the car
- Radius up to 5 kilometers from the car, within it could carry out hacking
- The dispatcher managed the whole process
- Used the services of freelancers to refine the program for hacking phones
- The scheme involved 7 people, the organizer is not caught. Performers received from 30 to 50 thousand rubles
- The alarm was beaten in one of the operators, accidentally finding a circuit
')
How journalists interpreted the story
For comment, they called me at lunchtime yesterday and told me that the attackers had hacked into the network of operators and were able to remotely withdraw money from the accounts. The journalist spoke about a base station that traveled around Moscow and joined by ordinary citizens, after which their phones fell into submission. I haven’t heard such nonsense in a long time, but this was only the beginning. Then similar tales began to appear in the mass of sources. And the operators refused to comment on the situation, citing the secrecy of the investigation and the fact that they did not want to give weapons to burglars. On the other hand, those who are engaged in this have long understood how they were found and why, but the secrecy regime harms ordinary consumers.
Let's figure out together what happened and how.
Brilliant criminal scheme
So, in the ghazal which was disguised as a real estate agency, there was a driver and another person, they traveled around Moscow and got up in crowded places. Further, the second employee of the company “Roga and Hoof” included two laptops and the work began. Remotely, another employee connected to these laptops and started scanning the air for open bluetooth / wifi connections on mobile phones within a radius of up to 5 kilometers. It was here that the ether scanner was needed, which they called terribly complex and absent equipment in Russia. It is not so, another thing is that such equipment is not certified and its use is punishable.
So, after finding a working bluetooth or Wi-Fi on the phone, the attackers chose a password (standard zeros, ones and so on). In this case, depending on the model and manufacturer used different vulnerabilities. If the password was not chosen within 5-10 minutes, then this occupation was thrown and passed to another device. Having picked up the password from the hacked phone, they made a call or sent an SMS to a paid number (cost from 28 to 80 rubles). The burglars were not greedy, did not pump out all the money, behaved imperceptibly. In short, the selection of funds was carried out in small quantities. And this guaranteed their invisibility and the ability to work for a long time.
In this scheme, the main thing is not the hacking method itself, standard equipment was used, and some software that was written to facilitate hacking, but was based on software that can be easily found on the network. Not. The scheme is unique as an organizer, who did not catch everything done. None of the participants knew him. For six months, the management of K came out to the dispatcher, but it was not possible to find the one who was behind him. That is, the level of security was very good. I am sure that there were few such machines, and the ridiculous level of damage is due to the fact that they caught only one brigade and one number to send paid SMS.
Having organized a dozen cars, it was easy to withdraw money from more people. Why do I think it was not one car? In the story on the first channel it was shown that someone led the areas in which the machine operates. That is, indicated where to work. This is only necessary when there are several such machines and it is necessary to ensure that they do not overlap with each other. This is the simplest explanation.
And with such an organization, there is almost no chance of finding someone who really stands behind hacks. Simply, he is smarter and more cunning than those who catch him. For half a year not to catch the organizer means that the operation of control K has failed. De facto. On the other hand, the police reported victoriously about their success, but you decide whether to consider it as such or not. I am of the opinion that there is no success at all. They took the performers, equipment, dug only the tip of the iceberg.
The scheme was opened randomly in the monitoring center of the Megafon network. They saw that one of the paid SMS numbers was leaving, as a rule, from different areas of the city, but at the same time. And it seemed strange. Finding out from the subscribers what they were doing, they learned that nobody sent anything. Subscribers themselves did not notice the theft of money from the accounts. Surprisingly well-thought-out scheme, which is proven in practice.
PS For subscribers, this is a reason to turn off bluetooth / wifi when it is not needed. The stealth mode of the device in this situation does not help, it is necessary to turn it off. It is also worth inventing your passwords that are different from the standard and more difficult to them. Simple rules that most people don't follow.
We also have reason to be proud. This is the world's first documented case of mass hacking phones.
Facts set out by the press service of K
- The criminal group was detained in Moscow, their development was carried out for about six months.
- 50,000 people suffered throughout the country for the year. The amount of damage is about 3 million rubles
- Fraudsters used the car from which they hacked phones
- Equipment illegally and smuggled into the Russian Federation was installed in the car
- The video also showed two laptops installed in the car
- The programmer was sitting on the apartment and remotely hacked phones, he was not in the car
- Radius up to 5 kilometers from the car, within it could carry out hacking
- The dispatcher managed the whole process
- Used the services of freelancers to refine the program for hacking phones
- The scheme involved 7 people, the organizer is not caught. Performers received from 30 to 50 thousand rubles
- The alarm was beaten in one of the operators, accidentally finding a circuit
')
How journalists interpreted the story
For comment, they called me at lunchtime yesterday and told me that the attackers had hacked into the network of operators and were able to remotely withdraw money from the accounts. The journalist spoke about a base station that traveled around Moscow and joined by ordinary citizens, after which their phones fell into submission. I haven’t heard such nonsense in a long time, but this was only the beginning. Then similar tales began to appear in the mass of sources. And the operators refused to comment on the situation, citing the secrecy of the investigation and the fact that they did not want to give weapons to burglars. On the other hand, those who are engaged in this have long understood how they were found and why, but the secrecy regime harms ordinary consumers.
Let's figure out together what happened and how.
Brilliant criminal scheme
So, in the ghazal which was disguised as a real estate agency, there was a driver and another person, they traveled around Moscow and got up in crowded places. Further, the second employee of the company “Roga and Hoof” included two laptops and the work began. Remotely, another employee connected to these laptops and started scanning the air for open bluetooth / wifi connections on mobile phones within a radius of up to 5 kilometers. It was here that the ether scanner was needed, which they called terribly complex and absent equipment in Russia. It is not so, another thing is that such equipment is not certified and its use is punishable.
So, after finding a working bluetooth or Wi-Fi on the phone, the attackers chose a password (standard zeros, ones and so on). In this case, depending on the model and manufacturer used different vulnerabilities. If the password was not chosen within 5-10 minutes, then this occupation was thrown and passed to another device. Having picked up the password from the hacked phone, they made a call or sent an SMS to a paid number (cost from 28 to 80 rubles). The burglars were not greedy, did not pump out all the money, behaved imperceptibly. In short, the selection of funds was carried out in small quantities. And this guaranteed their invisibility and the ability to work for a long time.
In this scheme, the main thing is not the hacking method itself, standard equipment was used, and some software that was written to facilitate hacking, but was based on software that can be easily found on the network. Not. The scheme is unique as an organizer, who did not catch everything done. None of the participants knew him. For six months, the management of K came out to the dispatcher, but it was not possible to find the one who was behind him. That is, the level of security was very good. I am sure that there were few such machines, and the ridiculous level of damage is due to the fact that they caught only one brigade and one number to send paid SMS.
Having organized a dozen cars, it was easy to withdraw money from more people. Why do I think it was not one car? In the story on the first channel it was shown that someone led the areas in which the machine operates. That is, indicated where to work. This is only necessary when there are several such machines and it is necessary to ensure that they do not overlap with each other. This is the simplest explanation.
And with such an organization, there is almost no chance of finding someone who really stands behind hacks. Simply, he is smarter and more cunning than those who catch him. For half a year not to catch the organizer means that the operation of control K has failed. De facto. On the other hand, the police reported victoriously about their success, but you decide whether to consider it as such or not. I am of the opinion that there is no success at all. They took the performers, equipment, dug only the tip of the iceberg.
The scheme was opened randomly in the monitoring center of the Megafon network. They saw that one of the paid SMS numbers was leaving, as a rule, from different areas of the city, but at the same time. And it seemed strange. Finding out from the subscribers what they were doing, they learned that nobody sent anything. Subscribers themselves did not notice the theft of money from the accounts. Surprisingly well-thought-out scheme, which is proven in practice.
PS For subscribers, this is a reason to turn off bluetooth / wifi when it is not needed. The stealth mode of the device in this situation does not help, it is necessary to turn it off. It is also worth inventing your passwords that are different from the standard and more difficult to them. Simple rules that most people don't follow.
We also have reason to be proud. This is the world's first documented case of mass hacking phones.
Source: https://habr.com/ru/post/129232/
All Articles