top | item 23856148

(no title)

doomjunky | 5 years ago

I remember last year around christmas/new year 2018/2019 a similar hack/leak/doxxing took place, targeting 994 (!!) mostly german politicians, celebrities and influencers. Massive amounts of private information (names, addresses, phone numbers, e-mails, DMs, contacts, online profiles, chat logs, private documents and even intimate details) where leaked. The data was published on a wide spread of public pastebins and etherpads. It took ages to take them down. The attacker had set up a labyrinth of links, files and passwords and even structured the data by topics and political parties.

Attack vector: Sim-Swapping. It was too easy. As soon as he got into one account, he got access to it's contacts and more phone numbers.

The attacker (0rbit) was a 20 year old student living at his parents home. He bragged about his hack to a online friend. This friend knew that 0rbit had been raided by the police years earlier. He betrayed him to the investigators and with the exact date of the raid the they were able looked up the old case and reveal his identity.

Previously on HN: https://news.ycombinator.com/item?id=18823286

discuss

rawoke083600|5 years ago

Ja in South Africa, sim swapping is still one of the biggest attack vectors, especially for bank-account-hacks.

swiley|5 years ago

Anything cellphone related is absolute crap; Security and otherwise.

LukaD|5 years ago

It was not a hack. It was just a lot of doxxing. There was really nothing impressive about it.

cjsawyer|5 years ago

900 successful sim swaps is impressive.