Brazil’s Top Government Officials Were Hacked by “Spoofing” Attacks – Digitalmunition

News Brazil's Top Government Officials Were Hacked by "Spoofing" Attacks

Published on July 27th, 2019 📆 | 7103 Views ⚑


Brazil’s Top Government Officials Were Hacked by “Spoofing” Attacks

RIO DE JANEIRO, BRAZIL – Four people were arrested this week during Operation Spoofing by the Federal Police on suspicion of having hacked into the cell phone of Minister Sérgio Moro and other high ranking government officials, including president Jair Bolsonaro and Economy Minister Paulo Guedes.

A spoofing attack is when a malicious party impersonates another device or user on a network to launch attacks against network hosts, steal data, spread malware, or bypass access controls. (Photo internet reproduction)

The decision ordering the temporary arrest of the four suspects, issued by Judge Vallisney de Oliveira of the 10th Federal District Court of Brasília, states that the investigations have shown that:

“… the alleged hackers gained access to the code sent by the Telegram application’s servers to Moro’s cell phone and the other targets in order to open the App’s variant on a computer browser, rather than on the cell phone”.

“… then they made calls to the victim’s phone number so that the line would be busy and the call containing the Web Telegram service activation code would be directed to the victim’s mailbox…..”

Understand how this happened and the steps taken by the criminals

In the context of information security, and particularly network security, a spoofing attack occurs when a person or program successfully masquerades as another by falsifying data, to gain an illegitimate advantage.

How does Telegram access work?

When a user tries to access a Telegram account from a new device, the App sends a verification code to authorize entry. Unlike WhatsApp, Telegram allows several simultaneous sessions.

This authentication is carried out through a five-digit code. First, a message is sent to the Telegram app itself. Users can then request an SMS with this code.

Ultimately, users can ask Telegram to make a call and relay the access number.

Why does the victim receive a call from his/her own number?

According to judge Vallisney de Oliveira, who authorized the suspects’ arrest, this was part of the tactics used by hackers to obtain the authentication code of the victims’ Telegram.

Minister Sérgio Moro’s cell phone was deactivated on June 8th, when he realized that he had been a victim of a cyber attack by receiving three calls from his own number. (Photo internet reproduction)

What is known about Operation Spoofing

Attackers benefit from the fact that the app provides the option of sending the code through a phone call.

By placing multiple calls to the victim’s mobile number, the line is kept busy and this causes the Telegram call to land in the mailbox.

These hacker calls are made using a Voice Over IP (VoIP) service that allows them to place a call from the Internet, building a “cover” for the caller’s number. Therefore, it may appear that a victim is receiving a call from their own number.

Public telephone networks often provide caller ID information, which includes the caller’s number and sometimes the caller’s name, in each call.

However, some technologies (particularly VoIP networks) allow callers to forge caller ID information and present fake names and numbers.

Gateways between networks that would enable such spoofing and other public networks then forward that fake information.

According to the Federal Police, the gang in Araraquara, in the interior of São Paulo, used cell phones and high-tech computers to access Telegram app accounts. (Photo internet reproduction)

Since spoofed calls can originate from other countries, the laws in the receiver’s country may not apply to the caller. This limits the effectiveness of laws against the use of spoofed caller ID information to further a scam.

According to the investigations, VoIP was used to forge (or “spoof”) the victims’ telephone numbers.

“From then on, it was possible to call the same number and access the victim’s mailbox, listening to the Telegram access code and thus entering the victims’ Telegram app,” says Sandro Süffert, executive director of Apura Cyber Intelligence.

According to the court ruling, 5,616 calls made by the alleged hackers, where the receiver’s number was identical to the caller’s number, were identified by the police investigation.

It was by tracking the origin of these calls, through the VoIP service, that investigators were able to locate the suspects.

Source link

Tagged with:

Leave a Reply

Your email address will not be published. Required fields are marked *