Hackers Focus on Money By Spreading Adware and Porting Cellphone Numbers


Turns out two-factor authentication only works when you control your phone number.

Here's a roundup of Nextgov's ThreatWatch, our regularly updated index of cyber incidents. 

Texas City Warns Customers of Credit Card Breach

The City of Beaumont, Texas on Thursday shut down the system it uses to accept water utility payments due to fears it had been breached.

The city said some customers who used their credit and debit cards to pay their water bills reported unauthorized iTunes charges on statements, Beaumont Enterprise reported. The city said customers who paid their bills online between Aug. 1 and Aug. 24 may be affected, though the incident is still being investigated.

City Chief Technology Officer Bart Bartkowiak told the Enterprise the incident may be linked to a similar breach that happened Wednesday in the city of Oceanside, California.

Facebook Messenger Scheme is Spreading Adware

A massive adware campaign is being spread through Facebook Messenger, a security researcher found.

How the campaign is spreading links through Facebook is unclear, but the campaign involves many domains to avoid tracking and “advanced and obfuscated” code, according to a blog post by Kaspersky Lab researcher David Jacoby.

Victims receive what appears to be a video link from a Facebook friend, but that link opens up a Google Doc landing page that redirects victims to other websites according to their browsers, operating systems and other settings. For example, a Chrome browser user may be directed to a fake YouTube site and tricked into downloading a phony browser extension, or a Firefox user may be asked to update Flash Media Player. In both cases, they’d be downloading adware instead.

“As far as I can see no actual malware (Trojans, exploits) are being downloaded but the people behind this are most likely making a lot of money in ads and getting access to a lot of Facebook accounts,” Jacoby wrote.

Hackers Target Phones to Get Access to Cryptocurrencies

To get their hands on cryptocurrencies like bitcoin, hackers are turning to phones.

They are increasingly calling up mobile phone providers such as Verizon, T-Mobile U.S., Sprint and AT&T to transfer victims’ phone numbers to devices under their control, according to The New York Times. Phone numbers act as keys to reset many online accounts—two-factor authentication doesn’t prevent it because the hijacked phone number receives the authentication codes.

Perpetrators appear to choose targets by monitoring social media for people discussing virtual currency. They use phone numbers to verify account ownership and transfers assets out—a step a traditional bank could intervene in but cryptocurrency transactions are irreversible by design, according to the Times.

Digital wallet provider Coinbase points to the telecommunications companies as the "weakest link" in their security processes and recommends using Google Authenticator or another offline authenticator app instead of a mobile phone number.

“[S]ending SMS to your phone actually verifies you have access to your phone number, not really your phone device. This distinction is really important as it turns out phone numbers can be stolen far more easily than physical phone devices,” a company blog post said.