I'm coming at this not knowing enough, but have read many similar articles over the past 20 years or so. Bluntly, why don't these villains, instead of (for example) breaking into highly protected government nuclear facilities, why not just transfer all of 'everyones' money to their bank accounts? (hacks being so easy).
It's easier to track fund transfers than it is to track small snippets of assets being traded and reassigned. The smaller the pieces and the more of them there are going in all different directions in the first few steps the harder it is to find the end destination. Do this multiple times over multiple steps and you create plenty of buffers, because tracking the theft requires investigating every single possible route the assets could've taken. It's all about how much time you have to obscure the latest evidence before the authorities sort out the previous evidence. Shell companies are the corporate version of this sort of scheme.
Thank you. But remember, these are villains we're talking about. They would not care if the world knew they had stolen nuclear secrets. They won't care if they are tracked stealing money. Right?
Let's change it to, emptying 'everyone's' bank account; that kind of chaos would pretty much put a billion people in serious trouble almost immediately.
The point is, why go to the trouble of attempting to attack the most guarded?
let's say the bank doesn't notice the transfer and revert it back. how will they withdraw the money without getting caught? when you approach the "coupe of million dollars" milestone, humans start reviewing transactions. even with your own money, it isn't unusual to have the cops called on you when withdrawing large sums of money if you don't usually do that.
You’re thinking or villains from poorly written movies.
In reality, most of the people stealing data and money are not terrorists and don’t have as an ulterior motive “to instil terror and fear”. Usually they’re either politically motivated or just don’t have other means to put food on their tables.
having a smartphone or a cellphone is a security nightmare, but most of the people are willingly choosing this. what is worse, tho, is when you are unwillingly choosing this: I had to buy a smartphone too, just because of my bank. I think it's madness.
One of the more fun things to note is bad actors don’t need to be a telecoms operator or pay one for access to SS7 - a lot of the software involved for management is horribly insecure and often exposed to the internet by smaller operators.
The biggest barrier to entry for hacking SS7 networks is just gaining the network access. And that gate is often secured with some shoddily written mess of old code.
10 comments
[ 5.5 ms ] story [ 37.2 ms ] threadLet's change it to, emptying 'everyone's' bank account; that kind of chaos would pretty much put a billion people in serious trouble almost immediately.
The point is, why go to the trouble of attempting to attack the most guarded?
In reality, most of the people stealing data and money are not terrorists and don’t have as an ulterior motive “to instil terror and fear”. Usually they’re either politically motivated or just don’t have other means to put food on their tables.
The biggest barrier to entry for hacking SS7 networks is just gaining the network access. And that gate is often secured with some shoddily written mess of old code.