Though most people would expect hackers to come up with new and innovative ways of cheating businesses, very few would have imagined phones with SIM cards that have zero balance to their credit could actually become the means to steal precious revenue from internet service providers.
This activity has now come to light and interestingly, it has been observed in only a few countries so far—Brazil and Columbia.
Cybersecurity researchers at Flashpoint reported this phenomenon in a new blog post. According to their report, HTTP injectors are being exchanged in order for fraudsters to obtain internet access.
Telegram App Used to Gain Access
The other notable feature of this new activity that the origin of the mischief is the instant messaging platform Telegram.
It is to be noted that when Brazil imposed a restriction on the use of WhatsApp in the country a couple of years ago, Telegram stepped in to fill the void and has grown ever since.
It is also the opinion of many experts in the cybersecurity field that Telegram has increasingly become the preferred platform for hackers and all types of cybercriminals, particularly in the recent past.
The way they are operating here is they use a mobile or hand-held device that has a SIM and there is zero balance. The ISPs don’t provide internet access when there is zero balance.
These criminals access sites which have data-free access facility, and that is when the HTTP injector switch takes place via the Telegram app. In the next step, they request for SSH proxies and do whatever they want to do on the internet.
The Service Providers Bear the Loss
The immediate consequence of this illegal access of the internet and using up data without being clocked to the account means it is a direct loss to the company that owns the SIM and is unaware that data is getting consumed.
There are groups being formed of such users and HTTP injector exchangers on Telegram, and one such group in Portugal boasts of membership strength of over 90,000. One can imagine the losses the internet companies must be suffering.
The other more serious threat is that since these internet activities are not being metered and monitored, other illicit transactions can also be mounted using this platform.
Service Providers Only Can Act
Moving further to discuss how this illegal activity can be curbed or stopped forthwith, cybersecurity experts are of the opinion that merely strengthening the access level security (SSL and TLS level encryptions) to be made stricter may not yield results.
Technically, the fraudsters are able to work around such restrictions. In reality, they are even capable of using the SSH proxies to access the internet. One suggestion being offered is to create the necessary firewalls at the network level instead of just at the application level.
The internet service providers may have to form their own expert groups to study the modus operandi employed by these cybercriminals and come up with new ways to block their activity.
They might have to indulge in some eavesdropping to understand the intentions and objectives before devising the methods to prevent the misuse of systemic flaws to use data on the sly.
Some observers point out that in some of these countries, the cost of data usage is also very high; users may have to pay as much as $10 to $20 (USD) to use just one GB of data. This might itself spur a lot of users to try and steal as it is being done now.
Telegram may also have to own certain responsibility and plug the system holes which permit such crooks to take advantage and perpetrate crimes.