₦airaland Forum

Welcome, Guest: Join Nairaland / LOGIN! / Trending / Recent / New
Stats: 2,021,298 members, 4,307,397 topics. Date: Wednesday, 20 June 2018 at 05:00 AM

How Airtel Security Flaw Led To Epic Hacking - Webmasters - Nairaland

Nairaland Forum / Science/Technology / Webmasters / How Airtel Security Flaw Led To Epic Hacking (16225 Views)

Tonto Dikeh Buys For [$250,000] / Naijaloaded .com Has Been redeemed / Facebook Flaw Lets You View Someone's Private Photos (1) (2) (3) (4)

(0) (1) (2) (3) (Reply) (Go Down)

How Airtel Security Flaw Led To Epic Hacking by Slyr0x: 11:30am On Aug 02, 2013
In the space of one hour, the entire webmaster board was overloaded with several threads titled " got hacked". On checking one of the threads, I hurriedly fired up my browser, checked the Naijaloaded site and poof, I had a defaced webpage before me.

Next thing I did was to send Naijaloaded's owner a mail informing him of the hack which he then replied to this morning saying "They Swapped my SIM, Used the Forgot Password Features and Yahoo Sent the Guy my Code, he then Changed my Yahoo Password and Requested for a Password Changing Note from my Domain Registrar, Then he finally Changed my DNS".

At first, I didn't understand the swapping part. So I fired up my browser again and started crawling through webpages with the dork "Airtel Nigeria instant swap". After much crawling, I learnt that to swap your airtel sim (i.e. to hijack another person's airtel sim), all you need is

1. An airtel swap sim which goes for just N300 and offered for sale here
2. Four (4) most dial'd no
3. The serial number on the new airtel swap sim


. .and in 20mins max, d new Sim will be ready.

That easy yeah?!

After the "hacker" swapped Naijaloaded's owner SIM, he went on to use Yahoo's Forgot Password Features which yahoo then sent the hacker a code (to the swapped sim), he then Changed his Yahoo Password after which the hacker requested for a Password Changing Note from Domain Registrar and ended up changing 's DNS.

A brilliant social engineering attack it was!

This clearly exposes vital security flaws in several customer service systems.

All a malicious person need know to hijack your SIM is your 4 most dial'd nos (your dad, mom, girlfriend, line manager, direct subordinate, etc).

You know what this means? You can directly intercept that scheduled business call by hijacking that Big Oga's sim.

The guy that perpetrated this act not only digitally hacked the owner but they socially hacked him too as he could receive calls on his behalf.

It's quite upsetting that the ecosystem that we’ve placed so much of our trust in(In this case Airtel) has let some of us down so thoroughly.

Even the online Internet banking can be easily compromised. .call the customer care line, tell them you forgot your internet banking password, they will then ask 2/3 questions (1.) Your Date of Birth (2.)Your Account number (3.) Your Phone number and poof. .you have them reeling out all the infos you need (another story for another day)


Social Engineering, albeit a new one in the Nigerian space, is here to stay. .Folks Are You Ready?

10 Likes

Re: How Airtel Security Flaw Led To Epic Hacking by Godwin10(m): 11:43am On Aug 02, 2013
Incredible slyrox. It's a brainy idea, Wow. I bet u restored naijaloaded. @ ur signature.
Re: How Airtel Security Flaw Led To Epic Hacking by crusufixo(m): 11:50am On Aug 02, 2013
Re: How Airtel Security Flaw Led To Epic Hacking by tareigns(m): 11:52am On Aug 02, 2013
When i hear of network providers being hacked,am nt usually happy if its nt MTN. I despise dose stingy fowls.

4 Likes

Re: How Airtel Security Flaw Led To Epic Hacking by passionate88: 11:54am On Aug 02, 2013
Mankind don enter molue wey no get door come fali break at the same time. The guy go dn break him fasting when him hear d news

2 Likes

Re: How Airtel Security Flaw Led To Epic Hacking by onajo2000(m): 11:54am On Aug 02, 2013
every SIM suppose to have a security number attached to it like that of MTN.....at least before u can do a replacement, you must produce the security number......other network should wise up

1 Like

Re: How Airtel Security Flaw Led To Epic Hacking by BabaEleko(m): 11:56am On Aug 02, 2013
不是小东西 - no be small thing.

2 Likes

Re: How Airtel Security Flaw Led To Epic Hacking by felipemadero(m): 11:57am On Aug 02, 2013
huh cryhuh....surprised!!!
Re: How Airtel Security Flaw Led To Epic Hacking by MSItachi: 11:58am On Aug 02, 2013
Bravo!, now you have empowered more evil minded people
Congrats

3 Likes

Re: How Airtel Security Flaw Led To Epic Hacking by mkmyers45(m): 11:58am On Aug 02, 2013
tareigns: When i hear of network providers being hacked,am nt usually happy if its nt MTN. I despise dose stingy fowls.

Mtn has security numbers and pin....yeah s.uck on that
Re: How Airtel Security Flaw Led To Epic Hacking by costan306(m): 11:58am On Aug 02, 2013
i think say na free browsing.mtcheew

9 Likes

Re: How Airtel Security Flaw Led To Epic Hacking by mkmyers45(m): 11:58am On Aug 02, 2013
Is there anything you can do? I see the hacker wants to re-sell the domain
Re: How Airtel Security Flaw Led To Epic Hacking by Nobody: 11:59am On Aug 02, 2013
Social Engineering does not require any knowledge of computer programming, all you need is the right information from the right people. Makes me remember the guy that hacked amazon and paypal and stolen credit cards details.
Re: How Airtel Security Flaw Led To Epic Hacking by naturalwaves: 12:01pm On Aug 02, 2013
This story looks like an Abracadabra and it is difficult to believe. Even if it is that easy getting a sim swapped on Airtel, when the supposed cracker wanted to contact Yahoo, did he just get a Password just like that from Yahoo? Impossible! Getting your password changed on Yahoo isn't that easy. Okay? And the Domain Name Registrer too gave out another Password on sighting just a note for a change of password? I haven't read something as hilarious and ridiculous as this claim in a long while even if you go to court with this crap, you will outrightly lose the case on the first day.
First of all, confirm the sim swap procedure and how the hacker did it from Airtel and then contact Yahoo and get to know how the verification for password changed such that yours was given out so cheaply on just a request then contact your DNR too to get the full details of how your password was changed in a little time before you come up with claims. I understand the fact that, your website was hacked but trying to make Airtel the scapegoat for the process without sufficient evidence is really hilarious. Take heart!

10 Likes

Re: How Airtel Security Flaw Led To Epic Hacking by Nobody: 12:02pm On Aug 02, 2013
Kudos to MTN for introducing MTN security number.

4 Likes

Re: How Airtel Security Flaw Led To Epic Hacking by meracool(m): 12:03pm On Aug 02, 2013
Online.. Internet.. everything Is NOT secured... JESUS is the ONLY Sure and SECURED Link..!!!

9 Likes

Re: How Airtel Security Flaw Led To Epic Hacking by meracool(m): 12:04pm On Aug 02, 2013
Naijaloaded Site Is Now Going..

Congrats Mankind...!!!
Re: How Airtel Security Flaw Led To Epic Hacking by ocheejemb: 12:04pm On Aug 02, 2013
Wow, I got pissed off at Etisalat's office when they refused to allow me help my Dad swap his sim to a micro sim without a signed letter even though I had both in my possession. I see why. Airtel need to do better.
Re: How Airtel Security Flaw Led To Epic Hacking by femi4: 12:04pm On Aug 02, 2013
SIM SWAP should being done at the service center alone. Physical presence matters so as to compare the face of the person requesting for SIM SWAP to the face registered on their system

6 Likes

Re: How Airtel Security Flaw Led To Epic Hacking by Nobody: 12:13pm On Aug 02, 2013
allahu akbar برربشباسجنفسدجنفسجابدشدجنفسجنسجسبشدنسفنجسبدفنسجانفنجسبدسجدجند . allah is great
Re: How Airtel Security Flaw Led To Epic Hacking by EMERITUS1(m): 12:18pm On Aug 02, 2013
thanks for the info that is hacking 101 more of such lessons
Re: How Airtel Security Flaw Led To Epic Hacking by omanifrank(m): 12:18pm On Aug 02, 2013
that was bad oh......but the site is back now
Re: How Airtel Security Flaw Led To Epic Hacking by Nobody: 12:18pm On Aug 02, 2013
Yaaaga!!!!!!!!


Makinde Azeez don recover him Site back!!!
Re: How Airtel Security Flaw Led To Epic Hacking by yunisco: 12:19pm On Aug 02, 2013
naturalwaves: .
haaaaaaaaaa.....oya lipopo....make una dey dupopo....baby baby baby oya oya.go dere
Re: How Airtel Security Flaw Led To Epic Hacking by Riskymallam: 12:21pm On Aug 02, 2013
Long way to go, these folks should learn to put every contingency into consideration. Bleep it..

(0) (1) (2) (3) (Reply)

What Is The Difference Between .ng And .com.ng Domain / Your Paypal Account Is Limit ? Want To Cashout Or Lifted Limit ? / 10 Things You Must Have And Do Before Applying For Adsense

(Go Up)

Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health
religion celebs tv-movies music-radio literature webmasters programming techmarket

Links: (0) (1) (2) (3) (4) (5) (6) (7) (8) (9)

Nairaland - Copyright © 2005 - 2018 Oluwaseun Osewa. All rights reserved. See How To Advertise. 62
Disclaimer: Every Nairaland member is solely responsible for anything that he/she posts or uploads on Nairaland.