add

Friday, 2 August 2013

HOW NAIJALOADED WAS HACKED




Early this morning I posted that Naijaloaded dot com was being Hacked. Makinde Azeez reveal  that Airtel Security flaw  led to the Epic Hacking.


Makinde said. "They Swapped my SIM, Used the Forgot Password Features and Yahoo Sent the Guy my Code, he then Changed my Yahoo Password and Requested for a Password Changing Note from my Domain Registrar, Then he finally Changed my DNS".

At first, I didn't understand the swapping part. So I fired up my browser again and started crawling through webpages with the dork "Airtel Nigeria instant swap". After much crawling, I learnt that to swap your airtel sim (i.e. to hijack another person's airtel sim), all you need is

1. An airtel swap sim which goes for just N300 and offered for sale here
2. Four (4) most dial'd no
3. The serial number on the new airtel swap sim

. .and in 20mins max, d new Sim will be ready.

That easy yeah?!

After the "hacker" swapped Naijaloaded's owner SIM, he went on to use Yahoo's Forgot Password Features which yahoo then sent the hacker a code (to the swapped sim), he then Changed his Yahoo Password after which the hacker requested for a Password Changing Note from Naijaloaded.com Domain Registrar and ended up changing Naijaloaded.com 's DNS.

A brilliant social engineering attack it was!

This clearly exposes vital security flaws in several customer service systems.

All a malicious person need know to hijack your SIM is your 4 most dial'd nos (your dad, mom, girlfriend, line manager, direct subordinate, etc).

You know what this means? You can directly intercept that scheduled business call by hijacking that Big Oga's sim.

The guy that perpetrated this act not only digitally hacked the owner but they socially hacked him too as he could receive calls on his behalf.

It's quite upsetting that the ecosystem that we’ve placed so much of our trust in(In this case Airtel) has let some of us down so thoroughly.

Even the online Internet banking can be easily compromised. .call the customer care line, tell them you forgot your internet banking password, they will then ask 2/3 questions (1.) Your Date of Birth (2.)Your Account number (3.) Your Phone number and poof. .you have them reeling out all the infos you need (another story for another day)


Social Engineering, albeit a new one in the Nigerian space, is here to stay. .Folks Are
Posted by at

3 comments:

  1. Anonymous1:33 pm, August 03, 2013

    Thanks 4 the info

    ReplyDelete
  2. Nairaland.com10:40 pm, August 03, 2013

    How on earth can you copy a whole article verbatim without referencing the source. This is a criminal act and I'll expect you do the needful else you get sued

    ReplyDelete
  3. Musbizu11:12 pm, August 03, 2013

    Go ahead Mr Nairaland.com

    ReplyDelete

Subscribe to: Post Comments (Atom)