The mechanism of Sim hijacking : Interview with Haseeb Awan

Haseeb Awan is the CEO and Co-founder of the mobile phone security company that is dedicated to providing the highest level of security to everyone and prevent Sim swaps from happening. He has been swim swapped 4 times and knows the horror that comes with it. Please take a look at how crypto users are in a danger zone more than ever due to sim swapping, and what you can do to protect yourself.

Haseeb Awan

Interview Date : 9th November 2020

Hello, crypto-readers and all others!

Let’s talk about my background here and who I am? 

This is Haseeb Awan here. I’m CEO of EFANI Inc, co-founder of BitAccess, and a Canadian-Pakistani. I have a degree in Master’s in Engineering Management, Telecommunications and studied Financial Markets from Yale University. As a Y-combinator alumni, I have my background within the Crypto and Cybersecurity domain.

I didn’t choose, the background chose me

I got into crypto because I discovered Bitcoin when it still was in its double digits. I bought Bitcoin just because of the rising price and I wanted to see if I could make some money.

However, subsequently I met a few friends and we decided to make a Bitcoin ATM service back in 2013. Once we launched the BTCs, people wanted more of them, and that’s how we started the company BitAccess. I think we have ATM locations available in 15 countries today, and it is the world’s leading vendor of Bitcoin ATMs (BTM).

Our BTCs allow anyone to deposit cash and instantly receive a digital wallet containing the equivalent in the Bitcoin cryptocurrency. They can also exchange Bitcoin for fiat currency.

What Is Sim-Swapping?

SIM-swapping is a socially engineered hack wherein a hacker takes control over a victim’s phone number onto a SIM card they control. You can call that “hijacking a mobile phone” as well.

In order to sim-swap a potential victim, an attacker will have to impersonate their target and convince the customer service agent of a dedicated carrier company to swap the number to the new SIM card. In more elaborate cases, a sim swap may occur by bribing a customer service representative.

Entrepreneur with purpose

I was Sim-swapped multiple times, I was victimized by impersonators or hackers who were looking to hack my account and taking control over my account’s multiple times. I took this act as a puzzle while solving the problem by myself. This helped me put my telecommunication background in practice. When I solved it, a lot of other people asked for the same solution for themselves. That scale gradually grew bigger, and before I knew it, I had an incorporated company, EFANI.

The mechanism of Sim hijacking

The most common way to be sim swapped is when someone contacts your wireless carrier and is able to convince the call center representative that they in fact are “you”. They use your personal data that’s often exposed in hacks, data breaches, or information you publicly share on social networks, hence at worst dark or deep web.

When the call center employee is convinced, they ask for switching the sim card linked to your phone number, and replace it with their sim card. Once your phone number is converted to a new sim card, all of your incoming calls and text messages will be diverted to the newly switched sim card that is in illicit hands.

The psychological dilemma

The first time I was sim swapped, I got very scared and confused. The second time, I didn’t care, but the third time I became upset. The fourth time I was very angry. I was confused thinking about what it was that actually had happened.

I had heard about sim swapping before, but I thought that would never happen to me. So, I was sitting at my computer desk, and received a message informing me about a sim swap that had just happened from my carrier. My phone stopped all its functions, so I couldn’t receive calls nor could call anybody.

Technically speaking, my sim card was no longer usable, and it wasn’t mine anymore. I used my wife’s cell phone to make a call to the customer center and was able to get it back within a few hours later. If I had not known this, then the damage may have been much worse.

What can hackers actually do?

There are three things they can do. First, they take total control over your sim card, and go to your email account, resetting your password. Certainly, that password reset notification and authentication will hit you like a nightmare on your phone, that is no longer under your control, and they have accessed over your email address as a result.

When these vile actors go through your email account, they can see what banks you deal with, and trace or extract your crypto assets. Traders or crypto investors are most targeted ones to such unforeseen and unfortunate sim swaps occurrences. Hackers will hack and log in to your crypto wallet accounts, thus they can hurt you financially but most importantly mentally.

The second thing they can do is to stop by your social media to absorb all your personal information and this information extraction is primarily for blackmailing purposes. The third thing is that they can hurt you emotionally. You will be under immense pressure and stress as they, by this point, have probably taken over all of your assets and social circles. By posting something inappropriate, they can hurt your reputation, that can be extremely damaging and detrimental.

How Do Customers Get Secured at EFANI?

The customer may go through 11-steps of authentication, and sometimes take a legal path through a lawyer, for changings in details such as a residence address or email address, etc.

Those 11 layers of authentication are the maximum number of verification methods available to EFANI customers. Every account has a minimum of seven authentication steps, and these verifications involve providing the last four digits of the credit card, phone number, SIM card number, etc.

We have made it very difficult to change or modify sim cards, to make sure there are no any chances of sim swapping. Most hackers give up after the second or third authentication step as it is too much work. Even if hackers have succeeded through the authentication steps, there is a 7-day period before the new sim card is activated. To make it even harder, the new sim card will be sent from EFANI, so no one can just use any sim card.

Most damaging Sim Swap Incidents

One of the most brutal sim swap incidents happened to a friend of mine Michael Terpin who lost around 24 million dollars in an unfortunate sim swap incident. This was before they were registered with us, and the experience was devastating as it could have been for anyone at Michael’s place.
What is the issue here?

The issue with security and privacy is that people do not care until an incident happens to them. You can talk about a hack, and people will think that “it’s sad” it happened, but it is not them. It is the same with cancer. We hear about cancer all the time but say “it’s not me” until it actually happens to that person. That’s when people really pay attention to it. Before that, they just deny it, ignore it, or at worst don’t consider it as a big issue.

Telephone Number is more valuable than an SSN – Social Security Number

Telephone numbers are becoming more and more common as a digital identity. Telephone numbers are even more important than our social security numbers. In the US, it is very easy to find out your social security number.

For example, if you tell me your phone number, using that information I can find out your social security number on the internet. You have to consider your phone number as “very sensitive information”. However, the problem is that, more and more corporations are asking for your phone number when registering with them, or opening an account, for example.

In this way, your phone number will be linked with your name, and can be googled. By finding this information, hackers can attack you. People don’t think about this but it happens. Thus, your telephone number shouldn’t be something that you give to anyone. Unfortunately, when people ask for telephone numbers, we don’t hesitate giving it out.

Cheaper Carrier, Cheaper Security

The issue is that it is not “everyone’s problem”. With wireless carrier companies, people will generally go for the cheapest carrier plans. Even if we assume that cybersecurity is “Made-In-America”, and everyone wants it till they find a cheaper alternative from somewhere else. People will lean towards the cheaper alternative, and that has become a massive issue, because they expect security to be a right and for free.

Interviewer , Editor : Lina Kamada

【Disclaimer】

The Article published on this our Homepage are only for the purpose of providing information. This is not intended as a solicitation for cryptocurrency trading. Also, this article is the author’s personal opinions, and this does not represent opinion for the Company BTCBOX co.,Ltd.