For background context around telecoms for anyone reading this, there is an underlying difference in how telecoms networks are designed and architected - in the Telco world, links between networks were predicated on trust. Originally, telecoms networks were run by national level quasi-government operators, one per country.
You interconnected with other "known entities". Even now, you likely have 3, 4 or 5 national mobile operators in any one country. They negotiate their white elephant party meaning roaming agreements in order for you to get roaming access. It's all driven by these kinds of relationships predicated on trusting other networks. In IT, we are rapidly moving towards zero trust due to the internetbut circuit switched legacy voice is still all designed to be sent over private circuits between operators who trust each other.
The legacy protocols see SS7used to route calls between operators are functional, but also lack access control and authentication, as it's assumed only trusted parties are on the network white elephant party meaning able to use them. Those assumptions are no longer valid, and there's a huge challenge in dealing with this - hence SMS and call interception and rerouting attacks to steal 2FA tokens etc.
The recently discussed[1][2] method of hijacking SMS with almost zero effort was an eye opener to me. I had thought it required social engineering my carrier. These systems are really designed for use in a world where only trusted actors have any access to the system! That's clearly not true white elephant party meaning all these third parties exposing functionality to the general public! This doesn't really seem to make things any worse. Yeah, but here you want to hijack a million accounts. What's the threat model epephant
You could become employed at the company, or break in or compromise one of the employees, to get access to the messages from valuable targets reply. Installing a backdoor to a more info piece of equipment that handles SS7, for instance? No, what is the threat model for the agent who wants to hijack text messages to a million random phones? Why are they doing it?
Off the top of my head: - Major players are using phone numbers to de-dup people. Use your million phone numbers to bypass such verifications and aggregate more power than intended. You could sell the accounts directly or monetize them individually e. Banks, k managers, and other critical pieces of infrastructure are more than happy to harvest your phone number for "added security" and proceed to weaken the security on your account by allowing anyone with control of that phone number to hijack the account. Individual numbers have max message rates and other garbage, but with an army of phone numbers you can, e. I'm pretty sure permissions are way more locked down white elephant party meaning they were when apps used to just use your phone directly, but if you control the phone number and have that contact info then you could pull off a similar marketing trick still today.
I'm struggling to imagine how you'd monetize it directly some kind of insider trading? White elephant party meaning is a targeted attack.
ideas white elephant gift good
Data can easily be worthless if it takes effort to process and doesn't produce much value. This is a common case; "if the data exists, it must be valuable" is not a particularly strong argument.
Insider trading doesn't really work, since by hypothesis you have no idea who the people are whose messages you're reading. If you know, then you're performing a targeted attack. There's no "inside" as far as you're concerned. Kind of. That's an annoying cost but not prohibitive even whiet accounts only worth pennies on average.
Related questions
Send and receive since you need to menaing which people would respond to obvious scams. As I say that though, I don't think there's much if any benefit over the other SMS spoofing scams which just use a link as the payload. People mostly view phones as private, and in 1M person hours you're likely to capture admissions of crimes, cheating, and all kinds of things.]
You are not right. Write to me in PM.