Most SS7 operating service providers on the dark web are crooks

0

The existence of Signaling System 7 (SS7) mobile phone protocol vulnerabilities is something security researchers warned against in 2016, and it was only a year before the first attacks exploiting them. are observed.

In the years that followed, governments exploited SS7 loopholes to follow individuals abroad, and hackers used them to hijack Telegram and email accounts.

Besides SMS, SS7 security holes can be exploited to intercept or transfer calls, 2FA codes, locate devices, forge SMS, etc.

But are these hacking services as plentiful as they are rumored to be, or is the dark web full of crooks just out there to steal money from would-be spies?

An availability survey

Analysts SOS Intelligence searched the dark web for SS7 exploitation service providers and found 84 unique onion domains claiming to offer them.

After narrowing down the results to those who still seemed active, they ended up with just the following four:

  • SS7 operator
  • SS7 online operator
  • SS7 hacking
  • Black fox market
The Dark Fox Market Site
The Dark Fox Market Site
Source: SOS Intelligence

All four claim to offer SMS interception and spoofing, location tracking, call interception and redirection.

By analyzing the network topology data for these sites, the researchers found that some of them were relatively isolated, not having many inbound links.

This is not a good indication of the reliability and credibility of the site and is usually an indication of recently established scam platforms.

Additionally, the SS7 Hack site appears to be copied from a clearnet website that was created in 2021, so it looks like a scam.

While trying to use its SS7 exploit kit, hoping for an API mirroring feature to be implemented, the researchers got nothing because the service was offline.

Dark Fox Market service purchase page
Dark Fox Market service purchase page
Source: SOS Intelligence

On the Dark Fox Market platform, which charges $ 180 for each targeted phone number, researchers found the same demo videos uploaded by Russian users to YouTube in 2016.

These were most likely stolen from YouTube and had nothing to do with the Dark Fox Market platform, which doesn’t offer a working SS7 operating service anyway.

Despite all this, by analyzing the cryptocurrency wallets provided by these platforms, SOS Intelligence discovered that the crooks were making large sums of money.

Real hidden SS7 operating services

The above does not mean that there are no SS7 operating services on the dark web, but rather that the real ones are hidden behind hacking forums and member-only marketplaces such as World Market.

As is generally the case on the dark web, the first search results that can be found on the “surface” usually lead to scams.

WorldMarket publication offering SS7 exploit services
WorldMarket publication offering SS7 exploit services
Source: KELA

You’d have to dig deeper to get the real deal, but that never eliminates the chances of always landing on receiving a scam.

Sophisticated threat actors have access to cell phone data through affiliations or their own operations, so there is no need to search for SS7 exploitation service providers.

Share.

Comments are closed.