[doomjunky]

I remember last year around christmas/new year 2018/2019 a similar hack/leak/doxxing took place, targeting 994 (!!) mostly german politicians, celebrities and influencers. Massive amounts of private information (names, addresses, phone numbers, e-mails, DMs, contacts, online profiles, chat logs, private documents and even intimate details) where leaked. The data was published on a wide spread of public pastebins and etherpads. It took ages to take them down. The attacker had set up a labyrinth of links, files and passwords and even structured the data by topics and political parties.

Attack vector: Sim-Swapping. It was too easy. As soon as he got into one account, he got access to it's contacts and more phone numbers.

The attacker (0rbit) was a 20 year old student living at his parents home. He bragged about his hack to a online friend. This friend knew that 0rbit had been raided by the police years earlier. He betrayed him to the investigators and with the exact date of the raid the they were able looked up the old case and reveal his identity.

Previously on HN: https://news.ycombinator.com/item?id=18823286

[rawoke083600]

Ja in South Africa, sim swapping is still one of the biggest attack vectors, especially for bank-account-hacks.

[swiley]

Anything cellphone related is absolute crap; Security and otherwise.

[LukaD]

It was not a hack. It was just a lot of doxxing. There was really nothing impressive about it.

[cjsawyer]

900 successful sim swaps is impressive.

[HenryBemis]

I was helping out a friend to make a presentation/training on IT Sec, and while I was searching for some fancy sim swap rigs photos, I saw this image [1] that lead me to this article [2]: "Detectives smash illegal SIM swap command centre in Ruiru"

and from the article: "Officers found 30,000 SIM cards, 240 iPhones, 150 MI phones, 2 laptops, 2 and other electrical appliances. The gadgets were plugged into a system."

[1]: https://nairobinews.nation.co.ke/wp-content/uploads/2018/08/...

[2]: https://nairobinews.nation.co.ke/news/detectives-smash-illeg...

It doesn't add up 900, only to 390.. but still.. if these guys would focus their ingenuity in something positive, they could have accomplished so much more in life.

[DeadSec]

There were no Sim-Swaps, at least not from the Student. Later it was revealed that he simply bought the Data & published it. The Hacking did somebody else.

[creato]

That doesn't make much sense. Why would a student, presumably with little money, buy something that seems likely to command a pretty high price, that he has no use for other than to post anonymously on the internet?

[DeadSec]

I don't know him, so all i can is guess. All I know is what the News in Germany reported. According to them he just acquired the Data he published. The reasoning behind it is unknown to me, if there was any. In the Media Coverage he doesn't really appeared that smart. Maybe he did it just to brag about it, or he was hoping to extort the people and wanted to prove that he has the material, or it was political because the most victims of him were from the left.