Tech

I accidentally hacked a Peruvian crime ring


As soon as I went to Lima last week, and I did what countless tourists do every day: go to a cell phone store to get a SIM card with a local number. But this typical mundane ritual, which is no more fun than exchanging your dollars for euros, quickly took its toll — I hacked a criminal network.

When I was planning my trip, drugs were the last thing on my mind. In the upbeat days before Omicron, Peru felt like a dream, a dose of warmth and sunshine before returning home to the dreary New York winter. But minutes after I left the Movistar store, phone number in hand, I found my new holiday pastime: telling people they got the wrong number. I assume it will be a minor annoyance, a few text messages before people pass the word around. But things got much weirder when I installed WhatsApp.

The problem started with a jarring home screen. Instead of a new list of a new account, I was met with a list of dozens of groups that I appear to be a member of. Even with my embarrassingly poor Spanish, terms like “Dark Web” stand out, and sexually suggestive emojis need no translation. Then I started receiving messages. And while most of you will never find yourself caught up in Peruvian crime, your digital life faces similar vulnerabilities.

WhatsApp is encrypted, so everyone can talk frankly. And they started talking a lot about drugs and prostitution and other terms that I didn’t want to translate. People tell me about upcoming deliveries, mentioning places I’ve never heard of. I was in heaven, sitting by a rooftop pool overlooking the beaches and cliffs of Miraflores, and was panicking.

I started doing scenes in movies about the cheesy mob, an innocent bystander who was killed for watching too much. So I deleted everything. Every message, every group. I even went through mental exercises to blur my own memories, forcing myself to forget. But people keep reaching out. And when I went on to explain that they had the wrong person, they insisted: “Delete the number!”

And that’s how I end up giving cybersecurity advice to a criminal ring. I promised to delete the account, to transfer the number, but then I explained how they were compromised. Like so many WhatsApp accounts, my predecessor doesn’t have a PIN code, opt-in security can block exactly what I did accidentally, take over other people’s accounts and affect other people’s worlds. I can get a new number, but without a PIN, whoever comes next with the number Movistar lent me will face the same horrors.

As in most countries in South America, WhatsApp is Peru’s most popular communication platform. In some countries, Facebook-owned apps are so popular it has effectively replaced texting, allowing users to avoid phone company charges and get a reliable connection in areas with poor cellular coverage. Another point, of course, is security. But while encryption is indispensable, it is not enough. End-to-end encryption means Facebook and anyone who intercepts your messages can’t read what you’ve written. But they probably know everything else. With WhatsApp, they know who your contacts are, what groups you’re in, and when and to whom you’re sending messages.

While WhatsApp has been supporting two-factor authentication since 2017, it was never a default request. And no one knows exactly how many of the 2 billion WhatsApp accounts are unsecured. WhatsApp should set the PIN required or at least the default. But it is not alone. Not only do encrypted messaging platforms like Signal have similar vulnerabilities, but so do many others. Even after I deleted WhatsApp, I continued to receive a flood of messages from banks and payment apps, all trying to confirm someone else’s identity.

.



Source link

news7g

News7g: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, Sports...at the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button