SOCIALS 

SUBSCRIBE 

 Keeping you informed | Latest News 

© 2018 Dr. Chaos 

doctorchaos.com and drchaos.com is a blog dedicated to Cyber Counter Intelligence and Cybersecurity technologies. The posts will be a discussion of concepts and technologies that make up emerging threats and techniques related to Cyber Defense. Sometimes we get a little off-topic. Articles are gathered or written by cyber security professionals, leading OEMs, and enthusiasts from all over the world to bring an in-depth, real-world, look at Cyber Security. About this blog doctorchaos.com and drchaos.com and any affiliate website does not represent or endorse the accuracy or reliability of any information’s, content or advertisements contained on, distributed through, or linked, downloaded or accessed from any of the services contained on this website, nor the quality of any products, information’s or any other material displayed, purchased, or obtained by you as a result of an advertisement or any other information’s or offer in or in connection with the services herein. Everything on this blog is based on personal opinion and should be interoperated as such. Contact Info If you would like to contact this blog, you may do so by emailing ALAKHANI(AT)YMAIL(DOT)COM  

CYBER & INFOSEC

"blogger, InfoSec specialist, super hero ... and all round good guy" 

DISCUSSIONS, CONCEPTS & TECHNOLOGIES FOR THE WORLD OF

JOIN THE DISCUSSION

League of Legends Champ Loses $200k to Sim-Swap Hack



There's been a growing trend in the world of cybercrime recently; that of sim-swapping, a new and subversive type of identity theft. Pro League of Legends gamer and multiple time NA LCS champion Yiliang 'Doublelift' Peng recently took to Youtube to describe his own experience of the process."Your Account is Overdrawn"


In a clip lifted from his Twitch.tv stream, Peng told a frightening yet very real story to his host of viewers. Waking in the morning he had received a notification from his bank: his account was overdrawn and hundreds of thousands of dollars had apparently gone missing as a result. Unbeknownst to Peng, and apparently anyone involved in account security, a heist had been underway while he slept. A hacker had been accessing his emails, his bank account, and most importantly of all, his Coinbase account. The hacker had placed filters on his email accounts preventing any alerts or purchase confirmations from reaching his inbox.


The hacker had changed his passwords, his logins and even gone so far as to transfer his sim to another handset.Peng described how, after calling service provider T-mobile, the customer rep informed him that his phone had been reported missing or stolen. In a sim-swap hack like this, the perpetrator poses as the original owner of the account - in this case, Yiliang 'Doublelift' Peng.


Once they then have access to the number, they can use the phone sim to bypass many two-factor authentication services; for instance, the ones protecting a Coinbase wallet or email.While the League of Legends star is confident he'll get his money back (either through law enforcement or perhaps future winnings), the event is a scary example of the kinds of thefts that can take place in the modern day.


Why Doublelift? Crypto Winnings


Perhaps it was the streamer and eSports pro's prolific nature that made him a target. After all, Doublelift has made controversial comments in the past, trash talking his competition. Perhaps it was the knowledge that he likely had funds to steal in the first place - Peng has won hundreds of thousands in prize money over his gaming career, and earnt even more through his regular salary and Twitch. The likeliest reason is the simplest one, however.Yiliang Peng traded in cryptocurrency.League of Legends prize pools can reach over $2 million in value.


Year-long contract salaries are as high as $1 million. A popular League of Legends streamer can make tens of thousands of dollars in a single day. The fact is, there's an entire industry growing up around the competitive nature of gaming; big brand sponsors like Gillette are getting involved, Razer and Red Bull.


Gambling companies like Betway are opening their books to the sport for fans to place their bets and wagers on tournaments like the World Championships. The end result is a young, enthusiastic community of (usually) geeky guys with a lot of cash to burn. eSports is quickly becoming a high-income career path in the tech industry.



And if you combine cash to burn and tech-minded folks, the end result is often crypto. The hacker that stole such vast amounts of money from Doublelift is but one of many.


Accessing a Coinbase account is safer and easier than accessing a Paypal of regular bank account, after all. Crypto is harder to trace. Crypto is easier to take. And with sim-swaps continually on the rise, sim hacks and others like them aren't likely to disappear anytime soon.


Protecting Your Home and Own


If you're feeling a little paranoid after all this talk of stolen passwords and accounts, worry not. There are things you can do to protect yourself from these kinds of attacks. First things first, lose the phone-based authenticator.


While any auth is better than none, phone authenticators have been proven vulnerable via examples like those above. Your other options include the Google Authenticator app; if a hacker wanted to breach that, they'd need your physical phone. You could also try a physical, handheld authenticator kept on your person.If neither of those is practical for your situation, call your cell phone provider.


Ask them to tighten the security on your account. Make sure they know that you're a potential target for a sim-swap hack. Had Yiliang 'Doublelift' Peng done so, he might never have lost control of his crypto wallets and accounts in the first place.