After a person or a business has been the victim of a cyberattack or cybercrime, it’s unlikely that the cybercriminal will be caught. But in some cases, the victim may have a legal course of action that will require a forensic evaluation by an expert witness such as my firm.
I’m asked to review evidence to determine my expert opinion on what happened, who is responsible for the breach or the breakdown that led to the crime, such as a ransomware attack. We will do a forensic evaluation for the victim, who is the plaintiff, or for the insurance company or financial institution, who is the defendant. In some cases, the insurance company or the financial institution may be the plaintiff.
We’ve done forensic investigations for cryptocurrency thefts, business email compromise, HIPAA data breaches, compliance, and other regulations where a breach has occurred.
I’m hired to examine evidence and to review reports from the opposing side. Based on my expertise, I assess my opinion of what happened. I’ll review what the plaintiffs said happened and what the defense said happened. I may review hundreds of pages, research the Internet for references and then give my opinion in the form of a written report.
SIM Swap Attacks
The latest of these cybercrimes I’ve been hired to investigate are called SIM swap attacks.
All mobile carriers have been dealing with social engineering and SIM swap attacks. It’s important for you to call your mobile provider and set a unique PIN on your account to elevate your security.
A cybercriminal will call your provider, impersonate you, and say, “I’ve lost my phone. I need a new SIM card.” They persuade the representative to activate a new SIM card and send it to them.
Since you are the victim, your phone stops working, and your phone number gets transferred to the cybercriminal. They’ve stolen your phone number because many banks and websites use it for what’s called a ‘time-based one-time password’ or TOTP sent in the form of a text message.
You login to your bank, enter your username and password, and then you get a one-time PIN sent as a text to your phone number. You enter the PIN.
Since the thief has your phone and data, they can go through past data breaches and figure out all your details. Because the IRS and most major companies have been hacked, all our details are out there. So they piece it all together, steal your identity, and try to get into your financial accounts to drain your money. The amounts stolen from individual cell phone users have been in the millions.
The cybercrook may also steal cryptocurrency. For example, when cryptocurrency prices were really high, there were a lot of SIM swap attacks targeting cryptocurrency holders because they knew that the holders were most likely using their phone numbers for that second factor, and then they drained their cryptocurrency wallets.
It’s all about the reconnaissance, what they can do, and how far they go. Most financial institutions still use the phone number as a token-based authentication method, and that’s where the SIM swap attacks come.
Who is At Fault?
I’ve been hired as an expert witness by the victim’s attorney to build the case around who is at fault. It could be the carrier or the financial institution.
Suppose my client is the defendant, and it’s determined they are at fault. In that case, they may retain me to review and recommend changes in their cybersecurity system, so they are less susceptible to a future attack.