SMSGlobal Hack Facilitated 'Death to the Jews' Text Messages
Telecommunications // United Arab Emirates
Hackers stole data from the global telecommunications firm that enabled the transmission of 5,000 texts carrying the anti-Semitic message.
The data was filched in 2013. The messaging campaign took place in 2015.
In April 2015, the attacker attempted to send over 4 million messages to phone numbers across the Middle East. The content read: “Our motto forever Death to America, Death to the Jews.”
SMSGlobal blocked most messages, but approximately 5,000 were distributed to mobile numbers in the United Arab Emirates.
The company is based in Australia and has a strong presence in the UAE.
A letter obtained by the Guardian from SMSGlobal to the Dubai telecommunications company DU following the April breach said texts had been received with “malicious content” from a number of accounts.
The letter said the intruders were able to use “a brute force attack” to penetrate accounts, due to a “number of vulnerabilities,” such as customer passwords not being encrypted, uncomplicated user accounts, and platform code that was no longer supported.
In response to questions from the Guardian, SMSGlobal said: “The alleged unauthorized use only ever extended as far as access to a password and log-in for the purpose of sending messages via an API. It did not provide access to customer information, and at no time were any unauthorized SMS’s purporting to be from or on behalf of a customer sent using our system. We have acted at all times in accordance with Australian privacy law.
“Since 2013 SMSGlobal has further tightened its security measures by migrating all customers to a new security platform requiring the creation of new user names and passwords. This platform has been regularly tested by independent auditors and quality security assessors and it complies with or exceeds all international best-practice security standards.”