Threats Without Borders - Issue 167
Cybercrime Investigation Newsletter, week ending January 28, 2024
What do these numbers mean on my Mobile Device?
I was recently questioned about the ICCID number in the iPhone menu. Unable to explain the identifier, I began researching it to become better informed. I figured I’d use the experience as a chance to review the bouquet mobile device identifiers.
MAC Address: The Media Access Control address is assigned to a Network Interface Controller (NIC) during manufacturing. Each NIC manufacturer has a range of MAC addresses uniquely identifying their controllers. The assigned MAC corresponds to the NIC, like the post office address assigned to a home. MAC addresses are always 12-digit hexadecimal numbers, with the numbers separated every two digits by a colon or hyphen. While the 12-digit hexadecimal number is hardcoded into the NIC, the device can be programmed to communicate using an alias MAC address. Many devices, such as the Apple iPhone, use MAC Address randomization for privacy protection.
WiFi Address: See MAC Address
Serial Number: This is a unique character string (often alpha-numeric) assigned to a physical device by a manufacturer. The serial number is designed for asset tracking and servicing, not functionality. The device does not use the number to communicate through a network.
Bluetooth Address: Just as the MAC address identifies a device within a Local Area Network (LAN), the Bluetooth Address will identify a specific device within a Bluetooth Low Energy (BLE) network. This may consist of one or more devices all connected together through BLE technology. The address is a 48 bit value that is assigned to the device. Apple uses “address randomization” to reduce the chance of device tracking so it’s not good to consider a Bluetooth address as an absolute unique identifier.
IMEI (International Mobile Equipment Identity): A 15 digit number assigned to mobile devices that acts as the device’s unique identifier across all mobile networks. This allows a wireless network provider to authenticate a device by corresponding it to a customer’s account. This number is embedded in the firmware by the manufacturer. The number shouldn’t be changed as it’s hardcoded in the firmware, modifying it will likely render the device unusable.
EID (Embedded Identity Document): A unique 32-digit number assigned to a physical device that connects to eSIMs. The EID is the identifier link between the physical device, the eSIM, and the subscriber account. This number is only required for eSIM functionality, so it will only be found in devices that support eSIM.
ICCID (Integrated Circuit Card Identifier): This is the unique identifier assigned to a SIM card that is used to identify a SIM card on a mobile network. In the case of eSIMs, the ICCID is assigned to cellular user accounts, so the cellular provider recognizes the eSIM and ensures it is assigned to a service subscriber. This would work even if the eSIM is transferred to a different mobile account holder.
MEID (Mobile Equipment Identifier): This is commonly known as the Electronic Serial Number and functions similarly to the IMEI. BUT , MEID is strictly a function of CDMA (Code Division Multiple Access) devices. A device will only have a MEID if it CDMA capable. What is CDMA Capable? A older networking technology most frequently used by Verizon. Similar to GSM, CDMA technology is quickly being replaced by LTE and 5G technology.
SEID (Secure Element ID for Secure Element Identifier): At 192 bits, 48 hexadecimal digits, this is the longest device ID. It is attached to the Near Field Communication chip. NFC technology enables secure communication for contactless payments, such as Apple Pay.
And there are others, but this is a good list.
Some News
If you only have time to read one thing this week, make it this lengthy article. Although I don't fully agree with the assumption of the article, it is well-researched and written. There is a fine line between victim-blaming and responsibility but how much is a business liable for the poor choices of those who use its services? On the other hand, if you an active facilitator of fraud… maybe you are liable. How Walmart’s Financial Services Became a Fraud Magnet! https://www.propublica.org/article/walmart-financial-services-became-fraud-magnet-gift-cards-money-laundering
Steve Lenderman shared this article on his LinkedIn feed and prompted my response: “It's not just low-income or financially illiterate individuals who are withdrawing from the banking system. Some affluent people are doing so due to privacy concerns driven by conspiracy theories and anti-government sentiment. I personally know a few who have done it.”. The plight of the “unbanked”. https://theconversation.com/no-cash-accepted-signs-are-bad-news-for-millions-of-unbanked-americans-221393
Saxton, Pennsylvania, has a population of 726. How does its library have an extra $40,000 for someone to steal? "Yes, it did, and yes, the librarian stole it. https://www.pennlive.com/news/2024/01/pa-woman-accused-of-embezzling-over-40k-from-library-where-she-worked.html
Kudos to the North Lebanon Township Police Department (PA) for their effort to wrap up these POS who scammed two elderly residents out of $24,000 and were in the process of getting more. The victim received a scareware pop-up notification on their computer and believed they were communicating with Microsoft. The 24K was turned into Bitcoin through a Bitcoin ATM. The bad guys were grabbed when they came to the victim’s home to pick up an additional 30K in cash. https://www.yahoo.com/news/two-suspects-charged-north-lebanon-090319425.html
Torswats gets swatted. A California teenager who allegedly used the handle Torswats to carry out a nationwide swatting campaign is being extradited to Florida to face felony charges. A person operating the Torswats handle on Telegram claimed responsibility for hundreds of false reports of bomb threats and active shootings called into schools, politicians’ homes, courthouses, and religious institutions. The teen suspect bragged, “I am pretty sure I’ll never be arrested.” https://www.wired.com/story/torswats-swatting-arrest/
Ransomware response company Coveware agrees with your humble editor that banning ransomware payments is not a good approach. https://www.coveware.com/blog/2024/1/25/new-ransomware-reporting-requirements-kick-in-as-victims-increasingly-avoid-paying
A different type of phishing…fishing…literally!
A 17-year-old has been arrested in Utah for his widespread campaign of taping fish to ATM machines. Once he even “Fished” a police car. Crazy.
https://www.fox13now.com/news/crime/teen-charged-for-fishy-business-taped-on-utah-county-atms
Cool Tool
If we go around the paywalls, are we stealing the content? https://www.archivebuttons.com/
Cool Job
Manager of Global Investigations - Ripple. https://ripple.com/careers/all-jobs/job/5614293/?gh_jid=5614293&gh_src=79e001831us
National Manager of Cybersecurity Operations - Toyota. https://careers.toyota.com/us/en/job/TOYOUS10251225EXTERNALENUS/National-Manager-Cyber-Security-Operations
Irrelevant
The Mac is 40. https://www.macworld.com/article/2216095/40-years-mac-immortal.html
Yahoo email users, last week’s issue probably wasn’t delivered to your inbox. If this issue somehow makes it to you, please go back and catch up on what you missed. You can always check out the past issues of the newsletter at cyficrime.substack.com.
Comments, questions, contempt? Just reply back to the email that delivered the newsletter.
Thank you for giving me a few minutes of your attention.
Unfortunately, I was reminded of a famous one-liner this week: “People don't care what you can do; they only care about what you can do for them.”.
Be good to each other and I’ll see you next Tuesday.
Matt
Legal: I am not compensated by any entity for writing this newsletter. Obviously, anything written in this space is my own nonsensical opinions and doesn’t represent the official viewpoint of my employer or any associated organization. Blame me, not them.