What Is SMS Bombing and How Can It Affect Your Security?

SMS Bombing

It would appear that SMS bombing (also known as Text bombing) doesn't seem to have a definition that all experts agree upon. Many of the hits you get on Google will tell you that SMS bombing is the act of using an automated tool to send a large number of text messages to a single person in a short period of time. Apparently, people think that this is a very funny practical joke.

For some, however, SMS bombing is far more than a hilarious prank. Certain experts say that the sending of pre-composed texts to many different phone numbers can also be classified as SMS bombing. As you might have guessed already, having the ability to reach a large number of people with the click of a few buttons can help with a variety of different tasks, including the marketing of a product or a service. In other words, some people make a living out of SMS bombing.

SMS bombing and security

The fact that there is no agreement on what SMS bombing actually is means that it's also difficult to say how it can affect the people who are on the receiving end of it. Normally, when you want to prank someone, you tend not to put their security at risk which means that, for the most part, annoying a friend with a vast number of texts sent very quickly shouldn't be that dangerous. That being said, Google has banned some SMS bombing applications because they have been used for bullying and harassment.

When it comes to sending the same message to a large number of people, we once again have two sides of the coin. There's nothing wrong with using an SMS bombing tool to send promotional materials, notifications, and news as long as the people who receive them have knowingly agreed to it. In this day and age, however, things don't always work that way.

SMS spam is not possible without an automated SMS bombing tool. Sending unsolicited (and/or fraudulent) text messages is nowhere near as prevalent as spamming through email, but it is just as dangerous.

So, in a word, yes, people engaged in SMS bombing can put you in harm's way. They can do it in more ways than one.

When SMS bombing crews mishandle your data

To send text messages to many people, you obviously need many phone numbers. As security researcher Bob Diachenko found out recently, however, in addition to their contact details, the people behind some SMS bombing operations like to gather a bit more information about the recipient of their texts.

As some of you may know, Bob Diachenko spends most of his days scanning the internet for misconfigured databases and servers. In April, he spotted an unprotected MongoDB instance that was accessible from anywhere in the world without a password. It, like many other databases Diachenko finds, turned out to contain a vast amount of personal information.

The biggest folder was named "leads", and it held a smidge over 80 million records. Within each record, he found an email address (MD5 hashed), a first and a last name, a physical address, a phone number and the name of the cellular provider, an IP address, and a line type. The name of the database was ApexSMS which coincides with the name of an SMS bombing tool that is widely advertised on hacking forums and marketplaces for black hats.

Diachenko shared his findings with TechCrunch's Zack Whittaker who examined the contents of the database further and confirmed that the information inside it has been used by an SMS bombing crew with the sole purpose of defrauding individuals. Whittaker saw some of the sent messages and concluded that the spammers were trying to redirect victims to scam websites that promised "free money" but did nothing more than steal personal information.

Names and admin addresses in the database led Whittaker to a few advertising companies who were quick to deny any wrongdoing. He remains skeptical but says that the legality of the whole operation is "for the courts to decide".

It's unknown how whoever created the database got their hands on all that information. What we do know is that shortly after Bob Diachenko found it, it was taken down and is no longer publicly accessible. We also know that this is the latest in a long line of incidents which prove that both legitimate companies and scammers don't do enough to protect people's data.

By Duran
May 17, 2019
Tips
English
May 17, 2019
Tips

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

News

Hackers Have Found a Way to Attack Drupal, and That Can Affect Your Virtual Security Too

Drupal is the world's third most popular content management system (CMS). Out of context, this doesn't sound like that big of an achievement, but when you take into account the sheer vastness of the internet, you'll... Read more

February 26, 2019
Tips

Cyber Security Tips for School Administrators and Teachers

Schools are probably the last space that comes to mind when we think about cybersecurity, and that is perhaps one of the reasons these institutions could easily receive an "F" for their cybersecurity measures.... Read more

March 4, 2019
Tips

Top 3 Password Security Tips for Those Who Share Computers and Devices

Not all households can afford separate PCs or other devices for every individual. As a consequence, they are forced to share devices among themselves or use public computers. It's totally fine until proper measures to... Read more

September 28, 2018
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.