News: 1718019060

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Two arrested in UK over fake cell tower-powered smishing campaign

(2024/06/10)


British police have arrested two individuals following an investigation into illegal homebrew phone masts used for SMS-based phishing campaigns.

The illegitimate phone mast, described as a "homemade mobile antenna" and dubbed by police as a "text message blaster," is thought to be a first-of-its-kind device in the UK designed to fire dodgy texts out en masse, all while bypassing network operators' anti-smishing controls.

Thousands of messages were sent using this mast, City of London Police said on Friday, with those behind the operation misrepresenting themselves as banks "and other official organizations."

[1]

"The criminals committing these types of crimes are only getting smarter, working in more complex ways to trick unknowing members of the public and steal whatever they can get their hands on. It is vital we work with partners to help prevent the public from falling victim to fraud," said temporary detective chief inspector David Vint, head of the Dedicated Card and Payment Crime Unit (DCPCU).

[2]

[3]

"Remember, a bank or another official authority will not ask you to share personal information over text or phone. If you think you have received a fraudulent text message, report it by forwarding it to 7726."

Most network operators in the UK are enrolled in a scheme that allows customers to forward suspicious SMS messages to 7726 – a dedicated number for assessing the potential threat of any given message. Network operators can then decide whether to block or ban the sender if foul play is afoot.

[4]

For example, EE has stopped tens of millions of scam SMS messages since stepping up its anti-spam filter in 2021. It also runs a scheme in its retail stores whereby new customers can verify their identity with the network, vastly reducing the likelihood that messages stemming from their accounts would ever be spammy in nature.

Huayong Xu, 32, of Alton Road in Croydon, was arrested on 23 May and remains the only individual [5]identified by police at this stage. He has been charged with possession of articles for use in fraud and will appear at Inner London Crown Court on 26 June.

The other individual, who wasn't identified and did not have their charges disclosed by police, was arrested on May 9 in Manchester and was bailed.

[6]

City of London Police said it was working with network operators, communications regulator [7]Ofcom , and the [8]National Cyber Security Centre (NCSC) on the case.

Ofcom told us: “Criminals who defraud people using mobile technology cause huge distress and financial harm to their victims. We’re working closely with the police, the National Cyber Security Centre, other regulators, and industry to tackle the problem.”

The Register asked NCSC for more details on the masts and if there are thought to be additional devices popping up around the UK. NCSC referred us to the City of Police for comment.

City of London cops told us: "A lot of your questions relate to tactics used by both the police and the criminals, so we wouldn't be able to provide any information for obvious reasons."

Without any additional information to go on, it's difficult to make any kind of assumption about what these "text message blaster" devices might be. However, one possibility is that authorities are referring to an IMSI catcher.

Without breaking off and franchising their own network operator and securing a license to offer services in a given area, it's possible that an IMSI catcher is involved rather than an actual mobile mast in the traditional sense.

IMSI catchers, sometimes called Stingrays, are devices commonly used by law enforcement to triangulate a target cellular device and at times intercept their communications.

They can also be used by nefarious individuals to force phones within their catchment area to drop off from the legitimate mast and instead connect to its simulated cell site. From there, they can forcibly downgrade the security protocols that power innovations like anti-spam filters and send spammy texts freely.

[9]April brings tulips, taxes ... and phisherfolk scammers

[10]Voicemail phishing emails steal Microsoft credentials

[11]Cybercriminals are stealing iOS users' face scans to break into mobile banking accounts

[12]Meta says risk of account theft after phone number recycling isn't its problem to solve

In recent years, the US has been caught [13]abusing IMSI-catchers and deploying them without adhering to federal rules that guardrail their use. Further back, the UK's plans to deploy IMSI catchers across prisons to block calls made by contraband phones were foiled in 2017 after cellies realized the hardware that blocked these calls was actually placed inside prison walls.

They cottoned onto the fact that [14]placing sheets of aluminum foil over the devices would stop them from working. Addressing the public about the failure of the IMSI catcher trial in prisons, officials said "innovative countermeasures" were to blame. ®

Get our [15]Tech Resources



[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ZmcjIfU4iEP3sAWm8JmUpAAAAA8&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZmcjIfU4iEP3sAWm8JmUpAAAAA8&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZmcjIfU4iEP3sAWm8JmUpAAAAA8&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZmcjIfU4iEP3sAWm8JmUpAAAAA8&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[5] https://www.cityoflondon.police.uk/news/city-of-london/news/2024/june/two-people-arrested-in-connection-with-investigation-into-homemade-mobile-antenna-used-to-send-thousands-of-smishing-text-messages-to-the-public/

[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZmcjIfU4iEP3sAWm8JmUpAAAAA8&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[7] https://www.theregister.com/2023/12/12/ofcom_takes_aim_at_inflation_contract_terms/

[8] https://www.theregister.com/2024/05/16/ncsc_cto_broken_market_must/

[9] https://www.theregister.com/2023/04/03/tax_season_phishing_scam/

[10] https://www.theregister.com/2022/06/21/phishing-voicemail-microsoft-zscaler/

[11] https://www.theregister.com/2024/02/15/cybercriminals_stealing_face_id/

[12] https://www.theregister.com/2024/02/13/meta_phone_security_number_recycling/

[13] https://www.theregister.com/2023/03/04/dhs_secret_service_ice_stingray/

[14] https://www.theregister.com/2017/03/01/imsi_catcher/

[15] https://whitepapers.theregister.com/



Rules for thee

Zibob

But not for me (police).

Sure I understand the public not being g allowed run scam phone services. But it should flow both ways. And that the police have the tech for it means its available to buy, so they have created the own issues in doing so.

Its an annoyance and and awful thing to.do for those that get caught up in it, but its galling for them to speak out both sides of their mouth about it with such high and mightiness.

Pretty aptly summed up in this mistake:

"NCSC referred us to the City of Police for comment, and Ofcom has yet to reply."

Yes many would call them the city of police.

Re: Rules for thee

Casca

Wow, just wow.

Re: Rules for thee

TeeCee

You are ChatGPT 0.1 (Alpha) and ICMFP!

S P A M

druck

Most network operators in the UK are enrolled in a scheme that allows customers to forward suspicious SMS messages to 7726 – a dedicated number for assessing the potential threat of any given message.

The number 7726 was chosen as it is the letters SPAM on a phone key pad, if anyone is old enough to remember when phones had such a thing.

Re: S P A M

Equality 7-2521

"if anyone is old enough to remember when phones had such a thing"

My iPhone shows the letters. It's still there and still widely used in the US.

TIWWCHNT

Missing Semicolon

Presumably the sale of SDR kit will now be banned :-(.

a bank or another official authority will ask you to share personal information

Equality 7-2521

From the article: "Remember, a bank or another official authority will not ask you to share personal information over text or phone"

But that's exactly what they do ask for (DoB, home address or part of, mother's maiden name, etc.).

Which is why I "fake them up" where possible.

Anonymous Coward

Sounds like they didn't catch the higher ups. Wouldn't be surprised if there are a few of those "masts" around Westminster.

Your canceled check is your receipt.