Hacker News

I wonder if the cell carriers are seeing this as the existential threat it is, or if they’re just continuing with the whole “bury our heads in the sand” strategy.

If having a phone number has no benefit and only brings spam, and WiFi is ubiquitous in urban areas, a huge chunk of the population don’t really need cell plans any more. And the places without WiFi coverage (less dense areas) are the most expensive to provide service.

In the US at least, the FCC used to be pushing hard to combat the spam, like requiring authentication for caller ID, and it was the carriers that were dragging their feet and lobbying against it. So something tells me they just continue to view all the spam senders as an easy income source and don’t mind letting their whole business model die if it means short term profits.

In USA, I personally get 3-5 spam phone calls and voicemails daily. Mostly all the same, like "your $20K loan is almost ready".

One time, I picked up, and it was this seemingly incredibly rude person who sounded real but continue talking in a pushy manner without stopping despite what I said.

It's insane getting so many calls all the time like I owe them a bunch of money or something. Anyone else get this?

> unblockable "system message"

This is a "flash SMS" message: https://nickvsnetworking.com/flash-sms-messages/

>use only Whatsapp

WhatsApp here in India has so much spam now. With ads, I am starting to think these spam are just ads sold by WhatsApp.

> that it looks just like an Apple system notification and it disappears without a trace afterward

Probably so-called SMS flash messages. They're shown as overlay popups on Android too.

Probably they use flash sms(class 0 messages)

> hugely overblown

Did they graciously forward emergency calls and text messages to the real phone network?

Yes I think they mean they hadn’t seen it used before outside of sanctioned organizations. Though one could argue some bad actors inside the org likely used it outside of official capacity though not likely with knowledge or approval by superiors.

To add, ISED literally goes around in cars to scan for non registered BTS (or even non conforming ones) and report them, sometimes (or a lot of times) they catch false positives when the interference happens to be a strong LED lol. The gov uses the tech to ID individuals however, especially in group gatherings or around certain locations, always look around for big vans with no windows :), I either don’t take my phone or it’s always on airplane mode until I want to disable it briefly before activating it again.

prosecutors have never seen them because the DA has never brought a case against the agencies that use them

so it’s an accurate statement

the government isn’t one thing, it’s people that don’t work for all agencies

The claim was that this was the first time that a device like this has been used in fraud but go ahead, misread things and become outraged. I’m sure that in this case the fraudsters properly forwarded all 911 calls so no harm, no foul hey?

A government backdoor was found and abused by criminals? No one could have predicted this! :)

2g networks didn't have the phone verify the network, so yes they can do this.

At least as of today, most phones have an option to turn off 2g but that isn't a default.

The original standards weren't expecting anyone but carriers to send messages and ramping up security has been a slow process, so downgrade attacks probably work nicely.

Guessing the spammer doesn't want to overload towers or be foxed within the same 3 so they're driving. Maybe the hats(?) shut off on rotation... or eSIM?

Well, based on what I'm gleaning from https://www.smsbroadcaster.com/ (yes, they sell these brazenly in the open), I suspect they're doing some SDR shenanigans to bring up fake cell networks and leverage Cell Broadcast instead of just SMS.

https://en.wikipedia.org/wiki/Cell_Broadcast

They are also interfering with connections and attempting downgrade attacks to do 2G SMS messages as well (and is likely where Canadian carriers were picking up the 'millions' of attacks against its network and failed authentication attempts).

Amusingly this was all also caught because of Telus reviewing those SMS messages that were reported as spam from people on iOS/Android and realizing that the messages weren't being terminated inside the cell network at all when they tried tracing them out and suspected that this was the case.

I wonder why the article didn’t name them?

There's zero spam filtering interfering this way, and you can target your messages very precisely.

Rest assured the state behind this attack does it as well. Why not both?

And Switzerland: (German) https://www.srf.ch/sendungen/kassensturz-espresso/kassenstur...

There too, the person arrested was a Chinese citizen.

Do you have any source for this? It‘s not about trust in your information but do get deeper into this topic.

3G and beyond use mutual authentication between your phone and home network, so this only works while phones still happily connect to 2G (GSM) networks if nothing better is around (or is getting jammed at the same time).

This reads like a pretty standard sentence to me. Especially in the context of a police press release trying to explain tech to the public.

I think at some point people see AI everywhere because they look for it everywhere.

Are you trying to make a point that we should remain open to the possibility that humans can express themselves eloquently?

It’s there to prevent “public panic” ie they weren’t after you specifically or after xyz group, but just random mass attacks, or to prevent more cases and parties to be involved

I mean, you used an emdash. Are you an LLM?

SIM farm is a different scenario and arguably not even illegal. This story is about scammers operating a DIY stingray that broadcasts phishing messages via SMS to nearby devices.

SIM farms / phone farms aren't inherently illegal. Some are used pro-socially, for example to enumerate hosts in malicious IoT botnets.

People I know in US telecom are not surprised by these SIM farms. These people are either:

a) Doing some weird grey market VoIP thing. 32-in-1 GSM to SIP gateways have been a thing for a very long time in the developing world. Maybe they think they found some arbitrage route for phone traffic to/from the US PSTN that they can profit from. Anyone who interacts with grey market voip stuff will recognize these things immediately.

b) Using them for something like receiving 2FA authentication codes to create bot/socketpuppet social media accounts. In this sort of scenario they'd have live phone numbers/service and the cheapest possible phone plan, and ability to receive incoming SMS. The accounts then get provided to some other group of people who are doing mass advertising/social media manipulation.

SIM farms are devices with a lot of SIM cards aka numbers used to scam/flood victims numbers after these were acquired through ad companies, purchased these numbers online, etc.

The OP ones are actively scanning the vicinity and acting like BTS to connect to phones automatically, equipped with radio antennas, SDR, etc. to gather the victims numbers in real time and send them spam/phishing while the phones are connected to to these BTS

The real story is the government didn’t really care about users being spammed, you get those all the times and there’s little regulation to protect you (like preventing corporate from selling your number etc.), they cared because with these devices people can and will communicate outside of the approved channels, that also might be encrypted too, so harsh charges and make it as public as possible to deter others from doing the same, even if they were not in it to scam or phish people, and notice on the emphasis on “blocking the 911 calls!!” so jamming charges are there too.

"Law enforcement shrugs"? The whole focus of the article is about how the secret service confiscated those devices and charged the SIM farm operators with crimes. Which part of that is shrugging?

Not really, the FCC regularly drops >$300k fines on people not creative enough to figure out a revenue model that doesn't irritate everybody. =3