Two cuffed over suspected smishing campaign using 'text message blaster' British police have arrested two individuals following an investigation into an SMS-based phishing campaign using some kind of homebrew hardware. That equipment, described by the cops variously as a "homemade mobile antenna," "an illegitimate telephone mast," and a "text message blaster," is thought to be a first-of-its-kind …
But not for me (police).
Sure I understand the public not being g allowed run scam phone services. But it should flow both ways. And that the police have the tech for it means its available to buy, so they have created the own issues in doing so.
Its an annoyance and and awful thing to.do for those that get caught up in it, but its galling for them to speak out both sides of their mouth about it with such high and mightiness.
Pretty aptly summed up in this mistake:
"NCSC referred us to the City of Police for comment, and Ofcom has yet to reply."
Yes many would call them the city of police.
That is a pretty funny typo.
As I understand the reasoning, criminals in pursuit of their chosen career don't have rights, so if police can trick them into admitting their criminality, it doesn't matter how the police do it.
Occasionally a good defense lawyer can prove the police have gone too far, but a lawyer of that caliber is usually working for someone with a lot of money to throw at problems.
Most network operators in the UK are enrolled in a scheme that allows customers to forward suspicious SMS messages to 7726 – a dedicated number for assessing the potential threat of any given message.
The number 7726 was chosen as it is the letters SPAM on a phone key pad, if anyone is old enough to remember when phones had such a thing.
No need, looks like details have emerged.
The criminals used old school analogue TV tuners for the MITM attack, iterating on a method to add text to an existing SMS mailshot by an ISP.
Then did a timing attack to send their message using the pre-authenticated key(s) and £150 worth of radio transmitting equipment purchased
on the dark web.
Essentially replacing the "Hey, get more credit for £29.95" to "Hey, make money fast with spammy_link.frd"
The criminals used old school analogue TV tuners for the MITM attack,
Seems unlikely.
It's not obvious how an "old school analogue TV tuner" could be used, nor why anyone would choose to do that rather than use a DUSB TV Tuner as referenced in previous research publications.
For example: https://www.jaycar.com.au/usb-digital-tv-tuner/p/XC4886
From the article: "Remember, a bank or another official authority will not ask you to share personal information over text or phone"
But that's exactly what they do ask for (DoB, home address or part of, mother's maiden name, etc.).
Which is why I "fake them up" where possible.
> Which is why you hang up and make sure that you dial the bank's landline number,
It is best to wait at least 5 minutes before calling them back to ensure your telco has actually disconnected you from the scammer (or call a friend inbetween). There was a scam a few years ago that took advantage of this technical idiosyncrasy.
Ah yes, landlines.
They would play the 'dial tone' back at you so you thought you had hung up and were initialising a new call.
I remember thinking that was clever.
As is this new scam.
It is a shame scammers can be talented too.
Phoning a friend instead of your bank is , certainly, one way to make sure the line is "free".
But how long before they develop a MITM telephone exchange complete with dial tone so
they can forward your "phone a friend" call and still retain control to answer your bank phone call.
Best use a different phone for that if this happens to you.
Not obvious spam. They only need to pose as a known contact to and try to get the user to click on a link to install malware. If the link just fails, the user might think nothing of it - links often fail. But some malware has been installed. It's a successful strategy used by that Isreali cyberware company on apple phones.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
