Three men are facing charges in Toronto SMS Blaster arrests
163 points - yesterday at 8:44 PM
SourceIn Brazil, people get so much SMS spam and phone call spam that many people turn off notifications for all text messages and phone calls and use only Whatsapp (even for voice calls).
But once in a while my iPhone in Brazil will get spam as a unblockable "system message". I'm not sure if I'm using the correct term. I'm mean that it looks just like an Apple system notification and it disappears without a trace afterward, but the content is obviously spam.
I wonder how they are able to do this.
compounding_it
today at 5:12 AM
>use only Whatsapp
WhatsApp here in India has so much spam now. With ads, I am starting to think these spam are just ads sold by WhatsApp.
> that it looks just like an Apple system notification and it disappears without a trace afterward
Probably so-called SMS flash messages. They're shown as overlay popups on Android too.
ExpertAdvisor01
today at 5:48 AM
Probably they use flash sms(class 0 messages)
nubinetwork
yesterday at 9:35 PM
This was hugely overblown in the media... While the device operates like a stingray, they were using it to spam and phish. The whole claim of "we've never seen this type of device before in Canada" is a lie, because the government and law enforcement both use them. I guess it's okay if they do it, but nobody else can...
kevin_thibedeau
today at 12:57 AM
> hugely overblown
Did they graciously forward emergency calls and text messages to the real phone network?
cucumber3732842
today at 10:07 AM
The fact that they didn't get busted in no time at all seems to point strongly in that direction. With the amount invested in this operation that would just be common sense.
Hopefully nobody in the area was an oncall surgeon, engineer, etc.
yieldcrv
today at 10:14 AM
prosecutors have never seen them because the DA has never brought a case against the agencies that use them
so itâs an accurate statement
the government isnât one thing, itâs people that donât work for all agencies
Yes I think they mean they hadnât seen it used before outside of sanctioned organizations. Though one could argue some bad actors inside the org likely used it outside of official capacity though not likely with knowledge or approval by superiors.
anigbrowl
yesterday at 10:35 PM
Wouldn't it be great if public officials would say what they in fact mean the first time?
rdevilla
yesterday at 10:41 PM
Torontonians are hardwired to be incapable of speaking like this.
And law enforcement are trained to speak a language with sounds like english, but isn't, and which makes no sense.
https://www.mcsweeneys.net/articles/an-interactive-guide-to-...
(A long-ish read, but totally worth it. the "punch line" is beautiful.)
philipallstar
today at 9:27 AM
Speed and brownness were involved in a jumpingârelated incident with a lazy dog and a fox.
raverbashing
today at 7:27 AM
I would say Canadians but British Columbians (yes this is the actual term) are even worse
An sms blaster was never used in fraud like this in Canada. Does that really make that big of a difference to you?
I don't buy it. To me, it'd be like hearing them say "we've never seen spam/scam phone call campaigns before!"
This loses all believability, given the fact that i can reliably go out of town to a different area code and immediately start getting phishing/scam/robo calls/texts from numbers of said area code. Granted, i am U.S.'ian.
To add, ISED literally goes around in cars to scan for non registered BTS (or even non conforming ones) and report them, sometimes (or a lot of times) they catch false positives when the interference happens to be a strong LED lol. The gov uses the tech to ID individuals however, especially in group gatherings or around certain locations, always look around for big vans with no windows :), I either donât take my phone or itâs always on airplane mode until I want to disable it briefly before activating it again.
The claim was that this was the first time that a device like this has been used in fraud but go ahead, misread things and become outraged. Iâm sure that in this case the fraudsters properly forwarded all 911 calls so no harm, no foul hey?
panny
yesterday at 9:44 PM
A government backdoor was found and abused by criminals? No one could have predicted this! :)
QuantumNomad_
yesterday at 9:52 PM
Isnât it less of a government backdoor and more of a result of generally old and insecure protocols still being in use for telecom?
Like, the phones happily connect to these fake towers because the signal is strongest from that one and there is no authentication to verify who the tower belongs to, nor encryption of SMSes?
Well said but by the time mobile phone towers were built we had been tapping phone lines for a long time. Hard to not think that to an extent default insecurity for telecoms was a choice.
When it was developed it was assumed that the cost of cellular equipment and, in some countries, the regulatory hurdles required to get authorisation to purchase radio transmitters that operate on licensed bands would make it almost impossible to do this.
I worked in a company that had a base station emulator in their testing lab in 2008. I canât recall the cost but it was well over $10,000 and only worked with direct antenna coupling, it couldnât broadcast.
Now we have software defined radios.
Jolter
yesterday at 9:49 PM
Itâs not exactly a back door. Itâs a fake radio cell, mimicking your network provider and acting like a man in the middle. In that sense, itâs like a stingray. The differences are
1. The Stingray eavesdrops, but avoids interfering with user traffic
2. The stingray is operated by law enforcement, not by fraudsters looking to steal your money
AngryData
yesterday at 11:39 PM
In mamy parts of the US, the cops are the fraudsters looking to steal your money. So it isn't that much of a difference.
Cider9986
today at 2:36 AM
Ban civil asset forfeiture!
dreamlayers
yesterday at 9:53 PM
How is this possible? Are phones willing to connect to any cell and blindly trust that text messages from there are genuine and really coming from the numbers they claim to be coming from? Isn't there some cryptographic verification?
mcpherrinm
yesterday at 10:06 PM
2g networks didn't have the phone verify the network, so yes they can do this.
At least as of today, most phones have an option to turn off 2g but that isn't a default.
OptionOfT
today at 12:14 AM
The only way to truly disable 2g on an iPhone is to enable lock-down mode, which is a step too far for me.
Agree. I do a lot of travel and in 3rd-world countries it is quite common to get 2g spam, it's really unacceptable that Apple doesn't offer a way to turn off 2g short of lockdown mode.
akimbostrawman
today at 6:10 AM
It's always amusing to me how apple tries to hide basic security features behind there super duper totally secure mode which nobody will enable because it destroys usability.
Meanwhile GrapheneOS in the default mode is as much or much more secure (and private duh) than there marketing mode with little to no usability decrease.
opengrass
yesterday at 10:07 PM
Plausible. Only Rogers still has working 2G.
Scoundreller
yesterday at 10:24 PM
And if you have a modern enough SIM+phone combo, it wonât even display the 2g network as an available network, nor 3G on my device.
I wonder if this mostly hit international SIMs, since they wouldnât be running the same level of SIM code to prefer various network locks like a local SIM.
Helps you stay under the radar and gov services over SMS is a lot more advanced outside of Canada if you want to do some fraud.
gruez
yesterday at 11:33 PM
>And if you have a modern enough SIM+phone combo, it wonât even display the 2g network as an available network, nor 3G on my device.
Source? It might just be that your carrier retired its 2g/3g network, not that the phone/sim refuses 2g/3g connections. If some cell tower popped up claiming to 2g/3g, your phone still might happily connect.
Scoundreller
today at 2:25 AM
source = Rogers SIM in me phone
my Telus/Bell SIM shows the 3G network tho
stephen_g
today at 4:38 AM
That's incredible, here in Australia they not only shut down all 2G networks almost a decade ago, but they've already shut down 3G as well!
Although now looking at Wikipedia there are a lot more 2G networks sticking around than I realised, still hard for me to believe given what's happened here!
You do realize itâs a fake 2g/3g network and most phones donât care. They will happily connect to whatever they support.
llm_nerd
today at 12:29 AM
Which is interesting in that they very publicly shut down the 3G network last year.
capitalhilbilly
yesterday at 10:04 PM
The original standards weren't expecting anyone but carriers to send messages and ramping up security has been a slow process, so downgrade attacks probably work nicely.
opengrass
yesterday at 10:01 PM
Guessing the spammer doesn't want to overload towers or be foxed within the same 3 so they're driving. Maybe the hats(?) shut off on rotation... or eSIM?
kotaKat
yesterday at 10:57 PM
Well, based on what I'm gleaning from https://www.smsbroadcaster.com/ (yes, they sell these brazenly in the open), I suspect they're doing some SDR shenanigans to bring up fake cell networks and leverage Cell Broadcast instead of just SMS.
https://en.wikipedia.org/wiki/Cell_Broadcast
They are also interfering with connections and attempting downgrade attacks to do 2G SMS messages as well (and is likely where Canadian carriers were picking up the 'millions' of attacks against its network and failed authentication attempts).
Amusingly this was all also caught because of Telus reviewing those SMS messages that were reported as spam from people on iOS/Android and realizing that the messages weren't being terminated inside the cell network at all when they tried tracing them out and suspected that this was the case.
>Dafeng Lin, 27, of Hamilton, Junmin Shi, 25, of Markham, and Weitong Hu, 21, of Markham
I wonder why the article didnât name them?
rafram
yesterday at 9:54 PM
Why would someone use one of these instead of good old fashioned SMS / iMessage / email spam?
mcpherrinm
yesterday at 10:07 PM
There's zero spam filtering interfering this way, and you can target your messages very precisely.
tonyarkles
yesterday at 10:44 PM
And zero record of it ever happening as far as the carrier's concerned.
Idk about zero, my Android device has SMS spam filtering, putting them in a separate inbox, hiding the notification, and with big red warnings if I indeed open them.
Rest assured the state behind this attack does it as well. Why not both?
Oh so it's happening in Canada too? I've seen it reported on media in another place few months back.
Someone's shipping a standardized kit of Stingray with battery and PSU to be installed in the back of German station wagons. The kits are suspected to be spamming phishing texts, at least some in Chinese. The cars are driven as unregistered taxis paid for on Chinese platforms, avoiding taxes while also justifying its driving routes and expenses that involve tourist destinations.
It's not clear to me if this Chinese authority/PLA doing or if it's another one of those southern Chinese warlord thing, both sounds plausible.
Do you have any source for this? Itâs not about trust in your information but do get deeper into this topic.
would encrypting sms and using some kind of authorized certificate authorities, maybe the ones from the country's phone carriers, alleviate this issue?
These things just prove that the entire "security" industry is a sham.
At one point, every bank would ensure that your password COULD NOT be saved by your browser, because sEcUrItY.
Which is precisely the scenario where typing your password into a site like this is possible.
AirMax98
yesterday at 10:28 PM
Quote from article:
> This wasnât targeting a single individual or business. It had the ability to reach thousands of devices at once.
This statement reads as AI-assisted â kinda interesting to see, because I am not sure it even is? This type of formal speech language is basically unintelligible from slop now.
bawolff
yesterday at 11:08 PM
This reads like a pretty standard sentence to me. Especially in the context of a police press release trying to explain tech to the public.
I think at some point people see AI everywhere because they look for it everywhere.
stephen_g
today at 4:45 AM
Yeah, I mean if you think about why do LLMs use this kind of phrasing so much, it's just because it was already a common sentence construction in the training data written by humans!
dumpsterdiver
today at 1:11 AM
Are you trying to make a point that we should remain open to the possibility that humans can express themselves eloquently?
Itâs there to prevent âpublic panicâ ie they werenât after you specifically or after xyz group, but just random mass attacks, or to prevent more cases and parties to be involved
fragmede
yesterday at 11:28 PM
I mean, you used an emdash. Are you an LLM?
caymanjim
today at 12:14 AM
LLM would have used it properly and omitted the spaces.
topspin
yesterday at 10:10 PM
Charges? Cool. In the US we find huge SIM farms in major cities[1], law enforcement shrugs, and everyone forgets about it.
[1] https://www.pbs.org/newshour/nation/how-sim-farms-like-the-o...
chatmasta
yesterday at 10:59 PM
SIM farm is a different scenario and arguably not even illegal. This story is about scammers operating a DIY stingray that broadcasts phishing messages via SMS to nearby devices.
nerdsniper
yesterday at 11:28 PM
SIM farms / phone farms aren't inherently illegal. Some are used pro-socially, for example to enumerate hosts in malicious IoT botnets.
walrus01
yesterday at 11:03 PM
People I know in US telecom are not surprised by these SIM farms. These people are either:
a) Doing some weird grey market VoIP thing. 32-in-1 GSM to SIP gateways have been a thing for a very long time in the developing world. Maybe they think they found some arbitrage route for phone traffic to/from the US PSTN that they can profit from. Anyone who interacts with grey market voip stuff will recognize these things immediately.
b) Using them for something like receiving 2FA authentication codes to create bot/socketpuppet social media accounts. In this sort of scenario they'd have live phone numbers/service and the cheapest possible phone plan, and ability to receive incoming SMS. The accounts then get provided to some other group of people who are doing mass advertising/social media manipulation.
zarzavat
today at 12:37 AM
Regarding B, why would you create your sock puppets in the US instead of in some developing country where everything is a lot cheaper?
If they are using it for 2FA it's likely for some US-only service.
"Authentic" US domestic resident sockpuppets for political or social manipulation. Combined with things like using residential proxies/relays through traffic on compromised routers on top-10 sized US last mile broadband providers such as Comcast, RCN. Google "residential proxies for sale" for some examples.
Plenty of things like the various services run by Meta will treat your content differently if they know you're coming from a Bangladesh phone number and ISP vs. being what appears to be an authentic domestic USA human.
Having live US phone numbers that can receive SMS for "is a live human receiving this code" verification purposes is also useful for many other kinds directly fraudulent activities.
toast0
yesterday at 11:32 PM
c) grey route outbound sms. Even cheap US plans tend to have 'unlimited' sms, sometimes even to selected foreign destinations. Sometimes carrier billed SMS is cheaper than aggregators (but not too often) or may have better routing to difficult destinations.
walrus01
yesterday at 11:44 PM
Yes, I can definitely see that being plausible, particularly if they've gone to the efforts to make software tooling to spread out the outbound SMS volume around many different SIM and self-rate limit their volume, to avoid getting cut off, rate limited, or account banned.
kotaKat
yesterday at 11:30 PM
To point A: I remember a long while ago making a 'free VoIP' call and my call routed into a MetroPCS recording telling me my service was suspended for nonpayment. Hung up, redialed, number shot through another dodgy route.
Good times!
SIM farms are devices with a lot of SIM cards aka numbers used to scam/flood victims numbers after these were acquired through ad companies, purchased these numbers online, etc.
The OP ones are actively scanning the vicinity and acting like BTS to connect to phones automatically, equipped with radio antennas, SDR, etc. to gather the victims numbers in real time and send them spam/phishing while the phones are connected to to these BTS
The real story is the government didnât really care about users being spammed, you get those all the times and thereâs little regulation to protect you (like preventing corporate from selling your number etc.), they cared because with these devices people can and will communicate outside of the approved channels, that also might be encrypted too, so harsh charges and make it as public as possible to deter others from doing the same, even if they were not in it to scam or phish people, and notice on the emphasis on âblocking the 911 calls!!â so jamming charges are there too.
nightpool
yesterday at 10:19 PM
"Law enforcement shrugs"? The whole focus of the article is about how the secret service confiscated those devices and charged the SIM farm operators with crimes. Which part of that is shrugging?
The article is about Canada.
pnw_throwaway
yesterday at 10:49 PM
[flagged]
Joel_Mckay
yesterday at 10:17 PM
Not really, the FCC regularly drops >$300k fines on people not creative enough to figure out a revenue model that doesn't irritate everybody. =3