Vodafone in the Press Again – for Fighting Fraud

On 23rd October 2017, Fiona Hamilton published an article in The Times titled, “Vodafone worked with police on its own case”.  The article reported that Daniel Mahony had been arrested and charged with both credit card fraud and operating an unlicensed GSM gateway (also known as a SIMbox) in contravention of the Wireless Telegraphy Act.  Mr Mahony was acquitted of the fraud charge but the Crown Prosecution Service (CPS) continued to pursue the SIMbox charge until it was dropped in summer 2017.

Read Fiona Hamilton’s article and see whether you think it portrayed Daniel Mahony as a victim.  I emailed her because I felt her coverage was one-sided and I offered to provide a more balanced view. She didn’t reply, so I decided that I should at least ‘balance’ her coverage for telecoms industry readers.  I know this subject has already been discussed by Eric Priezkalns here, but I plan to cover slightly different ground.

In the interests of transparency and credibility, I will declare upfront that I worked for Vodafone for 20 years and I was aware of this case although not involved in it.  I first dealt with GSM gateways whilst working for Vodafone UK in 2002, and I managed SIMbox detection and response for several years.  I was also involved in the Floe Telecom case, which set the precedent for British SIMbox cases from its inception in 2003, through various legal escalations, until Floe’s final appeal was rejected by the EU in 2013.

Vodafone worked with police

Let’s start with Fiona’s headline, “Vodafone worked with police on its own case”.  No shit, Sherlock – have you ever tried getting the police to investigate a telecoms fraud?  Unless you’ve already identified the suspects and gathered evidence you’ll find yourself on the ‘too difficult’ pile. Telecoms crime doesn’t appear in the Chief Constable’s KPI’s, so it doesn’t get actioned unless the telco does the bulk of the work.  Also, including “Vodafone” in the headline appeared to be the newspaper equivalent of clickbait so I had no qualms in doing the same for my response.

Information that was wrong

Next, GSM gateways are a complicated legal and regulatory area and people writing about them really ought to make sure they understand the subject first (this means you too, Eric). Let’s cover some basic corrections.  Fiona Hamilton states early in her article that,

“Vodafone accused Mr Mahony of helping its customers to obtain cheap mobile phone rates”.

The reality is that Vodafone’s own investigation identified Mr Mahony’s gateway company, Route 365, because of credit card fraud of approximately GBP 60,000 per week and it was this which formed the basis of Vodafone’s criminal complaint; the GSM gateway issue was secondary.  Mr Mahony was helping Vodafone customers get cheap mobile phone rates?  I don’t think so.  Anyone who knows anything about GSM gateways can tell you that they are used to terminate traffic to mobile phones and the person receiving the call pays nothing – what’s cheaper than that?

For many years, gateway operators have attempted to justify themselves on the grounds of lower costs to the consumer but nobody has produced any supporting evidence and Ofcom didn’t swallow that claim either, stating in its first consultation paper in June 2005, that it was

“doubtful whether changing the legislation on commercial use of gateways would by itself result in significant consumer benefits.”

In practice, the consumer pays the same price as always and the cost savings are shared as profit between telecoms carriers and gateway operators – if you know different, then please share the evidence.

Information that was missing

And then there’s the information that Fiona omitted from her article. She questioned why the CPS continued to pursue an

“obscure telecommunications offence”

but maybe it would have changed readers view of the CPS action had she mentioned that the accused had admitted operating gateways and that his business partner in Route 365 had already pleaded guilty to the gateway charges?  Neither did she report that after Ofcom legalised commercial gateways in July 2017, the Home Office re-criminalised them in September on grounds of national security.

Whilst I have no concerns about a telco being involved in a telecoms investigation, I do share Fiona Hamilton’s concern about an interested party being involved in the disclosure process; however, I don’t know if that happened in this case.  Let’s be clear though, Mr Mahony is not a victim – the CPS was satisfied he was running an illegal gateway operation and he was therefore arrested, charged and tried.  In fact, he may count himself lucky that the prosecution was dropped in the 2-month window when the activity was de-criminalised.

I noted the Judge’s remarks as quoted in The Register:

“It therefore seems likely that these defendants would not have been prosecuted for this offence but for their alleged involvement in fraud… for [Mahony] in particular, it might plausibly be said to be arbitrary that he be singled out for prosecution for an offence committed by many others with seeming impunity.”

Why has nobody, including the Judge, asked why so many people have been allowed to commit these offences with impunity?

GSM gateways are a parasitic and (in many countries) illegal enterprise.  They deliver no consumer benefit and by-pass the legitimate licensed and regulated activities of mobile network operators which have paid millions and sometimes billions to governments for the exclusive rights to radio spectrum which is then used illegally by gateway operators.

It will be interesting to see whether there are further UK gateway prosecutions now they’re a threat to national security…

David Morrow
David Morrow

Dave has 35 years of law enforcement, investigation and fraud management experience including multiple international assignments. He is a recognised telecoms fraud expert and for a number of years chaired the GSMA workgroup responsible for Security & Fraud Risk Assessments.

 

Dave now provides fraud management support as an independent consultant.

  • akrittok

    oh, come on.
    Operators profit from SIM boxing big time. Otherwise this would have been stopped ages ago. My operator here constantly routes traffic to some particular destinations via sim boxes. 100% of the time. I know your point is mainly for the termination part but as you very well know the origintation is very much aware of the route that’s proposed. The fact that this topic is still debated so many years later speaks for itself.

    • David Morrow

      Hi Akrittok – do you mean operators or carriers profit from SIMboxing?
      I do agree that some Telcos have double standards, spending money on SIMbox/bypass detection on inbound routes while accepting cheap non-CLI routes outbound. Or does one hand not know what the other is doing?

      • akritok

        Hi David, operators & carriers both profit from this and since this is going on for 15+ years tells me that it’s simply allowed to go on. This is a huge source of untaxable revenues. There are some individual folks who profit from this but most of it I assume is captured by various organizations. It’s always nice to have a cash-cow like this.
        I don’t agree with your statement about bypass being a “complicated” area. It’s not complicated. It’s digital contreband. Who’s running the other major contreband routes?

        By the way since we’re on the topic – you say “Unless you’ve already identified the suspects and gathered evidence”. As you know there are several types of “evidence”. In this particular case, the “evidence” means profiling a customer’s traffic. As you say, and as the police is very carefully stating, the gathering of evidence was done by VL as sub contractors of the police. Fine, this makes it admissible in court.
        However the detection part – the profiling of traffic to trigger alarms – on what basis is that done? I am very surprised that this is not used as an argument. VL is analyzing customers’ traffic for patterns. I know you worked for them but I see no scenario in which this is a legal thing to do.