27k unique visitors in the last 3 days

4 Rogue Base Stations Linked to KT Micropayments Fraud; 2 Chinese Nationals Arrested

There is also news about Brazil training teams to locate SMS blasters and research for China's Supreme Court revealed a loophole in their laws.

2025 is the Year of the Snake for Chinese, a Jubilee year for Catholics, and a perfect square year (45×45) for mathematicians, but for Commsrisk readers it will be remembered as the Year of the Rogue Base Station. Although the misuse of base station technology is definitely not a new phenomenon, this is the year when awareness of associated crimes reached new levels worldwide. Radio enthusiasts in Japan have been tracking cars that carry them, Iranian women have been harassed by them, and the British police issued a press release about them. Even readers of Wired now believe they know something about them, thanks to a journalist whose research seems to have mostly involved studying our global SMS blaster map. Inhabitants of South Korea spent the first half of this year worrying about the megabreach of data at leading mobile operator SK Telecom but now their anxieties have been further heightened by the apparent discovery of a new variety of fake base station fraud that affected customers of KT, the country’s second largest mobile operator. This round-up has news from the ongoing KT investigation, plus tidbits about fighting base station crime in Brazil and China.

KT False Base Station Fraud Significantly Worse than First Reported

Two citizens of China have been arrested by Korean police investigating a series of fraudulent micropayments executed on the accounts of KT customers. Both of the arrested men are ethnically Korean and aged in their 40’s. They worked as day laborers in South Korea and are said to have no special knowledge of information technology or the internal operations of KT, suggesting they were foot soldiers in an elaborate criminal enterprise. The men are believed to have traveled between the two countries so they could receive face-to-face instruction from a criminal boss in China before executing their mission in South Korea. The authorities stated they would request an Interpol Red Notice if they can determine the identity of the gang’s ringleader.

One of the arrested men admitted he had been paid KRW5mn (USD3,600) to drive a base station around areas with many apartment blocks, gathering data from the phones of people within. Unlike SMS blaster crimes, his equipment was not configured to send smishing messages. His objective was to collect data that would be used to impersonate genuine phone users through a mechanism that has not yet been fully explained, although it involved the interception of two-factor authentication codes before they were received by victims.

Victims only became aware of the micropayment frauds when they checked their payment histories. KT is said to have initially jumped to the incorrect conclusion that victims had shared their authentication codes as a result of social engineering. This caused the operator to be slow to recognize the pattern of criminal activity. Analysis of the unusual geographic distribution of victims then suggested fake base stations had been used by the fraudsters. The authentication codes intercepted by the gang allowed them to authorize multiple microtransactions on the accounts of each victim. There is considerable speculation that the conspiracy involved criminals connecting their own femtocells to KT’s network, either as a consequence of weak internal controls or with the help of insiders.

Yesterday saw KT CEO Kim Young-seop answering questions about the incident that were put to him by the National Assembly’s Science, Technology, Information, Broadcasting and Communications Committee. He admitted that KT had not done a good job of managing the security surrounding femtocells connected to his network.

The management of femtocell recycling was poor, and after reviewing the management after the incident, we discovered many loopholes.

In answering a different question, the embattled CEO seemed to suggest that all femtocells which have been granted access to KT’s network during the last 10 years will have retained that access because access rights are not reviewed more regularly.

South Korean authorities originally suggested that one rogue base station had been used by the gang, but four different base stations have now been connected to the criminal conspiracy. It is believed data from around 20,000 phones was collected, almost four times the number that was originally reported. This has resulted in losses for 362 customers of KT. The police estimate of the total amount stolen has risen to KRW240mn (USD170,000). Information about the crime is being pieced together from multiple sources, so it would not be surprising if the ongoing investigation continues to reveal more victims and further losses.

The government had already been scrambling to regain the upper hand on crime after the hack of SK Telecom; now they are dogged by the repercussions of an unrelated crime at the leading competitor to SK Telecom. The KT investigation has prompted the launch of ‘national inspections’ for all the country’s major telcos and financial firms in a desperate bid to restore confidence. Opposition politicians are using the incidents to question the adequacy of the country’s cybersecurity policies.

Brazilian Regulator Hosts National Workshop for Fake Base Station Hunters

One small compensation when dealing with the sheer volume of new reports about fake base stations is that any plagiarists admirers can only produce summaries of the worldwide spread of these devices that are out of date as soon as Commsrisk’s AI-powered search finds new examples. Our global SMS blaster map previously showed only one case of an SMS blaster being used to send smishing messages in Brazil, but a recent tweak to our search logic revealed there have been four other cases reported in São Paulo this year. The city is evidently one of the world’s top hotspots for SMS blaster crime, with fake base stations being discovered both in cars and on the higher floors of apartment buildings.

The Brazilian authorities have responded to the surge in fake base station crime by creating a special cross-agency task force that arranged its first national workshop this month. The event was held over four days at the São Paulo headquarters of Anatel, the national comms regulator. Attendees practiced location techniques with SMS blasters that had previously been seized from scammers. Two unnamed manufacturers also demonstrated equipment they had developed for the detection of suspicious radio signals.

Research Conducted for China’s Supreme Court Revealed a Loophole in Fake Base Station Laws

I doubt any regular Commsrisk readers still believe the use of fake base stations by fraudsters is a new phenomenon, but another big hint about the age and origin of these crimes comes from some research into the legal status of fake base stations that was performed in 2014 for the Supreme People’s Court, the highest court in the People’s Republic of China. (Journalists working for Wired might want to educate their readers that 17% of the world’s population lives in China, considerably more than the proportion that lives in California.) Our AI gizmo unearthed an extraordinary advisory document which details the various crimes that users of fake base stations could potentially be prosecuted for under Chinese law at that time.

Savvy readers might guess most of the laws that China was able to use for prosecutions in 2014. Abusers of base station technology could potentially be guilty of crimes relating to espionage, disruption of other services, fraud, false advertising, and the like. However, the researchers concluded there was no law against using this kind of equipment to transmit SMS adverts that were neither fraudulent nor contained false information.

The moral of the story is that legislators should anticipate the uses that criminals will make of certain kinds of technology before that technology becomes widespread. Proving that somebody has sent misleading messages using a piece of equipment is substantially harder than proving somebody has that piece of equipment. If China had crushed demand for the manufacture of SMS blasters at an early stage then we would not have so many SMS blasters being exported around the world by Chinese organized crime syndicates today.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email