There was so much news this week that most of the commentary will have to wait until later, but one theme is worth reiterating. The leading Asian law enforcement agencies and comms providers are finding big frauds that target phone users. They then take rapid action to stop the frauds, and they tell the public what they have done. The leading Asian experts in fraud detection and prevention are routinely dealing with frauds that Western experts claim to have never seen in their countries. This leads to two hypotheses: either criminals work harder in Asia, or Western countries fail to see fraud because they have not devoted the same level of resources to detecting it. Decide for yourself which hypothesis is more likely to be true.
In this week’s bulletin:
- Thai Operator AIS Works with Police to Rapidly Defeat SMS Blaster Gang
- India’s Communications Minister Heralds Success of Sharing Roaming Data to Block Inbound International Calls That Spoof Domestic Numbers
- Danish Navy Detains Chinese Ship That Cut Baltic Submarine Cables
- SIM Swap Scam Syndicate Busted by MTN and South African Police
- Chinese Gangs Created Front Companies in Thailand to Disguise 700 Million Deceptive Calls
- AI Grandmother Demonstrates Differences in the Awareness of Fraud
- Other News
Thai Operator AIS Works with Police to Rapidly Defeat SMS Blaster Gang
This Monday, Thai police were joined by representatives of AIS, a leading mobile operator, for a press conference about the capture of SMS blaster phishing mobsters that began spamming victims approximately one week earlier. The techniques used by the scammers demonstrate how organized criminal gangs can combine well-established methods that will circumvent anti-fraud controls in telcos that lack a comprehensive strategy for crime prevention.
- An SMS blaster with a 3km radio range was driven around the Sukhumvit district in Bangkok, a densely-populated area with large shopping malls. The device was capable of sending 100,000 SMS messages per hour. It is believed that almost 1 million messages were sent during the short time the device was used.
- Phone users within range received a message stating: “Your 9,268 points are about to expire! Hurry up and redeem your gift now”. This was followed by a URL for phishing website. The URL included the string ‘aisthailand’, encouraging the false impression that the website belonged to AIS.
- The Telegram messaging app was used to instruct gang members about the exact wording of the scam SMS message.
- Information obtained via the phishing website included the victim’s credit card details, allowing the gang to make payments to accounts in other countries.
Police described the gang operating this scam as Chinese in origin, and the driver of the vehicle was identified as a 35 year old Chinese man. The police also said they were seeking arrest warrants for two Chinese members of the gang who currently reside in another country.
AIS worked with the police to locate the SMS blaster, leading to the arrest of the driver of the vehicle just two days after the discovery of the scam. The press briefing rightly provided no explanation of the methods used to find the SMS blaster. However, this outcome is consistent with previous conversations I have had with AIS insiders about their sophistication at locating SMS blasters. Their ability to find SMS blasters is evidently well ahead of most other mobile operators. It is also clear that AIS has a productive relationship with the police. The dedication of specialized police resources is equally vital to shutting down and punishing mobsters that target phone users with elaborate scams.
Video footage of the driver’s arrest and the equipment in his car can be seen below.
India’s Communications Minister Heralds Success of Sharing Roaming Data to Block Inbound International Calls That Spoof Domestic Numbers
India is collectively blocking over 13 million calls per day that present a domestic number despite originating outside of the country, per an interview given by Jyotiraditya Scindia, the Minister for Communications. This follows an INR387mn (USD4.6mn) government funding allocation for the country’s Centralized International Out Roamer (CIOR) system in July of this year. CIOR went live in October and immediately enabled a massive increase in the number of calls blocked because they were spoofing Indian mobile numbers.
The mind boggles at what India is accomplishing with its national strategy for using technology to protect people from spam and scam calls and messages. Meanwhile some of the world’s most ‘advanced’ economies waste years arguing about what is technically feasible. India’s success shows that simple but effective strategies for reducing spam and scam traffic can be implemented quickly at enormous scale with great effect. They are succeeding because the government provides leadership whilst acting as a genuine partner to the private sector. This contrasts sharply with other countries where politicians spend more time posturing than leading, and the private sector uses debates about technology to obfuscate what is actually to struggle over who will generate the most profit from the development of anti-fraud systems and processes.
Danish Navy Detains Chinese Ship That Cut Baltic Submarine Cables
Chinese cargo vessel Yi Peng has been boarded by the Danish Navy following suspected sabotage of two submarine communications cables in the Baltic Sea. A 218km cable from Lithuania to Sweden’s Gotland Island was cut on Sunday and a 1,170km cable linking Finland and Germany was cut on Monday morning. This is only the second time that a ship has been boarded per the rights granted by Article X of the Submarine Cables Convention, which was signed in 1884 and was originally intended to discourage nations from interfering with each other’s telegraph cables. Article X has only previously been exercised once before, when a Soviet trawler was boarded by a US Navy ship in 1959. Danish patrol vessel Y311 Søløven chased down Yi Peng after the Chinese ship sailed close to both cables at the time they were broken. Yi Peng is now anchored just outside Danish territory. The Chinese ship has a Russian captain and had sailed into the Baltic Sea from the Russian port of Ust-Luga.
The seriousness of this incident should not be underestimated. A joint statement from defense ministers of Sweden and Lithuania said “situations like these must be assessed with the growing threat posed by Russia in our neighbourhood as a backdrop”. Both they and Germany’s defense minister responded to the incident by referring to the threat of ‘hybrid’ military activities. Such hybrid activities include the disruption of communications as part of a strategy to undermine another nation’s ability to respond to an assault. Investigations by the authorities in Germany and Sweden are treating the cutting of the cables as a potential act of sabotage, whilst Lithuania’s authorities have categorized the incident as potential terrorism.
Commsrisk has been describing the increased risk of deliberate interference with submarine communications cables in recent years. In 2021, Britain’s Royal Navy commissioned a new ship specifically to protect undersea cables a decision partly motivated by Ireland’s inability to defend transatlantic cables despite the presence of Russian ships loitering offshore. Meanwhile, China appears to be repeatedly testing Taiwan’s defenses by cutting their submarine cables, prompting Taiwan’s government to respond by building hundreds of satellite receivers to maintain communications in an emergency. Just a few months ago, the US State Department warned against using the cable ships belonging to a Chinese-British joint venture.
SIM Swap Scam Syndicate Busted by MTN and South African Police
MTN South Africa announced on Tuesday that a joint operation with the police had shut down a gang which took control of the accounts of victims by tricking them into believing they were speaking to staff in MTN’s call centers. The crooks would call victims and pretend to be protecting them from SIM swap fraud, but that the victims needed to answer questions about their accounts to verify who they were. This information was used to gain control of the phone account, which was then used to receive one-time passwords so they could gain access to the victim’s bank accounts.
The police obtained warrants to raid five properties in the Soweto region of Johannesburg that were believed to be front businesses and call centers used by the gang. Per a statement issued by MTN:
The successful raid is a result of a coordinated effort by various stakeholders including anonymous tip-offs.
Chinese Gangs Created Front Companies in Thailand to Disguise 700 Million Deceptive Calls
An investigation by police into the misuse of Thai phone numbers in the range beginning 02 has identified three Thai-registered companies with Chinese directors that obtained Thai numbers in order to make foreign-originated calls appear to come from within the country.
- Ruan Yun Information Technology Co Ltd registered 3,000 Thai phone numbers which were used to dial 256 million calls. Two of the three directors are Thai, whilst the third director is a Chinese individual who is also the majority shareholder.
- Yun Tien Ke Technology (Thailand) Co Ltd registered 6,000 Thai phone numbers which were used to dial 345 million calls. Two of the three directors are Chinese, whilst the third is Thai.
- Prima Technology (Thailand Co Ltd) registered 2,201 Thai phone numbers which were used to dial 129 million calls. All three company directors are Chinese.
Immigration records showed that only one of the Chinese directors of these companies had ever been in Thailand, and that he had exited the country in 2013. Police reported that this is the first prosecution of its kind to involve foreign criminals colluding with Thais to create Thai front companies to disguise the international origin of telecoms traffic. A total of 24 arrest warrants have been issued for people involved in the companies or acting as mules. Arrests have already been made of nine Thais and one Myanmar national. There are outstanding warrants for three Chinese nationals, one from Singapore, one from Malaysia, three from Laos, and six more from Thailand.
AI Grandmother Demonstrates Differences in the Awareness of Fraud
It is International Fraud Awareness Week, a promotional exercise created by the Association of Certified Fraud Examiners (ACFE). Normally this would be enough to prompt me to write something encouraging about the ACFE’s efforts, but this year I had some reservations. What exactly are promoters of fraud awareness week trying to promote awareness of? There are so many kinds of fraud that ACFE cannot be prescriptive about the messages that many varied organizations choose to share at this time. And the kinds of organization that engage with fraud awareness week are very varied indeed. Nobody is arguing that Barnsley Council is less justified in drawing attention to fraud than French technology conglomerate Thales, or that the Serious Fraud Office in New Zealand has less reason to highlight the week than a big accounting firm in Germany. However, there is not much they can say about fraud which is common to all of them, apart from the fact that fraud is dishonest and wrong, and that it would be good to reduce it. As each year goes by, I increasingly question whether enthusiasm for International Fraud Awareness Week is correlated to the lack of coherent national strategies for reducing fraud. Talking about public awareness seems to have become a substitute for talking about ways to stop crime, or how to catch criminals and put them in prison.
Just look at the stories above. Real action has been taken to reduce fraud in Thailand, India and South Africa. Meanwhile, the biggest anti-fraud news in the UK this week has been that Virgin Media O2 (VMO2) created an AI grandmother called ‘Daisy’ which wastes the time of scam callers. It is an effective story, perfectly executed so it would be repeated by the press all over the UK and in many foreign countries too. But Daisy is not a genuine attempt to reduce crime. Daisy is a marketing gimmick. Daisy was made by advertising agency VCCP, not by some team of fraud managers or coders employed by a telco. This should be obvious from the fact that VCCP went to a lot of trouble to create animated images of Daisy holding her cat or sitting in her chair at home; nobody who calls Daisy’s number will ever see her animation, not that she looks like a real person anyway. She even has flaws typical of using pseudo-clever AI to create images that seem convincing until you examine them closely; even the dottiest grandmother is unlikely to place her wedding ring over the rubber gloves she uses for washing up.
Daisy is not even an original idea; others have previously shown that you do not need ‘artificial intelligence’ to fool fraudsters by playing them the recording of somebody pretending to be confused, distracted and hard of hearing. For example, ‘Lenny’ is a bot that has been wasting the time of callers since 2009. VMO2 have tried to make this marketing campaign seem more like a genuine attempt to tackle crime by asserting they have seeded Daisy’s number so that scammers will be likely to call it. Perhaps they have; they did not share details about how many numbers have been dedicated to Daisy. The real impact that Daisy will have on scammers depends more on the number of lines dedicated to this tool, and how often the numbers are changed, than the number of views for a TikTok video depicting Daisy chatting with a z-list celebrity from a reality television program. However, if VMO2 really wanted to stop crime, they would not have publicized Daisy’s existence. Drawing attention to Daisy only guarantees that scammers will more rapidly identify and then avoid any numbers allocated to her.
Wasting the time of scammers is not a genuine strategy for fraud reduction. We should be talking about when telcos will implement genuine honeypots that are designed to gather intelligence about criminals so it can then be shared with authorities responsible for catching them, as well as improving the quality of controls that identify and block bad traffic. Just last week I asked technical experts from Ofcom, the UK’s comms regulator, about whether there were any plans to start using phone honeypots to identify and measure scam activity on a national scale. They gave an answer which was non-committal for obvious reasons: there is no serious intention to use technology like this. So it strikes me as absurd that an ‘awareness’ campaign is giving people the impression that one of the UK’s biggest telcos is protecting them using phone lines and technology that could just as easily have been devoted to establishing a real and permanent honeypot.
Perhaps the reason why no British telco wants to implement a genuine phone honeypot is the belief that nobody in law enforcement will act upon any intelligence gathered by a honeypot. Some people keep saying the UK has a serious strategy for policing fraud. The UK now has some words written on paper; whether this is considered a strategy depends on what you think is the minimum required for a coherent strategy, and whether there is a sincere intention to execute the strategy as stated. VMO2 clearly has doubts about the UK’s anti-fraud strategy. This was evident from a much more significant press release issued by VMO2 just a few weeks ago, and which saw the operator abandoning the ‘see no evil, hear no evil, speak no evil’ policy which Britain’s biggest telcos had studiously followed for decades.
Police forces are not given enough power or resources to counter professional gangs of fraudsters committing crime without consequence, Virgin Media O2 has today warned as it calls on the new Government to make tackling fraud a priority.
…only 1 in 20 (6%) cases reported to Action Fraud ever reached police forces for investigation in the 2023/2024 financial year and for those that did, few resulted in charges.
When forces were asked how many officers they have dedicated to investigating fraud, three police forces revealed they didn’t have any — despite each employing thousands of staff — highlighting how chronic under-resourcing has impacted the police’s ability to act.
Virgin Media O2 has hired former police officers to investigate prolific fraudsters and submitted 34 police-compliant evidence packs focused on cases where they believe there is realistic prospect of a conviction over the past two years. It has only been made aware of two successful prosecutions.
Virgin Media O2 is now calling on the new government to take accountability for stopping fraud at its source by appointing a dedicated fraud minister and creating a single centralised, specialised and properly resourced national policing body responsible for investigating all instances of fraud. This will bring together fraud specialists, enabling them to act across borders, share data and draw on local expertise as needed to fight fraudsters.
It matters that one of Britain’s biggest telcos said we need at least 400 more police officers fighting fraud than the government has currently budgeted for. However, you would struggle to find any mention of this figure by the news media. Meanwhile, the public is supposedly more aware of fraud than before because an advertising agency created an animation of an old woman. Are these the right priorities for a country that believes it has a serious anti-fraud strategy?
VMO2’s activities have made me more aware of differences between countries that are actually fighting fraud and countries where talk is treated as a substitute for action. The public should be aware of the work done by law enforcement to tackle crime. If police and prosecutors lack the necessary resources then the public should be aware of the government’s explanation for why those resources have been withheld. The UK is not the only country whose biggest problem is that ‘fraud awareness’ is being used to distract the public’s attention from how little is being done to protect them.
