Last week the Philippine’s National Bureau of Investigation (NBI) arrested a Chinese man who drove a car with an IMSI-catcher near the Manila headquarters of the Commission on Elections (Comelec), the country’s election regulator. Numerous news articles referred to the IMSI-catcher as a ‘spy device’ and the spin from the state news agency was also that the ISMI-catcher was designed for espionage.
The equipment has been identified as an International Mobile Subscriber Identity (IMSI) catcher, capable of intercepting mobile phone communications and tracking location data from other gadgets.
The NBI was invited to answer questions about the arrest at a subsequent Senate committee hearing. This revealed that the movements of the IMSI-catcher were monitored for 5 days before the arrest was made. During that time, the device had collected IMSIs from around 5,000 phones. It was notable that no mention was made of any recordings or data being gathered from conversations, despite a string of media reports about IMSI-catchers having the potential to eavesdrop on conversations.
The arrested man carried a Macao passport and spoke in broken English during his arrest. He claimed to be a tourist and that the Mitsubishi Adventure SUV he was driving belonged to somebody else. This is not the first arrest where IMSI-catchers have been associated with espionage in the Philippines. In March, the NBI arrested a gang comprising three Filipinos and two Chinese and charged them with espionage after the military detected IMSI-catcher transmissions near bases in Manila.
On the other hand, the Philippines is also currently conducting raids on vendors of SMS blasters, a relatively simple variety of IMSI-catcher that transmits SMS messages to mobile phones within range. Such messages may contain hyperlinks to fraudulent websites. Comelec has repeatedly warned that SMS blasters may be used to spread fake news during the country’s elections. Voters will go to the polls on May 12.
There has been a marked worsening of relations between China and the Philippines as a consequence of Chinese claims on disputed territories in the South China Sea. The Philippines government has signed defensive pacts with a number of other countries that also want to contain the threat of Chinese expansion. Similar talks will soon begin between the Philippines and Japan. This makes it difficult to judge if the Philippine authorities genuinely believe the Chinese state is trying to disrupt democratic elections or if they are using incidents involving Chinese organized crime to bolster support for confrontations with the Chinese military.
Many aspects of this apparent crime are similar to cases involving smishing SMS blasters in other countries. For example, there have recently been numerous reports of SMS blasters being used to transmit Chinese-language smishing messages around Japan. Photographs of the equipment in the arrested man’s car indicate the IMSI-catcher was connected to the same make of distinctive orange DC-to-AC electric power inverter as also seen running SMS blasters in the backs of cars in Hong Kong, Malaysia, Thailand and Japan. The next image shows the equipment seized during the arrest in Manila, while the one below shows close-ups of inverters used to power SMS blasters in (clockwise from top left) Hong Kong, Malaysia, Thailand and Japan.
Dramatic video footage of the arrest and the suspect being immediately interrogated about the contents of his car can be seen below.
PANOORIN: Aktuwal na pag-aresto sa isang Chinese national na mayroon umanong IMSI catcher sa sasakyan o gamit na kayang kumuha ng text messages, tawag at iba’t ibang sensitibong impormasyon sa mga gusali na may distansyang 500 metro hanggang 1 kilometro ang layo. | via John… pic.twitter.com/ICNjzBWXea
— GMA Integrated News (@gmanews) April 29, 2025
I am circumspect about claims that this device was used for espionage. Man-in-the-middle attacks that eavesdrop on phone conversations require a connection to a genuine mobile network. This makes them more sophisticated than the use of fake base stations to merely send one-way messages to mobile phones. Man-in-the-middle attacks should also be easier to foil because legitimate operators will have knowledge of the location of devices that are connected to its network. It is possible Chinese forces are spying on election workers in Philippines but it is not clear what advantage they would gain by doing so, especially as Comelec emphasized that no sensitive data is maintained at its Manila headquarters. This leads me to believe that a more mundane criminal activity, such as the sending of smishing messages or illegal promotion of specific candidates, is being exaggerated to influence the public’s attitude towards China. It is more interesting that the devices seized during this arrest align with theories about the distribution to drivers across East Asia of SMS blaster kits that consistently include the same kinds of equipment.
