Russian Army Using Simboxes on Ukrainian Networks

It was just two months ago that Russia launched a huge cyberattack on Ukraine with the intention of spreading terror ahead of their invasion. At that time, many complacent observers still believed Vladimir Putin was engaging in an enormous bluff. Others expected Russia’s January cyber-sortie would soon be followed by operations designed to take all of Ukraine’s networks offline. Everyone now recognizes how foolish it was to believe Putin would not start another war, with the exception of those ill-informed Russians who trust their state’s propaganda. However, Ukraine’s electronic communications networks remain operational to a large extent, and gaps in connectivity have been closed by in-country roaming between Ukrainian mobile networks. The continuity of service is partly due to the bravery of Ukrainian telecoms engineers who fix and replace equipment broken by the fighting. There is also an explanation for why Ukraine’s networks have not suffered more damage: the Russian military is relying on civilian mobile phones to communicate with its own troops. They have even resorted to a classic telecoms fraud to circumvent controls implemented by Ukrainian telcos.

Cathal Mc Daid, CTO of AdaptiveMobile Security, has been monitoring reports from the country, including the Security Service of Ukraine (SBU) announcing they arrested a simboxer who was directing calls involving senior leaders of the Russian military across Ukrainian networks. The following tweets from Mc Daid describe the simboxing technology that was used.

The simboxer was also alleged to have sent thousands of text messages to Ukrainian soldiers and civil servants with the intention to demoralize them. The use of such low-grade tactics suggests Russia’s cyberwarfare capabilities have been greatly exaggerated. Russia is a nuclear power that spends USD48bn on its military each year, but their generals have proven incapable of maintaining effective lines of communication with their troops. There are numerous reports of Ukraine forces gathering intelligence for use in ambushes by intercepting messages exchanged by enemy soldiers that rely on cheap unencrypted radio walkie talkies. Interfax Ukraine reports that Russian soldiers have resorted to stealing mobile phones from Ukrainian civilians because Ukrainian networks blocked the mobile phones that the Russians had brought with them.

Ukraine’s freedom depends on keeping its own forces connected whilst maintaining the sympathy of the rest of the world by showing the devastation caused by Russian missiles and artillery. Putin has a contrasting strategy towards communication: he wants to control everything that people see and hear. He has been covering up the crimes of kleptocrats that systematically steal and abuse Russia’s people and resources, so it is no surprise that his allies include telecoms fraudsters.

Keep pushing your telco to do everything it can to help Ukraine. Review the list of telcos providing free calls and messages to Ukraine to make sure that your telco joins that list and remains on that list. And you can stop fraudsters exploiting this war for financial gain by blocking IRSF traffic to Ukraine with Colin Yates’ list of 50,000 target Ukrainian numbers.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.