It was just two months ago that Russia launched a huge cyberattack on Ukraine with the intention of spreading terror ahead of their invasion. At that time, many complacent observers still believed Vladimir Putin was engaging in an enormous bluff. Others expected Russia’s January cyber-sortie would soon be followed by operations designed to take all of Ukraine’s networks offline. Everyone now recognizes how foolish it was to believe Putin would not start another war, with the exception of those ill-informed Russians who trust their state’s propaganda. However, Ukraine’s electronic communications networks remain operational to a large extent, and gaps in connectivity have been closed by in-country roaming between Ukrainian mobile networks. The continuity of service is partly due to the bravery of Ukrainian telecoms engineers who fix and replace equipment broken by the fighting. There is also an explanation for why Ukraine’s networks have not suffered more damage: the Russian military is relying on civilian mobile phones to communicate with its own troops. They have even resorted to a classic telecoms fraud to circumvent controls implemented by Ukrainian telcos.
Cathal Mc Daid, CTO of AdaptiveMobile Security, has been monitoring reports from the country, including the Security Service of Ukraine (SBU) announcing they arrested a simboxer who was directing calls involving senior leaders of the Russian military across Ukrainian networks. The following tweets from Mc Daid describe the simboxing technology that was used.
1/5 Another significant capture in #Ukraine. Reported discovery today of a #SIMBox being used to relay Voice calls & SMS and other info to Russian forces (including top leadership of Russian army) & other individuals in #Ukraine. I will explain what this is and how it works. https://t.co/6MQAghOFqF
— Cathal Mc Daid (@mcdaidc) March 15, 2022
2/5
First the system is comprised of 3 main parts,
1) the SIM Box server – in this case a Hypertone SMB-128 . This handles the control of up to 128 SIM Cards, cycles them when detected etc , and co-ordinates interaction with the #GSM Gateways https://t.co/v991W2rTcJ pic.twitter.com/kJy6QlHqVP— Cathal Mc Daid (@mcdaidc) March 15, 2022
3/5 Next the GSM Gateways, there are two Hypertone types being used here:
– There are 3x GoIP 8 – VoIP Gateway for 8 Channels being used,
– along with 1x GoIP-4 4 SIM VoIP GSM Gateway.
Both can be used for SMS or Voice pic.twitter.com/tlzZkoL3WU— Cathal Mc Daid (@mcdaidc) March 15, 2022
4/5 Lastly the Software, unfortunately unable to make out the logo (anyone identify it?), but it would be used to co-ordinate the messages, call forwarding settings (in and out) etc. Whole system would look like the below.
There is also a Xiaomi Mi AIoT Router AX3600 present pic.twitter.com/aqtSEj0xgB— Cathal Mc Daid (@mcdaidc) March 15, 2022
5/5 A significant find as given their comms problems, this reportedly has been used to communicate with top leadership in the Russian forces. Ukrainian mobile opcos have made unprecedented defensive moves, this is '#cyberwar' impacting the battlefield https://t.co/qBB6J9RXe8
— Cathal Mc Daid (@mcdaidc) March 15, 2022
The simboxer was also alleged to have sent thousands of text messages to Ukrainian soldiers and civil servants with the intention to demoralize them. The use of such low-grade tactics suggests Russia’s cyberwarfare capabilities have been greatly exaggerated. Russia is a nuclear power that spends USD48bn on its military each year, but their generals have proven incapable of maintaining effective lines of communication with their troops. There are numerous reports of Ukraine forces gathering intelligence for use in ambushes by intercepting messages exchanged by enemy soldiers that rely on cheap unencrypted radio walkie talkies. Interfax Ukraine reports that Russian soldiers have resorted to stealing mobile phones from Ukrainian civilians because Ukrainian networks blocked the mobile phones that the Russians had brought with them.
Ukraine’s freedom depends on keeping its own forces connected whilst maintaining the sympathy of the rest of the world by showing the devastation caused by Russian missiles and artillery. Putin has a contrasting strategy towards communication: he wants to control everything that people see and hear. He has been covering up the crimes of kleptocrats that systematically steal and abuse Russia’s people and resources, so it is no surprise that his allies include telecoms fraudsters.
Keep pushing your telco to do everything it can to help Ukraine. Review the list of telcos providing free calls and messages to Ukraine to make sure that your telco joins that list and remains on that list. And you can stop fraudsters exploiting this war for financial gain by blocking IRSF traffic to Ukraine with Colin Yates’ list of 50,000 target Ukrainian numbers.