Imagine the following scenario. You are in a busy shopping mall, walking between two stores. An ordinary-looking man passes you as he shuffles in the opposite direction. He has a backpack, though you think nothing of it. The phone in your pocket silently connects to the IMSI-catcher in his backpack. What is he going to do with the data he has just obtained from your phone? Whatever his purpose, you will never be able to link it to the man because your phone’s connection to a real mobile network is restored before you remove the phone from your pocket again. You have been set up to be the victim of a crime but you remain blissfully unaware as you continue with your shopping.
Or perhaps you do notice something unusual has happened. You were in the middle of a call but it unexpectedly dropped as the man neared you. Or you received an SMS message which you correctly identify as a scam because the man misspelled the name of the business his message was trying to impersonate. In the worst case scenario, you may be calling for an ambulance because somebody needs emergency treatment but you cannot get through because the device in the man’s backpack is effectively jamming your phone’s ability to connect to a genuine network, as well as jamming all the other mobile phones nearby.
Whether we describe them as IMSI-catchers, or fake base stations, or SMS blasters, we can all agree about the potential harm that can be done by people weaponizing portable radio comms equipment that connects to your mobile phone. Such equipment may be used for espionage. It may be used to send fraudulent messages. But whatever the use, no normal law-abiding citizen needs to use tech like this, and the failure to place limits on the sale of this tech represents a risk to all of us. So why is Google so complacent about letting this kind of tech be brazenly advertised for sale through the platforms it owns, such as YouTube?
There have been many videos that advertised IMSI-catchers and SMS blasters on YouTube. Vendors of this technology like using the platform because they embed their contact information within the video itself. They also like YouTube because it is the social media platform which is laziest at identifying and scrubbing content relating to this dangerous breed of technology.
Of all the adverts for scam equipment I have seen on YouTube, the worst remained on their platform for most of 2024, and was only removed after some pompous nincompoop saw that it was mentioned in the response I wrote to a consultation on mobile messaging scams run by Ofcom, the UK’s comms regulator. That video encouraged prospective buyers of an “Ultra Light BackPack IMSI catcher with optional voice support” by depicting a user carrying it through a busy shopping mall, effectively spying on every shopper nearby. It showed the user scrolling through an app on his own phone that listed every victim’s phone he had harvested data from. But if you missed the video before, you can watch it now, because it is back on YouTube again.
The threat depicted in this video is no idle fantasy. Last year a fake base station was carried by backpack through a Bangkok shopping mall just two months after this video was first uploaded to YouTube. But instead of engaging properly with the threat to the public, the Google nincompoop I dealt with during that Ofcom consultation sought only to minimize the impact on Google’s business by exaggerating the efforts made to tackle these adverts.
Having seen an advanced draft of my submission, which I wrote on behalf of the Mobile Ecosystem Forum (MEF), Google’s goon complained that her business was already doing a great job of removing harmful videos of this type. She also said Google should be privately advised of any videos they had failed to remove, presumably because making Google’s failings public would draw attention to it. In other words, they sought to abuse their privileged position as a paying member of MEF to cover up their own inadequacies. Having seen how MEF behaves in practice, Google would have succeeded in hushing this up if I had not been working for MEF at that time.
I wanted attention to be paid to Google’s failings so they might be motivated to address those failings. Being the person I am, my reaction involved countering Google’s attempts to suppress important public information. I did this add by adding more URLs of YouTube videos advertising dangerous equipment to the final version of MEF’s submission to Ofcom. This was written after Google’s review, thus denying them the opportunity to sneakily remove those videos before Ofcom saw them.
It would be ridiculous to suggest that everybody in Google is a bad person. But it would be equally ridiculous to suggest Google’s interests perfectly align with those of the general public. Google’s activities need to be scrutinized. When appropriate, Google needs to be challenged over its failings. When it comes to scams, challenging Google is getting harder each month. Neutral observers will be conscious of Google’s growing influence over parts of the comms industry that claim to be tackling scams. If Google is spending money because it wants to manage how it appears to regulators and government agencies, but without the intention to actually stop scams, then their influence is going to shut down criticism that needs to be voiced.
Some of Google’s efforts have ironically been focused on changing Android phones to counter the threat of SMS scams propagated by fake base stations. This work is commendable. However, it is doubtful that Google has made any improvements in filtering adverts for radio comms equipment that are primarily targeted at the criminal fraternity. It is perverse to want to install AI on every phone to identify potential scams but not to use AI to prevent YouTubers uploading adverts for equipment that spreads scams. Sadly, this is the wrongheaded route we may be taking as an industry. More revenue can be generated by installing AI on a billion phones than by using AI to prevent the upload of adverts aimed at the criminals who search for terms like ‘IMSI-catcher’.
The proof of YouTube’s failure can be seen below, at least until somebody in Google reads this article. I made a copy of the video using screen capture to ensure its existence at this URL was documented, in case any Google employee wants to later tell fibs about how well they filter uploads. This video is the same as the video I wrote about in April 2024, although it was uploaded from a new account that was only created on September 13 of this year. People say fighting consumer scams is like playing ‘whac-a-mole’ because we never know where scammers will pop up next. Sometimes the truth is that bad actors pop up in the same place as before, and do the same thing as before, because nobody has done anything different to stop them.
