Simboxes, SIM Servers and Protocol Signatures


When fraud managers implement techniques that successfully counter fraud, organized criminals are forced to innovate to safeguard their income. Bypass is not a new phenomenon, and fraud managers have made great progress at detecting simboxes through the use of test calls, and by configuring their FMS to recognize telltale call patterns. But have the fraudsters adapted, and are they now deceiving the fraud managers by deliberately allowing some of their SIMs to be identified, whilst using clever new methods to ensure the remainder escape detection? That is the argument made by Jan Vervloet, Chief Commercial Officer at LATRO Services, who was our guest for episode 22 of the Commsrisk podcast.

In outline, the risk is that SIM servers are increasingly used by fraudsters in order to alternate which SIMs are used for terminating international calls, so none of them trips the alarms set up in the FMS. In addition, ordinary user behavior is being effectively simulated, confusing fraud managers and encouraging them to whitelist the fraudster’s SIMs.

Jan has extensive experience of simbox detection after working for Meucci, the test call firm acquired by Keynote SIGOS in 2014. Now Jan is with LATRO, and he believes the technique of gathering technical data to determine the ‘signature’ of the device connected to the network – and hence directly distinguishing between a gateway and an ordinary mobile phone – should now be integrated into the arsenal of detective controls deployed by modern fraud managers.

Dan Baker once again joined me as co-host of the podcast. He provided his own insights into simbox fraud, based on research he recently conducted. You can download Dan’s white paper about simbox detection and network protocol analysis from here.

To learn more, listen to the podcast! You can play this podcast by pressing the button on this webpage, or by downloading the mp3 file from here. Or if you like iTunes, visit our page at the iTunes Store, where you will be able to subscribe to the podcast and have all future episodes automatically downloaded to your computer, phone or mp3 player.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.