Sixth Suspect Arrested for Massive Paris IMSI-Catcher SMS Scam

Following the five arrests that occurred in February, Agence France-Presse reports that a sixth suspect has been indicted for participating in a scam where smishing messages were sent to mobile phones using IMSI-catchers driven around Paris.

The sixth member of the gang was born in 1997 and arrested in Montpellier on charges of fraud and attempted fraud in an organized gang, and unauthorized possession of a device to intercept computer data. He was remanded in custody on Friday.

The first IMSI-catcher was found by chance in late December when gendarmes stopped a woman driver who was intoxicated with drugs before noticing radio antennae on her back seat. A wire led to equipment in the trunk of the car that was initially mistaken for a bomb, but later identified as an IMSI-catcher. A second IMSI-catcher belonging to the gang was discovered in February; it was carried in an old ambulance that had been used to circulate the northern and western suburbs of Paris. Investigators have determined that 400,000 Parisians received SMS messages that encouraged them to submit their personal data to a bogus health insurance website.

SMS has never been a secure channel for communication, but you would not know that from the way many so-called security experts demand ever-increasing use of SMS messages for the sending of passwords. Meanwhile, the cost of IMSI-catchers has fallen, making their use for scams more viable than ever before. These revelations about widespread systematic abuse of IMSI-catchers in Paris should serve as a wake-up call for those elements of the infosec community who underestimate the myriad ways that criminals can exploit SMS.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.