Relations between the Philippines and China are difficult. Disputes over territorial rights in the South China Sea have led to dangerous confrontations; a recent encounter resulted in two Chinese ships colliding with each other as they chased Philippine vessels. Philippine officials have also accused China of interfering with elections held this year. This is said to involve online troll farms and other methods of spreading disinformation. Philippine President Ferdinand Marcos Jr. has ordered an investigation into allegations of election interference, which have been denied by China’s foreign ministry and its embassy in Manila. This context is necessary because news has been released of two Malaysians of Chinese ethnicity being arrested in Cebu City for using a radio comms device. It would be irresponsible to simply repeat the speculation swirling around them, as is the unfortunate norm for most websites and social media accounts that highlight stories relating to IMSI-catchers. The men may have been acting as spies, with the insinuation that they were collecting information from mobile phones on behalf of China, or they may have been using the radio comms device to commit fraud. Either way, it represents a continuation of a common theme for Philippines law enforcement.
The National Bureau of Investigation (NBI) reported that the men were arrested on August 8 in Cebu City. Their arrest was the result of an operation that began two weeks earlier. The names of the men were revealed to be Chong Hong Yee and Kim Chui Tan. A device described as an IMSI-catcher was found in the men’s hotel room, along with common electronic items like routers, mobile phones and RF modules. Cebu City is situated in the Visayan islands, south of Luzon, and is home to almost a million people. It is the sixth-largest city in the Philippines.
Local news media reports drew attention to the following:
- the Chinese ethnicity of the Malaysian nationals arrested;
- hotel staff had reported the men as ‘suspected terrorists’;
- the arrested men had ‘sniffing devices’ used for ‘spying activities’; and
- police cybersecurity investigators said the power of the radio device meant it could ‘draw off data up to 5G networks’.
Readers with a deeper technical understanding of security will share some of my doubts surrounding these claims. 5G security is much harder to crack than the security of earlier network generations, irrespective of how powerful any radio signal might be. It is implausible that spies were despatched to the Philippine’s sixth-largest city to exploit some little-known flaw in 5G security. The obvious place to do high-end spying would be in Manila, which is home to the country’s most important government offices and military headquarters. Police may have been consciously exaggerating the threat of espionage or unwittingly revealing that they do not understand what would be needed to intercept 5G communications.
According to some of the local reports, police also warned that scammers are changing their methods by basing themselves in hotels and resorts instead of offices and residential buildings. This year has seen a surge of news reports about SMS blasters being used around the world, and especially around Asia. SMS blasters and IMSI-catchers are both essentially a type of false base station. One major difference is that an IMSI-catcher may perform a man-in-the-middle attack by also being connected to a genuine mobile network, but SMS blasters are only used to transmit messages, eliminating the need to connect to a genuine network and to overcome all the additional security challenges which would come with that.
Commsrisk is reaching a stage where we seem to be publishing a new story about SMS blaster arrests every few weeks. The vast majority of these stories involve SMS blasters being used by people with Chinese affiliations to send large volumes of smishing SMS messages that impersonate a legitimate organization. Such messages contain a hyperlink to a phishing website. The intention is to collect the personal data, including the banking details, of victims. However, the authorities in the Philippines are bucking the trend because they seemingly keep arresting people with Chinese affiliations for using IMSI-catchers in a way that implies espionage.
There have also been a few cases where some Philippine law enforcement agencies have accused the arrested of engaging in smishing fraud. And there have been many reports of SMS blasters being illegally resold after they were previously used by Philippine Offshore Gaming Operators (POGOs) to send SMS messages that advertise their services. There have even been claims that government-owned SMS blasters, which are only meant to be used in emergencies, are being commandeered for political dirty tricks. This begs a serious question: when the authorities have so much pertinent experience, why would any Philippine law enforcement agency struggle to distinguish between a radio comms device that is configured for espionage and one which is only set up to send fraudulent messages? Why do they keep talking about the interception of data alongside the transmission of messages as if they cannot tell if they are investigating a state-sponsored spy ring or a gang of thieves?
It would suit some political interests to confuse scam activity orchestrated by Chinese organized crime syndicates with espionage sponsored by the Chinese state. This leads me to speculate that political bias is influencing the way these news reports are presented, and that smishing fraud remains the likeliest criminal motivation in cases like these. However, the information shared about this case is not definitive either way, which is why it will be excluded from our global map of fake base stations that send SMS messages until more information becomes available.
The NBI shared the following photograph of staff inspecting equipment found in the arrested men’s hotel room.




