Two Arrested In UK Over Fake Cell Tower-Powered Smishing Campaign

British police have arrested two individuals following an investigation into illegal homebrew phone masts used for SMS-based phishing campaigns.

The illegitimate phone mast, described as a “homemade mobile antenna” and dubbed by police as a “text message blaster,” is thought to be a first-of-its-kind device in the UK designed to fire dodgy texts out en masse, all while bypassing network operators’ anti-smishing controls.

Thousands of messages were sent using this mast, City of London Police said on Friday, with those behind the operation misrepresenting themselves as banks “and other official organizations.”

“The criminals committing these types of crimes are only getting smarter, working in more complex ways to trick unknowing members of the public and steal whatever they can get their hands on. It is vital we work with partners to help prevent the public from falling victim to fraud,” said temporary detective chief inspector David Vint, head of the Dedicated Card and Payment Crime Unit (DCPCU).

“Remember, a bank or another official authority will not ask you to share personal information over text or phone. If you think you have received a fraudulent text message, report it by forwarding it to 7726.”

Most network operators in the UK are enrolled in a scheme that allows customers to forward suspicious SMS messages to 7726 – a dedicated number for assessing the potential threat of any given message. Network operators can then decide whether to block or ban the sender if foul play is afoot.

For example, EE has stopped tens of millions of scam SMS messages since stepping up its anti-spam filter in 2021. It also runs a scheme in its retail stores whereby new customers can verify their identity with the network, vastly reducing the likelihood that messages stemming from their accounts would ever be spammy in nature.

Huayong Xu, 32, of Alton Road in Croydon, was arrested on 23 May and remains the only individual identified by police at this stage. He has been charged with possession of articles for use in fraud and will appear at Inner London Crown Court on 26 June.

The other individual, who wasn’t identified and did not have their charges disclosed by police, was arrested on May 9 in Manchester and was bailed.

City of London Police said it was working with network operators, communications regulator Ofcom, and the National Cyber Security Centre (NCSC) on the case.

Ofcom told us: “Criminals who defraud people using mobile technology cause huge distress and financial harm to their victims. We’re working closely with the police, the National Cyber Security Centre, other regulators, and industry to tackle the problem.”

The Register asked NCSC for more details on the masts and if there are thought to be additional devices popping up around the UK. NCSC referred us to the City of Police for comment.

City of London cops told us: “A lot of your questions relate to tactics used by both the police and the criminals, so we wouldn’t be able to provide any information for obvious reasons.”

Without any additional information to go on, it’s difficult to make any kind of assumption about what these “text message blaster” devices might be. However, one possibility is that authorities are referring to an IMSI catcher. 

Without breaking off and franchising their own network operator and securing a license to offer services in a given area, it’s possible that an IMSI catcher is involved rather than an actual mobile mast in the traditional sense.

IMSI catchers, sometimes called Stingrays, are devices commonly used by law enforcement to triangulate a target cellular device and at times intercept their communications.

They can also be used by nefarious individuals to force phones within their catchment area to drop off from the legitimate mast and instead connect to its simulated cell site. From there, they can forcibly downgrade the security protocols that power innovations like anti-spam filters and send spammy texts freely.

In recent years, the US has been caught abusing IMSI-catchers and deploying them without adhering to federal rules that guardrail their use. Further back, the UK’s plans to deploy IMSI catchers across prisons to block calls made by contraband phones were foiled in 2017 after cellies realized the hardware that blocked these calls was actually placed inside prison walls. 

They cottoned onto the fact that placing sheets of aluminum foil over the devices would stop them from working. Addressing the public about the failure of the IMSI catcher trial in prisons, officials said “innovative countermeasures” were to blame. ®