The Secret SIMs Used By Criminals to Spoof Any Number
The unsolicited call came from France. Or at least that's what my phone said. When I picked up, a man asked if I worked with the National Crime Agency, the UK's version of the FBI. When I explained, no, as a journalist I don't give information to the police, he said why he had contacted me.
"There are these special SIM cards out there," he said, referring to the small piece of hardware that slips inside a cell phone. "I'm actually ringing from one now," he added, before later explaining he runs an underground site that sells these cards.
This SIM card, the caller said, allowed him to spoof any phone number he wanted. Want to look like you're calling from a bank in order to scam a target? Easy. Want to change it to a random series of digits so that the recipient's phone won't record your real number? That just takes a few seconds to set up, according to tutorials of how to use the cards available online.
Do you sell encrypted phones or Russian SIMs? Do you use them? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.
Russian SIMs. Encrypted SIMs. White SIMs. These cards go by different names in the criminal underground, and vary widely in quality and features. But all are generally designed to give the user some sort of security or privacy benefit, even if what that particular SIM does is more theatre than substance. Beyond spoofing phone numbers, some SIMs let a caller manipulate their voice in real-time, adding a baritone or shrill cloak to their phone calls that is often unintentionally funny. Other cards have the more worthwhile benefit of being worldwide, unlimited data SIMs that criminals source anonymously from suppliers without having to give up identifying information and by paying in Bitcoin.
The SIM cards themselves aren't inherently illegal, but criminals certainly make a noticeable chunk of the companies' customer bases. The NCA told Motherboard it has seized so-called Russian SIMs from suspects during investigations. The existence of this bustling industry highlights how crime figures continue to try and leverage different technologies, and comes as government agencies successfully crack down on other parts of criminal technical infrastructure.
"They are the most popular SIMs in crime," a source close to the criminal world told Motherboard, referring to the anonymously sourced data SIMs. Motherboard granted multiple sources in this story anonymity to protect them from retaliation or to speak more candidly about industry practices.
Criminals often make use of so-called encrypted phones, customized devices that in some cases have the microphone, GPS, and camera functionality removed. Some of these companies also offer Russian or encrypted SIM cards, letting customers buy not just a handset, but the data and roaming capability they would need to actually use the phone quickly, as well as some extra features from the SIM if they like. Companies or individuals don't always sell both the phone and the SIM, but the industries do overlap.
To test the process of obtaining such a SIM, Motherboard purchased a so-called white SIM, known for not having any branding or labelling, through a source close to the criminal world. After sending the supplier around $100 in Bitcoin, a package arrived the next day.
A list of countries where this particular SIM worked and shared with Motherboard included Colombia, the UK, Morocco, Mexico, the UAE, and the U.S.
After receiving the SIM card and putting it into an unlocked phone, a user has to change the Access Point Name or "APN" on the device. An APN is a collection of settings a phone uses to set up a connection between the carrier's cell network and the wider internet. Essentially, entering this tells a user's phone that they want to connect to a particular phone network, one that it may not ordinarily recognize.
In one video uploaded to YouTube in April, a SIM vendor demonstrated how to spoof phone numbers with their product. The vendor typed a series of digits on their phone, followed by an asterisk, and then the number they wanted to mimic and then the hash symbol. After a pause, a second phone displayed an incoming call from the spoofed number.
In another video, a second vendor, this time wearing what appears to be black rubber gloves, demonstrated how to do the same with their own SIM.
"Contacting Server," the message on a Nokia handset read. Moments later, they received a call from 07777 777777; an obviously spoofed number.
"Scammers use [it] to to call people so it shows [a] bank number or eBay," one alleged vendor, who went by the handle Captain on the messaging app Telegram, told Motherboard. "They get sold worldwide. Spain. Morocco. Europe shit loads," they added.
"You can actually pick any number that you want," the person who said they phoned me from one of the SIMs said. "I could change it every call and keep running from a different number every time," they added, making blocking a caller difficult.
Though some of these SIMs are sold clandestinely, through messaging apps and via people in-the-know, public facing companies also sell these cards.
"After the call has ended, your interlocutor is left with the randomly generated number in his/her call log," the website for Secure SIMs, one company selling the cards, reads. And some sellers advertise their SIM cards on more clearly crime-focused marketplaces. The underground site Motherboard accessed sold so-called "fullz," which are pieces of credit card data, as well as access to hacked PayPal and bank accounts alongside SIM cards.
Other videos online show similar SIM cards and their voice changing feature. In one, a seller briefly shows some of the options available, such as "Man," "Woman," "Child," and "Cartoon."
Karsten Nohl, a security researcher from SRLabs focused on telecommunications security, told Motherboard in an email that operators of the SIM cards likely run their own Mobile Virtual Network Operator (MVNO), which is essentially a telecom company piggy backing off of the infrastructure of a more established network. Many MVNOs exist, including Google's Fi, which runs on top of T-Mobile's infrastructure.
In order to obtain SIMs and data to sell, smaller companies can go to different carriers around the world and buy the data in bulk, according to a source who currently works in the secure communications industry.
"Then you start selling these SIM cards as pooled data," the source said. To enter relationships with telecos in the United States or Canada, companies will likely need to create an MVNO, but may not need to in some other countries, the source said.
Dominic Gingras, CEO and founder of privacy-focused phone company Secure Group, told Motherboard in a phone call this may not be necessary, and said some companies could sign a deal with providers and gain access to APIs that would allow the number changing because they can be used for legitimate purposes.
Captain said the SIMs work by first connecting to a private server, which then makes the call itself on the user's behalf. They said the server is run by a Russian company—hence the street term Russian SIMs, as many users appear to think their calls are being routed through the country—but did not provide any evidence to corroborate the actual location of the server. At least some of the numbers associated with similar SIM cards come from Estonia, the source who currently works in the secure phone industry said. The person who owned the underground website selling SIM cards said the calls are instead going through "poor countries" where people can cheaply buy access to the phone network.
"People just have been drawn to the name Russian SIM," they said.
As part of an investigation into Encrochat, an encrypted phone network heavily used by organized crime, Motherboard obtained documents which contain evidence presented against Mark, an alleged drug dealer. For legal reasons, Motherboard is referring to Mark using a pseudonym. Those documents explicitly link so-called Russian SIMs to people allegedly trafficking heroin and other narcotics.
In one message, Mark told an associate "to ring his Russian number," the document reads. In another he asked someone to "ring him on the 'Russian'," prosecutors write. "My Russian Is Dead," Mark wrote to an associate.
Many of the companies or individuals selling these cards don't ask for any identifying information from a user apart from a shipping address to send the card to. This may be useful to criminals if they want to use a phone without necessarily giving their real name or address to a telecommunications company.
"It is important to mention that unlike regular GSM providers we don‘t sign any contracts or ask for personal data. This way we ensure that none of our clients personal information will be passed to third parties. All of our SIM cards are pre-paid which means that we receive mobile data in advance to ensure maximum safety for our clients," the website for one company called VIP Line reads.
Craig Buchan, the director of Omerta, a company that sells similar SIMs as well as handsets and marketed its products to former customers of Encrochat, told Motherboard in an email that "one key feature is obviously we do not keep records of our SIMs usage." (Bunchan said the company stopped allowing the spoofing of certain number prefixes in case they were being used in cases of fraud).
Some of the companies make extraordinary, and largely unsubstantiated claims, though. These include being "bulletproof," or being able to thwart all surveillance from IMSI-catchers, devices used by law enforcement that pose as cell phone towers and trick nearby devices to connect to them in order to track their physical location.
"SECURE SIMS. UNDETECTABLE, EVEN BY THE POLICE. COMPLETE ANONYMITY," the website adds.
"I feel like they are preying on the uneducated," one source who runs an encrypted phone company told Motherboard. "SIMs have unique identifiers when they connect to a roaming partner like O2 [a British telecom] for example."
"You can't just tell a device not to connect to a strong tower. That's what the device is designed to do. Find a strong signal. Latch on and use mobile data," the source added.
Gingras, the CEO of Secure Group, said the number changing and voice changing SIMs "are a novelty thing." They can give you another layer of privacy, perhaps by spoofing a number so you don't get called back, "but I don't think it's that serious."
"They are the most popular SIMs in crime."
"They may be a bit overextending their marketing, claiming that it protects you against your government's scrutiny," he added. "I don't think it's really that useful to protect you against a really upset government."
Even if someone obtained a SIM card anonymously, they are still using a SIM card and by extension a phone network. The source who currently works in the phone industry said "you can't be invisible."
Nohl, the security researcher, told Motherboard, "A data-only SIM (that uses IMS for voice/text) prevents IMSI catchers from intercepting voice calls and text. So do all 4G and 3G networks that use encryption, which IMSI catchers cannot break open, and many 2G networks that upgraded to A5/3 encryption," Nohl said. "In all these scenarios, the IMSI catcher can still catch IMSIs, though, mainly for tracking purposes."
Putting some of those more bold claims aside, some of these SIMs are still popular in the underground.
"Serious and organised criminals attempt to evade law enforcement, through both mainstream secure messaging apps and encrypted communication platforms specifically designed for criminal use," Matt Horne, Deputy Director of Investigations from the NCA, told Motherboard in an emailed statement.
"However, through the takedown of Encrochat and our work on Operation Venetic, we’ve shown that their methods and tools are not beyond our reach. By working closely with international and UK policing partners, we’re continuing to make technological advances and targeting those operating at the highest level of criminality," he added.
"They are the crime SIMs," the source close to the criminal world said.
Subscribe to our cybersecurity podcast, CYBER.
Os criminosos usam os chamados SIMs russos, criptografados ou brancos para alterar seu número de telefone, adicionar manipulação de voz às suas chamadas e tentar ficar à frente das autoridades. A ligação não solicitada veio da França. Ou pelo menos foi o que meu telefone disse. Quando atendi, um homem perguntou se eu trabalhava para a Agência Nacional do Crime, a versão britânica do FBI. Quando expliquei que não, como jornalista não dou informações à polícia, ele disse porque me tinha contactado. “Existem cartões SIM especiais por aí”, disse ele, referindo-se ao pequeno pedaço de hardware que desliza para dentro de um telefone celular. "Na verdade, estou ligando de um agora", acrescentou ele, antes de explicar que dirige um site clandestino que vende esses cartões. Esse cartão SIM, disse o interlocutor, permitia que ele falsificasse qualquer número de telefone que quisesse. Quer parecer que está ligando de um banco para enganar um alvo? Fácil. Quer alterá-lo para uma série aleatória de dígitos para que o telefone do destinatário não grave seu número real? Isso leva apenas alguns segundos para configurar, de acordo com tutoriais de como usar os cartões disponíveis online. Você vende telefones criptografados ou SIMs russos? Você os usa? Adoraríamos ouvir de você. Usando um telefone ou computador que não seja do trabalho, você pode entrar em contato com Joseph Cox com segurança no Signal em +44 20 8133 5190, Wickr em josephcox, bate-papo OTR em jfcox@jabber.ccc.de ou e-mail joseph.cox@vice.com . SIMs russos. SIMs criptografados. SIMs brancos. Esses cartões têm nomes diferentes no submundo do crime e variam muito em qualidade e recursos. Mas todos são geralmente projetados para dar ao usuário algum tipo de segurança ou benefício de privacidade, mesmo que o que aquele SIM específico faça seja mais teatro do que substância. Além de falsificar números de telefone, alguns SIMs permitem que um chamador manipule sua voz em tempo real, adicionando um tom de barítono ou uma capa estridente às chamadas, o que costuma ser involuntariamente engraçado. Outros cartões têm a vantagem de serem SIMs de dados ilimitados em todo o mundo, que os criminosos obtêm anonimamente de fornecedores sem ter que abrir mão de informações de identificação e pagando em Bitcoin. Os cartões SIM em si não são inerentemente ilegais, mas os criminosos certamente são uma fatia perceptível da base de clientes das empresas. A NCA disse ao Motherboard que apreendeu os chamados SIMs russos de suspeitos durante as investigações. A existência dessa indústria agitada destaca como os números do crime continuam tentando e alavancar diferentes tecnologias, e surge quando as agências governamentais reprimem com sucesso outras partes da infraestrutura técnica do crime. “Eles são os SIMs mais populares no crime”, disse uma fonte próxima ao mundo do crime ao Motherboard, referindo-se aos SIMs de dados de origem anônima. O Motherboard concedeu anonimato a várias fontes nesta história para protegê-los de retaliação ou para falar mais abertamente sobre as práticas da indústria. Os criminosos costumam usar os chamados telefones criptografados, dispositivos personalizados que, em alguns casos, têm a funcionalidade de microfone, GPS e câmera removida. Algumas dessas empresas também oferecem cartões SIM russos ou criptografados, permitindo que os clientes comprem não apenas um aparelho, mas os dados e a capacidade de roaming de que precisam para usar o telefone rapidamente, bem como alguns recursos extras do SIM, se quiserem. Empresas ou indivíduos nem sempre vendem o telefone e o SIM, mas os setores se sobrepõem. Para testar o processo de obtenção desse SIM, a Placa-mãe adquiriu o chamado SIM branco, conhecido por não ter nenhuma marca ou rotulagem, por meio de uma fonte próxima ao mundo do crime. Depois de enviar ao fornecedor cerca de US $ 100 em Bitcoin, um pacote chegou no dia seguinte. Uma lista de países onde este SIM específico funcionou e foi compartilhado com a placa-mãe incluiu Colômbia, Reino Unido, Marrocos, México, Emirados Árabes Unidos e Estados Unidos. Depois de receber o cartão SIM e colocá-lo em um telefone desbloqueado, o usuário deve alterar o ponto de acesso Nome ou "APN" no dispositivo. Um APN é um conjunto de configurações que um telefone usa para estabelecer uma conexão entre a rede de celular da operadora e a Internet em geral. Basicamente, inserir isso informa ao telefone do usuário que ele deseja se conectar a uma rede telefônica específica, que normalmente não reconhece. Em um vídeo carregado no YouTube em abril, um fornecedor de SIM demonstrou como falsificar números de telefone com seu produto. O vendedor digitou uma série de dígitos em seu telefone, seguidos por um asterisco e, em seguida, o número que queria imitar e o símbolo de hash. Após uma pausa, um segundo telefone exibiu uma chamada recebida do número falsificado. Em outro vídeo, um segundo fornecedor, desta vez usando o que parecem ser luvas de borracha pretas, demonstrou como fazer o mesmo com seu próprio SIM. "Contacting Server", dizia a mensagem em um aparelho Nokia. Momentos depois, eles receberam uma ligação de 07777 777777; um número obviamente falsificado. "Os golpistas usam [isso] para ligar para as pessoas e mostrar [um] número de banco ou eBay", disse ao Motherboard um suposto fornecedor, que usava o apelido de Captain no aplicativo de mensagens Telegram. "Eles são vendidos em todo o mundo. Espanha. Marrocos. Europa merda um monte", acrescentaram. "Você pode escolher qualquer número que quiser", disse a pessoa que disse ter me telefonado de um dos SIMs. "Eu poderia mudar a cada chamada e continuar correndo de um número diferente a cada vez", acrescentaram, tornando difícil bloquear uma chamada. Embora alguns desses SIMs sejam vendidos clandestinamente, por meio de aplicativos de mensagens e de pessoas bem informadas, as empresas públicas também vendem esses cartões. “Após o término da chamada, seu interlocutor fica com o número gerado aleatoriamente em seu registro de chamadas”, diz o site da Secure SIMs, uma empresa que vende os cartões. E alguns vendedores anunciam seus cartões SIM em mercados mais claramente focados no crime. O site clandestino que o Motherboard acessou vendeu os chamados "fullz", que são pedaços de dados de cartão de crédito, bem como acesso a PayPal hackeado e contas bancárias junto com cartões SIM. Outros vídeos online mostram cartões SIM semelhantes e seu recurso de mudança de voz. Em um deles, um vendedor mostra brevemente algumas das opções disponíveis, como "Homem", "Mulher", "Criança" e "Desenho animado". Karsten Nohl, um pesquisador de segurança da SRLabs focado em segurança de telecomunicações, disse ao Motherboard em um e-mail que as operadoras de cartões SIM provavelmente executam sua própria Operadora de Rede Virtual Móvel (MVNO), que é essencialmente uma empresa de telecomunicações tirando vantagem da infraestrutura de um rede mais estabelecida. Existem muitos MVNOs, incluindo o Fi do Google, que é executado no topo da infraestrutura da T-Mobile. Para obter SIMs e dados para vender, empresas menores podem ir a diferentes operadoras ao redor do mundo e comprar os dados em massa, de acordo com uma fonte que atualmente trabalha no setor de comunicações seguras. “Então você começa a vender esses cartões SIM como dados agrupados”, disse a fonte. Para estabelecer relações com telecos nos Estados Unidos ou Canadá, as empresas provavelmente precisarão criar um MVNO, mas pode não precisar em alguns outros países, disse a fonte. Dominic Gingras, CEO e fundador da empresa de telefonia focada em privacidade Secure Group, disse ao Motherboard em um telefonema que isso pode não ser necessário, e disse que algumas empresas poderiam assinar um acordo com provedores e obter acesso a APIs que permitiriam a mudança de número porque eles pode ser usado para fins legítimos. | |
Mais informações: | https://www.vice.com/en_us/article/n7w9pw/russian-sims-encrypted |
---|
Comentários
Postar um comentário