Only in China: Sending Spam with an IMSI Catcher (plus Wikileaks/etc)

Let me first clarify something about my last note, why I don’t consider the Wikileaks releases eligible for the ‘Prometheus prize.’

Maybe an example is the best way to do make the point. Of all the recent leaks, only one really gets anywhere near the standard of “[stealing] the
secret of Gods’ domination upon men, [and exposing] such revelation to all humans in earth.”

That one would Appelbaum’s quip at 30C3 that the NSA uses RC6 to encrypt communication with its own botnets. After all, this raises in one fact the twin issues of: – The NSA doesn’t trust AES, so maybe you shouldn’t either
– The NSA does trust RC6, so think about it

Sure, it’s very much on the “birthday candle” end of the Prometheus scale, and I don’t quite trust Appelbaum so it could be a trick candle at that. But I think you get the point. Of all the leaks so far, ONLY ONE so much as attempted to emppower John Q. Public and show him how to not be under the thumb of The Powers That Be.

The rest is interesting, sure, and certainly worth reporting and applauding. But only really good for getting people riled up.

As for the news… well, y’all know about IMSI catchers, right?

Scary stuff cops and governments deploy at protests, houses, and Ecuadorian embassies?

Well, add spammers to the list. Chinese techno-crooks have figured out that not only is a sufficiently powerful IMSI catcher indistinguishable from legitimacy, but that putting it in the back of your van and driving around town is an excellent way to spam people’s phones.

As soon as it comes into range, the phones connect (thinking it’s the new phattest signal in town from the legit network) and WHAMMO, their inboxes get hit by fake SMSes of every stripe.

One bonus — since the spammers are pretending to be the network, they can set the “from” phone number to whatever they want, including legit bank phone numbers and the like.

Anyway, this tactic does raise one question. If they deploy this near an industrial bakery, does it become an IMSI Catcher in the Rye?

http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-mobile-cybercriminal-underground-market-in-china.pdf

http://www.ibtimes.co.uk/china-arrests-1500-people-sending-spam-text-messages-fake-mobile-base-stations-1442099

Advertisements
%d bloggers like this: