Last November, a company asked Telus to track down a scam text received by one of its customers.
Vancouver-based Telus blocks hundreds of thousands of malicious text messages that attempt to traverse its network every day, according to its chief security officer, Carey Frey. But the telecom couldn’t find any evidence of that particular message in its network logs.
Mr. Frey hypothesized that it may have originated from an SMS blaster – a powerful, portable cyberweapon that, up until that point, had never been detected in Canada.
His suspicions turned out to be correct, culminating in a months-long law enforcement investigation. On Thursday, Toronto Police announced they had arrested three men and charged them with 44 offences, including fraud and mischief, in connection with a cybercrime probe dubbed Project Lighthouse.
Authorities also seized several SMS blasters. The portable devices, which are small enough to hide in a backpack or the trunk of a car, are one of the hottest new gadgets in the arsenals of cybercriminals, and have been detected in other countries such as Britain and New Zealand.
Smishing scams are on the rise made easier by artificial intelligence, new tech
SMS blasters are made up of several components – a radio, a battery and a laptop – and essentially function as rogue cell towers, convincing phones in their vicinity to connect to them instead of a wireless carrier’s network. (“SMS” stands for “short message service,” the technology behind standard text messages.)
“Mobile phones are designed to go to the signal that is the strongest,” Mr. Frey said. “That’s how mobile phone technology, cellular technology, is designed to work all over the world – they pick up the strongest signals so that you have good connectivity, and these devices abuse that function.”
Once a phone connects to the rogue tower’s network, which uses outdated second-generation, or 2G, wireless technology, the laptop instructs the SMS blaster to spam the phone with fraudulent text messages.
In this instance, the texts purported to be from trusted organizations, directing the users to click on links that would take them to fake websites designed to steal their personal information, banking credentials and passwords.
“We believe tens of thousands of devices connected to the blaster over several months,” said Detective Sergeant Lindsay Riddell of the Toronto Police.
The devices are capable of wreaking other kinds of havoc. They can surveil calls and texts, install malware on devices and interfere with 911 calls. If a large number of them are deployed in a particular area, they can even cause a small wireless outage.
“We didn’t see any of those behaviours in this case, but those certainly could have been there,” Mr. Frey said.
SMS blasters are attractive to cybercriminals for multiple reasons. They allow scammers to send texts without needing to obtain victims’ phone numbers, and because the messages bypass wireless networks, the telecoms aren’t able to block them. The devices can be purchased online – owning one isn’t inherently illegal – and tracking down one that’s being used to commit a crime requires considerable resources.
A telecom can triangulate an SMS blaster’s location based on where customers’ phones have disconnected from the carrier’s wireless network. But if the device is on the move, that information can quickly become outdated.
“These three individuals and/or their accomplices were driving this thing around all over metro and downtown Toronto,” Mr. Frey said.
“It would not have been possible for the police to get the information they needed to locate these devices without getting data from all of the major wireless carriers at the same time,” he added.
How Canadian seniors can stay ahead of cyber scams
After it had been determined that an SMS blaster was operating in downtown Toronto, the original complainant reported the incident to police. A report was also made by the telecom sector to Innovation, Science and Economic Development Canada, which enforces the proper use of spectrum – the airwaves used to transmit wireless signals.
Nicholas Payant, chief information security officer at BCE’s Bell Canada, said the investigation demonstrates how the telecom sector can work with law enforcement and government agencies to address misuse of spectrum by criminals.
“These devices are using allocated spectrum, and that’s a huge concern, on top of obviously the main issue, which is harm to Canadians,” he said.
On March 31, Toronto Police arrested and charged two men – 27-year-old Hamilton resident Dafeng Lin and 25-year-old Junmin Shi of Markham, Ont. – in connection with the investigation. A third man, 21-year-old Markham resident Weitong Hu, turned himself in to police on Tuesday. Police are still working to identify victims.
During a press conference held Thursday to announce the charges, Deputy Chief Robert Johnson told reporters that the attacks demonstrate how cybercrime is evolving.
“What makes this particularly concerning is the scale and impact. This wasn’t targeting a single individual or a business – it had the ability to reach thousands of devices at once,” he said.
“This is a clear example of how cyber-enabled crime is becoming more advanced, more mobile and more difficult to detect, and why policing must continue to evolve alongside it.”