Article lede: European law enforcement in an operation codenamed ‘SIMCARTEL’ has dismantled an illegal SIM-box service that enabled more than 3,200 fraud cases and caused at least 4.5 million euros in losses.
The UN thing was stupid, it peddled a story about disabling the phone network bla bla. The real purpose of those sim banks is various forms of illicit scraping or click fraud, signing up for 100’s of fake SMS verified Facebook accounts so you can run sales scams, etc. That sounds like the nature of the thing that was just busted.
The news article was about a specific incident in the EU and idk if it generalizes to “governments” but yes, sim farms, and in some cases racks full of real phones running apps, really do exist, mostly for skeezy if not criminal purposes. It’s not like some privacy conscious rando having a few burner phones for whatever. If they have 10,000 active phone numbers terminated in a warehouse, they are up to something sus.
thericofactor@sh.itjust.works
on 18 Oct 07:28
nextcollapse
It’s also used to offer cheap sms service to shady aggregators or mobile network operators.
These phones will have a free sms subscription and they send incoming otp SMS s through to end users for say half the normal price of an otp SMS. 100% profit.
Interesting though as you say, also shady. Also seems marginal. Sending enough SMS to recover the monthly cost of the SIM cards seems likely to get the carriers’ attention after a while. Outbound SMS from Twilio are around 0.8 cents each in the US fwiw. Much less hassle. Maybe even less from carriers. No idea about EU.
RheumatoidArthritis@mander.xyz
on 18 Oct 07:52
collapse
The article is about an EU incident, but something similar happened recently in the US.
The article also mentioned names of 2 websites which anyone could use. IDK about you, in my country there’s no such thing as a burner because of ID requirements and using services like this, paid with monero, is the only way to create an account privately without resorting to criminal activity such as using fake IDs.
The thing in the US was about a sim farm in New York and the reporting was pretty stupid from what I could tell. At present you can get US mobile phones and sims without ID. Also, most services that send sms validation don’t care if it’s a real mobile number. I use a VoIP number and it’s usually fine.
If you’re using a hosted sim to forward SMS to your real phone # or email, you have to expect that a determined or powerful enough opponent will link the two. What happens then probably depends on what you were doing.
RheumatoidArthritis@mander.xyz
on 18 Oct 09:17
collapse
Not my experience, the last time I had to use my provider’s real SIM SMS service was when registering with a local taxi hail app.
Yeah I don’t currently use any ride hailing apps and haven’t posted to Craigslist in ages. Some services will be more paranoid than others. Depends on how much fraud they encounter I guess.
What gives Shadowserver the right to scan the whole ipv4 internet? Fairly certain scanning a network that you don’t have authority to scan/manage is a violation of at least 1 federal law and may local laws.
No yeah I mean this is completely on a different level I just amuse myself by promoting XMPP. There are other phone gateways for it I just need to call Turtle Islanders.
DieserTypMatthias@lemmy.ml
on 19 Oct 20:02
collapse
AFAIK more services are switching either to TOTP, passkeys or to WhatsApp/Telegram.
RheumatoidArthritis@mander.xyz
on 20 Oct 18:38
collapse
Oh that is great news, but I still have to see one of these services. Some have TOTP but SMS is still required to create an account
DieserTypMatthias@lemmy.ml
on 20 Oct 20:27
collapse
threaded - newest
Article lede: European law enforcement in an operation codenamed ‘SIMCARTEL’ has dismantled an illegal SIM-box service that enabled more than 3,200 fraud cases and caused at least 4.5 million euros in losses.
That seems sus AF, like when the USA "found" something similar targeting UN headquarters.
The UN thing was stupid, it peddled a story about disabling the phone network bla bla. The real purpose of those sim banks is various forms of illicit scraping or click fraud, signing up for 100’s of fake SMS verified Facebook accounts so you can run sales scams, etc. That sounds like the nature of the thing that was just busted.
If would be nice if we could trust government and media. It's tricky.
The news article was about a specific incident in the EU and idk if it generalizes to “governments” but yes, sim farms, and in some cases racks full of real phones running apps, really do exist, mostly for skeezy if not criminal purposes. It’s not like some privacy conscious rando having a few burner phones for whatever. If they have 10,000 active phone numbers terminated in a warehouse, they are up to something sus.
It’s also used to offer cheap sms service to shady aggregators or mobile network operators. These phones will have a free sms subscription and they send incoming otp SMS s through to end users for say half the normal price of an otp SMS. 100% profit.
Interesting though as you say, also shady. Also seems marginal. Sending enough SMS to recover the monthly cost of the SIM cards seems likely to get the carriers’ attention after a while. Outbound SMS from Twilio are around 0.8 cents each in the US fwiw. Much less hassle. Maybe even less from carriers. No idea about EU.
The article is about an EU incident, but something similar happened recently in the US.
The article also mentioned names of 2 websites which anyone could use. IDK about you, in my country there’s no such thing as a burner because of ID requirements and using services like this, paid with monero, is the only way to create an account privately without resorting to criminal activity such as using fake IDs.
The thing in the US was about a sim farm in New York and the reporting was pretty stupid from what I could tell. At present you can get US mobile phones and sims without ID. Also, most services that send sms validation don’t care if it’s a real mobile number. I use a VoIP number and it’s usually fine.
If you’re using a hosted sim to forward SMS to your real phone # or email, you have to expect that a determined or powerful enough opponent will link the two. What happens then probably depends on what you were doing.
Not my experience, the last time I had to use my provider’s real SIM SMS service was when registering with a local taxi hail app.
Yeah I don’t currently use any ride hailing apps and haven’t posted to Craigslist in ages. Some services will be more paranoid than others. Depends on how much fraud they encounter I guess.
What gives Shadowserver the right to scan the whole ipv4 internet? Fairly certain scanning a network that you don’t have authority to scan/manage is a violation of at least 1 federal law and may local laws.
I mean I don’t know which law that would be since the Internet is specifically public. You can film in public too in most places on earth.
Wow, makes sense the cool kids are using this instead of something like Cheogram. I’ve got that FOMO you get when an opportunity passes by
Cheogram gives you an US number AFAIK, which is useless when signing up to many services that require a local one.
No yeah I mean this is completely on a different level I just amuse myself by promoting XMPP. There are other phone gateways for it I just need to call Turtle Islanders.
AFAIK more services are switching either to TOTP, passkeys or to WhatsApp/Telegram.
Oh that is great news, but I still have to see one of these services. Some have TOTP but SMS is still required to create an account
Instagram does that and a few cryptoexchanges.