33 comments

[ 1.9 ms ] story [ 59.6 ms ] thread
This was hugely overblown in the media... While the device operates like a stingray, they were using it to spam and phish. The whole claim of "we've never seen this type of device before in Canada" is a lie, because the government and law enforcement both use them. I guess it's okay if they do it, but nobody else can...
The claim was that this was the first time that a device like this has been used in fraud but go ahead, misread things and become outraged. I’m sure that in this case the fraudsters properly forwarded all 911 calls so no harm, no foul hey?
prosecutors have never seen them because the DA has never brought a case against the agencies that use them

so it’s an accurate statement

the government isn’t one thing, it’s people that don’t work for all agencies

How is this possible? Are phones willing to connect to any cell and blindly trust that text messages from there are genuine and really coming from the numbers they claim to be coming from? Isn't there some cryptographic verification?
(comment deleted)
SMS is old infrastructure and the sender identity in an SMS is not like a signed email domain or an end-to-end verified chat identity. A lot of trust sits in the carrier network and interconnects
Why would someone use one of these instead of good old fashioned SMS / iMessage / email spam?
Rest assured the state behind this attack does it as well. Why not both?
Can't be blocked by the provider, doesn't require a subscription with a provider, can falsify the sender, can send to everyone in range instead of guessing numbers.
The conspiracy explanation would be that the primary purpose is IMEI/IMSI data collection and/or wireless bug planting, and scamming is secondary purpose and/or deep sampling operation. Though, this is just my hallucination.
These things just prove that the entire "security" industry is a sham.

At one point, every bank would ensure that your password COULD NOT be saved by your browser, because sEcUrItY.

Which is precisely the scenario where typing your password into a site like this is possible.

Oh so it's happening in Canada too? I've seen it reported on media in another place few months back.

Someone's shipping a standardized kit of Stingray with battery and PSU to be installed in the back of German station wagons. The kits are suspected to be spamming phishing texts, at least some in Chinese. The cars are driven as unregistered taxis paid for on Chinese platforms, avoiding taxes while also justifying its driving routes and expenses that involve tourist destinations.

It's not clear to me if this Chinese authority/PLA doing or if it's another one of those southern Chinese warlord thing, both sounds plausible.

Do you have any source for this? It‘s not about trust in your information but do get deeper into this topic.
I was misremembering a bit, it was about exactly one year ago. No English sources for the case I saw that I'm aware of.

A rather interesting and Tom Clancy part of this whatever op is that, someone did a bit of digging and discovered that all instances of this across regions and nations use the exact same model of that black air circulator fan that aren't exactly sold everywhere. So as janky as they look, it's clearly a disciplined military style operation by some organized group than just local gangs buying parts and improvising as they go.

1: https://www.itmedia.co.jp/news/articles/2504/15/news133.html

>Dafeng Lin, 27, of Hamilton, Junmin Shi, 25, of Markham, and Weitong Hu, 21, of Markham
I wonder why the article didn’t name them?
In Brazil, people get so much SMS spam and phone call spam that many people turn off notifications for all text messages and phone calls and use only Whatsapp (even for voice calls).

But once in a while my iPhone in Brazil will get spam as a unblockable "system message". I'm not sure if I'm using the correct term. I'm mean that it looks just like an Apple system notification and it disappears without a trace afterward, but the content is obviously spam.

I wonder how they are able to do this.

> that it looks just like an Apple system notification and it disappears without a trace afterward

Probably so-called SMS flash messages. They're shown as overlay popups on Android too.

In USA, I personally get 3-5 spam phone calls and voicemails daily. Mostly all the same, like "your $20K loan is almost ready".

One time, I picked up, and it was this seemingly incredibly rude person who sounded real but continue talking in a pushy manner without stopping despite what I said.

It's insane getting so many calls all the time like I owe them a bunch of money or something. Anyone else get this?

I wonder if the cell carriers are seeing this as the existential threat it is, or if they’re just continuing with the whole “bury our heads in the sand” strategy.

If having a phone number has no benefit and only brings spam, and WiFi is ubiquitous in urban areas, a huge chunk of the population don’t really need cell plans any more. And the places without WiFi coverage (less dense areas) are the most expensive to provide service.

In the US at least, the FCC used to be pushing hard to combat the spam, like requiring authentication for caller ID, and it was the carriers that were dragging their feet and lobbying against it. So something tells me they just continue to view all the spam senders as an easy income source and don’t mind letting their whole business model die if it means short term profits.

Those "system messages" are class zero SMS, also known as flash SMS.
would encrypting sms and using some kind of authorized certificate authorities, maybe the ones from the country's phone carriers, alleviate this issue?
Makes me wonder whether phones should expose more information when they attach to a suspicious or downgraded cell tower