SMS Blaster Scam Hiding in a Van: New Cyber Threat Emerges

Why Trust Techopedia

In what looks like a scene straight out of a cyberpunk sci-fi movie, the Cyber Crime Department of Thailand has released a video of a ‘track and arrest’ operation.

In the video, police stop a moving van in the busy streets of Bangkok, detain the driver, and find high-tech gear inside — sending out millions of SMS scam texts to whoever is nearby.

The video caught our attention and led us to ask many questions.

What exactly is the hardware on this van? Is this a strange, isolated case or a trend? Are there vans like these rolling through the streets of every major city?

We spoke to experts and found some surprising answers.

Key Takeaways

  • Thai police bust a van sending millions of scam texts using SMS blasters.
  • Fake base stations mimic cell towers to deliver malicious messages.
  • Cybercriminals can exploit mobile vulnerabilities through 2G connections.
  • Authorities uncover international networks behind SMS blasting scams and Google warns of rising SMS blaster threats worldwide.

Cyber Police of Thailand Execute Arrests in Bangkok’s Operation Bridge Blast

A high-end
A high-end “false base station” for blasting out SMS messages to nearby phones. (YouTube)

On November 18, Local Thailand media, Khaosod, reported that 11 arrests were made in the Thai Cyber Police investigation ‘Operation Bridge Blast’. Bridge Blast investigated two major scammer groups operating in the country linked to China.

Advertisements

One of these operations, which resulted in only one arrest of a 35-year-old Chinese man named Yang, turned out to be a ‘false base station‘ attack, something rarely seen in the wild.

The Thai police said that the suspect blasted nearly 1 million SMS messages in the busy areas of Sukhumvit Road, Bangkok, using a classic ‘Claim your Gift!’ text scam.

You can see the equipment and arrest in this two-minute YouTube video:

‘What’s That In The Back of Your Van Sir?’

Even the Cyber Police officers of Thailand, who had been investigating the case and knew what was about to happen, seemed surprised at what they found in the back of the van.

At the end of the video, we can see officers staring at the equipment installed in the van, which seemed to include racks filled with countless blinking network lights, processors at work, probably a server somewhere in there, and a large power supply that kept the hardware running.

Thai authorities arrest a Chinese man who drove a van equipped with a sophisticated operational base station simulator, a powerful 8,000-watt mobile power source, a Wi-Fi router, and four additional mobile phones. (Thai Police)
Thai authorities arrest a Chinese man who drove a van equipped with a sophisticated operational base station simulator, a powerful 8,000-watt mobile power source, a Wi-Fi router, and four additional mobile phones. (Thai Police)

We also asked experts why the masterminds behind this operation needed their fake base station to be mounted on a moving vehicle.

“I am not entirely sure why they would be on a moving van but if I were to hazard a guess, I think moving to different areas helps them get stronger or less congested mobile signals, enabling them to send messages to more people successfully,” Matthew Franzyshen, Business Development Manager at Ascendant Technologies, a Managed IT Services Company, told us.

As Franzyshen explains, other cybercriminal threats like Man-in-the-Middle attacks and Wi-Fi snooping use the same basic concept.

Vans are equipped, for example, with fake Wi-Fi access points so scammers can intercept sensitive data from users that connect to public or private networks.

Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, a cybersecurity culture company, told us.

“I can’t confirm it anymore than anyone else can. It’s just a picture of electronic components. But I don’t think the picture is fake. I think the picture is what it purports to be…a mid-sized mobile SMS blaster.”

How Do Base Station Attacks Work?

Back in Thailand, the van seized by police in the arrest did not use Wi-Fi or Bluetooth to carry out a massive smishing attack.

Instead, criminals created a base station that simulates the antenna stations that users’ smartphones connect to.

Grimes from KnowBe4 told us that SMS blasters have also been found inside fraudsters’ backpacks, and these devices can be much smaller compared to those found in Bangkok.

“If (the moving base station is) close enough to the victim’s cell phone, the cell phone will connect to it instead of the legitimate real, farther away, cell tower.”

Besides the minor change of their phone’s top right 5G icon switching to 2G, a victim would likely not notice any significant changes on their device while being hacked by these systems.

Once victims are within reach and connected to the fake base station, threat actors will send them an SMS with links that can lead to all kinds of bad things, like phishing, malware, and more.

‘We Got An International SMS Buster Problem,’ Google Says

To answer our question of whether moving SMS busters gangs are becoming a thing in the cybercriminal underworld, we found that the answer is surprising and concerning: Yes.

Google issued a clear warning about the rise of this new threat this past August.

A Google graphic for its threat report warning of fake base stations deployed in backpacks and vans. (Google)
A Google graphic for its threat report warning of fake base stations deployed in backpacks and vans. (Google)

In its security blog post, Google says that cell-site simulators, known as False Base Stations (FBS) or Stingrays, are becoming more popular.

Google adds that while these devices are commonly used for surveillance and interception, phone companies and providers are already seeing evidence of false base station attacks.

Google said that false base stations used for smishing, phishing, malware injection, and other attacks have already been reported in a significant number of countries, including Vietnam, France, Norway, Thailand, and multiple others.

The threat of fake base stations is so real that Google developed a feature exclusively to deal with these types of threats.

The feature operates on Android and gives users the option to disable any 2G connection at the hardware level of their phone.

Additionally, the global mobile operators’ organization GSMA’s Fraud and Security Group (FASG) has even developed a detailed paper to guide and inform mobile industry leaders and technical teams on this new rising threat.

‘Buy Your SMS Buster Online Today’

Our final question is where cybercriminals in Bangkok got their equipment and how they got the tech inside the country.

The Cyber Police of Thailand is also interested in answers to this question. They have charged the 35-year-old Chinese national Yang with possession, use, import, export, and trade of radio communication equipment.

Additionally, Yang faces two other charges, including the unauthorized establishment of a radio communication station and the unauthorized use of the technology.

The Thai Cyber Police believes that there is a mastermind and a network behind this operation, which would make sense because getting all that gear together, wiring up, testing, and launching an attack is highly unlikely to be a one-person operation.

Don't try this at home: The equipment points to a fairly sophisticated attack, albeit from common components. (YouTube)
Don’t try this at home: The equipment points to a fairly sophisticated attack, albeit from common components. (YouTube)

Unfortunately, as we discovered, getting an SMS blaster is easier than it should be — anyone can buy these components and kits online. A simple search on Alibaba for SMS Blasters made this pretty clear.

Additionally, while other companies like Amazon or Best Buy do not seem to sell SMS blasters, the components needed to build these devices can be ordered separately at any online or in-person store and built in-house.

Naturally, dark web markets are also an ideal place to buy the hard and the soft required.

Europe and the U.S. primarily regulate the use of SMS blasters rather than directly restricting the import of components.

However, despite these controls, there aren’t specific import restrictions on components like modems, SIM cards, or power supplies, which can be used to build SMS blasters.

The Bottom Line

Our investigation into this case took us in an unexpected direction, and we discovered a new trend that worries big companies like Google and mobile operators. Fake base stations and related attacks seem to be on the rise in several cities around the world.

Thailand’s Cyber Police arrests are significant as they have shut down what could be one of the first known SMS blaster attacks operating in the wild. This type of attack seems to be poised to evolve and has the potential to cause significant damage.

Next time you spot a van on a busy city road, if you see any strange gear inside it, you might want to alert the local police.

FAQs

What is an SMS blaster?

Why was a moving van used for the SMS blaster scam?

How do fake base stations trick smartphones?

What are the risks of connecting to a fake base station?

How can you protect yourself from SMS blaster attacks?

Where are SMS blasters used?

Advertisements

Related Reading

Related Terms

Advertisements
Ray Fernandez
Senior Technology Journalist
Ray Fernandez
Senior Technology Journalist

Ray is an independent journalist with 15 years of experience, focusing on the intersection of technology with various aspects of life and society. He joined Techopedia in 2023 after publishing in numerous media, including Microsoft, TechRepublic, Moonlock, Hackermoon, VentureBeat, Entrepreneur, and ServerWatch. He holds a degree in Journalism from Oxford Distance Learning, and two specializations from FUNIBER in Environmental Science and Oceanography. When Ray is not working, you can find him making music, playing sports, and traveling with his wife and three kids.