Scammers were driving around Paris in cars equipped with devices capable of sending fraudulent text messages to millions of people.

While SMS scams continue to proliferate, according to Arcep, a recent case tried in Paris illustrates a turning point in the methods used by cybercriminals.

Far from traditional techniques, some groups are now exploiting technologies usually reserved for law enforcement. This development raises questions about the accessibility of this sensitive equipment and the authorities' ability to regulate its use…

IMSI-catchers used for mass phishing

At the heart of this case are devices called IMSI-catchers, normally used by intelligence services to intercept mobile communications.

These devices act as fake cell towers, capable of impersonating an operator's network in order to intercept nearby phones. Between September 2022 and February 2023, Le Monde revealed that several individuals exploited these machines in the streets of Paris. Installed in cars traveling at low speeds, they broadcast fraudulent SMS messages directly to nearby smartphones, bypassing traditional operator networks.

It is estimated that approximately 3.7 million phones were targeted by one of these machines, receiving phishing messages to steal personal data.

According to AFP, the alert came from Orange, which is aware of the problem of fraudulent calls and detected anomalies in its network's radio behavior as early as the end of 2022.

Heavy sentences for the organizers

The Paris Judicial Court sentenced seven people in this case, and the two main perpetrators, who headed a company that acquired the equipment from a Chinese supplier, received five-year prison sentences with deferred detention orders.

The The supplier, who was arrested in Switzerland, was also sentenced to four years in prison. The other members of the network received sentences ranging from a few months suspended to two years of actual imprisonment, and one defendant was acquitted.

Attacks that keep getting more serious?

Beyond the sentences, the decision highlights the seriousness of the damage. The authorities, including the National Frequency Agency, obtained symbolic compensation, while Orange was compensated for the disruptions caused to its network.

That being said, this case illustrates a fundamental trend, where the increasing sophistication of mobile fraud is becoming more and more widespread. By misusing such advanced technologies, cybercriminals are taking things to a new level, making detection more complex and even reinforcing the need for increased vigilance on the part of both operators and users…