British duo arrested for SMS phishing via homemade cell tower

Original Article ↗ Hacker News Discussion ↗

Cloudflare / Access to Official Sites

  • Several commenters can’t access the original police site due to Cloudflare Turnstile loops, especially on some mobile browsers and older/odd setups.
  • Others report no issues even with VPNs, custom ROMs, Firefox + uBlock, etc., suggesting blocks are mostly network-based (Tor, CGNAT, “unfriendly” countries) rather than browser-specific.
  • One participant offers to relay HAR traces to the Turnstile team; some debugging attempts are mentioned.

Radio Legality, Spectrum Monitoring, and Detection

  • Running a private transmitting antenna on licensed bands is widely seen as a fast route to police/regulator visits and equipment seizure.
  • In the UK, listening to radio traffic not intended for you is claimed to be illegal with substantial fines; cited as reason there’s no LiveATC coverage there.
  • Several believe there is active “spectrum monitoring” by regulators, police, military, and possibly operators, especially in central London; skepticism exists about how extensive this is, particularly for Ofcom.
  • Mobile operators already have dense RF infrastructure and are thought to be capable of triangulating rogue emitters; hams also reportedly dislike spectrum abusers.

How Fake Towers and SMS Attacks Work

  • SMS rides on cellular signaling channels; early designs assumed attacks were infeasible and did not anticipate today’s threats.
  • 2G lacks mutual authentication and allows a rogue base station to: jam real towers, force a downgrade, disable encryption (A5/0), and impersonate networks—letting attackers send arbitrary texts or act as MITM.
  • Many phones are backward-compatible by default, making downgrade attacks practical. A SIM-controlled bit governs whether users see warnings about unencrypted sessions; usually disabled.
  • Some Android/iOS devices offer a dedicated “disable 2G” toggle; others only provide coarse “preferred network” menus, frustrating users who cannot turn 2G off despite its insecurity.
  • There is debate over whether SMS was a “hack” on unused signaling capacity or a fully provisioned service, and over how reliable SMS delivery historically was.

Spam Reporting and 7726/33700 Schemes

  • Many carriers let users forward spam to 7726 (“SPAM”), or analogous numbers like 33700 in France, for investigation and blocking.
  • Forwarding typically involves sending the spam body, then replying with the sender’s number; this relies on carrier-side logs, not trusted sender IDs.
  • Effectiveness under a compromised cell is questioned; suggested mitigation is to move to another cell before reporting.
  • Tools like CellMapper and handset field-test modes are mentioned for identifying connected cells.

Use of SMS vs Alternatives

  • Despite perceptions that SMS is obsolete, in the UK it remains heavily used by government and businesses (NHS, tax authority, 2FA, appointment reminders).
  • SMS is valued as a lowest-common-denominator channel: works on dumb phones and doesn’t require apps or email.
  • Some note gaps: VoIP/landline users may not have SMS; landline SMS can be read out via basic TTS with poor handling of names.
  • There is criticism of SMS as a weak basis for banking/2FA, but also pushback when such comments are purely inflammatory.

City of London Police and Institutional Context

  • Clarification: “City of London” is a small, wealthy financial district with its own police force, distinct from the broader Metropolitan Police.
  • Reputation is mixed: some describe them as highly competent, well-resourced, well-educated, and focused on complex financial/cyber crime; others see them as over-aligned with copyright and streaming enforcement.
  • Crime stats are said to be low, but there is skepticism about underreporting; anecdotally, they have rapid response and dense surveillance, described by some as a “panopticon”.
  • Governance is unusual: businesses dominate local voting; the City Corporation doubles as the police authority, influencing priorities.

Building DIY Base Stations

  • Multiple commenters state that building a BTS with SDR and open-source stacks (GSM through 5G) is technically straightforward and can be a weekend project.
  • The real barrier is regulation: transmitting on licensed cellular spectrum without owning/leasing it is illegal and actively monitored; examples include drone-based RF hunting.
  • Some discuss running personal telephony over VoIP + VPN instead of RF, but emphasize that mobility and regulatory compliance are the hard parts.
  • One note claims A5/1 rainbow tables and cheap SDRs could allow interception if the attacker used a legal provider for transmission, implying these arrested actors were “amateurish”; others see the police narrative as overstated.

Criminal Skillsets and Enforcement Approach

  • Several reflect on the irony that people capable of building rogue cell towers could contribute positively in legitimate security or telecom roles.
  • Explanations offered: prior convictions limiting employability, higher and faster returns from fraud, and lower barriers than building a lawful carrier.
  • Views diverge on recruiting such individuals: some suggest intelligence agencies might be interested; others argue RF skills are common and that deliberate large-scale fraud justifies firm criminal prosecution.