Whistleblowing is a recurring theme for this week’s round-up of news from around the world of communications. The advanced detection methods used by South Korean telcos have not turned the tide on scams effected by voice and messaging, so law enforcement agencies are hoping an eight-week ‘special reporting period’ will encourage scammers to hand themselves in and divulge intelligence about gangs targeting Koreans from abroad. Informants can receive money and reductions to their sentences. Meanwhile, New Zealand Police found an SMS blaster, and UK regulator Ofcom published statistics about the whistleblower reports it has received.

• ‘Special Reporting Period’ for South Korean Scammers to Become Informants
• New Zealand Finds First SMS Blaster Bank Smishing Fraud
• UK Statistics Show Why Whistleblowing Matters
• The FCC Has Deleted Bhavesh
• Other News

‘Special Reporting Period’ for South Korean Scammers to Become Informants

Criminals who confess to their involvement in voice and messaging scams by the end of October will receive clemency per an announcement made by the Korean National Police Agency. The ‘special reporting period’ runs for 8 weeks having begun in September, a few days before the Korean holiday of Chuseok, a period when scammers can be especially active. Lenient sentences and financial rewards are being offered to criminals who provide intelligence about the operation of call centers or money laundering networks that are run from overseas and which profit from:

• scams using voice calls;
• scams using mobile messaging;
• investment scams; and
• romance scams.

The police are particularly interested in talking to people who perform specific roles for the scam gangs. Those roles include:

• managing or working in scam call centers;
• sending scam text messages;
• corporate insiders who leaked personal data;
• anyone involved in operating or supplying equipment for comms relay stations; and
• money mules.

The detailed contents of the police press release indicate that South Korean law enforcement agencies have a more sophisticated understanding of the methods used by scam syndicates than is typically exhibited by their counterparts in Western countries. The latter continues to behave as if the criminals who abuse networks are isolated amateurs who work in a cottage industry. In contrast, South Korea’s police are overtly appealing for help from Koreans who work for crimelords with multinational operations.

The South Korean authorities have recognized that anti-scam controls implemented by comms providers are being circumvented using elaborate methods including the establishment of in-country relay stations that connect a local mobile call to voice transmitted over the internet from scam compounds in other countries. South Koreans are lured to work in these compounds by offers of good pay. They are sought by criminal gangs because their native language skills increases the chances of scams being successful.

To facilitate whistleblowing by Koreans working in foreign scam compounds, the police have committed to running ‘reporting offices’ inside Cambodia, China and the Philippines. A further sign that the police is conscious of the international scale of crime is that informants can provide their information through family members or other go-betweens, as an alternative to contacting the police directly. This may appeal to Koreans who are uncertain about whether it is worth taking the risk of leaving their criminal work to return to South Korea.

The announcement includes a rate card for the financial incentives to be paid to informants. An informant providing intelligence about phone scams that generated criminal profits exceeding KRW5bn (USD3.8mn) could receive payments up to KRW100mn (USD76,000). However, it was also stated that punishments will be strictly applied to scammers caught after the end of the special reporting period.

Awareness of the special reporting period is being raised through an animated video on YouTube as well as by encouraging the mainstream media to circulate the details. The press release issued by the police is here and you can play the YouTube video below.

New Zealand Finds First SMS Blaster Bank Smishing Fraud

New Zealand Police released images on Thursday of an SMS blaster they reportedly seized in August. The associated press release stated this crimeware had never been seen in New Zealand before. The use of the SMS blaster was first identified by noticing mismatches between the SMS scams notified by the public to the 7726 national reporting number and the SMS traffic conveyed by actual networks. The authorities subsequently executed a search warrant at a home in central Auckland where they found the SMS blaster and arrested a 19 year old man. The teenager has been charged with interfering with a computer system and has a court hearing scheduled for December 10.

There was little information in the press release, but the photographs (pictured below) suggest the SMS blaster was found in the back of a car.

Nothing was said about the teenager having a car, where that car was driven, or over how long a period the SMS blaster was in use. It is likely that the authorities do not really know how many people received smishing messages from this device. The criminal advantage in using a portable radio device to connect directly to a victim’s phone is that it circumvents any form of monitoring that would occur if communications involved the use of an operator’s network. The real goal of the police announcement is to allay the public’s fear without admitting that neither law enforcement agencies nor network operators are capable of proactively detecting SMS blasters. The press releases states almost 120 phone users in New Zealand were ‘affected’ by this device sending smishing messages that contained links to a bogus bank website. That represents the minimum, not the maximum number of potential victims, some of whom may not have been identified. The most important takeaway is that New Zealand’s authorities needed the public to blow the whistle on the suspicious SMS messages sent by SMS blasters because nobody in the police or private sector would otherwise learn of them.

Years have passed since Commsrisk started warning about the inevitable spread of mobile radio devices being used as simple fake base stations to send thousands of scam SMS messages. The threat was not taken seriously by most countries despite the extent to which the authorities in East Asian countries were already ramping up resources dedicated to locating SMS blasters. One reason to ignore the threat was that fraudsters will use cheaper methods to send scam SMS messages in bulk if they can. It should have been predictable that the progressive enforcement of tougher controls over A2P SMS and P2P SMS would prompt criminals to execute workarounds using widely-advertised technology which bypasses mobile networks entirely. Bank frauds are lucrative; employing teenagers to drive around SMS blasters is cheap in comparison.

I grit my teeth whenever I see another example of this trend where a new country says it has found its first SMS blaster, and how this supposedly shows that cooperation between police and the private sector is effective. It rather suggests complacency. Finding one SMS blaster is better than finding none, but finding a single SMS blaster tells us nothing about how long it was in use before it was detected, or how many other SMS blasters may currently be in use. Current methods of identifying smishing scams effected by SMS blasters are haphazard, patchy and cumbersome. Some countries may be trying to reassure the public after finding their first SMS blaster, but there will be many more in circulation around the criminal underworld that have not been found yet. If SMS blasters have been used for smishing frauds in countries like Norway and New Zealand then it is hard to believe that international criminal syndicates have not tried to use the same cheap technology in much bigger countries like the USA or Japan, neither of which has reported the use of an SMS blaster yet.

UK Statistics Show Why Whistleblowing Matters

UK regulator Ofcom issued their annual whistleblowing report near the end of last week, and you may be surprised about which sectors generate the most whistleblowing disclosures. Whistleblowers are only meant to report their concerns to Ofcom if they have already tried and failed to get their own organization to pay attention, or if they fear reprisals if they raise their concerns with their colleagues. Even with these limitations, Ofcom received 77 whistleblowing disclosures from April 1, 2023 to March 31, 2024, of which 37 came from the postal sector, followed by 30 from the communications sector. Just three came from Britain’s broadcast sector, which is striking given the many headlines about BBC newsreader Huw Edwards and mainstream television presenter Phillip Schofield behaving inappropriately towards co-workers in junior positions. Broadcast media is still reeling from the revelations that now surface more readily after the breakthrough caused by the ‘me too’ movement. It is not good that there are ten times as many whistleblowing cases being generated by the communications industry compared to a sector which has a badly tarnished reputation because of the perception that abuses are more likely to be covered up than investigated.

Some years ago I worked for a telco that made a mockery of its so-called whistleblowing policy by literally telling staff to ‘anonymously’ raise issues with their line management in the first instance. Even a cretin can tell this is playacting at being a responsible employer: your line manager knows your identity. But I do not think this kind of shameless pretense is that unusual. New whistleblowing policies may be motivated by the cynical desire to tell somebody in government that a business is being run responsibly, not by a genuine desire to care for employees. That is a mistake. Good employees will want to call out harmful or fraudulent behavior. Their willingness to speak about the things they have seen is a bulwark against corruption and crime. A channel to hear the concerns of whistleblower is just another avenue for gathering valuable intelligence. Any disclosure still needs to be investigated, so whistleblowing does not represent a threat to anyone if investigations are conducted diligently and dispassionately. Whistleblowing disclosures should be welcomed, because they may reveal serious issues that were previously hidden, and the existence of a credible whistleblowing procedure will serve as a deterrent to wrongdoing by staff.

The FCC Has Deleted Bhavesh

Is somebody at the FCC a regular reader of Commsrisk? I assume they would never admit to it, based on the level of engagement on the few occasions when I tried to lobby them more formally. But if it is just a coincidence, then it is an odd coincidence that Bhavesh has been deleted from the US Robocall Mitigation Database just one week after I mocked the FCC for accepting his submission. Perhaps this shows there are other ways to successfully blow the whistle if the authorities choose to ignore proper channels.