SIM Box Investigation 101

Cybercriminal use advanced devices like SIM boxes to carry out organized crimes like They are typically used by crime syndicates for fraud bulk SMS, cybercrime, terrorism, money laundering, drug trading etc

1. What is a SIM Box?

A telecom device which can plug in multiple SIM cards to carry out calling / SMS operations. Given below is a simbox created by Mootek Technologies, Chennai.

Image from India Mart Listing of Mootek, A Chennai based SIM Box Manufacturer

2. How does SIM Box Work?

A typical SIM Box has following components:

• Broadband / Internet connection : This is typically used for internet call termination.
• Software to manage SIM Box : This is used to send bulk SMS using a computer based interface and also to configure SIM Box. Many SIM Box allows to program / change IMEI.

• SIM Slots where SIM card is plugged

3. Illegal Usage of SIM Box

• International Calls: SIM Box is majorly used by transnational cybercriminals to bypass inter-national call termination charges. Using SIM Box, an international call is converted into a local call. Following is an indicative representation of the same.

Simple: An international “Internet” Call <-> Converted to 2G / GSM Call using SIM Box

Technical Flow of SIM Box Call Landing (https://hal.inria.fr/hal-03105845v1/document)

• Bulk SMS: SIM Box is also used to send fraud messages in bulk. For example, a 512 SIM Slot box can send lakhs of fraud SMS in automated fashion.

Investigation

Step 1 : Get the CDR of Phone Number

When a victim complaints that he / she received a call or SMS from a number, immediately get CDR. Following are common patterns to identify if SIM is plugged in SIM Box.

CDR PATTERN:

• No Incoming Calls — Only Outgoing calls on continuous basis.
• No Incoming SMS — Only Outgoing SMS.
• Static Location of SIM for days long.
• Fake / Mule KYC of SIM card.
• Multiple IMEI Changes
• IMEI belonging to feature phone / random IMEI

Once you have established that crime is done using a SIM Box, a team can be sent to identify SIM Box.

Challenge: In case of low accuracy location, it is difficult to locate SIM Box, alternate methods (Cannot be disclosed in public blogs) can be used to identify SIM Box.

Step 2: Broadband:

Since International call termination needs broadband, Investigation officer must get information and access logs of broadband connection when raid is conducted.

Step 3 : Legal Sections:

Enforcement agencies can register complaint under BNSS, Indian Telegraph Act 1885, Indian Wireless Telegraphy Act 1933.

Recent cases / Regulatory Operations Links:

1. Odisha / Ranchi

2. https://indianexpress.com/article/cities/pune/ats-busts-illegal-telephone-exchange-kondhwa-sim-cards-boxes-9539700/

3. https://pib.gov.in/PressReleseDetail.aspx?PRID=1899540

DINSTAR brand SIM Box — Seized in Salem, Tamil Nadu

4. https://pib.gov.in/PressReleasePage.aspx?PRID=1943701

What can Telecom Operators do?

1. Implement solutions like SMS Firewall or
2. pattern detection algorithm to proactively detect presence of any SIM Box in their network and
3. Intimate the same to local law enforcement agencies.

______

SIM Boxes and similar devices cause huge revenue to Government and also increases the outreach of criminals. Proactive detection and busting of SIM Boxes should be a top most priority..