The National Crime Agency is analysing huge quantities of data seized from an online platform to identify hundreds of criminals that used a phone number spoofing service to defraud victims of tens of millions of pounds.

The NCA, working with prosecutors from Ukraine, the Netherlands and other countries have seized data from servers used by Russian Coms, a mobile phone and web-based platform that allowed criminals to steal money from an estimated 170,000 people in the UK.

Criminals were able to spoof the phone numbers of banks, financial institutions, telecoms companies and law enforcement agencies to win the trust of victims before stealing their money and personal details the NCA revealed on 1 August 2024.

Following what the NCA described as months of intelligence gathering and painstaking investigative work NCA officers arrested two men, aged 26 and 28 in Newham suspected of being the platform’s developers and administrators in March 2024, leading to the closure of the operation.

The operators published a warning on Russian Coms Telegram messaging channel warning users to use the service at their own risk. “Everything has been compromised no matter what software you have been using, all other providers have been compromised as well”.

On 12 April 2024, police arrested a 28-year-old man in Newham, described as a close affiliate of Russian Coms and a courier to deliver handsets. Police made a further arrest of a user of the Russian Coms service in Potters Bar this week, with further arrests expected over the coming months.

Criminal network disrupted

Miles Bonfield, Deputy Director of Investigations said that the NCA had taken out a sophisticated piece of technical infrastructure, had arrested two individuals with the technical know-how to provide the phone spoofing services, and had disrupted the wider criminal social network.

“Those who use Russian Coms and other services like it are told these services provide anonymity. They don’t. We can go after the data and use that data to identify the users and those users need to prepare for us knocking on their door at any time of day or night,” he said.

City of London Police worked with the NCA to cross reference 100,000 data points, including IP addresses, phone numbers and names against data reported by the public to Action Fraud, a national reporting centre for fraud and cybercrime, and other police databases to identify suspects and an initial 5000 victims of Russian Coms.

Investigators have established that between 2021 and 2024, over 1.3 million calls were made by users of Russian Coms to 500,000 unique UK phone numbers. The average loss to people who reported losses to Action Fraud was over £9,400 though others have lost hundreds of thousands of pounds.

Phones displayed fake numbers

The phone spoofing service was sold initially as a customised Motorola Android phone, with one functioning app which was capable of making calls that displayed a fake number to the recipient and VPN options to allow users to hide their IP address.

The phone, which was sold for between £1,200 and $1,400 for a six-month contract, featured a burn capability that allowed users to instantly wipe the phone. Other apps on the phone were fake but were designed to look like genuine Android apps.

The operators of Russian Coms later introduced a web app, marketed as a “flagship” service, which allowed full access to a web-based phone for £350 a month, or £1000 for three months, to be paid in cryptocurrency.

The flagship service offered unlimited minutes, hold music, encrypted phone calls, 24/7 support and voice changing services which claimed to allow users to match their accents to the victim’s location.

Fraudsters impersonated banks

In a typical scam, offenders spoofed the number of a bank to gain the trust of a victim before convincing them that their account had been subject to fraudulent activity. The offender would then persuade the victim to transfer their money to another account to protect their savings.

In other cases, fraudsters impersonated reputable companies and stole money for goods that were never delivered or arranged to collect debit and credit cards from the victims on the pretext that they needed replacing.

Fraudulent calls were made to individuals in 107 countries around the world including the USA, New Zealand, Norway, France and the Bahamas.

NCA using seized data to identify fraudsters

Adrian Searle, Director of the National Economic Crime Centre, part of the NCA, said investigators had acquired significant amounts of data from the operation which would allow police to identify users of Russian Coms.

 “The takedown and acquisition of the server, in particular, have enabled us to acquire significant amounts of data, which in turn, we can use to identify the users of this platform equipment, the criminal users of the platform, and over time going after those users,” he said.

Searle said that the NCA had identified other phone spoofing platforms and were prioritising action against the services having the greatest impact. “We are now breaking the trust that criminals have in online services, ” he added.

Police need tech companies to act

Nik Adams Temporary Assistant Commissioner at the City of London Police, said that police needed the support of technology companies to stay ahead of fraud.

“Making sure that it isn’t easy for someone to develop a tool that can spoof phone numbers of legitimate organisations and then for that to appear on your device as a legitimate number – that is something that technology companies have to grapple with,” he said.

He said that the telephone regulator Ofcom had taken steps to ban phone number spoofing from overseas numbers, but that it was proving more difficult to prevent spoofing from UK numbers. This is partly because there are legitimate uses for number spoofing, and also because of the need to upgrade parts of the telecommunications infrastructure.

“We need to equip people with the tools to make good decisions about how they are interacting with technology and to make sure that people are using two-factor authentication and other methods to secure their data, ” he said.

Despite its name, Russian Coms was run from the UK and had no links to Russia.



Source link

Shares:
Leave a Reply

Your email address will not be published. Required fields are marked *