> This wasn’t targeting a single individual or business. It had the ability to reach thousands of devices at once.
This statement reads as AI-assisted — kinda interesting to see, because I am not sure it even is? This type of formal speech language is basically unintelligible from slop now.
At one point, every bank would ensure that your password COULD NOT be saved by your browser, because sEcUrItY.
Which is precisely the scenario where typing your password into a site like this is possible.
But once in a while my iPhone in Brazil will get spam as a unblockable "system message". I'm not sure if I'm using the correct term. I'm mean that it looks just like an Apple system notification and it disappears without a trace afterward, but the content is obviously spam.
I wonder how they are able to do this.
Someone's shipping a standardized kit of Stingray with battery and PSU to be installed in the back of German station wagons. The kits are suspected to be spamming phishing texts, at least some in Chinese. The cars are driven as unregistered taxis paid for on Chinese platforms, avoiding taxes while also justifying its driving routes and expenses that involve tourist destinations.
It's not clear to me if this Chinese authority/PLA doing or if it's another one of those southern Chinese warlord thing, both sounds plausible.
[1] https://www.pbs.org/newshour/nation/how-sim-farms-like-the-o...
I think at some point people see AI everywhere because they look for it everywhere.
If having a phone number has no benefit and only brings spam, and WiFi is ubiquitous in urban areas, a huge chunk of the population don’t really need cell plans any more. And the places without WiFi coverage (less dense areas) are the most expensive to provide service.
In the US at least, the FCC used to be pushing hard to combat the spam, like requiring authentication for caller ID, and it was the carriers that were dragging their feet and lobbying against it. So something tells me they just continue to view all the spam senders as an easy income source and don’t mind letting their whole business model die if it means short term profits.
WhatsApp here in India has so much spam now. With ads, I am starting to think these spam are just ads sold by WhatsApp.
Probably so-called SMS flash messages. They're shown as overlay popups on Android too.
This is a "flash SMS" message: https://nickvsnetworking.com/flash-sms-messages/
There too, the person arrested was a Chinese citizen.
One time, I picked up, and it was this seemingly incredibly rude person who sounded real but continue talking in a pushy manner without stopping despite what I said.
It's insane getting so many calls all the time like I owe them a bunch of money or something. Anyone else get this?
At least as of today, most phones have an option to turn off 2g but that isn't a default.
so it’s an accurate statement
the government isn’t one thing, it’s people that don’t work for all agencies
https://en.wikipedia.org/wiki/Cell_Broadcast
They are also interfering with connections and attempting downgrade attacks to do 2G SMS messages as well (and is likely where Canadian carriers were picking up the 'millions' of attacks against its network and failed authentication attempts).
Amusingly this was all also caught because of Telus reviewing those SMS messages that were reported as spam from people on iOS/Android and realizing that the messages weren't being terminated inside the cell network at all when they tried tracing them out and suspected that this was the case.
https://i.imgur.com/lrSrm0n.jpeg
Android just gives you a generic popup that says "Class 0 message" in my testing.
Did they graciously forward emergency calls and text messages to the real phone network?
The OP ones are actively scanning the vicinity and acting like BTS to connect to phones automatically, equipped with radio antennas, SDR, etc. to gather the victims numbers in real time and send them spam/phishing while the phones are connected to to these BTS
The real story is the government didn’t really care about users being spammed, you get those all the times and there’s little regulation to protect you (like preventing corporate from selling your number etc.), they cared because with these devices people can and will communicate outside of the approved channels, that also might be encrypted too, so harsh charges and make it as public as possible to deter others from doing the same, even if they were not in it to scam or phish people, and notice on the emphasis on “blocking the 911 calls!!” so jamming charges are there too.
a) Doing some weird grey market VoIP thing. 32-in-1 GSM to SIP gateways have been a thing for a very long time in the developing world. Maybe they think they found some arbitrage route for phone traffic to/from the US PSTN that they can profit from. Anyone who interacts with grey market voip stuff will recognize these things immediately.
b) Using them for something like receiving 2FA authentication codes to create bot/socketpuppet social media accounts. In this sort of scenario they'd have live phone numbers/service and the cheapest possible phone plan, and ability to receive incoming SMS. The accounts then get provided to some other group of people who are doing mass advertising/social media manipulation.
The US seems to have completely given up on protecting its public phone network against abuse, while at the same time relying on phone numbers as the primary identifying key and authentication method for humans in countless business processes.
It took years (if not decades) of regulatory neglect to get that bad; I doubt there’s an easy fix at this point. It’s really concerning.
This loses all believability, given the fact that i can reliably go out of town to a different area code and immediately start getting phishing/scam/robo calls/texts from numbers of said area code. Granted, i am U.S.'ian.
Like, the phones happily connect to these fake towers because the signal is strongest from that one and there is no authentication to verify who the tower belongs to, nor encryption of SMSes?
1. The Stingray eavesdrops, but avoids interfering with user traffic
2. The stingray is operated by law enforcement, not by fraudsters looking to steal your money
Good times!
If they are using it for 2FA it's likely for some US-only service.
I wonder if this mostly hit international SIMs, since they wouldn’t be running the same level of SIM code to prefer various network locks like a local SIM.
Helps you stay under the radar and gov services over SMS is a lot more advanced outside of Canada if you want to do some fraud.
Android has it as a toggle: https://source.android.com/docs/security/features/cellular-s...
iPhone disables it for phones in lockdown mode.
Meanwhile GrapheneOS in the default mode is as much or much more secure (and private duh) than there marketing mode with little to no usability decrease.
Although now looking at Wikipedia there are a lot more 2G networks sticking around than I realised, still hard for me to believe given what's happened here!
Plenty of things like the various services run by Meta will treat your content differently if they know you're coming from a Bangladesh phone number and ISP vs. being what appears to be an authentic domestic USA human.
Having live US phone numbers that can receive SMS for "is a live human receiving this code" verification purposes is also useful for many other kinds directly fraudulent activities.
Curiously, it seems to have become a cultural touchstone not to leave a voicemail. I have had to educate people about this. My service is with Verizon, and for what I assume are historical reasons the caller will hear rings on their end even if my phone isn't receiving the call (AT&T does not have this issue). If you don't leave a voicemail, I literally have no way of knowing that you called. Said voicemail can be as simple as "call me".
I'm a physician, and the hospital where I do most of my work has a policy against sending PHI over text (a very reasonable policy). So many nurses are reluctant to text me anything, even when it's just "please call Adam on 3 South".
I worked in a company that had a base station emulator in their testing lab in 2008. I can’t recall the cost but it was well over $10,000 and only worked with direct antenna coupling, it couldn’t broadcast.
Now we have software defined radios.
https://www.mcsweeneys.net/articles/an-interactive-guide-to-...
(A long-ish read, but totally worth it. the "punch line" is beautiful.)
Source? It might just be that your carrier retired its 2g/3g network, not that the phone/sim refuses 2g/3g connections. If some cell tower popped up claiming to 2g/3g, your phone still might happily connect.
And what's worse is that even if this were to be fixed now, the reputational damage is already done, since many people will probably never change their devices back to ringing again.
> Someone important trying to call can always leave a message but the spammers never have.
My US mailbox is full of spam calls.
Three men are facing 44 charges in a first-of-its-kind cybercrime investigation in Canada.
Project Lighthouse began in November 2025 after a security partner alerted law enforcement to a suspected SMS blaster operating in downtown Toronto.
This marks the first known instance of this technology being used in Canada and highlights an emerging threat to both public safety and financial security.
“What makes this particularly concerning is the scale and impact,” Deputy Chief Rob Johnson said at a news conference at police headquarters on April 23. “This wasn’t targeting a single individual or business. It had the ability to reach thousands of devices at once. And beyond the financial risk, there are real public safety implications. For instance, when devices are diverted from legitimate networks, even briefly, it interferes with a person’s ability to connect to emergency services.”
An SMS blaster works by mimicking a legitimate cellular tower. When nearby phones connect to it, users receive fraudulent text messages that appear to come from trusted organizations. These messages often prompt recipients to click on links that lead to fake websites designed to capture personal information, including banking credentials and passwords. This tactic is commonly known as “smishing.”
“This is a clear example of how cyber-enabled crime is becoming more advanced, more mobile, and more difficult to detect — and why policing must continue to evolve alongside it,” Johnson said.
Throughout the course of the investigation, police determined the device was mobile and being run out of vehicles which allowed it to move throughout the Greater Toronto Area and be used in multiple locations.
“We believe tens of thousands of devices were connected to the blaster over several months,” Detective Sergeant Lindsay Riddell said. “We also identified more than 13 million network disruptions where devices were unable to properly connect to legitimate cell towers. That is significant because during those moments, access to services like 9-1-1 could be impacted.”
Toronto Police executed search warrants at residences in Markham and Hamilton on March 31. Two men were arrested, and a large quantity of electronic evidence, including several SMS blasters, were seized.
On April 21, a third man turned himself in to police.
Riddell said the investigation involved close coordination with multiple partners, including the RCMP’s National Cybercrime Coordination Centre, the RCMP’s Ontario Division, York Regional Police, Hamilton Police Service, as well as financial institutions and telecommunications providers.
“Their support was critical in helping us identify and disrupt this activity,” she said.
Riddell also reminded the public of steps they can take to protect themselves.
“If you receive a text message you weren’t expecting, do not click on any links,” she said. “Be cautious of messages claiming to be from legitimate organizations requesting payment. Only access your banking through official apps or by typing the website directly into your browser. And never share your personal or login information through unsolicited messages. If you believe you’ve been a victim of fraud, we encourage you to report it to police.”
Johnson recognized the work of TPS members, particularly the Coordinated Cyber Centre within the Intelligence Unit.
“Their expertise, persistence, and collaboration were critical to identifying and disrupting this activity,” he said.
Johnson also thanked TPS policing partners, including the RCMP’s National Cybercrime Coordination Centre, the RCMP’s Ontario Division, York Regional Police, Hamilton Police Service, and private-sector partners who supported the investigation.
He reminded the public that while the technology is new in Canada, the goal of the criminals is not.
“It’s to gain access to your personal and financial information,” Johnson added. “Staying cautious and informed remains one of the most effective ways to protect yourself.”
my Telus/Bell SIM shows the 3G network tho
Absent that, maybe this happens via a carrier profile (or equivalent mechanism)?
