Chandigarh Cyber Cell recently busted a major transnational racket involving SIM Boxes. These sim box were found to be using Quectel EC20 LTE Modules.
The X handle of Chandigarh Police posted some hotos; which appear to be a technology marvel. Let deep dive into whats under the hood.
Step 1: Target & Cost
An International call would be expensive for any cybercrime syndicate. In order to make a ‘local origin’ call from overseas, some arrangement is required. Also if they call manually, it is a loss of human resource. The solution is “Automated IVR” call to lakhs of targets.
Step 2: International Local Conversion & Mass Calling
Bulk VOIP calls are originated majorly through foreign soils and are communicated through “Internet” to these sim box. Quectel EC20 cellular modules along with couple of other electronic devices convert these VoIP calls to the GSM/LTE network. Lakhs of automated calls will be blasted to victims
Step 3: Resource & Man Power and recruitment in India
SIM Cards, High Speed internet and Electricity is needed for operating the SIM Box. Chandigarh Police tweet advised public to avoid involvement in setting up illegal telecom setups.
The Technology
The device below shows a SIM Box setup that utilizes Quectel EC20 LTE Modules. The device has following components:
- RF Antennas which connects to the Tower
- Quectel EC20 Chip which has an IMEI number.
- SIM Bank — which provides slots for placing sim.
- FPGA device for Multi-plexing dozens of voice streams.
- WAN Connection (Ethernet) — For accepting VoIP calls
An over simplified diagram is shown below
Investigator’s Insight
- In call data records, the IMEI of Quectel EC20 SIM Box will be visible, which indicates the presence of a sim box.
- Tower Location (Cell Tower ID) will be static and maximum outgoing calls will be identified.
Deep Technical Dive
A detailed implementation of the facility is given in the blog below which may be referred to.
Features & benefits include LTE Connectivity, High speed USB Access and multi-protocol support.
What can Telecom Service Provider do to detect?
A simple algorithm which detects the high frequency outgoing calls or location from a static location and IMEI number belonging to Quectel is what is required to identify a scam call. Government of India regulates such behaviour under its recently launched THE TELECOMMUNICATIONS ACT, 2023.
Case Studies of Latest SIM Box Crackdown in India
- Bihar — SIM Box Crackdown: Capability of calling over 10,000 victims per day. Links to Cambodia, Thailand, Hong Kong, China, UAE. 400 SIM Cards seized.
2. Telangana : Telangana Police busted a sim box linked to Cambodia. Figure clearly shows a broadband connection which is very much essential for running a SIM Box.
3. Location: Bengaluru by Goa Cyber Police
4. Panna : Madhya Pradesh (Panna District) — Links to Cambodia & Thailand for executing “Digital Arrest Scam”. 1700 SIM Cards Seized.
https://x.com/DGP_MP/status/1937149152586035508
Closing Thoughts
Bharat has some of the world’s most technocrat and expert Cops, Ministries and Departments who has the capability to bust these sophisticated network through techno-human intelligence network. There are some who work tirelessly, behind the scenes owing to which Nation remain safe.
Guess the Collateral damage done by these Devices; had it not been busted across India !
How to Identify Whether a SIM Box is Involved in a Cybercrime Investigation
Step 1: Prepare a complete list of all IMEIs found during the investigation.
Step 2: Visit https://guru.cyberyodha.org/. If you do not have an account, create one.
Step 3: Go to https://guru.cyberyodha.org/request/bulkImei and check all the IMEIs obtained during the investigation.
Step 4: If the IMEI shows the model name "Quectel", it may belong to a SIM Box device. Compare these results with the list of known SIM Box models provided below.
