- The young operator of the ‘SMS Bandits’ smishing service has been arrested, and more may follow up soon.
- The hacker wasn’t careful enough with his online presence, especially on the clearnet side of the web.
- The smishing campaigns backed by the service were supported by good English and careful operations.
U.K.’s National Crime Agency (NSA) has confirmed that the operator of the ‘SMS Bandits’ service has been arrested, and while they didn’t give away a name, they told the press that it’s a 20-year-old man from Birmingham. The particular platform was sending out large volumes of smishing (phishing SMS), taking advantage of anything that happened to be hot during that period of time, including tax revenue agencies, COVID-19 pandemic relief, PayPal, telecom providers, utility providers, shipping firms, etc.
As reported by Krebs on Security, there are several users associated with the phishing service, posting promotional messages on various cybercrime forums as “SMSBandits,” “Gmuni,” “Bamit9,” and “Uncle Minus.” It is not clear if these handles were all controlled by the Birmingham youngster or if more people are involved in the operation, but we guess that this is one thing that will be cleared out through the investigation that’s currently still underway.
The law enforcement authorities managed to trace down the person by considering a set of key factors. First, the quality of the smishing messages indicated the involvement of a native English speaker. Secondly, the operator promoted his Birmingham-based freelancer account offering web developer and software developer services, using the “smsbandits” moniker. This was overly naive and an elementary mistake, really, yet it is the very thing that gave the operator away.
On the telecom front, the phishing platform was actually doing a lot better. They verified that the phone number lists provided by their clients pointed to mobile devices, not landlines, and avoided sending out messages in a bulk manner, essentially minimizing the risk of raising any alarms about spam activities on the telcos.
In addition to the smishing service, SMS Bandits offered a “bulletproof” hosting service, an “auto-shop” for unloading stolen account credentials, and also a bulk SMS provider named ‘OTP Agency.’ So, all in all, the man’s activity and presence on the dark web were quite extensive.
While the arrest of the ‘SMS Bandits’ operator isn’t going to bring any noticeable difference on the volume of smishing messages that fly around daily, it is going to create a hole in the high-quality offerings in that field. Running smishing campaigns that are free of grammar and spelling errors is characteristically rare, and native speakers who dare to enter that space stand out like flies in buttermilk.