Europol has announced the successful dismantling of a sophisticated cybercrime-as-a-service (CaaS) platform that operated a massive SIM farm. This network enabled criminals worldwide to create an estimated 49 million fake online accounts, facilitating a wide array of illicit activities including phishing, investment fraud, and the distribution of illegal content.

Key Takeaways

• Europol's Operation SIMCARTEL disrupted a global SIM farm network.

• The network was responsible for the creation of approximately 49 million fake online accounts.

• Seven suspects were arrested, and significant assets, including SIM box devices, SIM cards, servers, and funds, were seized.

• The operation involved law enforcement from Austria, Estonia, Finland, and Latvia.

Operation SIMCARTEL Uncovered

The coordinated law enforcement effort, codenamed Operation SIMCARTEL, led to 26 searches across multiple countries. This resulted in the arrest of seven individuals, five of whom are Latvian nationals. Authorities seized 1,200 SIM box devices containing 40,000 active SIM cards, along with five servers. Two websites, gogetsms[.]com and apisim[.]com, which advertised the illicit service, were taken over and now display seizure banners.

Financial and Asset Seizures

Beyond the digital infrastructure, law enforcement also confiscated four luxury vehicles. Financial assets totaling €431,000 (approximately $502,000) from suspects' bank accounts and €266,000 (approximately $310,000) from their cryptocurrency accounts were frozen. The operation highlights the significant financial gains these criminal networks aim to achieve.

Global Reach and Criminal Activities

The dismantled network provided telephone numbers registered in over 80 countries, allowing criminals to establish fake accounts on social media and communication platforms. This anonymity was crucial for obscuring their true identities and locations. The service was instrumental in facilitating over 1,700 individual cyber fraud cases in Austria and 1,500 in Latvia, leading to substantial financial losses estimated at around €4.5 million ($5.25 million) and €420,000 ($489,000) respectively.

Modus Operandi and Impact

These fake accounts were used for various criminal schemes, including phishing and smishing attacks, and investment fraud where victims were tricked into bogus trading schemes. A common tactic involved impersonating family members, such as a child, to solicit emergency funds. The platform also enabled other serious offenses like extortion, migrant smuggling, and the distribution of child sexual abuse material (CSAM).

Service Marketing and User Complaints

GoGetSMS, one of the seized websites, was marketed as a provider of "fast and secure temporary phone numbers," boasting access to over 10 million numbers for receiving verification codes from more than 160 online services. The platform also offered a way for users to monetize their existing SIM cards by turning them into "powerful assets for generating passive income." However, user reviews indicated issues with obtaining working numbers and unresponsive customer support, suggesting a flawed service even for its intended criminal users.

As cyber threats become increasingly sophisticated, your security strategy must evolve to keep pace. BetterWorld Technology offers adaptive cybersecurity solutions that grow with the threat landscape, helping your business stay secure while continuing to innovate. Reach out today to schedule your personalized consultation.

Sources

• Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide, The Hacker News.

• Massive SIM farm network powering 49 million fake accounts taken apart by Europol, TechRadar.