Russian SIMs. Encrypted SIMs. White SIMs. These cards go by different names in the criminal underground, and vary widely in quality and features. But all are generally designed to give the user some sort of security or privacy benefit, even if what that particular SIM does is more theatre than substance. Beyond spoofing phone numbers, some SIMs let a caller manipulate their voice in real-time, adding a baritone or shrill cloak to their phone calls that is often unintentionally funny. Other cards have the more worthwhile benefit of being worldwide, unlimited data SIMs that criminals source anonymously from suppliers without having to give up identifying information and by paying in Bitcoin.The SIM cards themselves aren't inherently illegal, but criminals certainly make a noticeable chunk of the companies' customer bases. The NCA told Motherboard it has seized so-called Russian SIMs from suspects during investigations. The existence of this bustling industry highlights how crime figures continue to try and leverage different technologies, and comes as government agencies successfully crack down on other parts of criminal technical infrastructure.Do you sell encrypted phones or Russian SIMs? Do you use them? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.
Criminals often make use of so-called encrypted phones, customized devices that in some cases have the microphone, GPS, and camera functionality removed. Some of these companies also offer Russian or encrypted SIM cards, letting customers buy not just a handset, but the data and roaming capability they would need to actually use the phone quickly, as well as some extra features from the SIM if they like. Companies or individuals don't always sell both the phone and the SIM, but the industries do overlap.To test the process of obtaining such a SIM, Motherboard purchased a so-called white SIM, known for not having any branding or labelling, through a source close to the criminal world. After sending the supplier around $100 in Bitcoin, a package arrived the next day.A list of countries where this particular SIM worked and shared with Motherboard included Colombia, the UK, Morocco, Mexico, the UAE, and the U.S.After receiving the SIM card and putting it into an unlocked phone, a user has to change the Access Point Name or "APN" on the device. An APN is a collection of settings a phone uses to set up a connection between the carrier's cell network and the wider internet. Essentially, entering this tells a user's phone that they want to connect to a particular phone network, one that it may not ordinarily recognize.
A screenshot from a YouTube video demonstrating number spoofing on a so-called Russian SIM. Image: Screenshot.
A screenshot from the website of Secure SIMs, one company in this space. Image: Secure SIMs.
A screenshot of an underground website selling SIM cards. Image: Motherboard.
"They may be a bit overextending their marketing, claiming that it protects you against your government's scrutiny," he added. "I don't think it's really that useful to protect you against a really upset government."Even if someone obtained a SIM card anonymously, they are still using a SIM card and by extension a phone network. The source who currently works in the phone industry said "you can't be invisible."Nohl, the security researcher, told Motherboard, "A data-only SIM (that uses IMS for voice/text) prevents IMSI catchers from intercepting voice calls and text. So do all 4G and 3G networks that use encryption, which IMSI catchers cannot break open, and many 2G networks that upgraded to A5/3 encryption," Nohl said. "In all these scenarios, the IMSI catcher can still catch IMSIs, though, mainly for tracking purposes."Putting some of those more bold claims aside, some of these SIMs are still popular in the underground."Serious and organised criminals attempt to evade law enforcement, through both mainstream secure messaging apps and encrypted communication platforms specifically designed for criminal use," Matt Horne, Deputy Director of Investigations from the NCA, told Motherboard in an emailed statement."However, through the takedown of Encrochat and our work on Operation Venetic, we’ve shown that their methods and tools are not beyond our reach. By working closely with international and UK policing partners, we’re continuing to make technological advances and targeting those operating at the highest level of criminality," he added."They are the crime SIMs," the source close to the criminal world said.Subscribe to our cybersecurity podcast, CYBER."They are the most popular SIMs in crime."
