Email a colleague    

November 2015

SIM Box Bypass: The Threat to Developing Nations and the Actions Regulators Must Take

SIM Box Bypass: The Damage to Developing Nations and the Actions Regulators Must Take

Bypass and SIM Box fraud continue to cause huge financial damage to telecoms.  In a 2015 survey, the CFCA estimated annual bypass losses of $6 billion globally.

But what are the losses to the nations affected by bypass?  Well, that’s a tough question to answer.  In fact, no international body — ITU, United Nations, etc. — appears to be actually quantifying the global damage to nations.

Many critical questions are not being adequately discussed.  For instance, what are the various kinds of damage — financial, economic, and social — that bypass fraud inflicts on a nation?  And what’s the proper role of policy makers and law enforcement?  Should they take a hands-off approach and let the telecom operators drive the solution, or should governments get more actively involved?

Well, for some perspective on these issues, I interviewed Lex Wilkinson, CEO of LATRO Services, a boutique solutions firm who specializes in solving telecom bypass problems.  Lex provides a clear explanation of the many subtle problems associated with bypass and SIM box fraud causes.  And he also discusses a case study in Jordan that shows how regulators, operators and solution vendors can successfully work together to contain the problem.

Dan Baker, Black Swan Editor: Lex, I think a good starting point is to better understand the full scope of the bypass and SIM box issue.  What kind of damage does bypass cause?  And what are the issues that regulators and other government officials need to be concerned about?

Lex Wilkinson: Dan, the global damage that illegal bypass causes is substantial and it goes far beyond the loss of tax or operator revenue.  At LATRO, we categorize SIM box bypass damage under three main categories:

  • financial and revenue damage;
  • infrastructure and service quality damage; and,
  • security and privacy damage.

It’s worth spending a couple minutes discussing these issues one by one.  So here we go:

Financial & Revenue Loss

  1. Tax revenue loss — First and foremost, of course, international phone calls are a big source of tax revenue and foreign exchange currency, especially for nations in the developing world.  The tax revenue is used to fund national infrastructure and many other things.  But if 20% of a nation’s foreign incoming calls are being bypassed, then 20% of tax revenue is lost.
  2. Operator revenue loss — The licensed telecom operators of the country also lose revenue, which could kill their business and at the least cause them to earn a much lower return on their investments.  Instead, the revenue lost goes to enrich criminal organizations usually in foreign lands.

National Infrastructure & Service Quality Damage

  1. Damage to a Nation’s Economic Infrastructure — Communications infrastructure is vital to a nation’s economic prosperity and growth.  And it’s becoming more and more vital today as the information technology that drives business — and economic development — is migrating to cloud networks. 

    So protecting the licensed operators and preventing bypass competition is sound public policy.  If SIM Box fraudsters destroy the incentive for private telecom operators to invest and grow their infrastructure, great damage is done to the larger society.  Another important issue is that bypass causes the licensed operators to invest wastefully in wireless and backhaul infrastructure in locations where SIM box bypass occurs.
  2. The Quality of Phone Service Suffers — To boost their revenue, fraudsters cut corners on voice call quality wherever possible.  They use low rate voice encoders that deliver low quality of service calls.  Plus much of the revenue for driving fraudulent traffic comes from low-priced calling cards sold in foreign countries.  In short, the average quality of voice service in a country is significantly reduced by SIM Box bypass.

Security & Privacy Damage

  1. Lawful Intercept Systems are Bypassed — When an international phone call terminates through a SIM box, it not only bypasses the international gateway of the telecom operator, it also sidesteps the nation’s Lawful Intercept systems, the legal surveillance means police and intelligence agencies use to track criminals and terrorists. 

    So why does that occur?  Well, when a call is diverted through an illegal SIM box, the originating phone number is stripped away.  What the telecom system sees is the phone number of the illegal SIM card, not the actual originating number from the foreign country. 

    So, for example, if the authorities in U.A.E. want to legally wiretap a known terrorist in Yemen making calls into the U.A.E., they risk missing any calls that are redirected through a SIM Box.
  2. Phone Calls Lose their Privacy and Security Protections --  Public networks have a high degree of security and privacy built-in.  GSM mobile networks, for instance, are encrypted to protect the subscriber’s privacy.  Normal VoIP traffic also passes through the secure networks of interconnect carriers. 

    But when calls are redirected through an illegal SIM box, these security measures are often not there, meaning the phone calls can be tapped into by criminals or hackers in the path of those IP connections.  Now the reason the SIM box fraudsters don’t protect the calls is to avoid extra costs: a simpler network means they don’t need to hire security equipment and experts.
  3. SMS Messages are Compromised — In addition to phone calls, the security of SMS messages is also compromised by SIM Box bypass.  This issue is especially troubling today now that bank notices and other confidential information are regularly being passed to mobile subscribers via SMS.
Great, Lex.  Your discussion of the various kinds of damage shows how multi-faceted and dangerous the bypass problem truly is.  But what about the threat itself?  The problem has existed for many years now.  Is it increasing or decreasing?

Dan, despite the high investments operators have made in controlling bypass, we at LATRO strongly suspect that the SIM Box problem is actually increasing worldwide.  LATRO serves operators in many countries, and in many of these places international voice revenue has declined sharply due to SIM box bypass.  After we enter a market and insert our technology and work with the operators, regulators, and police, international voice revenue goes back up again.

So what’s causing the increase in SIM Box bypass?  Certainly one of the chief causes is that fraudsters are more sophisticated today.  They’ve become experts at avoiding detection and using stealth technology.

Managing and controlling SIM box bypass has evolved over time.  And control techniques that worked well only a couple years ago have been neutralized.  For instance, many nations have launched government programs to control the purchase of SIM cards on the local market.

Now initially these programs did their job: they caused the fraudsters some headaches and made getting a fresh supply of SIM cards much harder.  But recently — with the rise of SIM Server technology — SIM card purchasing controls are steadily losing their effectiveness.

Here’s why: the SIM Server allows the fraudsters to centralize the command and control of bypass operations.  What they do is drop their SIM Server in a country like Monaco, Jamaica, or anywhere actually.  Then they use that one Server to control bypass across multiple countries.

Here’s another key advantage they gain with SIM servers: the SIM cards themselves no longer need to live in the local infected network.  The SIM cards can be consumed in a large bank of SIM cards adjacent to the SIM Server in the criminal’s country halfway around the world.  So today, the only things they require in the local network are the antennas that retransmit the fraudulent traffic onto the local mobile network.

Now perhaps the biggest concern of all is that, with the help of SIM Servers, the fraudsters can lower the telltale usage of any single SIM card to the point where it flies “below the radar” of easy detection by fraud management systems.

NOTE: For a interesting discussion of the SIM Server challenge, and current methods used to detect and block bypass, we recommend you download and read TRI’s white paper on the subject.

OK, if SIM box bypass is now harder to combat — and government SIM card controls no longer work like they used to — what’s the proper role of governments and regulatory bodies in the fight?  Sounds like the SIM box problem has become a more technical issue, suggesting operators need to solve it on their own.

Though it may sound counter-intuitive, the exact opposite is true, Dan.  Since the fraudsters are now more technically savvy at their deception game, governments must actually step up and play a more active role in protecting their country from bypass.  Here’s why:

  • Fraudsters Seek the Path of Least Resistance in a Country.  The fraudsters usually locate their SIM boxes in highly populated areas served by multiple carriers.  Now operators vary quite a bit in their competence, focus, and resources to deal with bypass fraud. 

    Let’s say there are three operators in a region.  Operators 1 and 2 have a relatively good SIM box detection program, but Operator 3 is weak.  Well, the fraudster can push more traffic toward Operator 3 because it has the weakest defenses.  But notice, because the fraudsters have diverted their fraud toward the weak operator’s networks, the amount of actual bypass within the country remains the same: government tax losses remain the same as before!
  • The Regulator is in the Best Position to Optimize the Deployment of SIM Box Detection & Blocking Resources — LATRO Services has developed a patented Protocol Signature detection method based on network signaling probes that detect and block SIM Boxes as soon as they sign onto the network.  Now a resource like that is best deployed in a single city area served by multiple operators.  To deploy that technology in one operator’s network alone is less effective, because the fraudster simply redirects its traffic to mobile operator not protected by LATRO’s probe.
  • Law Enforcement’s Effectiveness is Enhanced — Since a key goal is to seize SIM boxes that affect multiple operators in a region, it’s more effective if the government regulator coordinates the use of LATRO’s technology to pinpoint the actual location of the SIM boxes and work with the police to go in to confiscate equipment and make arrests in one fell swoop and surprise the fraudsters.
So what can be done, Lex?  What’s a typical SIM box control strategy?  How have regulators worked with you in the past to make a dent in the problem?

Well, we recently worked with the Telecommunications Regulatory Commission (TRC) in the country of Jordan.  The project was a big success because SIM box bypass was substantially reduced and a total of 16 SIM box operations were prosecuted. 

The project’s success was largely due to the coordinated effort of: government regulators, local law enforcement, the mobile operators in Jordan, and LATRO’s unique SIM Box locating technology.  Here are the four main steps in that operation:

  1. SIM Boxes were Detected & Revenue Losses were Stopped — Intelligence from LATRO’s SIM Box detection systems and the Jordanian operators were combined allowing TRC to successfully block SIM card use and prevent further financial loss to the operators and the Jordanian government.
  2. The Fraudsters’ SIM Box Deployments & Strategies were Exposed — Running all the detection data through LATRO’s Versalytics analysis platform provided TRC with a comprehensive view of fraud activities in Jordan.  Individual SIM Box fraud operations were then further analyzed through LATRO’s proprietary pattern recognition technology.
  3. SIM Box Locations were Precisely Pinpointed — Using the network intelligence on SIM Box activity as a starting point, the TRC team uses LATRO’s Radio Frequency (RF) investigation tool to identify the exact location of the actual SIM Boxes.
  4. SIM Box Operations were Busted — TRC then mobilized its law enforcement resources to take action.  In just a few months, Jordanian police forces seized and confiscated 449 SIM Box modems representing 646,000 potential minutes of fraudulently terminated calls.  This produced an estimated revenue savings in Jordan of $1.36 million.

So this gives you an idea what can be done.  Now I emphasized the revenue savings because that’s the easiest benefit to calculate, but Jordan certainly also saw improvements in the telecom service quality and security/privacy areas we discussed before.

Lex, thanks for this fine briefing.  Your discussion not only educates regulators on what’s at stake, you’ve also shown that much can still be done to attack this bypass and SIM Box cancer that afflicts so many nations.

Copyright 2015 Black Swan Telecom Journal

Lex Wilkinson

Lex Wilkinson

William “Lex” Wilkinson is the Chief Executive Officer of LATRO Services, Inc., a privately funded company based in Easton, PA.  He was a pioneer in fighting fraud during the cellular market explosion of the early 1990’s and was an original member/founder of the CTIA Fraud Task Force in 1991.  As a security consultant to industry associations and wireless operators around the world, Lex has seen first-hand the many ways fraud can affect organizations and cost millions in lost revenue.

Later as an executive with Rural Cellular Corporation, he participated in the sale and integration of RCC to Verizon Wireless where he remained until 2010.  Based on his years of experience in the industry and as a Tier 1 telecom executive, he created LATRO Services, a company that develops and implements next generation fraud analysis tools and managed services for wireless operators around the world.

Mr.  Wilkinson is a U.S.  Army Veteran, retired Police Detective and a graduate of DeSales University in Center Valley, Pennsylvania.  Today, LATRO Services operates in over twenty-five markets on four continents.   Contact Lex via

Black Swan Solution Guides & Papers

cSwans of a Feather

Related Articles