Email a colleague    

November 2018

SS7-Savvy LATRO Teams Up with Law Enforcement to Seize SIM Boxes; Expands into RA Managed Services

SS7-Savvy LATRO Teams Up with Law Enforcement to Seize SIM Boxes; Expands into RA Managed Services

Curbing SIM Box bypass is one of the toughest challenges in telecom fraud control.

Besides the considerable domain dexterity required to battle SIM Box fraudsters, the best state-of-the-art strategy is to coordinate the use of multiple technologies:

  • Big data analytics platforms comb through CDRs to discover patterns of SIM box activity.  Now because SIM Box bypass can pop up anywhere across an operator’s network, it’s hard to achieve real-time detection with traditional rules-based analytics.  This is why analytics system vendors are developing machine learning systems to attack the SIM Box problem;
  • Test call generators (TCGs) discover the path of grey routes that drop the international call traffic onto the infected network; and finally,
  • Signaling analysis detects the network sign-on of illegal SIM Boxes and pinpoints the precise location where the SIM Boxes operate so law enforcement can seize the equipment and make arrests.

Now several analytics and TCG solution vendors currently compete in the fight to control SIM Box fraud.  However only one vendor, LATRO Services, has a signaling analysis system designed to combat international voice bypass.

So it begs the question: why don’t the other vendors — many of whom are much larger firms — compete with LATRO in the signaling sphere?

And the short answer is: signaling requires technical wizardry.  The complexity of the signaling domain requires highly trained programmers with years of experience.  Think about this: for every CDR, there can be dozens of signaling events going on in the background.

Report: How Regulators can Lead the Fight Against SIM Box Bypass Fraud

Another issue: signaling expertise is useful mostly in telecom voice applications, so you can only rarely apply that expertise in run-of-the-mill analytics apps that are the bread-and-butter of most RAFM solution firms.

And yet signaling is a potent weapon.  I learned much about that potency when I interviewed LATRO to produce the white paper: How Regulators Can Lead the Fight Against International Bypass Fraud.  Check it out by downloading the paper off the LATRO website.

I recently got on the phone with LATRO’s Co-Founder and CTO/COO, Don Reinhart, operating out of Dubai.  Don updated me on LATRO's fraud fighting capabilities and plans to become a full-fledged RAFM managed services provider.

Dan Baker, Editor, Black Swan: Don, I’ve learned that stopping SIM Box bypass is a particularly tough challenge because the fraudsters operate on a national scale and change their tactics based on the defensive moves each operator in the local network makes.

Don Reinhart: Yes, one of the tenets of SIM Box bypass is that the fraudsters play the operators against each other.  The operator who is weak in fraud control eventually attracts the SIM Boxes to their network.  Another tactic is to divert as much traffic as they can from the dominant mobile carrier.

This is why the geo-location of SIM Boxes holds great value for a country’s regulators.  Mapping where the fraud is coming from gives you a market-wide look at the problem.  And of course, we also work with operators directly to provision our detection systems for them.

Our unique value proposition continues to be our ability to process signaling data.  We analyze SS7 and other mobile protocols broader and deeper than anyone else looking at SIM box bypass.  We can detect a SIM Box coming onto the network in a matter of seconds.  So this continues to be a growth area for us.

Our involvement in regulatory enforcement projects is growing.  In fact, we just had a major project in Bangladesh this past month.

What actually happens when you go in and confiscate equipment?  And what kind of impact does it have on discouraging fraudsters?

We had a very successful 1st quarter (2018) supporting law enforcement equipment seizures.  During a 100 day campaign we partnered with mobile operators, telecom regulators, and law enforcement to locate and confiscate 150 GSM VOIP Gateways used as fraudulent SIM Boxes.

What was the financial impact of these raids on SIM Box locations?

Well, since each of those 150 SIM Boxes or GSM VOIP Gateways can simultaneously terminate 32 or more concurrent voice calls, we can compute the fraud risk from the 2,108 individual GSM modems in those SIM Boxes. 

It works out to a capacity of over 65 E1’s capable of carrying 3 million minutes of voice traffic per day.  Depending on the national termination rates, that can be anywhere from $54 million to $164 million USD in maximum annual revenue risk exposure to the client.

Maximum Annual Revenue at Risk from SIM Box Bypass Fraud

A straight-line calculation of maximum revenue at risk may be overstated.  But even if we consider those SIM Boxes were working at only 50% capacity, $27 million to $82 million USD is still a significant loss, especially in a developing nation.

However, I must emphasize the fraud leakage from geo-locating and confiscating illegal SIM Boxes is only the direct savings.  Actually there are other intangible but significant benefits gained as well:

  • Measurable increases in international voice traffic revenues and immediate positive ROI are achieved as SIM Boxes are removed (or go silent while LATRO is in town).
  • Fraudsters’ capital costs increase — Confiscated devices mean fraudsters must make new capital investments to replace their gateways.  And as their costs increase and they see the operator/regulator taking law enforcement action to protect their revenue, the fraudsters may decide to leave the market and commit their fraud elsewhere.
  • Prosecuting individuals who host SIM Box devices gets fraudsters’ attention — Fraudsters steal money because they believe their chances of going to jail are very low.  So when mobile operators or regulators prove they will take a strong stance against SIM box fraud, it raises their risks and reduces their reward.  Fraudsters think twice before entering the market where people are going to jail.
Great.  You provide a solid case for why involving law enforcement and confiscating equipment is so vital.  Now without actually doing the full network monitoring using SS7 probes, is it possible to check and see whether or not it’s worthwhile hiring LATRO to come in and do a full blown investigation?

Yes, to get operators and regulators familiar with our service, we actually do a free mapping analysis of SIM box fraud in a network.  This is our Versamapper service.

The end result is a network visualization overlay of Google Maps showing where fraud is happening in the market.  The regulators we’ve delivered this to love these charts because it allows them to develop a better strategy.

All an operator needs to do is send us two to four weeks of their detection CDRs.  We then look at the SIM boxes we detected for the last month and plot that on a dynamic heat map where hot spots fluctuate over time.

Your Versamapper service sounds interesting.  Though I think it’s worth clarifying to the reader that SIM Box fraud detection and location discovery service requires SS7 probes to actually be in their network.

Yes, we actually don’t care where the signaling data comes from.  Lots of operators already have signaling probes installed for various network measurements and monitoring uses.  We work off of those data feeds.

Our core competency is analyzing the signaling data.  So, whether we supply the probe ourselves or somebody else does, we just use that data feed.  We interface to all the major SS7 probe manufacturers such as Anritsu, EXFO/Astellia, NetScout/Tektronix, and Polystar.  SS7 signaling is standardized and very easily leveraged between various network applications.

150 SIM Boxes Busted in 100 Days

In total, the 150 SIM Boxes LATRO helped to confiscate in 100 days contained 2,108 individual GSM modems.  At LATRO, the sight of 2,108 SIM modems seized from fraudsters is a picture whose beauty is beyond words :- )

I understand LATRO is also moving into the broader Revenue Assurance business.  What’s that about?

Yes, we’re excited to be launching a combined RA/FM managed service in 2019.  Our fraud control clients are happy with us and have asked us for wider support.

Our customer profile is mostly tier 2 and tier 3 operators in emerging markets.  Africa is our biggest market by far, followed by the Middle East and Asia.  We are also doing some projects in Latin America and a couple in Southeast Asia.

There’s a good reason our clients are coming to us now: in the last several years, many of our clients have experienced significant growth in mobile services.

So now, as their growth rates start to cool, these operators are eager to remove revenue leaks and optimize costs.  This evolution is only natural.  When your base is growing like crazy quarter-to-quarter, you worry less about optimizing your margins.  But now they want to insert strategies to cover their core revenue streams from an assurance and risk standpoint.

However, with stagnating ARPU and thinning margins on data service due to the likes of FANG (Facebook, Amazon, Netflix, and Google), mobile operators find it challenging to drop large capital outlays on expensive RA systems. 

And even if they have those funds, the RA teams of many operators in emerging markets are looking for partners to help them advance on the RA maturity scale before committing these major CAPEX investments.

People see LATRO as a nice opportunity to work with a more affordable managed service provider who has experience and understanding in the telecom industry of the emerging markets.  We bring our data processing and analytics tools along with experienced RA professional services staff to grow their maturity and increasingly cover more and more of their business critical revenue streams. 

Then, years later, they’re in a position to maybe invest in a self-managed in-house system.

I know that CDR collection and manipulation is familiar terrain for LATRO.  Will you also bring your SS7 expertise into that analysis?  A decade ago, HP was talking about using SS7 as an alternative to CDR billing, but they had very few takers.

We will certainly bring signaling-to-billing analytics into the reconciliation process because we are so confident and experienced in the signaling layer.

And yes, reconciling billing to signaling is complex because you have to do sophisticated data enrichment and perform tricky correlations since the full set of billing data is not available from SS7 alone.

Signaling-to-billing reconciliation is a popular discussion among many national tax and regulatory authorities at the moment.  In markets where government mandates require highly audited revenues from the mobile operators, use of signaling data provides a deeper and higher confidence layer to the audit.

But we are happy to operate with conventional data feeds, too.

In addition to Risk and Assurance, one of the other key challenges mobile operators face is the massive adoption of IoT.  And I hear that’s another area where LATRO is developing expertise.

Dan, for decades, the mobile network has been limited to a fairly small number of device types.  The overwhelming majority of those devices were phones with a few scattered machine-to-machine devices and SIM-based sensors mixed in.  Sure, there are lots of different types of phones and smartphones on the market, but at the end of the day a phone is a phone.

However today, the variety of SIM-embedded mobile and Wi-Fi devices has grown and will continue to grow significantly — they are in everything from childrens’ toys to home security systems.  The type of mobile devices on the network will scale even faster than the volume of devices.  We are no longer talking a limited number of phones or modems.  We’re talking thousands of fundamentally different device types.

As a result, operators will struggle to get a handle on what services those devices are using.  The RA issue, of course, will be reconciling the specific connectivity plan of various functional devices with the device type.  Depending on how complex IoT connected device plans become, the business of assuring revenue could become massively complicated as well.

Beyond RA issues, there are also major security liabilities here.  For instance, if the customer’s or user’s device has a security breach, studies show they blame the mobile operator who provides the service.

So, what does the mobile operator do to secure itself with all these IoT devices coming on the network?

Analytics is a great aid in monitoring and controlling mobile devices, but another big issue is that valid IDs are not even available on some devices.  This is especially true with price sensitive devices (toys, coffee makers, etc.) where the manufacturer bypasses the proper ID registration or Type Approval process.

Twenty years ago you could simply rely on IMEI to accurately ID devices, but today you can’t really depend on that correlation anymore.  So far, this is more an international problem, and less of an issue in North America.

So it’s tough to figure out for a mobile operator what device their subscribers just put on the network — and what services they are using.

Bottom line: There’s a broad number of revenue assurance and security issues here and LATRO is getting our feet wet addressing these problems.

Many thanks, Don, for this fine briefing.  Good luck on seizing more SIM boxes — and expanding into the RAFM managed services business.

Copyright 2018 Black Swan Telecom Journal

Don Reinhart

Don Reinhart

Don Reinhart is the Co-Founder and Chief Technical / Operating Officer of LATRO Services, Inc., providing technology leadership to the company’s telecom managed services as well as software and hardware platform development.

Don has been involved with LATRO since its inception and has more than 20 years of experience working with leading telecom vendors and operators around the world.

Don has worked extensively on the design and implementation of network and fraud solutions within Asian, African, and Middle Eastern markets.

The specialty bypass fraud detection and control solutions provisioned by Don and his LATRO team routinely reverse losses and increase top line revenues of its clients.

In addition to telecom operators, he has worked with regulators to architect programs aimed at improving services within national markets.

Don holds a BS in Physics from Bucknell University and a MBA Finance degree from Johns Hopkins University.  He was employed at Tektronix before joining the LATRO team.   Contact Don via

Black Swan Solution Guides & Papers

Recent Stories