OP 17 December, 2024 - 06:37 AM
3 years in prison and SORM: the Ministry of Digital Transformation and the Ministry of Internal Affairs tighten control over SIM boxesThe Ministry of Digital Development, together with the FSB and the Ministry of Internal Affairs, is developing a package of bills that will limit the use of SIM boxes and virtual automatic telephone exchanges (PBXs). These technologies are used to set up call centers and distribute calls to employees' extension numbers, but now their use is practically unregulated, which gives fraudsters ample opportunities for abuse. Information about the development of these bills was confirmed by a Vedomosti source in one of the federal operators, an interlocutor from a specialized association and a representative of a large company in the field of information security.
At the Anti-Fraud forum on December 5, Lieutenant Colonel of Justice Anastasia Ponkratova, investigator of the Department for the Organization of Investigation of Remote Thefts of the Investigative Department of the Ministry of Internal Affairs of Russia, said that work on the bill is already underway. According to her, the Ministry of Internal Affairs is actively involved in the process, making its comments, some of which were supported at a recent meeting. She did not disclose other details.
According to a source in the federal operator, the current version of the bill requires that communication services using SIM boxes be provided only on the basis of an agreement with the operator. The contract must contain data on SIM cards, device identifier, installation address and purpose of use. In the absence or inaccuracy of this information, the provision of services will be prohibited. Only legal entities and individual entrepreneurs will be able to use SIM boxes. The interlocutor in the specialized association noted that there is a problem in the proposed measures: the traffic of SIM boxes can "pretend" to be the traffic of ordinary mobile phones, which means that it will be quite difficult to isolate it from the total volume of calls.
Call center software allows businesses to manage calls without the need for physical hardware, such as call routing, voicemail, or CRM integration. However, this technology is actively used by cybercriminals to spoof numbers, create anonymous communication channels and carry out phishing attacks. The bill provides that such systems must be located on the territory of Russia, use subscriber identification through the ESIA, have a network address belonging to the Russian Federation, and use a certain numbering resource. The use of SORM will also be mandatory.
The proposed measures are part of a package of initiatives aimed at combating telephone fraud. According to the Minister of Digital Development Maksut Shadayev, 30 bills will be prepared as part of the "anti-fraud package". Among them will be norms that allow citizens to remotely prohibit the issuance of loans in their name, introduce a two-day "cooling off period" for financial transactions and add a second trusted contact to confirm them.
According to a representative of Megafon, the company supports the proposed measures aimed at combating fraud. At the same time, he noted that each bill from the general "anti-fraud package" requires careful study in order to avoid inconvenience for consumers. The representative added that SIM boxes are actively used to transmit voice traffic from abroad via IP telephony, activate accounts on marketplaces and buy ratings of goods and services. However, attempts to bring the organizers of such schemes to justice do not always yield results.
PresentT2 said that the company took part in the discussion of initiatives that were included in the "composite" bill on cybersecurity. According to him, the initiative significantly restricts the use of virtual PBXs and SIM boxes and amends many federal laws. The representative of T2 clarified that the regulation includes the introduction of administrative and criminal liability for the illegal use of SIM boxes with a penalty of up to three years in prison.
Experts note that the proposed initiatives are technically feasible. For example, anomalies in the signal or a decrease in the quality of communication when using SIM boxes can serve as indicators to identify them. However, they warn that attackers may try to circumvent the new restrictions by using fictitious legal entities or other gray schemes.
Registering SIM boxes is reminiscent of initiatives to register devices by unique IMEI identifiers, which were discussed in 2018 but were not implemented. In this case, regulation is limited to the corporate segment, which simplifies control and implementation. Experts are confident that this will make the market more transparent and safer, as well as reduce the volume of illegal actions by 10% or more.
At the Anti-Fraud forum on December 5, Lieutenant Colonel of Justice Anastasia Ponkratova, investigator of the Department for the Organization of Investigation of Remote Thefts of the Investigative Department of the Ministry of Internal Affairs of Russia, said that work on the bill is already underway. According to her, the Ministry of Internal Affairs is actively involved in the process, making its comments, some of which were supported at a recent meeting. She did not disclose other details.
According to a source in the federal operator, the current version of the bill requires that communication services using SIM boxes be provided only on the basis of an agreement with the operator. The contract must contain data on SIM cards, device identifier, installation address and purpose of use. In the absence or inaccuracy of this information, the provision of services will be prohibited. Only legal entities and individual entrepreneurs will be able to use SIM boxes. The interlocutor in the specialized association noted that there is a problem in the proposed measures: the traffic of SIM boxes can "pretend" to be the traffic of ordinary mobile phones, which means that it will be quite difficult to isolate it from the total volume of calls.
Call center software allows businesses to manage calls without the need for physical hardware, such as call routing, voicemail, or CRM integration. However, this technology is actively used by cybercriminals to spoof numbers, create anonymous communication channels and carry out phishing attacks. The bill provides that such systems must be located on the territory of Russia, use subscriber identification through the ESIA, have a network address belonging to the Russian Federation, and use a certain numbering resource. The use of SORM will also be mandatory.
The proposed measures are part of a package of initiatives aimed at combating telephone fraud. According to the Minister of Digital Development Maksut Shadayev, 30 bills will be prepared as part of the "anti-fraud package". Among them will be norms that allow citizens to remotely prohibit the issuance of loans in their name, introduce a two-day "cooling off period" for financial transactions and add a second trusted contact to confirm them.
According to a representative of Megafon, the company supports the proposed measures aimed at combating fraud. At the same time, he noted that each bill from the general "anti-fraud package" requires careful study in order to avoid inconvenience for consumers. The representative added that SIM boxes are actively used to transmit voice traffic from abroad via IP telephony, activate accounts on marketplaces and buy ratings of goods and services. However, attempts to bring the organizers of such schemes to justice do not always yield results.
PresentT2 said that the company took part in the discussion of initiatives that were included in the "composite" bill on cybersecurity. According to him, the initiative significantly restricts the use of virtual PBXs and SIM boxes and amends many federal laws. The representative of T2 clarified that the regulation includes the introduction of administrative and criminal liability for the illegal use of SIM boxes with a penalty of up to three years in prison.
Experts note that the proposed initiatives are technically feasible. For example, anomalies in the signal or a decrease in the quality of communication when using SIM boxes can serve as indicators to identify them. However, they warn that attackers may try to circumvent the new restrictions by using fictitious legal entities or other gray schemes.
Registering SIM boxes is reminiscent of initiatives to register devices by unique IMEI identifiers, which were discussed in 2018 but were not implemented. In this case, regulation is limited to the corporate segment, which simplifies control and implementation. Experts are confident that this will make the market more transparent and safer, as well as reduce the volume of illegal actions by 10% or more.