SIM Farms: The Modern Trojan for Mobile Operators

SIM farms have long been a nuisance for mobile operators, but they’re reaching unprecedented levels thanks to technology that allows SIM farm operators to send bulk texts at ultra-fast speeds and the demand for ultra-cheap methods of contacting prospective customers or targets. The repeated failure by mobile operators to control these rogue SIMs has allowed companies to thrive, despite their presence being technically illegal.

SIM Farms Explained

A SIM card is a little chip that gives a mobile device an identity on a mobile network, allowing it to be controlled through that network (to trigger calls, text and data). SIM stands for Subscriber Identity Module, and it stores information relating to contacts, phone numbers and, most importantly, the network authorization.

It’s possible to group SIM cards together and connect them via a GSM modem to computer servers to create a bulk messaging service. These servers can be programmed to automatically dial numbers and send the same text message to thousands of people, sometimes known as application to person (A2P) messaging. The same system is used to automatically send pre-recorded messages. The reason they work is because the SIM farm consists of consumer-grade SIMs, which in an increasing amount of cases, offer “unlimited” free texts or minutes on a modified pay-as-you-go model. These farms offer exceptionally cheap per-message rates with few considerations to their legality and even fewer ethics.

How Do SIM Farms Make Money?

SIM farms operators make money by charging for services, just like many other industries. Typically, they are associated with unsolicited text messages, such as those for mis-sold PPI, “have you had an accident” companies and debt solutions. By sending out thousands or even millions of text messages, they bombard recipients at a very low per-message cost. They offer dramatic returns for low acquisition costs. This makes them tempting for entities that have low ethical considerations or those that simply don’t know or realize that these tactics are unlawful.

These SIM farms, due to their low-price offering, also attract more scammers and fraudsters which increases complaints by the victim subscribers that are normally directed to the MNOs to investigate.

Of course, a major issue with SIM farms is that they do not offer fully featured delivery, thus not offering the correct sender name as it is be replaced by the SIM card number. This however might not deter enterprises that do not see this as a major issue, in comparison to a potentially lower price.

So the reason why SIM farms continue to evolve and thrive is because they keep being uncontrolled and keep abusing of the ‘free’ on-net messages offered by the MNO whilst charging a relatively lower price in the market killing competing legitimate routes.

Grey Legality

Throughput rates for SIM farms vary substantially, although it’s not unusual to see tens of thousands of messages per hour being sent during a campaign. This puts additional strain on the network.
In some cases, the numbers are indiscriminately used and spammed, a practice which is illegal in many countries thanks to the prohibition on enterprises contacting potential customers electronically if those customers have no prior relationship with that enterprise. In such instances, these practices reflect poorly on the business associated with them, as it’s typically considered intrusive. For mobile companies, the practice is against their terms of service, as the entities using SIM farms usually use prepaid consumer SIMs, which have a prohibition against illegal, unauthorized or nuisance calls. Terms of use include clauses such as:

  • ” You must not use your mobile equipment or the services for any purpose we believe is abusive, illegal, fraudulent, a nuisance or for criminal activities”
  • ” [You must ensure that] The Services are not used to make offensive or nuisance communications in whatever form, or to make or receive reverse charge calls”
  • ” [You must not] generate AIT [artificially inflated traffic]; or via a GSM Gateway so that the Service is provided via the GSM Gateway to third parties [or] 5.5.4. persistently send automated unsolicited communications”
  • “While using the Messaging Services, you must not send or upload unsolicited bulk or commercial communications or other unauthorised communications, or knowingly send any viruses

These terms provide broad latitude for mobile operators to shut down SIM cards that are sending out hundreds of text messages an hour. The main problem that the operators still face is identifying them.

Advanced SIM Farm Solutions

By using virtual SIMs, these farms can rapidly assign new SIM cards remotely and can flag SIMs that are not working. This allows near-instant replacement without having to physically remove the card; instead, it assigns the list to a new SIM automatically and strips the SIM data from the hub.

Similarly, they can simulate movement by transferring SIM data between hubs, making it harder for mobile operators to work out which SIMs are sending spam and which ones are used for legitimate purposes. Lately even mobile applications on normal subscriber devices have been reported to be used as SIM farms making it near impossible for the operator to identify due to the perfectly normal usage patterns. Furthermore, while mobile operators can flag areas or SIMs that are sending unprecedented levels of texts or calls, they can’t eavesdrop on calls or texts without a warrant. This ensures that SIM farms can operate with virtual impunity in many instances, as they can simulate human behaviour to a limited extent.

Who’s to blame?

A2P SMS is used by enterprises for legitimate reasons, such as for 2FA (2 factor authentication), automatically informing customers when their delivery is expected to arrive or as reminders of an important event that they’ve subscribed to. A2P technology enables legitimate enterprises to provide useful information to subscribed customers. Such enterprises employ the services of a provider who in turn might use aggregators who use other aggregators to deliver these messages to their final destination. This means that enterprises, in many cases, are not aware of these ‘hops’ and that their messages are being terminated through SIM farms, especially if they would be paying full ‘direct route’ price to their provider and someone else in the chain is keeping the added profits. Therefore, the blame cannot be put on enterprises but rather on the final entity delivering the message through these SIM farms and abusing of the all you can eat on-net tariffs offered by operators and intended for their subscribers.

The Wake Up Call for Operators

The use of SIM farms is on a steady rise and the fact that they are not easily controlled by the operators is concerning for many revenue assurance managers. If numbers rise significantly and are exploited by fraudsters and scammers from outside the country, text messaging and phone calls may increasingly be seen as a nuisance, just like emails were before there were adequate spam controls.

One can argue that this would be the wakeup call needed for MNOs to finally take action and invest in more intelligent and sophisticated systems to identify and control this Trojan horse before its presence in the market becomes increasingly detrimental to their revenues and their customers.

 






If you are interested to learn how HAUD
can help you to protect your network against SIM Farms
type your email address below.

Share this post