By Andy Gent
Back in November we wrote about two phone hackers making the FBI’s Most Wanted list for cyber-crime.
It seems that Farhan Arshad and Noor Aziz Uddin were not the only phone fraud criminals that were under the watchful eye of the US Government with the news this week that Juegers Veloz has been detained by Spanish police having been accused of making huge sums of money by fraudulently selling cloned phones to customers.
It is worth noting that this is not the first time recently that the Spanish police have had some success against mobile fraudsters. In January we brought you the story from Barcelona of the arrest of a gang accused of premium number fraud. Coincidence or concerted effort? Only time will tell.
It is also worth noting the difference between the US Secret Service and the FBI. The Secret Service’s mission statement is here. The FBI’s is here. Both have most wanted lists, which rarely cross over.
Such was the size and scope of Veloz’s alleged activity that it was considered as a threat to the American economy. The arrest is alleged to relate to fraud that took place in New York from 2009 to 2011. The allegations suggest that a gang, led by Veloz, cloned mobile handsets, then sold these on to new customers. These customers paid the gang for the mobile service whilst the original owner was billed for the call charges racked up.
Two things here: first, this is fraud on an industrial scale. $250 million is a vast amount of money and two years is an incredibly amount of time for a fraud to be perpetrated without the gang being exposed. How did this happen?
The likely answer is that the victims simply did not realise. If you have a corporate phone, how often do you, or anyone else within the organisation, check your bill? If it went up 25% would you notice or even be aware? And how would you relate that to criminal activity? How many people get itemised bills? Many operators simply cannot tell you what you have used data for, so how can we have trust in the billings that operators are offering customers?
Secondly, identity fraud is a serious problem and mobile operators and regulators need to get serious about ways to remove it now. For too long consumers have been seen by corporates as responsible for managing the safety of their own data. This is ludicrous when so much critical data is flowing over the mobile networks. As we have seen recently with high profile hacking episodes no brand, however large, is not vulnerable and as such it has a responsibility to protect its customers.