The Kochi City police have launched a probe into a complaint of impersonation and cloning of personal mobile number lodged by MP and general secretary of All India Congress Committee K. C. Venugopal.
Mr. Venugopal’s secretary K. Sarat Chandran had lodged the petition with the State Police Chief on Tuesday. It was since then forwarded to K. Sethu Raman, District Police Chief (Kochi City).
‘The city cyber cell have already launched a probe into the complaint. A widely available mobile phone application that masks the original number and flashes a different number seems to be at use here,” said Mr. Sethu Raman.
Police are yet to land any leads since the probe involves detailed examination of the call data records of the recipients of the calls that would lead to the impostor. Since the recipients are important personalities, police would have to follow elaborate procedures and secure permissions to access them.
Mr. Chandran lodged the complaint after a Congress leader in Karnataka and an aspiring candidate in the forthcoming Karnataka Assembly election received a call from the number of Mr. Venugopal on April 4 asking him to submit a CV to be considered as a candidate.
He rang up the personal staff of Mr. Venugopal only to be told that no such call was made. Shortly thereafter, the same person received a call from another number demanding money on behalf of Mr. Venugopal to be considered for the Assembly ticket.
“District Congress Committee presidents of Assam and Rajasthan besides a former Congress Minister of Maharashtra also received similar calls from Mr. Venugopal that he never made on Wednesday. As per police, it seems to be a case of ‘call spoofing’ using some mobile app,” said Mr. Chandran.
How SIM swapping attacks work
Cloning a SIM card is generally only possible when an attacker has physical access to the SIM card of a telecom subscriber. This lets an attacker with physical access to a SIM card create a copy of it by physically reading a card and copying it onto a blank SIM. Since the technology behind physical SIM cards has remained largely unchanged for years, cloning a SIM with physical access to it remains possible.
However, gaining physical access to a SIM card is tricky, as a potential attacker has to get a potential victim’s phone itself. A more common attack involves a technique called SIM swapping, where an attacker convinces a telecom operator that they are the legitimate owner of the SIM, and require a replacement because they lost or damaged the original.
Last December, a South Delhi-based businessman lost ₹ 50 lakh after being targeted in a SIM swap attack as the attacker was able to get bank one-time passwords (OTPs) and funnel funds away from the victim’s accounts. Police reportedly suspected in that case that the victim was “phished” by attackers to reveal personal ID information that the attackers were able to use to get the telecom operator to issue a duplicate SIM.
Safeguards are in place to allow victims of SIM swapping to avoid losses: the Department of Telecommunications (DoT) in 2016 ordered telecom operators to check that the person requesting a replacement is the person who actually owns the SIM, and can prove it with ID documents. In 2022, the DoT issued another critical order: for 24 hours following a SIM replacement being issued, no SMS messages may be sent from the number associated with the SIM, whether outgoing or incoming.
Beyond this crucial 24-hour period, attackers have total access to a telecom subscriber’s incoming and outgoing SMS, as well as calls, potentially allowing them to steal funds, access to accounts, and even impersonate them.
Published - April 07, 2023 02:17 am IST
