Cyber Attacks in Attica Linked to Mobile Phone Data Theft
Greek authorities uncovered a sophisticated scheme in which two Chinese nationals carried out targeted attacks on mobile phones across Attica. Investigators reported that Greece is now the fifth European country where such incidents have been identified.
A mall employee in Spata alerted police in April after noticing suspicious transactions connected to the suspects. Officers from the Spata Artemida department soon located a 29 year old man and a 30 year old man who presented forged identification documents during questioning.
The pair were subsequently arrested for disobedience and forgery, yet the investigation quickly revealed that these offenses represented only a small aspect of a far larger operation.
A Vehicle Converted into a Mobile Attack Station
Police searching the suspects vehicle found that it had been modified to house advanced electronic equipment. A transmitter antenna had been mounted on the roof, while additional devices including a portable router were installed in the trunk to maintain internet access.
This setup enabled the suspects to send deceptive messages to nearby mobile devices and capture sensitive banking data from unsuspecting victims.
The method they used is known as SMS Blaster Attacks, a technique that relies on software defined radio tools and fake mobile base stations to intercept data and distribute fraudulent text messages.
Exploiting Weaknesses in 2G Networks
The attacks functioned by taking advantage of vulnerabilities in the 2G protocol, which remains active on many devices despite its age. Strong signals transmitted by the suspects allowed them to extract device identifiers such as IMSI and IMEI without requiring authentication.
Phishing messages were then dispatched through a counterfeit base station, appearing to originate from legitimate institutions or banks and containing malicious links.
Fraudulent Purchases in Attica Malls
Victims who followed these links unwittingly exposed their banking credentials, enabling the suspects to conduct unauthorized purchases. In March, the attackers accessed the banking data of a Georgian national and made purchases totaling 700 euros in a store in Marousi.
Another breach occurred in April, when the suspects carried out transactions exceeding 850 euros at a mall in Spata after gaining access to a second victims financial information.
Police believe that the full extent of the operation is significantly broader than current evidence suggests, with many more cases likely remaining unreported.
