Verification of SMS spam mailers with the application to the prosecutor's office

Big brother is watching you. And for the bad guys too.

In the middle of March I received a text message from an unfamiliar number on my phone, but instead of the already bored “Mom, I have problems, throw me money at the number” came a new spam “A new MMS was received from the user. To view the mms on the phone, click on the link "and given the address of the site.
Instead of the promised proms mms from the site began to download the jar-file.

On Habré already were articles on the analysis of the operation of such applications. Let's try another way, because this spam is a good reason to check the work of law enforcement agencies in the field of high technologies.
Spoiler: bad guys are not found, but phone numbers are taken under control.

So, one telephone number and the site address are known. The site Whois issued another phone number, which, like the first one, began with +7982. A search query issued that these numbers are used in the Komi Republic. The following request "Komi Prosecutor's Office" issued the desired site. I’ll write them to look for the bad guys closer.

Syktyvkar

After 4 days, I received a message from the “K” department in the Komi Republic to my email, which I, along with the postal address and telephone, indicated in my address:

The Prosecutor's Office of the Republic of Komi sent to check your appeal about fraud on the Internet. According to the data of the communication supervision authorities, the number capacity of mobile phones 8-982-6xxxxxx is reserved for MTS OJSC in the Sverdlovsk Region, and not in the Komi Republic. For this reason, your appeal will be redirected by territoriality to the Central Internal Affairs Directorate in the Sverdlovsk Region, of which you will be notified in writing.
You can get information on assigning the number capacities of mobile subscribers by clicking on the link mtt.ru/info/def
For my part, thank you for the information sent and active citizenship. I handed over information about a possible fraudulent website to the head of department “K” of the Central Internal Affairs Directorate in the Sverdlovsk region to organize work immediately, before receiving a written request.
S.L. Ogorodnikov, head of the “K” department of the Ministry of Internal Affairs for the Komi Republic

I had to look at a couple more links in the search, I would immediately have written to Ekaterinburg. But there was a useful link.
')

Yekaterinburg

It took another two weeks and a conversation took place with an employee of the “K” department of the Sverdlovsk region about the fact that this application is blocking the device and doesn’t do anything else, they’ll search for bad guys and whether there was any damage. There was no damage, but the question of it is important enough for the organs.
After the conversation, I thought that I had to ask how they found out what the application does.

In the middle of April, with a difference of a week, two letters came: from the Komi Prosecutor’s Office and the Komi Ministry of Internal Affairs that my appeal was redirected.

At the end of April, another conversation took place with an officer from Yekaterinburg. The addresses to which the phones are registered are set, the owners will be searched and again the question: was there any damage? There was no damage (I did not launch the application on the phone).

Vladivostok

In early June, the district policeman called from my area and asked me to come in for a conversation.
Sheets of 15 papers with the results in my treatment lay on his desk.
The first phone turned out to be registered at a non-existent address, the second phone at such and such at such an address (a photocopy of a passport among the papers), who wrote a statement that he did not buy the phone number, did not give the passport to anyone, and did not deal with sms-spam.
The numbers of "bad" phones are taken under control in the Sverdlovsk region, so if anything, my appeal will also be raised.
Was there any damage? Did not have? Then the case will not be initiated in my treatment, but the phones are taken under control. If anything, write a statement at the place of the violation.

And a few conclusions

For the bad guys.
Finding the website of the department “K”, the department of internal affairs or the prosecutor’s office in the region is a matter of minutes, writing an application for them is another 3-5 minutes. With the accumulation of a critical mass of hits, the number of checks will increase, hiding increasingly heavier. Why not look for a less persecuted job?

For mobile operators.
Do you still register for fake documents? But bad phones will be more and more. Maybe next time there will be an appeal to the supervisory authority, why this phone was bought by someone who is not clear. The license will not be taken away, but the nerves will be patched.

For all.
Various sms-spam, phone blockers and renting money for clicking on the link teach that there are a lot of bad guys and, having given 300-500 rubles from the phone, the user will start to be more attentive to both email and simple viewing of sites. After all, the next time can divert more money from a plastic card, which is now increasingly distributed with us.

And addition.
Has anyone picked up a computer blocker recently, where they are asking to transfer money to the phone, and are they looking for ways to unlock them on the “Winlocker” request? Maybe you should write to the prosecutor's office and tell your story?