The Kochi City Police has launched an investigation into the complaint of impersonation and cloning of a personal mobile number lodged by KC Venugopal, Member of Parliament and General Secretary of the All India Congress Committee.
Shri Venugopal’s secretary K.K. Sarath Chandran had filed a petition with the state police chief on Tuesday. Since then it Sethu Raman, District Police Chief (Kochi City).
The City Cyber Cell has already started investigating the complaint. A widely available mobile phone application that masks the original number and flashes a different number seems to be in use here,” said Mr. Sethu Raman.
The police are yet to get any leads as the probe involves detailed examination of call data records of the recipients of those calls that could lead to the impostor. Since the recipients are important persons, the police have to follow elaborate procedures and secure permissions to reach them.
Mr. Chandran, a Congress leader in Karnataka and an aspiring candidate in the upcoming Karnataka Assembly elections, filed the complaint after receiving a call from Mr. Venugopal’s number on April 4, asking him to submit a CV as a candidate. Was said.
He called Mr. Venugopal’s personal staff only to be told that no such call had been made. Soon after, the same person received a call from another number demanding money from Mr. Venugopal for an assembly ticket.
“Besides the District Congress Committee Presidents of Assam and Rajasthan, a former Congress Minister from Maharashtra also received similar calls from Mr. Venugopal which he never made on Wednesday. According to the police, it appears to be a case of ‘call spoofing’ using a mobile app,” Mr Chandran said.
How does the SIM swapping attack work?
Cloning a SIM card is usually only possible if an attacker has physical access to a telecom subscriber’s SIM card. This lets an attacker with physical access to a SIM card physically read a card and make a copy of it by copying it to an empty SIM. Since the technology behind physical SIM cards has remained largely unchanged over the years, cloning of SIMs is possible with physical access.
However, gaining physical access to the SIM card is difficult, as a potential attacker would have to obtain a potential victim’s phone himself. A more common attack involves a technique called SIM swapping, where an attacker convinces a telecom operator that they are the legitimate owner of the SIM, and need to replace it because they have lost or damaged the original.
Last December, a South Delhi businessman suffered a loss of Rs 50 lakh after being targeted in a SIM swap attack as the attacker was able to obtain bank one-time passwords (OTPs) and funnel funds from the victim’s accounts. Police reportedly suspected in the case that the victim had been “phished” by the attackers to reveal personal ID information, which the attackers were able to use to issue duplicate SIMs to telecom operators.
Safeguards are in place to allow victims of SIM swapping to avoid loss: the Department of Telecommunications (DoT) in 2016 ordered telecom operators to check that the person requesting replacement is the person who actually used the SIM. Is the owner, and can prove it with ID documents. , In 2022, the DoT issued another important order: For 24 hours after the SIM is changed, no SMS message can be sent from the number linked to the SIM, whether outgoing or incoming.
After this critical 24-hour period, attackers have complete access to a telecom customer’s incoming and outgoing SMS as well as calls, potentially allowing them to steal funds, access accounts and even That they are allowed to impersonate.