More Web Proxy on the site http://driver.im/

research-article

Lies in the Air: Characterizing Fake-base-station Spam Ecosystem in China

Authors:

Dong Wang, Qiang LiAuthors Info & Claims

CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

Pages 521 - 534

https://doi.org/10.1145/3372297.3417257

Published: 02 November 2020 Publication History

Abstract

Fake base station (FBS) has been exploited by criminals to attack mobile users by spamming fraudulent messages for over a decade. Despite that prior work has proposed several techniques to mitigate this issue, FBS spam is still a long-standing challenging issue in some countries, such as China, and causes billions of dollars of financial loss every year. Therefore, understanding and exploring the thematic strategies in the FBS spam ecosystem at a large scale would improve the defense mechanisms.

In this paper, we present the first large-scale characterization of FBS spam ecosystem by collecting three-month real-world FBS detection results. First, at "macro-level'', we uncover the characteristics of FBS spammers, including their business categories, temporal patterns and spatial patterns. Second, at "micro-level'', we investigate how FBS ecosystem is organized and how fraudulent messages are constructed by campaigns to trap users and evade detection. Collectively, the results expand our understanding of the FBS spam ecosystem and provide new insights into improved mitigation mechanisms for the security community.

Supplementary Material

MOV File (Copy of CSS2020_fp209_Lies in the Air - Nano Zii.mov)

Presentation video

Download
168.21 MB

References

[1]

[n.d.]. Baidu short URL. https://dwz.cn.

[2]

[n.d.]. CatcherCatcher - Mobile Network Assessment Tools - SRLabs Open Source Projects. https://opensource.srlabs.de/projects/mobile-network-assessment-tools/wiki/CatcherCatcher.

[3]

[n.d.]. Show API. https://www.showapi.com/apiGateway/view?apiCode=30.

[4]

[n.d.]. Sina short URL. https://open.weibo.com/wiki.

[5]

[n.d.]. Snoop Snitch SRLabs Open Source Projects. https://opensource.srlabs.de/projects/snoopsnitch.

[6]

[n.d.]. Web Service API. https://lbs.qq.com/webservice_v1/guide-gcoder.html.

[7]

2014. 19 Fake Mobile Base Stations Found Across US. Are They For Spying or Crime? http://ibtimes.co.uk/19-fake-mobile-base-stationsfound-across-us-are-they-spying-crime-1464008.

[8]

2014. Are your calls being intercepted? 17 fake cell towers discovered in one month. http://computerworld.com/article/2600348/mobile-security/areyour-calls-being-intercepted-17-fake-cell-towers-discovered-in-onemonth.html.

[9]

2014.Chinese cops nab 1,530 mobile SMS spammers in raid on fakebase. https://nakedsecurity.sophos.com/2014/03/26/chinese-cops-nab-1530-mobile-sms-spammers-in-raid-on-fake-base-stations/.

[10]

2014. Phony cell towers are the next big security risk. http://www.theverge.com/2014/9/18/6394391/phony-cell-towersare-the-next-big-security-risk.

[11]

2014. Qihoo 360: Research reports of Fake Base Stations. http://www.ceocio.com.cn/e/action/ShowInf o.php?classid=69&id=145193.

[12]

2015. Fake Stingray mobile base stations discovered spying on millions of London-ers. http://www.ibtimes.co.uk/fake-stingray-mobile-basestations-discovered-spying-millions-londoners-1505368.

[13]

2016. Demystifying Fake Base Stations. http://business.sohu.com/20160507/n448197405.shtml.

[14]

2016. Demystifying the Industrial Chain of Fake Base Stations. http://m.sohu.com/n/444726367/.

[15]

2016. Mobile Security Reports by Qihoo 360. http://zt.360.cn/2015/reportlist.html?list=1.

[16]

2016. Research Reports: 2016 Fake Base Station of China. http://zt.360.cn/1101061855.php?dtid=1101061451&did=1101741409.

[17]

2016. Research Reports: 2016 Fake Base Station of China. https://m.qq.com/security_lab/news_detail_361.html.

[18]

2016. Underground economy of Fake Base Station. http://www.ceweekly.cn/2016/0919/164561_4.shtml.

[19]

2017. Chinese Internet Security Report for the first half of 2017. https://s.tencent.com/research/report/242.html.

[20]

2017. National Internet Finance Association of China. http://www.nifa.org.cn/nifa/2955675/2955759/2967869/index.html.

[21]

2018. How Spammers Conduct Mass Spam URL Attacks. https://www.datavisor.com/blog/how-spammers-conduct-mass-spam-url-attacks.

[22]

2020. FBS SMS Dataset. https://github.com/Cypher-Z/FBS_SMS_Dataset.

[23]

Qihoo 360. 2019. 360 Mobile Guard Official Website. https://shouji.360.cn.

[24]

Dare Abodunrin et al.2015. Detection and Mitigation methodology for Fake Base Stations Detection on 3G/2G Cellular Networks. (2015).

[25]

Akiko Aizawa. 2003. An information-theoretic perspective of TF-IDF measures. Information Processing & Management39, 1 (2003), 45--65.

[26]

Tiago A Almeida, José María G Hidalgo, and Akebo Yamakami. 2011. Contributions to the study of SMS spam filtering: new collection and results. In Proceedings of the 11th ACM symposium on Document engineering. ACM, 259--262.

Digital Library

[27]

Eihal Alowaisheq, Peng Wang, Sumayah A Alrwais, Xiaojing Liao, XiaoFeng Wang, Tasneem Alowaisheq, Xianghang Mi, Siyuan Tang, and Baojun Liu. 2019.Cracking the Wall of Confinement: Understanding and Analyzing Malicious Domain Take-downs. In NDSS.

[28]

Netlab at Qihoo 360. [n.d.]. Passive DNS System. http://www.passivedns.cn.

[29]

Lars Buitinck, Gilles Louppe, Mathieu Blondel, Fabian Pedregosa, Andreas Mueller, Olivier Grisel, Vlad Niculae, Peter Prettenhofer, Alexandre Gramfort, Jaques Grobler, Robert Layton, Jake VanderPlas, Arnaud Joly, Brian Holt, and Gaël Varoquaux. 2013. API design for machine learning software: experiences from the scikit-learn project. In ECML PKDD Workshop: Languages for Data Mining and Machine Learning. 108--122.

[30]

Alaaedine Chouchane, Slim Rekhis, and Noureddine Boudriga. 2009. Defending against rogue base station attacks using wavelet based fingerprinting. In 2009 IEEE/ACS International Conference on Computer Systems and Applications. IEEE, 523--530.

[31]

Nicolas Christin, Sally S Yanagihara, and Keisuke Kamataki. 2010. Dissecting one click frauds. In Proceedings of the 17th ACM conference on Computer and communications security. 15--26.

Digital Library

[32]

Gordon V Cormack, José María Gómez Hidalgo, and Enrique Puertas Sánz. 2007.Spam filtering for short messages. In Proceedings of the sixteenth ACM conference on Conference on information and knowledge management. ACM, 313--320.

Digital Library

[33]

Adrian Dabrowski, Nicola Pianta, Thomas Klepp, Martin Mulazzani, and Edgar Weippl. 2014. IMSI-catch me if you can: IMSI-catcher-catchers. In Proceedings of the 30th annual computer security applications Conference. 246--255.

Digital Library

[34]

DDarko. [n.d.]. Python module/library for retrieving WHOIS information of domains. https://github.com/nri-pl/python-whois.

[35]

FarSight-Security. [n.d.]. DNSDB data. https://www.farsightsecurity.com/solutions/dnsdb.

[36]

Hongyu Gao, Jun Hu, Christo Wilson, Zhichun Li, Yan Chen, and Ben Y Zhao.2010. Detecting and characterizing social spam campaigns. In Proceedings of the10th ACM SIGCOMM conference on Internet measurement. ACM, 35--47.

[37]

Nico Golde, Kévin Redon, and Jean-Pierre Seifert. 2013. Let me answer that for you: Exploiting broadcast information in cellular networks. In 22nd USENIX Security Symposium (USENIX Security 13). 33--48.

[38]

José María Gómez Hidalgo, Guillermo Cajigas Bringas, Enrique Puertas Sánz, and Francisco Carrero García. 2006. Content based SMS spam filtering. In Proceedings of the 2006 ACM symposium on Document engineering. ACM, 107--114.

Digital Library

[39]

Chris Grier, Kurt Thomas, Vern Paxson, and Michael Zhang. 2010. @Spam: the underground on 140 characters or less. In Proceedings of the 17th ACM conference on Computer and communications security. ACM, 27--37.

Digital Library

[40]

360 Mobile Guard. [n.d.]. Privacy Policy of 360 Mobile Guard. http://shouji.360.cn/about/privacy/index_2.0.html.

[41]

Neha Gupta, Anupama Aggarwal, and Ponnurangam Kumaraguru. 2014. bit.ly/malicious: Deep dive into short url based e-crime detection. In 2014 APWG Symposium on Electronic Crime Research (eCrime). IEEE, 14--24.

[42]

Shuang Hao, Matthew Thomas, Vern Paxson, Nick Feamster, Christian Kreibich, Chris Grier, and Scott Hollenbeck. 2013. Understanding the domain registration behavior of spammers. In Proceedings of the 2013 conference on Internet measurement conference. ACM, 63--76.

Digital Library

[43]

Han He. 2020.HanLP: Han Language Processing. https://github.com/hankcs/HanLP

[44]

Nan Jiang, Yu Jin, Ann Skudlark, and Zhi-Li Zhang. 2013. Greystar: Fast and Accurate Detection of SMS Spam Numbers in Large Cellular Networks Using Gray Phone Space. In Presented as part of the 22nd USENIX Security Symposium(USENIX Security 13). 1--16.

[45]

Chris Kanich, Christian Kreibich, Kirill Levchenko, Brandon Enright, Geoffrey M Voelker, Vern Paxson, and Stefan Savage. 2008. Spamalytics: An empirical analysis of spam marketing conversion. In Proceedings of the 15th ACM conference on Computer and communications security. ACM, 3--14.

Digital Library

[46]

Christian Kreibich, Chris Kanich, Kirill Levchenko, Brandon Enright, Geoffrey MVoelker, Vern Paxson, and Stefan Savage. 2008. On the Spam Campaign Trail. LEET 8, 2008 (2008), 1--9.

[47]

Christian Kreibich, Chris Kanich, Kirill Levchenko, Brandon Enright, Geoffrey MVoelker, Vern Paxson, and Stefan Savage. 2009. Spamcraft: An Inside Look At Spam Campaign Orchestration. In LEET.

[48]

Omer Levy and Yoav Goldberg. 2014. Neural word embedding as implicit matrix factorization. In Advances in neural information processing systems. 2177--2185.

[49]

Huichen Li, Xiaojun Xu, Chang Liu, Teng Ren, Kun Wu, Xuezhi Cao, Weinan Zhang, Yong Yu, and Dawn Song. 2018. A Machine Learning Approach To Prevent Malicious Calls Over Telephony Networks. In 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 53--69.

[50]

Zhenhua Li, Weiwei Wang, Christo Wilson, Jian Chen, Chen Qian, Taeho Jung, Lan Zhang, Kebin Liu, Xiangyang Li, and Yunhao Liu. 2017. FBS-Radar: Uncovering Fake Base Stations at Scale in the Wild. In NDSS.

[51]

Baojun Liu, Zhou Liu, Peiyuan Zong, Chaoyi Lu, Haixin Duan, Ying Liu, Sumayah Alrwais, Xiaofeng Wang, Shuang Hao, Yaoqi Jia, et al.2019. TraffickStop: De-tecting and Measuring Illicit Traffic Monetization Through Large-scale DNS Analysis. In2019 IEEE European Symposium on Security and Privacy (Euro S&P). IEEE, 560--575.

[52]

Baojun Liu, Chaoyi Lu, Zhou Li, Ying Liu, Haixin Duan, Shuang Hao, and Zaifeng Zhang. 2018. A reexamination of internationalized domain names: the good, the bad and the ugly. In48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. 654--665.

[53]

Daiping Liu, Zhou Li, Kun Du, Haining Wang, Baojun Liu, and Haixin Duan. 2017.Don?t Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 537--552.

Digital Library

[54]

Ilona Murynets and Roger Piqueras Jover. 2012. Crime scene investigation: SMS spam data analysis. In Proceedings of the 2012 Internet Measurement Conference.ACM, 441--452.

Digital Library

[55]

Abhinav Pathak, Feng Qian, Y Charlie Hu, Z Morley Mao, and Supranamaya Ranjan. 2009. Botnet spam campaigns can be long lasting: evidence, implications,and analysis. In ACM SIGMETRICS Performance Evaluation Review, Vol. 37. ACM, 13--24.

Digital Library

[56]

Bradley Reaves, Logan Blue, Dave Tian, Patrick Traynor, and Kevin RB Butler. 2016. Detecting SMS spam in the age of legitimate bulk messaging. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks. ACM, 165--170.

Digital Library

[57]

Bradley Reaves, Nolen Scaife, Dave Tian, Logan Blue, Patrick Traynor, and Kevin RB Butler. 2016. Sending out an SMS: Characterizing the Security of the SMS Ecosystem with Public Gateways. In2016 IEEE Symposium on Security and Privacy (SP). IEEE, 339--356.

[58]

Kurt Thomas, Chris Grier, Justin Ma, Vern Paxson, and Dawn Song. 2011. Design and evaluation of a real-time url spam filtering service. In 2011 IEEE symposium on security and privacy. IEEE, 447--462.

Digital Library

[59]

Kurt Thomas, Chris Grier, Dawn Song, and Vern Paxson. 2011. Suspended accounts in retrospect: an analysis of twitter spam. In Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference. ACM, 243--258.

Digital Library

[60]

Kurt Thomas, Damon McCoy, Chris Grier, Alek Kolcz, and Vern Paxson. 2013. Trafficking Fraudulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse. In Presented as part of the 22nd USENIX Security Symposium(USENIX Security 13). 195--210.

[61]

Huahong Tu, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn. 2019. Users ReallyDo Answer Telephone Scams. In 28th USENIX Security Symposium (USENIX Security 19). 1327--1340.

[62]

Thomas Vissers, Jan Spooren, Pieter Agten, Dirk Jumpertz, Peter Janssen, MarcVan Wesemael, Frank Piessens, Wouter Joosen, and Lieven Desmet. 2017. Exploring the ecosystem of malicious domain registrations in the. eu TLD. In International Symposium on Research in Attacks, Intrusions, and Defenses. Springer, 472--493.

[63]

Chen Zhang. 2014. Malicious base station and detecting malicious base station signal. China Communications11, 8 (2014), 59--64.

[64]

Zhou Zhuang, Xiaoyu Ji, Taimin Zhang, Juchuan Zhang, Wenyuan Xu, Zhenhua Li, and Yunhao Liu. 2018. FBSleuth: Fake Base Station Forensics via Radio Frequency Fingerprinting. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security. ACM, 261--272.

Digital Library

Cited By

Purification SKim JKim JChang S(2024)Fake Base Station Detection and Link Routing DefenseElectronics10.3390/electronics1317347413:17(3474)Online publication date: 1-Sep-2024
https://doi.org/10.3390/electronics13173474
Li JZhang CJiang L(2024)Innovative Telecom Fraud Detection: A New Dataset and an Advanced Model with RoBERTa and Dual Loss FunctionsApplied Sciences10.3390/app14241162814:24(11628)Online publication date: 12-Dec-2024
https://doi.org/10.3390/app142411628
Heijligenberg TRupprecht DKohls K(2024)The attacks aren’t alright: Large-Scale Simulation of Fake Base Station Attacks and DetectionsProceedings of the 17th Cyber Security Experimentation and Test Workshop10.1145/3675741.3675742(54-64)Online publication date: 13-Aug-2024
https://dl.acm.org/doi/10.1145/3675741.3675742
Show More Cited By

Index Terms

Lies in the Air: Characterizing Fake-base-station Spam Ecosystem in China
1. Information systems
  1. World Wide Web
    1. Web searching and information discovery
      1. Web search engines
        Spam detection
2. Security and privacy
  1. Network security
    1. Mobile and wireless security

Recommendations

Detecting and characterizing social spam campaigns
IMC '10: Proceedings of the 10th ACM SIGCOMM conference on Internet measurement

Online social networks (OSNs) are popular collaboration and communication tools for millions of users and their friends. Unfortunately, in the wrong hands, they are also effective tools for executing spam campaigns and spreading malware. Intuitively, a ...
Spam ain't as diverse as it seems: throttling OSN spam with templates underneath
ACSAC '14: Proceedings of the 30th Annual Computer Security Applications Conference

In online social networks (OSNs), spam originating from friends and acquaintances not only reduces the joy of Internet surfing but also causes damage to less security-savvy users. Prior countermeasures combat OSN spam from different angles. Due to the ...
Detecting and characterizing social spam campaigns
CCS '10: Proceedings of the 17th ACM conference on Computer and communications security

Online social networks (OSNs) are exceptionally useful collaboration and communication tools for millions of users and their friends. Unfortunately, in the wrong hands, they are also extremely effective tools for executing spam campaigns and spreading ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

October 2020

2180 pages

ISBN:9781450370899

DOI:10.1145/3372297

General Chairs:
Jay Ligatti
University of South Florida, USA
,
Xinming Ou
University of South Florida, USA
,
Program Chairs:
Jonathan Katz
University of Maryland, USA
,
Giovanni Vigna
University of California-Santa Barbara, USA

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 November 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '20

Sponsor:

SIGSAC

CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security

November 9 - 13, 2020

Virtual Event, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

27
Total Citations
View Citations
1,215
Total Downloads

Downloads (Last 12 months)199
Downloads (Last 6 weeks)19

Reflects downloads up to 15 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Purification SKim JKim JChang S(2024)Fake Base Station Detection and Link Routing DefenseElectronics10.3390/electronics1317347413:17(3474)Online publication date: 1-Sep-2024
https://doi.org/10.3390/electronics13173474
Li JZhang CJiang L(2024)Innovative Telecom Fraud Detection: A New Dataset and an Advanced Model with RoBERTa and Dual Loss FunctionsApplied Sciences10.3390/app14241162814:24(11628)Online publication date: 12-Dec-2024
https://doi.org/10.3390/app142411628
Heijligenberg TRupprecht DKohls K(2024)The attacks aren’t alright: Large-Scale Simulation of Fake Base Station Attacks and DetectionsProceedings of the 17th Cyber Security Experimentation and Test Workshop10.1145/3675741.3675742(54-64)Online publication date: 13-Aug-2024
https://dl.acm.org/doi/10.1145/3675741.3675742
Yang YZhang YWan TWang CDuan HChen JLi YKim YKim JKoushanfar FRasmussen K(2024)Uncovering Security Vulnerabilities in Real-world Implementation and Deployment of 5G Messaging ServicesProceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3643833.3656131(265-276)Online publication date: 27-May-2024
https://dl.acm.org/doi/10.1145/3643833.3656131
Wang CJia ZBenkraouda HZevnik CHeuermann NFoulger RHandler JWang G(2024)VeriSMS: A Message Verification System for Inclusive Patient Outreach against Phishing AttacksProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642027(1-17)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642027
Sun SAbualhaol IPoitau GEsswie ARepeta M(2024)An Ensemble Approach for Fake Base Station Detection using Temporal Graph Analysis and Anomaly Detection2024 Wireless Telecommunications Symposium (WTS)10.1109/WTS60164.2024.10536680(1-6)Online publication date: 10-Apr-2024
https://doi.org/10.1109/WTS60164.2024.10536680
R RGanesha S AKumar R BSriganesh Das D(2024)A Novel Method of Determining an Authentic Cell in Next Generation Cellular Communication System2024 IEEE Wireless Communications and Networking Conference (WCNC)10.1109/WCNC57260.2024.10571142(1-6)Online publication date: 21-Apr-2024
https://doi.org/10.1109/WCNC57260.2024.10571142
Purification SPark KKim JKim JChang S(2024)Wireless Link Routing to Secure Against Fake Base Station in 5G2024 Silicon Valley Cybersecurity Conference (SVCC)10.1109/SVCC61185.2024.10637367(1-3)Online publication date: 17-Jun-2024
https://doi.org/10.1109/SVCC61185.2024.10637367
Purification SWuthier SKim JKim JChang S(2024)Fake Base Station Detection and Blacklisting2024 33rd International Conference on Computer Communications and Networks (ICCCN)10.1109/ICCCN61486.2024.10637542(1-9)Online publication date: 29-Jul-2024
https://doi.org/10.1109/ICCCN61486.2024.10637542
Gao PZhang L(2024)Chinese Fraudulent Text Message Detection Based on Graph Neural Networks2024 6th International Conference on Communications, Information System and Computer Engineering (CISCE)10.1109/CISCE62493.2024.10653182(1078-1081)Online publication date: 10-May-2024
https://doi.org/10.1109/CISCE62493.2024.10653182
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents