European authorities have dismantled a sophisticated criminal operation running 1,200 SIM-box devices with 40,000 SIM cards that enabled over 3,200 fraud cases. The illegal service, operating through gogetsms.com and apisim.com, facilitated phishing, extortion, and identity theft across 80 countries while creating 49 million fraudulent accounts. The takedown resulted in arrests, asset seizures, and the freezing of €500,000 in assets.
In a major blow to cybercrime infrastructure, Europol has dismantled a massive illegal SIM-box operation that served as a critical enabler for global fraud schemes. Codenamed Operation SIMCARTEL, the multinational effort targeted a criminal network running 1,200 SIM-box devices loaded with 40,000 active SIM cards across Latvia, Austria, Estonia, and Finland. This technical setup allowed criminals worldwide to rent phone numbers for anonymous verification of fake accounts, directly facilitating over 3,200 documented fraud cases with losses exceeding €4.5 million.
The Technical Engine of Fraud
SIM-boxes function as hardware gateways that reroute communications between traditional phone networks and internet-based services. This criminal operation weaponized the technology by:
- Providing burner phone numbers registered to individuals in 80+ countries
- Offering API access through seized domains gogetsms.com and apisim.com
- Enabling anonymous account creation for platforms requiring SMS verification
- Masking criminals' true locations and identities during attacks
"The criminal network and its infrastructure were technically highly sophisticated," Europol stated, noting the service facilitated crimes ranging from WhatsApp 'daughter-son' scams to investment fraud, police impersonation, and migrant smuggling operations.
SIM box farm seized during raids (Source: Europol)
Operation SIMCARTEL's Takedown Impact
During coordinated October 10 raids, authorities:
- Arrested 5 Latvian nationals and 2 other suspects
- Seized all 1,200 SIM-box devices and hundreds of thousands of unused SIM cards
- Froze €431,000 in bank accounts and $333,000 in cryptocurrency
- Confiscated 4 luxury vehicles and 5 critical servers
The infrastructure dismantling prevents the creation of new fraudulent accounts through these channels. Forensic analysis of seized servers may reveal customer identities—a potential treasure trove for future investigations into global cybercrime networks.
Why This Matters for Cybersecurity
This takedown highlights three critical industry realities:
- Identity verification systems relying solely on SMS remain vulnerable to SIM-based bypass techniques
- Cybercrime increasingly depends on infrastructure-as-a-service models accessible via dark web marketplaces
- International collaboration remains essential against borderless technical threats
As law enforcement analyzes the seized servers, security teams should anticipate shifts in criminal tactics. This operation demonstrates that disrupting foundational infrastructure—not just catching end-point attackers—is crucial to combatting the $8 trillion global cybercrime economy. The digital battlefield just lost one of its most potent weapons.
Comments
Please log in or register to join the discussion