Russians dodging mobilization behind flourishing scam market

Russian passport and serviceman certificate

Ever since Russian president Vladimir Putin ordered partial mobilization after facing setbacks on the Ukrainian front, men in Russia and the state’s conscript officers are playing a ‘cat and mouse’ game involving technology and cybercrime services.

More specifically, many Russian men eligible for enlistment have resorted to illegal channels that provide them with fabricated exemptions, while those fleeing the country to neighboring regions turn to use identity masking tools.

This situation has created a highly lucrative environment for sellers of illicit services to flourish. Similarly, scammers and fraudsters also see an excellent opportunity to exploit panicking people in a great hurry.

Fake documents

The first category of scammers that attempt to take advantage of the situation are cybercriminals selling forged documents on the dark web, telegram, and other private channels.

The scammers are even aggressively promoting their fake services on social media and directly contacting people on channels that discuss the mobilization.

According to a report by RIA Novosti, the crooks offer individuals certificates of unfitness for military service that will supposedly help them evade enlistment.

The promise includes to update the database of the regional enlistment office within 48 hours so that the recruitment officers will never look for the buyer.

In exchange for this, the fraudsters request a photocopy of the client’s passport and 27,000 rubles ($470).

Once the amount is paid, the scammers stop communication with the victim and likely use the stolen personal details for further fraud or sell them on the dark web.

Israeli cyber-intelligence firm KELA has also spotted several posts offering falsified document creation services on the dark web, claiming ability to forge HIV and hepatitis certificates for 33,000 and 38,000 rubles ($630) respectively.

Fake document creation services on the dark webFake document creation services on the dark web (KELA)

“Gray” SIM cards

Another interesting trend that arose from the widescale exit of Russians is a 50% rise in the demand for the so-called “gray” SIM cards, reported by Russian news outlet Kommersant.

These are SIMs that people can get without presenting an identity document or registering their real subscriber information to the telecommunication service providers.

Kommersant’s source stated that these SIM cards work in the networks of MTS, MegaFon, Beeline, Tele2, and Yota, and concern “pay-as-you-use” programs.

Russians are frantically seeking these cards because the state can use regular SIMs to track young men eligible for military service and possibly stop them at the border.

IMEI tracking

All this has led to the Russian border officers now tracking people based on their IMEI (International Mobile Equipment Identity), a unique 15-digit identifier linked to the device’s hardware, not the SIM card.

According to the Russian internet rights organization Roskomsvoboda, there are multiple reports of people who FSB agents forced to give away their IMEI numbers while crossing the border to Georgia, Kazakhstan, and Finland.

IMEI tracking works by using telecommunication antennas for approximate location triangulation, and it’s made possible thanks to the mobile operator keeping the number stored in their database.

IMEI is included in every data transaction and communication request from and to the device and adjacent antennas, so it’s a persistent identifier.

It’s the same system used by tracking software promising to locate your lost or stolen device, while law enforcement has also been using IMEI for many years now.

Assigned IMEIs aren’t interchangeable or editable, except for some Huawei, Xiaomi, and ZTE models that store the IMEI in a rewritable memory section in violation of the technology’s guidelines, giving users the capability to flash it with specialized tools.

Alternatively, Roskomvoboda suggests that fleeing Russians should present a burner phone at the border or buy a new device after leaving the country.


Related posts

BlackCat ransomware’s data exfiltration tool gets an upgrade

Sarah Henriquez

Malicious Dota 2 game modes infected players with malware

Sarah Henriquez

CISA warns of critical ManageEngine RCE bug used in attacks

Sarah Henriquez

Leave a Comment