1
00:00:00,120 --> 00:00:04,440
Speaker 1: Police have disrupted and arrested a teenager over a smishing scam.

2
00:00:04,440 --> 00:00:07,400
Speaker 1: I've never heard of the term either. Smashing uses technology

3
00:00:07,520 --> 00:00:11,160
Speaker 1: ever seen in New Zealand ever before. It involves sending

4
00:00:11,400 --> 00:00:14,800
Speaker 1: fraudulent text messages that are pretending to be from places

5
00:00:14,880 --> 00:00:18,520
Speaker 1: like banks in order to trick pill into sending into

6
00:00:18,560 --> 00:00:22,439
Speaker 1: sharing sensitive information. So the device in this case is

7
00:00:22,480 --> 00:00:25,840
Speaker 1: believed to have sent thousands of scam text messages, including

8
00:00:25,920 --> 00:00:29,600
Speaker 1: about seven hundred texts in one night. Tom Roberts is

9
00:00:29,640 --> 00:00:33,320
Speaker 1: the National Cyber Security Center's team lead for Threat and

10
00:00:33,400 --> 00:00:38,080
Speaker 1: Incident Response and is with us this evening. Calder, Good evening, Jack.

11
00:00:38,080 --> 00:00:38,440
Speaker 2: How are you?

12
00:00:38,560 --> 00:00:40,680
Speaker 1: Yeah, very well, thanks. I'd never heard of smishing until

13
00:00:40,760 --> 00:00:42,920
Speaker 1: right now. So how does this technology work?

14
00:00:44,159 --> 00:00:46,559
Speaker 2: It's gord an old term, isn't it. It's something that, yes,

15
00:00:46,600 --> 00:00:48,440
Speaker 2: for the first time we've seen the So what it

16
00:00:48,479 --> 00:00:52,440
Speaker 2: does is a tower, ef faked tower tricks your phone

17
00:00:53,159 --> 00:00:56,440
Speaker 2: through four G five G down to two G where

18
00:00:56,480 --> 00:00:59,520
Speaker 2: there's a lack of sort of mutual authentication and encryption,

19
00:00:59,560 --> 00:01:03,320
Speaker 2: and then it will blast out if asses to whoever,

20
00:01:03,560 --> 00:01:06,279
Speaker 2: and they can the people that are making these misses

21
00:01:06,319 --> 00:01:09,000
Speaker 2: can basically put whatever they want in there. It could

22
00:01:09,080 --> 00:01:10,840
Speaker 2: have no links, it could have to be full of links.

23
00:01:10,880 --> 00:01:13,640
Speaker 2: But yeah, they get their money through pretending to be

24
00:01:13,840 --> 00:01:15,199
Speaker 2: something authentic.

25
00:01:15,000 --> 00:01:19,040
Speaker 1: So they basically send out heaps and heaps of spam

26
00:01:19,160 --> 00:01:22,600
Speaker 1: texts and scam texts. Then they wait for a response

27
00:01:22,920 --> 00:01:26,160
Speaker 1: and hope that they're able to elicit personal information from

28
00:01:26,200 --> 00:01:27,000
Speaker 1: those responses.

29
00:01:28,280 --> 00:01:32,160
Speaker 2: Yeah, and worryingly, what you can do with these mess

30
00:01:32,440 --> 00:01:36,520
Speaker 2: blasting attacks is that you can pretend to be a shortcoat.

31
00:01:36,560 --> 00:01:38,760
Speaker 2: So you know a tailco number one of the ones

32
00:01:40,080 --> 00:01:40,720
Speaker 2: a band tour.

33
00:01:41,000 --> 00:01:44,040
Speaker 1: Yeah, so instead of saying from from oo to seven

34
00:01:44,560 --> 00:01:47,680
Speaker 1: six four four three nine eight seven, it says from

35
00:01:48,000 --> 00:01:51,320
Speaker 1: one for zero four, So it looks kind of professional.

36
00:01:51,560 --> 00:01:54,800
Speaker 2: Looks very professional, hard to distinguish. And then you click

37
00:01:54,840 --> 00:01:57,600
Speaker 2: on the link saying, oh, well help, maybe insurance is

38
00:01:57,680 --> 00:02:00,160
Speaker 2: due or whatever, and good on the assurance company, your

39
00:02:00,160 --> 00:02:01,840
Speaker 2: bank for getting in contact with meybe, and all of

40
00:02:01,840 --> 00:02:05,240
Speaker 2: a sudden you're entering in your details for someone to steal.

41
00:02:05,440 --> 00:02:08,560
Speaker 1: How hard is it to get your hands on tech

42
00:02:08,840 --> 00:02:09,040
Speaker 1: like this?

43
00:02:10,720 --> 00:02:14,320
Speaker 2: Well, it's if you know how to do it, you

44
00:02:14,320 --> 00:02:14,880
Speaker 2: can get it.

45
00:02:15,800 --> 00:02:17,959
Speaker 1: So you're not going to tell us how to do it.

46
00:02:18,000 --> 00:02:20,880
Speaker 1: That wouldn't be very nice.

47
00:02:21,200 --> 00:02:23,080
Speaker 2: I don't think the employee would be too happy about that.

48
00:02:23,320 --> 00:02:27,480
Speaker 2: The Internet's a big place, so yeah, someone that wants

49
00:02:27,520 --> 00:02:31,520
Speaker 2: to has the inclination to do so, can do it.

50
00:02:32,120 --> 00:02:34,800
Speaker 2: I would say that it's exceptionally easy to see, and

51
00:02:34,840 --> 00:02:38,360
Speaker 2: that's why DIA police has been able to be so

52
00:02:38,440 --> 00:02:41,200
Speaker 2: quick on this. They've really done a fantastic job that

53
00:02:41,600 --> 00:02:42,520
Speaker 2: shotting this down quickly.

54
00:02:42,600 --> 00:02:43,600
Speaker 1: How do you identify it?

55
00:02:45,560 --> 00:02:49,400
Speaker 2: The telcos and di and the banks, so anomalies and

56
00:02:49,639 --> 00:02:52,480
Speaker 2: then reports going through them, and then they're able to see, oh,

57
00:02:52,480 --> 00:02:54,840
Speaker 2: actually there's a fake cell power that keeps on popping up,

58
00:02:55,000 --> 00:02:56,920
Speaker 2: and then you know, you can just sort of follow

59
00:02:56,919 --> 00:02:57,480
Speaker 2: your nose.

60
00:02:57,560 --> 00:03:01,640
Speaker 1: Right, Okay, So a nineteen year old is believed to

61
00:03:01,680 --> 00:03:04,200
Speaker 1: have been behind these text messages and is going through

62
00:03:04,240 --> 00:03:07,880
Speaker 1: the legal proceedings at the moment. Do you need to

63
00:03:07,919 --> 00:03:12,639
Speaker 1: be technically literate in order to use this kind of technology?

64
00:03:12,760 --> 00:03:14,880
Speaker 2: Yeah you do. Yeah, you don't have to be quite

65
00:03:14,919 --> 00:03:18,560
Speaker 2: technically literate, and you're quite quite young to be that

66
00:03:18,639 --> 00:03:23,640
Speaker 2: technically literate. It's something that typically the knowledge only exists

67
00:03:23,680 --> 00:03:30,440
Speaker 2: within the telecommunications or radio spectrum community. But yeah, it

68
00:03:30,600 --> 00:03:34,880
Speaker 2: is available, and obviously this person has found it and

69
00:03:35,480 --> 00:03:37,960
Speaker 2: tried to make best use of it unsuccessfully.

70
00:03:38,080 --> 00:03:39,920
Speaker 1: Yeah, okay, I'm going to give you an opportunity just

71
00:03:39,960 --> 00:03:42,160
Speaker 1: to do the PSA. Then, if you get a text

72
00:03:42,240 --> 00:03:45,360
Speaker 1: asking some personal information, even if it looks official from

73
00:03:45,400 --> 00:03:48,720
Speaker 1: something like one for zero four, what do you do, Tom, Yeah.

74
00:03:48,560 --> 00:03:51,280
Speaker 2: You don't click the link. Don't click the link. Report

75
00:03:51,280 --> 00:03:53,360
Speaker 2: it to di IA on seventy seven two six. I

76
00:03:53,360 --> 00:03:56,640
Speaker 2: think test. Don't deal with it. They'll stop it and

77
00:03:56,840 --> 00:03:57,720
Speaker 2: you'll be reflected.

78
00:03:57,960 --> 00:03:59,880
Speaker 1: Yeah, very good. Thanks for your time, Tom. That is

79
00:04:00,040 --> 00:04:03,080
Speaker 1: Tom Roberts, who is the team lead for Threat and

80
00:04:03,160 --> 00:04:07,680
Speaker 1: Incident Response at the National cyber Security Sentaries. For more

81
00:04:07,760 --> 00:04:11,080
Speaker 1: from Heather Duplessy Allen Drive, listen live to news talks

82
00:04:11,080 --> 00:04:14,280
Speaker 1: it'd b from four pm weekdays, or follow the podcast

83
00:04:14,400 --> 00:04:15,400
Speaker 1: on iHeartRadio