Canadian police arrested three men on 44 charges for running a mobile SMS blaster across Greater Toronto that disrupted 13 million+ legitimate cell connections.
Key Takeaways
The device mimicked a legitimate cellular tower, forcing nearby phones to connect and receive smishing texts impersonating banks and trusted orgs.
Operated from vehicles across the GTA over several months; police estimate tens of thousands of devices connected to it.
13 million network disruptions recorded, during which affected devices temporarily lost access to 911 and emergency services.
Project Lighthouse involved RCMP’s National Cybercrime Coordination Centre, York Regional Police, Hamilton Police, financial institutions, and telcos.
Warrants executed March 31 in Markham and Hamilton; a third suspect surrendered April 21; multiple SMS blaster units seized as evidence.
Hacker News Comment Review
Core technical frustration: commenters note that 2G/legacy cellular protocols allow phones to attach to any base station without mutual authentication, making IMSI-catcher and SMS blaster attacks structurally possible on unpatched or older radio stacks.
Hypocrisy objection surfaced strongly: several commenters pointed out that stingray-class devices are standard law enforcement tools, so “first time seen in Canada” claims ring hollow to technically informed readers.
Proposed defenses discussed include phones surfacing visible warnings on tower downgrade events, and encrypted SMS with carrier-issued certificate authorities, though neither exists in mainstream deployments today.
Notable Comments
@nubinetwork: argues the “first in Canada” framing is misleading since government and law enforcement already operate equivalent hardware.
@numpad0: reports a similar kit-based operation in Germany, blasters installed in station wagons routed through unregistered Chinese ride platforms, with phishing texts in Chinese.
@dreamlayers: asks directly why phones trust any tower without cryptographic verification, flagging the root protocol weakness.
