Battle of Wits: To What Extent Can Fraudsters Disguise Their Tracks in International Bypass Fraud?

International bypass fraud, also known as SIMBox fraud, involves diverting international cellular voice traffic from regulated routes and rerouting it as local calls in the destination country. It has significantly affected cellular networks worldwide, generating $3.11 Billion of losses annually and threats to national security. Yet, SIMBox fraud remains an ongoing challenge, eluding operators detection due to the continual refinement of fraudulent behavior that is often overlooked in the design and validation of detection methods. This paper introduces a game-based formalization of the SIMBox fraud problem, delineating two key players–the adversary and the investigator–along with their strategies and a set of metrics gauging their efficacy in the game. We develop a practical framework for the empirical evaluation of the fraud, incorporating current adversary and investigator capabilities and accommodating seamless adaptation to the evolving nature of fraud. Our analysis identifies up to 345,600,000 possible adversary strategies from in-market SIMBox appliances functionalities. The most sophisticated strategies decisively outperform the most efficient existing detection methods, underscoring the literature’s lack of awareness of fraud capabilities. Furthermore, we uncover fraud vulnerabilities and discuss their implications for enhancing future detection strategies in practice. In essence, our work introduces a novel paradigm in SIMBox fraud detection that adapts seamlessly to the ever-changing landscape of fraud, treating it as a fundamental aspect of the detection strategy.