Yes I would think so, but probably only based on 2G technology.
The thing with 2G is that authentication is not required and thus handsets can be fooled in attaching without authentication to a rogue 2G base station.
The attacker can then service voice calls and SMSs without the knowledge of the phone user.

Note that this is currently not possible on 3G and 4G because handsets are not allowed to attach without authenticating the network. From the authentication procedure session keys are derived which are used to secure all traffic between the phone and the network.

What may be possible for the attacker is to force the UE to attach to the rogue 2G base station (hence no authentication required) by interfering with the normal operator's 3G and 4G radio transmissions.
Difficult but not impossible for an organization with strong technical means.