Slashdot Mirror
Tracking Via Anonymous SIM Cards
Noryungi writes "The New York Times reports that Al Qaeda operatives were tracked using the ID of the GSM phone chips sold by a Swiss company named Swisscom. Very interesting."
← Back to Stories (view on slashdot.org)
There was never any legitimate need to upgrade the infrastructure to allow for tracking any cell user at will.
And that's why the big brother guys, like the CIA, NSA and FBI really pushed for that type of infrastructure to be developed, right? But... oh wait, it was actually some of the northern states who thought it might be nice to be able to help find people lost in snow storms.
Oh... just noticed this, you're a kook. TWA 800 shot down? Sure sure... ding! time to take your medicine
When I bought my latest phone, I had to get the SIM card activated, the salesman asked me for my name, address, etc.. so I began pulling out my wallet for him to copy my ID down. So instead.. he gives me a scrap piece of paper and a pen to put it down, this really seems weird to me.
Nothing was stopping me from putting down the wrong info (looking back now, maybe I should have). It just struck me as odd how easy it would have been to fake it all..
Here's the cover-up.
Clinton signed that Executive Order the day after the French periodical Paris Match published the radar transcripts showing that there was something else in the air next to TWA 800 when it exploded.
Nobody's expecting you to remove your blinders. But maybe if you could just take a peek every now and again at the world outside, you know, a sort of reality check.
Is this truly the only Earth I can live on?
I would suspect that authorities can learn much about people and groups simply by mapping who talks with whom (using technques discussed hrer). Even if many of the subjects use anonymous SIM chips and phones, their patterns of calling create a map. And if anyone they call is a known party (e.g., know "terrorists" or their family members), then their anyonymity becomes compromised.
The authorities can probably even deduce leadership structures from the sequence of calls. If A calls B and then B immediately calls C, D, and E, we might suspect that B is a leader of a cell with D, E, and F as members. Add data on physical location (phone towers) and the authorities have even more data to map out a network and assess likely roles of unnamed people.
Two wrongs don't make a right, but three lefts do.
Some of my favorite quotes:
From both the mental image and funny-long-names-of-stuff-in-Germany file:
- "If you beat terrorists over the head enough, they learn," said Col. Nick Pratt, a counterterrorism expert and professor at the George C. Marshall European Center for Security Studies in Garmisch-Partenkirchen, Germany.
And the enjoying-that-feeling-of-absolute-superiority-oveAnother official agreed: "They'd switch phones but use the same cards. The people were stupid enough to use the same cards all of the time. It was a very good thing for us."
And I'm sure this one has already been posted, but...
From both the kill-joy and tinfoil-hat/nuking-new-$20s files:
- "They thought these phones protected their anonymity, but they didn't," said a senior intelligence official based in Europe. Even without personal information, the authorities were able to conduct routine monitoring of phone conversations."
Sigh...This isn't new at all - we've heard about it a couple of years ago here in Switzerland. BTW, Swisscom happens to be the not-so-former telecom monopoly here, pretty big stuff, not just some random company exploiting a legal loophole. Thing is it's been possible to buy totally anonymous GSM cards here for ages (8 years or so), effectively providing you pre-paid phone number to use in any GSM phone, in and outside of Switzerland.
For about $50 you get a SIM card that you can put in you GSM mobile. You now have a phone number and some initial credit. You can buy credit (a card with a hidden number to dial) from any news stand anytime. Never in the process does your name appear anywhere. You can even buy the cards in supermarkets.
The question of such anonymity was raised several times, but ultimately the decision was that it wasn't possible to require personal information for such items. Since there's no contract and no bills in the system, there's no reason to ask for your name, address, etc. And there's millions of them in use already.
Note that all operators offer such cards. It's a bit more expensive than regular price plans but damn useful if you're a traveler, want to control expenses or can't get a regular plan because of bad credit. To my knowledge, many other european countries offer such prepaid cards now... We just happened to be the first.
-- It's always darker before it goes pitch black.
Is this kind of thing routine?
:)
Given the first +5 Informative FUD troll on this thread it's clear we're in full conspiracy theory mode, so let's trot out Echelon again.
It's theorized that there exists a gigantic electronic SIGINT monitoring network, known as Echelon, which is operated across the Sort Of Free World by the United States, the United Kingdom, and other allies. The system is supposed to be powerful enough to monitor every phonecall, every email, every satellite communication, and handle *all of it simultaneously*. Pattern matching and keyword analysis are done by computers in realtime. Echelon can also make toast, predict stock market trends, and runs it's own psychic hotline.
On a more serious note, how routine that kind of thing might be requires a more careful analysis of the laws of the United Kingdom, which are not the same as the laws of the United States. I don't know what the rules are over there governing the implicit privacy of information.
The modded firmware of some phones can Jam and hop Ids randomly to leech airtime. This is a real problem in some countries with mature cell nets.
Node logs are not perfect.
As every drug dealer busted can tell you that buying your phones in bulk and dropping them (Or purposely losing them in a public place) every 24h removes the chance of getting a tap put on in time.
To live in Fear and Ignorance, only teaches one paranoia.
to add to the details, it seems they were initially monitoring someone's phone which led them to the arrest of Khalid Shaikh Mohammed. A search of Mohammed's place yeilded "hundereds" of numbers. Tracing those hundreds of numbers "led investigators to as many as 6,000 phone numbers, which amounted to a virtual road map of Al Qaeda's operations"
AT&T uses such patterns to look for deadbeats who sign up new calling plans to flee old debt.
Bullshit.
I have had the 911 tracking save a frieds leg before. We were on a motorcycle trip and the bike burst into flames. It was abou t11pm and I had no idea where I was. I call 911 from my cell. I told them I didn't know where I was but my friend was burned really bad. They said not to worry an ambulance and fire truck was on the way and they could get a good idea of my location from my cell phone. I told them that when they got close we would be the two guys standing about 50 yards from the burnign motorcycle. We laughed, my friend go taway without skin grafts, and insurance paid for my motorcycle. Now, lets get rid of that because you think you are important enough for our goverment to track.
One of the big problems after the war was that a lot of SS/Gestapo officers destroyed their records in an effort to claim that they'd served with other units, had had lower ranks, or hadn't even served (a similar thing that is being seen with senior Baathists in Iraq today). In the end, the prosecutors wound up proving the service histories of their suspects by finding that all of them had filled out their government pension paperwork when they'd joined their units or received promotions.
Again, it was simple greed (or stinginess) that led to their downfall.
"Prepare for the worst - hope for the best."
Let X be the US government, and Y be "the terrorists". Presently, group A are considered worthy of medication, while group B are laudable patriots. If we study most countries' histories, and generalise the term "terrorists", this still applies.
Once the threshhold for an arrest warrent is met, such a person shouldn't be allowed to do much of anything without being arrested. They've already have been accused of some sort of crime, so the only thing left for the police to do is figure out where the person is and slap some cuffs on the person so they can hand them over to the courts.
Despite Swiss law about not buying SIM cards anonimously SIM cars still freely awailable for online shopper. But all this affair show that Al-Qaeda is not quite tech savvy. List of the phones on the paper ? Not encripted ? Well it's sound good :). They also didn't use smartphone with software voice scrambler, though scrambled talk also could rase suspicion. Don't know how many people scrambling them really. Not 100% sure but I think existing high-end smartphones powerful enough to produce unbreakable scrambling. Even they arn't encripted text messagess could be made practically unbreakable ...
I find it intersting that this story has been published at all. And with such a wide varity of direct quotes. They basically tell any would-be naughty person using a mobile phone to change the SIM card and the phone everytime they make a phone call.
I'm reminded of a satelite photo from the mid '80s the showed a radar picture of the Nile Delta. Why would you publicly show a picture that told everyone that you could see 30 metres underground durring the Cold War?
Just what can 'they' really monitor if 'they' know that you know that your moble phone is monitored?
now we have trackable cellphones (which are becoming ubiquitous), rfid chips, red-light cameras with OCR, etc. pretty easy and non-paranoid to imagine the automated abiity to track anyone anywhere.
True, but thankfully, in many cases, the agencies who have control of the technology are very reluctant to cooperate with law enforcement.
A week ago, my Transportation Planning class went on a field trip, where (among other locations) we visited the Route 91 Express Lanes and the ATSAC (made famous by "The Italian Job") Control Center. Route 91 has license plate cameras and OCR equipment which identifies toll evaders when they enter the Express Lanes as well as 35 incident cameras along the 10-mile route, and ATSAC has cameras all over Los Angeles which can watch intersections and streets for incidents. *Both* agencies mentioned that law enforcement has repeatedly approached them for cooperation and information, and that they *never* allow it without a court order.
I think the reasoning was best expressed by the engineer at ATSAC, who said that if they used their cameras for enforcement, it wouldn't be long before the cameras were routinely vandalized and smashed to bits.
It's not about what the technology can do; it's about who controls it and what they perceive as their responsibility.
Don't you wish your girlfriend was a geek like me?
Ever wonder why Osama bin Laden can't be found?
To find out, listen to The World's Most Dangerous Leader
Regards,
Kilgore
I have a question about that NYT article. In the old cell phones there was a phone ESN and then the subscriber info entered in the NAM. So it was always possible to track a phone no matter what user had it. Now we have these GSM phones with SIM cards and the NYT article is a bit vague but seems to imply that the SIM card was the tracking mechanism and not the phone hardware. My question is, is there an embedded phone ESN in the GSM phone, or is the subscriber info entirely in the SIM card?
Of course you need the phone owners permission.
I've lost my mobile phone... but since you'll have to type 1074 to get the trace approved, I can't get the sucker to tell me where the heck it is...
That's not how Directional Antenna Arrays work at all. They work based on the phase differences of the signal between multiple antennas.
The signal from your phone starts out in phase. As the signal propogates towards the multiple antennas, it takes a slightly different path to each antenna, ending up out of phase.
These phase shifts are measured and the return signals are transmitted from the same multiple antennas using exactly the same phase shifts.
The signal then returns to you following the same paths as your outgoing signal (in reverse) and converge on your phone in phase again.
Note that the cell does not track your location, it merely tracks the phase shifting of your signals. This would only provide accurate location data in a featureless landscape. In a city (or even suburb), the path between you and the cell might involve multiple bounces off of buildings, etc.
...is our privacy restored by removing the ability to track users' cell phones? Of course not.
Location information is generated automatically by the GSM network. Depending on the layout of the GSM net you can determine in which GSM cell the user is and even (roughly) determine his location within the cell. The location info is required for the network to operate properly. All this article has really accomplished is that Al Quaeda is, as this is written, instructing its operatives to ditch their anonymous simms after a certain short period for new ones to make tracking more difficult or to abandon GSM phones alltogether. It would have been nice if more of those terrorist [EXPLETIVE DELETED] had fallen for this before it was advertised by the press. Loose lips sink ships, or burn skyscrapers in this case.
Only to idiots, are orders laws.
-- Henning von Tresckow
And now that the terrorists have moved on to other techniques, is our privacy restored by removing the ability to track users' cell phones?
You also have the "who watches the watchers" problem as a fundermental problem. With the position of "watcher" being highly attractive to criminal types.
Please explain to me what the point would be to putting anti-aircraft weapons onboard submarines that couldn't use them without surfacing. Kind of defeats the point of a submarine.
Please also explain to me how even if this was the case (a US Navy ship shot down the airliner) it would remain a secret? Do you really think the crew of the ship would remain silent?
Anywau I always thought the vertical launch tubes were for nukular ICBMs, so what do I know?
On the Ohio SSBN yes. The text that I quoted was talking about the 688I class attack submarine. On those subs the tubes are used for Tomahawks.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
Many years ago I worked for the first GSM operator in one of the countries in the middle east. We had setup the gsm network, Motorola was the overseer of the installation. All of us were Arab engineers, mostly native to the country we were setting up in. Anyway, we setup the network and were almost through with the testing phase. About a month before official start of operations (selling to the public), the Motorola project manager tells us that one of his guys will be installing equipment in the Switching Center, and that we would not be involved. At least one of us was always involved during any installation since we might have to troubleshoot later. We were in the OMC (operations and Maintenance center), and he told us that we would not have any access to this equipment. This guy later arrives with a shitload of equipment and installs it. We were explicitly told not to touch it. The only thing I and the others could tell was that it was for listening in to the GSM calls, since the very nature of GSM (TDMA, etc) makes it difficult to just use a radio scanner. Best we could figure out was where the wires came in from and went out to. Turns out they were connected to the general intelligence department of the mukhabarat (sort of like FBI). Thus the intelligence boys didn't have to listen over the wireless, they tapped straight into the switching center, leaping over the whole GSM complexities. I suspect the US, UK, et al can tap straight into GSM over-wireless. But hey, if you live in one of the "friends-of-the-US" countries, you can go straight to the center.