Slashdot Mirror
Tracking Via Anonymous SIM Cards
Noryungi writes "The New York Times reports that Al Qaeda operatives were tracked using the ID of the GSM phone chips sold by a Swiss company named Swisscom. Very interesting."
← Back to Stories (view on slashdot.org)
How is this a big deal, they can track cell phones... not news.
Snowden and Manning are heroes.
The terrorists were lulled into a false sense of security when they kept changing phones, but took their SIM cards from one phone to the next to keep their number and minutes. Therefore, while the hardware changed, the identity didn't. That's what did them in...
for buying 867-5309.
Before anybody thinks the spooks were monitoring the "anonymous" prepaid cell phones randomly... RTFA. What got the investigation started was that they found a list of phone numbers when arresting another terrorist, and they all turned out to lead into the hands of high-value targets and the people who spoke to them.
it was the Freemasons that shot down TWA 800.
Psst.... Theres a black helicopter over your house right now!! Seriously, I dont like PATRIOT and the other crap pushed on us by the paniced public any more than anybody else, but saying the Navy shot down that plane is just ignorant.
"Hand me the bullet-shooty-thing and a box of little hurts" -Overheard on a USMC Rifle range
So they think I am always in my underwear drawer, since that is where the SIM card for my last GSM phone has resided for the last year.
TDMA for life!
"Windows Me offers tremendous reliability and stability improvements..." -- Paul Thurott
a little terrifying, but not so terrifying that i'm going to stop using my cell phone. hey, i don't fit the profile and i only discuss my evil plans back-to-back through a voice modulator. and my secret code is way cooler than thirty seconds of silence.
-ninjaneer
There was never any legitimate need to upgrade the infrastructure to allow for tracking any cell user at will.
And that's why the big brother guys, like the CIA, NSA and FBI really pushed for that type of infrastructure to be developed, right? But... oh wait, it was actually some of the northern states who thought it might be nice to be able to help find people lost in snow storms.
Oh... just noticed this, you're a kook. TWA 800 shot down? Sure sure... ding! time to take your medicine
When I bought my latest phone, I had to get the SIM card activated, the salesman asked me for my name, address, etc.. so I began pulling out my wallet for him to copy my ID down. So instead.. he gives me a scrap piece of paper and a pen to put it down, this really seems weird to me.
Nothing was stopping me from putting down the wrong info (looking back now, maybe I should have). It just struck me as odd how easy it would have been to fake it all..
Perhaps you should read it again, then. Investigators were not listening to random calls taken in by a broad net. Prior capture of other terrorists had yielded all sorts of phone numbers, addresses, and other contact and location information. Intelligence agencies then homed in on these particular phone numbers, recorded everything, and then analyzed it later. But I'm sure it sounds much more interesting if you try to paint it as some sort of grand conspiracy.
In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky
It does say that the investigators became suspicious after listening to the call. It doesn't say why they were listening in the first place. They might have been investigating the guy for drug deals, heard the suspicious call, looked a little closer, and uncovered links to terrorism. The only evidence against that is the phrase "Investigators, suspicious that the call was a signal between terrorists", which implies that the suspicion caused the investigation. That could easily be written off as creativity on the part of the journalist.
Incredible claims require unquestionable proof, I think. Yes, there is clearly reason to be suspicious of how the government conducts these taps, but I disagree that you've found a clear admission of indiscriminate eavesdropping.
If you want a cell phone that can give your location to authorities, buy one with a built-in GPS receiver that transmits your location. There was never any legitimate need to upgrade the infrastructure to allow for tracking any cell user at will.
As far as I was aware, that infrastructure was in place from the very beginning.
In order for a cellphone company to properly give you service, they have to arrange for a series of cell towers over a wide range of space. These towers provide your signal. For uninterrupted service, the service-areas of each tower must overlap to a degree.
In order to bill you properly when you are roaming, the towers must be able to check your location against your home calling areas (for people with plans where this still exists). Which tower you're using at any given time is a matter of record.
If the argument is that they don't have your location down to a 10-meter square block, you might wanna guess again; by watching the way that your phone moves through the spheres of influence each tower generates it becomes mathematically trivial to triangulate your position with a precision that GPS would find envious.
If you're drudging out the `Navy shot down TWA 800` theory I'm tempted to classify you as a troll. Please don't bother frightening Slashdot with your Fear, Uncertainty, and Doubt lines about the lack of privacy we now have post 9/11 -- you never had it to begin with.
Perhaps you should read it again, then. Investigators were not listening to random calls taken in by a broad net. Prior capture of other terrorists had yielded all sorts of phone numbers, addresses, and other contact and location information. Intelligence agencies then homed in on these particular phone numbers, recorded everything, and then analyzed it later. This is not "routine monitoring," this is targeted intelligence gathering. This is like saying that because the CIA tapped the Russian embassy's phone back in the 60's, the CIA was engaging in routine monitoring of all phone calls in the United States. That's ludicrous, just like suggesting routine monitoring of all cell phone conversations.
In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky
Actually, if you RTFA properly then you would realise that they were NOT routinely monitoring calls.
What they WERE doing was monitoring calls to / from numbers which were on a list of numbers they found when they arrested another terrorist.
PLEASE try to keep your conspiracy paranoia uner control.
People should not be afraid of their governments - Governments should be afraid of their people.
I would suspect that authorities can learn much about people and groups simply by mapping who talks with whom (using technques discussed hrer). Even if many of the subjects use anonymous SIM chips and phones, their patterns of calling create a map. And if anyone they call is a known party (e.g., know "terrorists" or their family members), then their anyonymity becomes compromised.
The authorities can probably even deduce leadership structures from the sequence of calls. If A calls B and then B immediately calls C, D, and E, we might suspect that B is a leader of a cell with D, E, and F as members. Add data on physical location (phone towers) and the authorities have even more data to map out a network and assess likely roles of unnamed people.
Two wrongs don't make a right, but three lefts do.
Some of my favorite quotes:
From both the mental image and funny-long-names-of-stuff-in-Germany file:
- "If you beat terrorists over the head enough, they learn," said Col. Nick Pratt, a counterterrorism expert and professor at the George C. Marshall European Center for Security Studies in Garmisch-Partenkirchen, Germany.
And the enjoying-that-feeling-of-absolute-superiority-oveAnother official agreed: "They'd switch phones but use the same cards. The people were stupid enough to use the same cards all of the time. It was a very good thing for us."
And I'm sure this one has already been posted, but...
From both the kill-joy and tinfoil-hat/nuking-new-$20s files:
- "They thought these phones protected their anonymity, but they didn't," said a senior intelligence official based in Europe. Even without personal information, the authorities were able to conduct routine monitoring of phone conversations."
Sigh...This isn't new at all - we've heard about it a couple of years ago here in Switzerland. BTW, Swisscom happens to be the not-so-former telecom monopoly here, pretty big stuff, not just some random company exploiting a legal loophole. Thing is it's been possible to buy totally anonymous GSM cards here for ages (8 years or so), effectively providing you pre-paid phone number to use in any GSM phone, in and outside of Switzerland.
For about $50 you get a SIM card that you can put in you GSM mobile. You now have a phone number and some initial credit. You can buy credit (a card with a hidden number to dial) from any news stand anytime. Never in the process does your name appear anywhere. You can even buy the cards in supermarkets.
The question of such anonymity was raised several times, but ultimately the decision was that it wasn't possible to require personal information for such items. Since there's no contract and no bills in the system, there's no reason to ask for your name, address, etc. And there's millions of them in use already.
Note that all operators offer such cards. It's a bit more expensive than regular price plans but damn useful if you're a traveler, want to control expenses or can't get a regular plan because of bad credit. To my knowledge, many other european countries offer such prepaid cards now... We just happened to be the first.
-- It's always darker before it goes pitch black.
alert to the phones' vulnerability, had largely abandoned them for important communications and instead were using e-mail, Internet phone calls and hand-delivered messages
So now that technology has been shown succesfull in stopping "terrorists", and those "terrorists" have moved to email/VoIP, get ready for another push in legislature to regulate those mediums more tightly. It doesn't matter that the corporation put those chips in their products by their own will. Traditional phone companies will see a spot to shove their foot in the door and lobby their representatives to regulate the up and comming internet telephony industry in order to stiffle the competition. So there is "antiterrorism" working and corporate money working in the minds of the government. What else is new...
Is this kind of thing routine?
:)
Given the first +5 Informative FUD troll on this thread it's clear we're in full conspiracy theory mode, so let's trot out Echelon again.
It's theorized that there exists a gigantic electronic SIGINT monitoring network, known as Echelon, which is operated across the Sort Of Free World by the United States, the United Kingdom, and other allies. The system is supposed to be powerful enough to monitor every phonecall, every email, every satellite communication, and handle *all of it simultaneously*. Pattern matching and keyword analysis are done by computers in realtime. Echelon can also make toast, predict stock market trends, and runs it's own psychic hotline.
On a more serious note, how routine that kind of thing might be requires a more careful analysis of the laws of the United Kingdom, which are not the same as the laws of the United States. I don't know what the rules are over there governing the implicit privacy of information.
Big deal...
This 'top secret tracking" is available to consumers and companies in the UK see:.
http://followus.co.uk
http://www.fleetonline.net
Of course you need the phone owners permission.
Actually your wrong. There are different technologies for cell phone antenna's. The old ones simply relied on your cell phone saying "I am getting the best signal. Now they have "Directional Antenna Array's" (google search it), and basically it triangalets your exact location based on the signal from multiple sources, quite a bit different then "Which is the best signal". The good news: Cell phone reception went WAY up, the bad news, they can track where you are to within a few metres. Is this good or bad? Who cares, as /. pointed out already, they can track you with your cash, your cc's, your bank card, your car, etc. etc. etc..
Big Brother(x) = 1984 + 20 = 2004.
Mod +5 Drunk
If the argument is that they don't have your location down to a 10-meter square block, you might wanna guess again; by watching the way that your phone moves through the spheres of influence each tower generates it becomes mathematically trivial to triangulate your position with a precision that GPS would find envious.
That statment is vastly exaggerated. In fact triangulating the position based on signal strength gives vastly inaccurate results. Simply passing behind a wall would make you appear 20-100m further from the cell station, making triangulation hopeless at accuracy.
The most accurate method availible is called time advance. Basically the towers keep a very accurate record of your latency, and transmit their signal slightly in advance when you are far away to make sure it reaches you at the time your cellphone expects it. IIRC this value is measured in 1/10ths of a bit, and yeilds an accuracy of 500m. No methods of tracking cellphones are as good as the = 10m GPS provides.
The modded firmware of some phones can Jam and hop Ids randomly to leech airtime. This is a real problem in some countries with mature cell nets.
Node logs are not perfect.
As every drug dealer busted can tell you that buying your phones in bulk and dropping them (Or purposely losing them in a public place) every 24h removes the chance of getting a tap put on in time.
To live in Fear and Ignorance, only teaches one paranoia.
a lot of people are calling this an invasion of privacy. This is hardly that.
Al Qaedia and its operatives have been identified as enemy combatants. Effectively, there's already an international 'warrant for their arrest'.
This technology, if had to be used in the US, would require a judge to approve a warrant for this type of information gathering. There'd have to be specific evidence that the individual was commiting a crime or likely to. Al Qaedia already falls under this category, IMHO.
Even further, this was a COMBAT action. In other conflicts, (see: wars) this is the same as using radar to identify enemy positions based on the metal used in their vehicles, etc.
And EVEN FURTHER, knowing where you are is essential in a cellular phone network. To forward the voice packets, the phones have to know the signal strength from your phone to the nearest towers. it figures your motion and signal degradation to determine the most likely cells to send your data to. knowing your approximate location is just a function of cellular technology.
Reason, free market capitalism, and individualism
this is a nice example of the parallel existence of privacy and legitimate law enforcement. note that i say parallel, not tradeoff, the latter being the superficial way the alleged "tension" between the two is described. we can have both, and stronger than they are now.
... our methods seem gentle in comparison.)
i'd like to think i'm a decent pro-privacy civil libertarian, but i also admit getting a kick out of the law and order episodes when they so often trace someone's movements thanks to bridge tolls or telephone calls or ATM cameras or whatever. cool, hey presto and the bad guy is tagged. here, it's those bin laden cretins, no tears shed; and so it happens in real life). (the israelis once assassinated a man by detonating an explosive in his cellphone -- they waited to hear his voice and
now we have trackable cellphones (which are becoming ubiquitous), rfid chips, red-light cameras with OCR, etc. pretty easy and non-paranoid to imagine the automated abiity to track anyone anywhere.
there are so far as i know few constitutional problems if the data collected is publicly observable information, i.e., no expectation of privacy even if the sophistication of the technology to collect, process, and digest that information would astonish most of us (this does at least rule out Big Brother in your home). the old model was that evidence could be collected only with periodic intrusive methods like breaking down doors or inserting wiretaps, moderated by warrant and the exclusionary rule and so on. what no one expected, though, is the situation now where *unintrusive* methods continuously collect everything one might need. the fourth becomes an anachronism, and the patriot act seems quaint.
the only answer i see, or rather the inevitable path ahead, is to intelligently moderate access to and use of the data. the constitution is only the floor, congress went much farther with the anti-wiretap law. draw the "border" between leigt investigation and fishing expeditions. frankly i don't think we can do a good job of it, but it's the only route i see ahead. all these "public eyes" can not be shut, because we *like* too many of them and even a few innocuous steps may prove to open the door wide.
AT&T uses such patterns to look for deadbeats who sign up new calling plans to flee old debt.
Bullshit.
I have had the 911 tracking save a frieds leg before. We were on a motorcycle trip and the bike burst into flames. It was abou t11pm and I had no idea where I was. I call 911 from my cell. I told them I didn't know where I was but my friend was burned really bad. They said not to worry an ambulance and fire truck was on the way and they could get a good idea of my location from my cell phone. I told them that when they got close we would be the two guys standing about 50 yards from the burnign motorcycle. We laughed, my friend go taway without skin grafts, and insurance paid for my motorcycle. Now, lets get rid of that because you think you are important enough for our goverment to track.
One of the big problems after the war was that a lot of SS/Gestapo officers destroyed their records in an effort to claim that they'd served with other units, had had lower ranks, or hadn't even served (a similar thing that is being seen with senior Baathists in Iraq today). In the end, the prosecutors wound up proving the service histories of their suspects by finding that all of them had filled out their government pension paperwork when they'd joined their units or received promotions.
Again, it was simple greed (or stinginess) that led to their downfall.
"Prepare for the worst - hope for the best."
Has a story on this as well.
-EB
Do you ever walk alone like a drifter in the dark?
The NTSB Flight 800 Page seems to have the evidence contrary to your own beliefs, and if you are really nice, and try not to sound like you are a conspiracy theorist, they may let you see the evidence for yourself, under a press pass - or "I'm a collage student writing a paper on", etc. Of course, there have been plenty of (non-government employed) people whom have already seen it, and it's probably been warehoused, but no harm in trying. What I'm saying here, is if you show me proof, I'm on your side, until then - I'm letting you know what I'm basing my beliefs on.
Kindest regards.
Despite Swiss law about not buying SIM cards anonimously SIM cars still freely awailable for online shopper. But all this affair show that Al-Qaeda is not quite tech savvy. List of the phones on the paper ? Not encripted ? Well it's sound good :). They also didn't use smartphone with software voice scrambler, though scrambled talk also could rase suspicion. Don't know how many people scrambling them really. Not 100% sure but I think existing high-end smartphones powerful enough to produce unbreakable scrambling. Even they arn't encripted text messagess could be made practically unbreakable ...
The executive order referenced exempts a specific group in the Navy from federal labor law, adding them to a huge list of intelligence agencies that was instituted by Exexcutive Order in 1979 by President Ford, as provided for in Section 7103(b) of Title 5 of the United States Code. What the hell does that have to do with a coverup? Are you asserting that Clinton exempted that Group and then threatened to fire them all from the Navy if they tried to form a labor union, which somehow got them to be quiet about shooting down a plane?
No one's asking you to remove your tin foil hat, but please, if you're going to provide "evidence" of a coverup, at least make some sense. If the executive order had suspended some part of the uniform laws that prohibits shooting down civilian planes, you might have something.
Don't blame me; I'm never given mod points.
I find it intersting that this story has been published at all. And with such a wide varity of direct quotes. They basically tell any would-be naughty person using a mobile phone to change the SIM card and the phone everytime they make a phone call.
I'm reminded of a satelite photo from the mid '80s the showed a radar picture of the Nile Delta. Why would you publicly show a picture that told everyone that you could see 30 metres underground durring the Cold War?
Just what can 'they' really monitor if 'they' know that you know that your moble phone is monitored?
Doesn't this strike you as one of those things that maybe the government should not be advertising to the world? Let the idiots keep falling victim to the same blunder but who knows maybe it's just me :P
Special Delivery for Al-Qeada...
Read the "Facts about TWA 800" and found just ignorant speculation.
Unique to this crash was the intense participation of the Navy, which immediately dispatched its best deep salvage vessels to the area, and kicked out the New York Police Department divers, who had legal jurisdiction in the area.
Who's better equiped to pull up large debris from the ocean floor? The NYPD, or the Navy?
Most unusually, the Navy searched out 20 miles to either side of the known debris field, even though the 747 could not have glided that distance from its altitude of 13,700 MSL even if left intact.
This is probably the most ignorant thing of what I've read so far. Read this again and see if this is some how conspiratorial. A 747 could easily glide 20 miles if it's engines went out at 13,700 feet. Whoever wrote this must be under the impression that if a plane's engines go out the plane just drops like a rock.
The Navy justified this extensive search by claiming that they could not locate the aircraft flight recorders, the "black boxes", even though numerous private boat owners reported hearing the locator pings on their sonar and fish finders
Great! Because we all know how easy it is to find something on the ocean floor. It's one thing to pick up a "ping" it's another thing to actually find something the size of a toolbox.
And really... linking to a conspiracy website to support your views adds tons of credibility.
It is indeed ridiculous to even think the Navy could ever shoot down a civilian airliner.
Or made a deposit at the bank... EVERYONE knows they pull fingerprints from checks you deposit. And if you are foolish enough to leave a strain of your hair that may have fallen into the envelope? Well you might as well just buy some guns, scratch off the serial numbers and leave it at a crime scene with a lock of hair.
Thats why I always carry a false ID. I use public internet cafes often with my fake fingerprints and I always leave some skin deposits from my "alternate" on the keyboard. The daily exfoliation in the shower was difficult to adjust to, my skin stays very red for at least 2 hours but I have found some nice cream that seems to be working for the redness and also blocks my natural body oders (not the perfume for your armpits but the kind that will keep bloodhounds from tracking you!)
The loss of privacy in closed systems is very real. Most printers can be uniquely identified by certain features (invisible to the naked eye) that are created on the printouts. And I am not talking about the currency counterfeiting options. We can be sure that if email was implemented using appliances, every mail message would have a unique ID. Microsoft Office embedded a unique ID in every document it produced and that feature was only disabled due to a huge outcry by their customers. Has everyone forgotten the original P4 ID, and how it was to be used for tracking (called "authentication")? The only way to guarantee privacy is to have open systems which will ensure that a universal tracking system cannot be successfully implemented.
I'm sure that the investigators who uncovered this mistake by Al Queda spent a lot of time bashing their heads on their desks as they ran into dead ends. Like most police work, this "lucky break" probably only came to light after a lot of fruitless efforts. These investigators made their luck out of a lot of legwork and late nights.
We like to pretend that Al Queda is inept because it helps us sleep better at night. That fact is that in this case the good guys were simply better (and more persistent) at uncovering tracks than Al Queda was at concealing them.
"Prepare for the worst - hope for the best."
I just bought a prepaid SIM card for 5 euro. It has a prepaid credit of 5 euro when I choose to register I get an additional prepaid credit of 10 euro.
The mobile carriers also have the abillity to track you with the unique IMEI number of your GSM. With Software it is possible to change the IMEI of your GSM. A new SIM and an IMEI change means you are anonymous again.
Dutch police routinely asks the Mobile Carriers for subscriber data from customers who where in the same area where a crime has been committed.
So when some of us, after plenty of good reason, don't trust our government, we're made fun of and told to put on our tin-foil hats. But when Al Qaeda is beaten even after taking precautions of using phone "chips" that they bought anonymously, we laugh at them for not being cautious enough.
I'm an American. I love this country and the freedoms that we used to have.
Padilla is getting it easy: he deserves the firing squad. That is what treason gets you.
Treason is tightly defined by the constitution. It can't exist except in time of DECLARED war (which we DON'T have at the moment.)
This is why Jane Fonda got to marry a billionaire rather than twist slowly at the end of a noose.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Many years ago I worked for the first GSM operator in one of the countries in the middle east. We had setup the gsm network, Motorola was the overseer of the installation. All of us were Arab engineers, mostly native to the country we were setting up in. Anyway, we setup the network and were almost through with the testing phase. About a month before official start of operations (selling to the public), the Motorola project manager tells us that one of his guys will be installing equipment in the Switching Center, and that we would not be involved. At least one of us was always involved during any installation since we might have to troubleshoot later. We were in the OMC (operations and Maintenance center), and he told us that we would not have any access to this equipment. This guy later arrives with a shitload of equipment and installs it. We were explicitly told not to touch it. The only thing I and the others could tell was that it was for listening in to the GSM calls, since the very nature of GSM (TDMA, etc) makes it difficult to just use a radio scanner. Best we could figure out was where the wires came in from and went out to. Turns out they were connected to the general intelligence department of the mukhabarat (sort of like FBI). Thus the intelligence boys didn't have to listen over the wireless, they tapped straight into the switching center, leaping over the whole GSM complexities. I suspect the US, UK, et al can tap straight into GSM over-wireless. But hey, if you live in one of the "friends-of-the-US" countries, you can go straight to the center.