Slashdot Mirror
Cell Phone CEOs Marked For Phone Cloning
Saint Aardvark writes "When Sarah Drummond got back from Israel, she found a cell phone bill
for more
than $12,000. She contacted her
cell phone provider to let them know that someone had stolen her
phone, but they weren't interested in helping her and told her she'd
have to pay. In preparing for small claims court, she and her partner
found out that not only does her company have the ability to spot
unusual activity on a cell phone account, the company executives' own phones have
been targeted by a group linked to Hezbollah. From the article: 'They were
using actually a pretty brilliant psychology. Nobody wants to cut off
[CEO] Ted Rogers' phone or any people that are directly under Ted
Rogers, so they took their scanners to our building, like our north
building, where our senior top, top, top executives are. They took
their scanners there and also to Yorkville, where there are a lot of
high rollers and like it would be a major PR blunder to shoot first
and ask questions later. . . . Nobody wants to shut off Ted. Even if
he is calling Iran, Syria, Lebanon, and Kuwait.'"
I'm a Rogers Wireless Customer (no, I won't tell you my phone number :P) and it's a scary thought to see that if somebody stole my phone and ran up a $12 000 bill, they would expect me to pay it.
But what really makes me wonder is why they didn't stop to ask somebody! Sure, you don't want to cut off Ted Rogers' phone, but if you told him about it and said "this is unusual activity in your account - are you sure it's not fraud?" it would probably have been a good idea. Credit card companies (that I can recall) do just that.
Join the Empire! http://www.empirereborn.net/
So, in essence, this Rogers company is aiding and abetting terrorist groups by forcing their customers to sponsor cell phone usage by those groups.
Sounds like just the sort of thing the USA PATRIOT Act was meant to stop, but somehow I doubt that the FBI is going to step in.
You are in error. No-one is screaming. Thank you for your cooperation.
I think it has to do with animations. An individual illustraion that makes a frame is a "cel".
funny munging
My recommendation (IANAL): Take the settlement. The court fees will probably be more than the settlement!
I don't find the fact of who they're targetting, or the fact that they're cloning phones, all that shocking. I do, however, find it a bit fishy that these same (big) people have been _repeatedly_ targetted, and it has been noticed several times. You'd think that some sort of measure would have been put into place by now to at least curb the effectiveness of this tactic when used on these same people. I mean, after the first time my phone got cloned, I think I'd pass word down to the grunts to block calls to certain countries from that phone, as long as there wasn't a high "real" call volume there.
At any rate, after this being done several times, you'd think they would have some checks in place, but hey...when you own your own huge company, I guess paying your own bills isn't really an issue.
Fill in your four or five-letter word of wisdom here _ _ _ _ _.
You should be able to set upper limits for your cell phone expenses, plus have people call you back if there is unusual activity.
Credit card companies do this for credit cards and it works fine. There is no reason not to do it for cell phones, other than that cell phone companies hope you'll run up lots of charges. The reason why they hope you do that is because, unlike credit card charges, cell phone charges are not real money. That is, if you complain about your $10000 cell phone bill, it costs them little to "forgive" it, whereas a $10000 credit card bill is real money.
Here's a simple solution... don't pay your bill! Just because you receive an invoice from a company, it does not mean that you need to pay it. If you want to dispute the charge, switch providers and let things run their course.
Now some people worry about their credit ratings... well up here in Canada, our credit bureaus are private corporations with very little responsibility to anyone and in fact there are only two. The credibility of the credit system in this country is weak at best. For example, if I decide to invoice each and everyone of you, and do not receive payment, I simply send this information to the credit bureau and a black mark is added to your record. You will NOT be notified, and likely won't discover this until you need to apply for credit. When you discover this blackmark, your only recourse is to have a note amended to your file to explain the accusation. Unfortunately this does little, if anything at all.
That's why, for any significant purchases (i.e. a mortgage on a home, or large car loan) creditors look to our income to debt ration first, and weigh that heaviest.
Long story short: don't pay the bill, and in a few years when it finally reaches court (after the company makes several attempts to settle for significantly less), explain your situation and countersue for court fees.
Hey - lets do some biz. I'll pad the invoices for $20K and then offer to settle for $2K. This way you can feel oh so good as I shake you down for $2000 bux.
The jerks just love people like you. Over time they figure out where the highbar is and cheat and steal just below this level. Most people will pay rather than fight. I suppose traffic tickets fall into this area as well. But then that is instutionalized right?
Well the reason credit ratings are important is they can.
B K12
Prevent you from getting credit, this includes such thing as electric service without substantial deposits.
It could prevent you from getting the loan, or a good rate on a car or mortgage.
You might not get an apartment if you are unable to pay.
Or a job
It could raise your insurance rates.
Quite simply poor credit is a black mark that could affect much of how you live your life.
As for disputing, they have to correct all wrong information upon being informed it's long.
http://www.canlaw.com/credit/creditreportlaw.htm#
Simply ignoring it and hoping it will go away is naive and dumb.
Ad nausea, I work for a large cell carrier.
I investigate these types of charges on a weekly basis. And when something like this happens, we investigate and write off all the charges no problem.
I am sure her phone was stolen. But where was it stolen from? Her house? Her car?
Note the article said her phone was STOLEN, not cloned, two very different actions.
More than likely she had it with her. It was stolen and she did not notice it gone. And when she got home she had a huge phone bill.
If the phone was stolen in her home country, she could have filed a police report, showed it to rogers and they would have written it off.
If the phone was stolen overseas, when she noticed it gone, should have immediately called and reported in.
As someone who travels internationally, I tend to keep the phone with me on trips. Most people do. The article is very light on these details.
If it was a GSM phone they generally need access to the phone and have to grab and clone the sim. So physical access is needed for the device.
The article mentions that the owners of rogers got scanned and cloned. When was it, soounds like they used TDMA phones, which was probably a few years back when it happened.
Rogers is GSM and I would imagine the pres and his execs would have using gsm for at least 2 if not three years for now.
I googled for info on this and could not find any article about the CEO of rogers being cloned.
A lot of times the maids in hotles, cruise ships, will use the customers phones when they are not around. That is why if you leave a phone in a room that is not your own, lock it, hide the sim. Battery in a different place. Little personal responsibility.
So I think before we pass judgment we should get the rest of the story.
Puto
The Revolution Will Not Be Televised
I know it's a minor nit, but you'd think that when you're actually talking with the press you could say something more intelligent than "I was all like totally surprised".
Firstly, Rogers appears to be running a GSM network, so cloning the phone means NOTHING WHATSOEVER and is actually quite unnecessary -- any 'ol GSM phone will work.
What you need to clone is the SIM - the little chip that is associated with your number. Stick it in any GSM phone (more or less) and off you go, you have that subscriber's identity.
While it is possible to clone a SIM, you need access to the SIM and a smart card reader for several hours to crack the encryption. (At least in the earlier SIMs, they may have improved the situation since, I hope so.) This isn't a matter of reading an identification number off, you need to read off the private key from the SIM - something that was supposed to be imposssible but there are weaknesses in certain versions of the encyption algorithm.)
Anyway, this particular case is not about SIM cloning, merely boring old cellphone being stolen. (It's admitted as such when the article states, "Ms. Drummond quickly determined what had happened: Someone had stolen her phone while she was away. She called Rogers Wireless, which told her there was nothing it could do, and she would have to pay the entire amount".)
The whole misleading piece about phone cloneing is mostly sensational journalism - it seems some employees claimed that some terrorist groups cloned the CEO of the cellphone's company's cellphone. (And remember that the person at the centre of the story - one Ms Drummond - merely had her phone stolen, a much more boring case.)
Anyway, Ms Drummond failed to notify her cellphone provider that her cellphone was stolen and then complained that the theif used it. The fraud detection system didn't detect it and it seems she therefore argues that it's not her fault. Even though I'd guess the cellphone company doesn't owe you anything when it comes to detecting fraudlant use of your phone.
Moral of the story: As soon as you know your SIM is stolen, CONTACT YOUR CELLPHONE COMPANY! They can block outgoing calls on it saving you a lot of money.
(GSM cellphone companies can also block phone IMEI's - stopping a theif from using that phone in the future - but only do this once the phone is known stolen as it's a real pain to get that undone.)
If her phone/SIM had been cloned, then yes, the cellphone company would have an issue on its hands. As it is, all that's happened is silly girl didn't report a stolen phone. Happens all the time, nothing to see here, move along.
Oh, and it's easy for a cellphone company to transfer a number to a new SIM.
Isn't that just a great mental image?
[Fuck Beta]
o0t!
Ted Rogers? In a heartbeat! Let him go through his own crummy "customer service" to get reconnected.
One line blog. I hear that they're called Twitters now.
Were you reading the same article as the rest of us?
1) Cloning is the process of mimicking a cell phone's identity such that calls you make appear to have been made from your unsuspecting victim's phone.
2) Hezbollah IS a terrorist organization. Where have you been that you do not know this?
3) The CEO is paying for the TERRORISTS' calls, not the other way around!
RTFA!
Yes, the phone does transmit some identifying information once authorised - but identification is not authentication!
To authenticate and authorise the phone/SIM pair to the network, the phone is just a go-between, shuttling information from over-the-air to the SIM and back again. (In case you're not aware, the SIM is a physical chip. In the old days, it was a smart card; these days it's just the chip of a smart card on a piece of plastic just a little larger than the chip.)
The network sends an unique challange to the SIM (via the phone) and the SIM has to respond approproately using shared-secrets and techniques not too dissimilar from private-key / public-key cryptography. Replaying this is of no value to you because next time you want to authenticate, the challange will be different! (And I believe the Network is also authenticated to the SIM as well - I don't know the details that well).
The theory is that the shared secret (Ki) is never transmitted over the air - it's known to the network and to your SIM and that is all - it was designed to it was impossible to retreive it directly from the SIM.
It is an active process involving bidirectional communication, not a passive "this is my number".
-bZj
.sig
A journey of 1,000 miles begins with a single step -- and so it was that law professor Susan Drummond's long, strange trip into the world of wireless security, where she learned that a terrorist organization had appropriated Ted Rogers' cellphone number, was launched by the arrival of a phone bill for $12,237.60.
Okay, thanks for introducing Ms. Drummond. Who the hell is Ted Rogers and what did that have to do with Ms. Drummonds number being cloned. I don't think they did a very good job of explaining that. I read the article twice and still have no idea who Ted Rogers is.
"They were cloning the senior executives repeatedly, because everyone was afraid to cut off Ted Rogers' phone,"
Uh.. okay, well.. why didn't they do it to Ms. Drummond's phone either? Crappy article.
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
Moral of the story: As soon as you know your SIM is stolen, CONTACT YOUR CELLPHONE COMPANY ... As it is, all that's happened is silly girl didn't report a stolen phone.
I know reading the article is frowned upon here and all, but it does kind of point out that the woman had been out of the country for a month and returned to find a huge phone bill. In the course of investigating what happened, she was told that her company did have pattern matching/potential abuse detection software deployed but ignores the results. The "silly girl" is an edge case due to the length of her being out of the country, but I don't have a lot of sympathy for the phone company. They chose to ignore what was 99.999% an abusive situation either to profit or out of complete cluelessness. Neither case gets a whole lot of sympathy from me. Here's a basic algorithm:
If an account's monthly balance >= 3*Average of 3 previous month's total charges, chances are something is wrong. Of course, you have to add checks for a new account, but that's not that much more difficult.
In my opinion, as soon as you're reasonably sure. Most cellphone providers can do a simple block on your SIM (block outgoing calls) that is fairly easy to put on and take off - so as soon as you think it's stolen, I recommend doing that. Just contact their customer service line. This will protect you from this lady's situation of someone running up big bills on your account.
If you find the phone again, ring up the customer services and get the block removed. Not usually a big deal; takes only a few minutes.
If it really seems lost/stolen, blocking the IMEI number (ie: the phone's unique ID, not the SIM card's) is a good idea if your provider can do that. While this is often a lot harder to undo (providers often state that it is impossible to undo or refuse to do so), it means that your theif cannot use their ill-gotten cellphone. (If they steal your cellphone and swap the SIM, they'll have your phone but they'll be using their own account for outgoing calls. Blocking the IMEI will stop them using your phone even if they swap the SIMs.)
This is obivously GSM flavoured advice. I'm unfamilar with other network technologies; some of it may carry over, some may not.
i actually typoed that as "lies" originally... ironically it might just fit... anyways:
Jan Innes, a vice-president with Rogers Communications, confirmed that the company has an automatic fraud-detection system that flags suspicious calling patterns, but refused to say how it works. "We do not give out information that might help people get around the system," she said.
Translation: "Our system is not fool-proof, and we are aware it can be exploited, but are doing nothing to prevent it. We are instead crossing our fingers with the obscure hope that out of our thousands or millions of users, not one will stumble across an exploit. Security through obscurity!"
Thanks Rogers, I'll be sure to avoid you guys like the plague if I ever get a cell phone.
I posted this on my blog somewhile back: http://www.krunk4ever.com/blog/?p=56
What Grinds My Gears: I've probably made this rant before, but I really really hate the help cell phone service providers provide when you lose your phone. In other words, NO HELP. A friend recently lost his cell phone and it irked me since the T-Mobile was giving him the same bullshit they gave me. Once again, I could never see WHY they wouldn't help us track the phone or help the law enforcement track down the thief? What more easier way is there when a thief is carrying a tracking device!?!?! There should be a list of all reported stolen phones and when someone tries to make a call from that phone, it'll try to locate the person through triangulation and notify the nearest police department to that area (which is easily doable since 911 works on a cell phone). Another service easily providable is any call made from that phone no matter what # was dialed (besides emergency #s like 911) will be forwarded to 1 particular # which the own can set. I mean in the event where the owner loses the phone and the person who found the phone wants to return it, he'd probably try to call someone on that list and ask if they knew who owned this #. By being able to forward all calls to say your home line, you won't have to worry about long distance charges and you can be certain if they try to make a call, it'll be forwarded to you. Another extremely stupid idea is that when you lose your phone is that they recommend that you suspend your account to prevent the thief from putting charges on your bill. However if you're under contract, suspending your account VIOLATES the contract and you're forced to pay the cancellation fee. Which really only leaves you instead of suspending the account to immediately purchase a new phone and swap it onto the current plan. I've asked before if it was okay to suspend the account, but continue paying for the service until I could get a new phone. They apologize and said they couldn't do that. OH MY GOSH! I'm willing to pay for a service which I WILL NOT BE USING, but instead they make it harder on the customer and force them to either get a new phone immediate or suspend the service and pay the cancellation fee.
HD Trailers
In all honesty...How the hell could Rogers miss out on $12,000 worth of phone calls. I'm fairly certain that in their entire customer database only a few customers could actually produce this kind of traffic. If Rogers thinks a judge will let them bilk one woman for making $12,000 worth of phone calls I think common sense will kick in.