Slashdot Mirror
The Unlikely Effort To Build a Clandestine Cell Phone Network
Lashdots writes: Electronic surveillance has raised concerns among Americans and pushed an estimated 30% of them to protect their privacy in some form. Artist Curtis Wallen has taken that effort to dramatic lengths, documenting how to create a "clandestine communications network" using pre-paid phones, Tor, Twitter, and encryption. The approach, which attempts to conceal any encryption that could raise suspicions, is "very passive" says Wallen, so "there's hardly any trace that an interaction even happened." This is not easy, of course. In fact, as he discovered while researching faulty CIA security practices, it's really, comically hard. "If the CIA can't even keep from getting betrayed by their cell phones, what chance do we have?" he says. Still, he believes his system could theoretically keep users' activities hidden, and while it's hard, it's not impossible.
Hard and impossible are the same in this case.
If you want it enough to do the hard, you've probably already attracted the kind of interest to make it impossible.
Go ahead. Click the link. Get your IP address registered NOW! Oh, wait....
---- Teach Peace. It's Cheaper Than War.
honeypot.
Like all the amazing cryptographic solutions from people whose understanding of security boils down to Tor == anonymous and OTP == tehshitz, the article conveniently glosses over the exchange of OTP key or the Twitter account name.
Whatever channel is used for agreeing upon those essentials, it will complicate claim of "hardly any trace that an interaction even happened" quite significantly.
Smartphones are so powerful now that cryptography software hasn't caught up yet. We have the computing power in phones now to do things not possible just a couple years ago. You could do things like real time steganography where the real audio message is hidden inside a fake conversation. The hardware is here, we just need an app for that.
Here in Australia (and probably in many other countries too) you have to undergo a complete identity check before you are allowed to open a prepaid phone account.
I am surprised the USA still allows you to obtain a phone number that has absolutely zero records indicating who obtained it. But I suspect companies like TracFone and AT&T that sell a lot of these prepaid phones don't want to have to deal with the ID checks and have been able to lobby the government against them.
You bought the burner @ Rite Aid?
Now, if they want to backtrack the phone to the POP, they will have lovely, multiple, security videos of your face.
At least give some random kid $5 bucks to go in the store and buy it for you.
Sort of the opposite of buying beer when you're a minor...
It's perfectly compatible, search is not supposed to be secret. If they serve you a search warrant for you phone they should be able to go clone it etc and attempt to penetrate the crypto all they want.
No sir I dont like it.
How is that compatible with the construct of a free and open society based on the rule of law, which has allowances for "search" of a person's private effects?
Short of a Judge's orders in a particular ongoing investigation and/or court case, there is no obligation on the part of citizens to create/store/retrieve their papers/data and effects so as to make a search easier. Or even possible.
If I and someone else creates a language only we understand and converse over the telephone, we are not obligated to teach any TLAs/LEAs that are recording/monitoring how to understand our new language.
Any such requirement would likely fail court challenges due to it's prior-restraint nature.
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
Wouldn't it be easier to change the SIM card? Destroy the old SIM card instead? Destroying the cell phone seems like a waste. Just delete the incoming call log.
Most phones have a unique handset (i.e. hardware) identifier which is accessible during a telephone or internet session. It's in firmware, but you may or may not be able to change it on demand.
Crumb's Corollary: Never bring a knife to a bun fight.
I doubt they're that sophisticated yet.
Maybe one day they'll do that.
... I have thoroughly enjoyed the article. But to be honest: A burner phone and an untraceable credit card may very well come in handy - if you are planning to move assets overseas to avoid the IRS. I am doing IT security for a living. I don't have the need for new identities or slipping under the radar. I secure my valuable digital assets, I use entoend encrypted voice channels, file exchange, emails, chat and messaging if necessary and I have different systems for surfing and working. So - here is my advise: Before searching the "dark" net for a new identity (which might be a CIA?NSA?FBI? honeypot) - use common sense. The government is not out to get you, they are not listening to all your calls and they are not tracking everybody's movements. If you become a target of interest (e.g. by buying fake identities) you probably deserve it. Drive to the nearest truck stop, find a truck that goes north, stick you cell phone into the belly of the truck and go south. Never turn back. Never talk to friends anymore. Just build a new life in the badlands of New Mexico. You may develop a taste for jack rabbits.
Everyone knows you use a wet sponge to moisten the envelope if you don't want your saliva on it. Or now days, you can use peel n' stick envelopes, but have to be careful not to touch the sticky part with your finger. Or you wear latex gloves when creating and sending your "top secret" letters.
Yes, the SIM can be changed, and that will change the phone number, but the phones are encoded with a IMEI number, which is like a serial number unique to each phone. The IMEI number is tranmitted to the cell towers and is how the cell providers track what kind of phone you have and other details.
The Feds have made it a FELONY to change the IMEI number of the phone, so even if you have the expensive equipment to do it, they've made it hard to get and illegal to use. This is how many organized theft rings would wipe a phone, they would change the IMEI number from the stolen phone, to either a generic IMEI number, or a legit IMEI number so the phone can't be de-activated on the cell network.
The cell phone companies use the IMEI (ESN) number for several purposes, one of them is to flag stolen phones and de-activate them on the cell network. You could change the SIM, but if the IMEI number has been reported stolen, and flagged in the DB, then the phone won't be allowed on the carrier's network. The other use the cell providers use the IMEI number is to know what phone you have. For instance, ATT requires all smart phones to purchase a data plan for it (even if you only wish to use data over wifi). If you activate ANY smart phone on their network, if you don't have a data plan for it, they will detect it and add a data plan to your account. They detect whether it is a smart phone by the IMEI number on the network.
I looked into this as I wanted to give my teen my old smart phone, but didn't want to put data on the plan for it (just calling+txt). I figured the phone was better than a feature phone, cause she could still use it on wifi, plus it holds tons of MP3's and has a nice camera etc. that aren't on feature phones. I looked into the idea of buying a go-phone (so they didn't add data to my plan), and then putting the SIM from the go-phone into my old smart phone to get it cell service. I quickly learned (from reading, not doing), that as soon as the smart phone is seen on the network (regardless of SIM used), they would add data to the plan. Needless to say, she has a go-phone.
What if you skipped Pastebin and any other "internet" site and only posted your GPG messages on a .onion site? Then you don't need to use a TOR exit node. For just a few users it might also be suspicious, but hard to track. But if thousands of users were doing it, there could be enough noise to hide in.