How A Contractor Exploited A Vulnerability In The FCC Website

RendonWI writes: A Wisconsin wireless contractor discovered a flaw in the FCC's Antenna Structure Registration (ASR) database, and changed the ownership of more than 40 towers from multiple carriers and tower owners into his company's name during the past five months without the rightful owners being notified by the agency, according to FCC documents and sources knowledgeable of the illegal transfers. Sprint, AT&T and key tower companies were targeted in the wide-ranging thefts... Changing ASR ownership is an easy process by applying online for an FCC Registration Number (FRN) which is instantly granted whether the factual or inaccurate information is provided. Then, once logged in, an FRN holder can submit a form stating that they are the new owner of any or multiple structures in the database. As soon as it is submitted, the change is immediately reflected in the ASR.

Summary?

[Rockoon]

Why doesnt the summary indicate in any way what was gained by the perpetrator in doing this?

Re: Summary?

The perpetrator gained super karma somewhere on Reddit for having such a cool story bro.

Re:Summary?

Because TFA explicitly states it is unknown what the perpetrator gained. My own uneducated guess is that either it's some kind of long con or the perpetrator didn't even know what changing the database actually accomplished.

Re:Summary?

[sml156]

It's impossible to even guess why a criminal would want $12 million worth of Towers and antenna equipment.

Re: Summary?

Really? He's gonna pack them up and take them to Mexico. By changing ownership, the border guards won't suspect anything.

Geese!

Re:Summary?

Back taxes, additional report filings and inspection costs? Perhaps the contractor just wanted to pump the book value of the company temporarily to prevent a sale or gain fraudulent advantage related such transaction related to the company.

Re:Summary?

[gnasher719]

Why doesnt the summary indicate in any way what was gained by the perpetrator in doing this?

I would think a warm cell and three meals a day?

Re:Summary?

[Rockoon]

The way I see it the summary might as well read "The competition of a wireless contractor..." because at least then there is a motive.

Re:Summary?

[dog77]

The article says "It is unknown why Nix changed the ownership of the structures or what benefits would be derived by being able to identify that Aura owned a $12-plus million group of towers.".

Re: Summary?

HONK HONK

Re:Summary?

My guess is for extortion later. Cell tower goes down several months from now, but the company finds they no longer own it. He's hoping they'll "contract" him to fix it rather than having to spend time investigating why his company owns the towers. Maybe they'll just pay him off later since companies wouldn't want towers down too long.

The guy is a dumbass though.

Re: Summary?

[Entrope]

Changing the owner that is listed in one federal database doesn't actually transfer ownership of the assets in question.

Re: Summary?

[paiute]

'Geese' is actually a corruption of the phrase 'Geeses Christ', which some might find an unacceptable ejaculate, so it became attenuated over time to the less recognizable and hopefully less offensive form used here.

Re:Summary?

[Chris+Mattern]

It's impossible to even guess why a criminal would want $12 million worth of Towers and antenna equipment.

But that's just it: it didn't actually get him the towers and equipment. He just hacked a database (which was not the legal record of ownership) to say he had it. It didn't get him possession of it, and if he tried to dispute ownership, the hacked records would quickly be shown as fake. So what did he intend to do?

Re: Summary?

What have geese got to do with it ?

Re:Summary?

[ma1wrbu5tr]

Are we sure this guy wasn't a Comcast contractor? That would explain much.

Re: Summary?

No,its a shortened form of
Jesus Christ..

Re: Summary?

[DesertNomad]

No, that's "Jesus H. Christ!"

Re: Summary?

[mysidia]

Changing the owner that is listed in one federal database doesn't actually transfer ownership of the assets in question.

But they should send a Bill for all FCC fines for any violations found at any of those towers that occured to the registered owner while the contractor was listed as such.

Re: Summary?

[nnet]

whats the H. stand for?

Re: Summary?

[nnet]

Birdie birdie in the sky,
dropping whitewash in my eye,
I don't care, I don't cry,
I'm just glad that cows don't fly.

Re: Summary?

[Radish03]

That would actually be Geese's Christ, the winged counterpart to Deer God in the animal pantheon.

Re: Summary?

[Maxwell'sSilverLART]

whats the H. stand for?

Haploid.

Re: Summary?

Harry is also commonly used.

Re: Summary?

Hitler. They were step brothers. Same mother different father. Both Jewish ;)

Re:Summary?

[JustAnotherOldGuy]

It's impossible to even guess why a criminal would want $12 million worth of Towers and antenna equipment.

To sell it on eBay, of course!

Re: Summary?

[JustAnotherOldGuy]

Changing the owner that is listed in one federal database doesn't actually transfer ownership of the assets in question.

Yes, but those entries may be enough to enable you to bluff your way through some other transaction or fraud scheme, if it looks like you're the owner.

Re:Summary?

[JustAnotherOldGuy]

Those records may give him enough credibility to enable him to bluff his way through some other transaction or fraud, which may be the real target of what he was after.

Re: Summary?

LOL

Thanks.

Re: Summary?

[paiute]

And a synonym for whoosh.

Re: Summary?

[paiute]

Handicapped. Thus the Christ on a crutch saying.

Re:Summary?

Some hackers and exploiters do things like this just to prove a point, and to force their hand into fixing it.

Re: Summary?

[mysidia]

Yes, but those entries may be enough to enable you to bluff your way through some other transaction or fraud scheme

And this might have slipped under the radar if he targeted one or two towers, instead of 40, b/c as a result of claiming so many he wound up assigning himself some tower that was damaged requiring $21k repairs to make it safe to the public and thus under FCC investigation and making false statements, causing a safety hazard...

I would Hope they put Aura on the hook for the $21K, and block him from making further FCC filings regarding towers, and go ahead and make the charges for making fraudulent statements and filing false documents with the FCC.

Re: Summary?

whats the H. stand for?

Hussein

ugh.....

[starblazer]

What a jackass... now the FCC is going to burden us honest folk with extra paperwork. I liked being able to submit my AU to the ULS and it being approved the next day automatically.

Re:ugh.....

Even Unix back in the '70s didn't give everyone rights to execute "chown". This is an elementary protocol design fuckup by the FCC.

Re:ugh.....

It doesn't seem that extra paperwork is required here. It seems that if the FCC actually notified the prior owner in writing that an ownership change was made, as they -claim- they do, this would have been caught immediately.

Re:ugh.....

Depends, if this is a multi billion telecom company such as Verizon that buys, owns, sells and rents many towers, they might not check all this paperwork in detail. It is not that it transfers PHYSICAL ownership, just the contact details for the FCC.

Re:ugh.....

> multi billion telecom company

> might not check all this paperwork

If only they had the money to hire someone to do their paperwork.

Re:ugh.....

[JustAnotherOldGuy]

What a jackass... now the FCC is going to burden us honest folk with extra paperwork.
I liked being able to submit my AU to the ULS and it being approved the next day automatically.

I'm that was convenient and all, but what if it was someone mucking about with your records and changing stuff in them?

Re:ugh.....

Depends, if this is a multi billion telecom company such as Verizon that buys, owns, sells and rents many towers, they might not check all this paperwork in detail. It is not that it transfers PHYSICAL ownership, just the contact details for the FCC.

If you read TFA and not the summary, you would see that the notification system of FCC is broken. The change of owner ship should send a notify to BOTH the previous and new owner when the data was updated on the site. The new owner get the notification, but the previous owner DOES NOT (and someone recently tested it). It is FCC's fault that they DID NOT VERIFY their notification system.

Re:ugh.....

You're the rest why system security everywhere is shit.

Radio Free Sealab

"Scanner's going off captain!"
"Yo, lock in on it son. Here at the FCC, it's our job to eliminate illegal radio stations, and inappropriate language!"
"Yeah, well...thanks a lot for the ****ing backstory."
"Wha-You watch your ****ing mouth you ****ing ***k."

And then there was a vulnerability.

"We're closing in on the signal sir! And then we'll drop the hammer, right?"
"Huh? Oh, oh yeah we're gonna drop the hammer. Hey uh...does this make look fat?"
"No. But your ass does!"

Re: Radio Free Sealab

What? Mom was a ...

Re: Radio Free Sealab

Now it's time for the "I hate Marco" show! Best episode.

Nix fucked up

He tries to scam major companies with lots of money. You know plenty of books will be thrown at him and he'll end up in prison for a while. If you're going to scam, only scam tiny companies or poor people. Those who don't have any connections to get back at you.

Why?

[mhkohne]

From the article: "It is unknown why Nix changed the ownership of the structures or what benefits would be derived by being able to identify that Aura owned a $12-plus million group of towers."

This seems like a 'Step 2: ???' kinda plan, since the FCC database gets you exactly nothing in terms of money, or ability to transfer ownership of the towers.

Weird.

Re:Why?

[subanark]

My guess would be to try and sell them

Re:Why?

[ancientt]

You know, I'll bet you're right. Selling them would be like selling a bridge you don't own, and the con would work a lot easier if you can show that the FCC has you down as the owner.

Re:Why?

Yeah "try".
Any attorney involved in the sale would immediately see it for what it is with no paperwork to back up his ownership claims.

TBH, I dunno what he was trying to achieve, he's a completely clueless chancer whos plan had zero chance of success.

Re:Why?

[PPH]

Borrow against them.

After 2008, bankers are desperate to write new loans against practically anything. Since the home mortgage business is being watched like a hawk by regulators, lots of business scams are popping up.

Re:Why?

[mysidia]

Bankers are going to require more paperwork to show clear title than a listing in the FCC database,
just because you're listed as owner doesn't mean there's no Lien or other mortgage against the property, for example.

Re:Why?

Obviously he was just trying to get laid. Women get soaking wet over guys who own a lot of cellular infrastructure. There's even a famous rap song about it.

Sprint, Cricket, Let me stick it
in your butt hole like T-Mobile,
slide in your buns like Verizon,
This nigga own so many towers
you gonna be suckin my dick for hours

Re: Why?

Maybe he did it for the lulz. You know some people still do it for the lulz. The love of the game.

Re:Why?

[Aighearach]

This seems like a 'Step 2: ???' kinda plan, since the FCC database gets you exactly nothing in terms of money, or ability to transfer ownership of the towers.

Just because the reporter who wrote the story didn't have details of the scam, doesn't mean that there were no details. It just means they're not going to be able to tell you.

An obvious thing would be scamming investors by making your company look larger than it is. Who knows? Chances are, catching him at this stage means whatever the rest of the plan was we'll never know because he won't be able to do it now.

Re: Why?

[KGIII]

Of all the suggested reasons, this is most likely.

Re: Why?

See, if he transferred ownership to Batman instead of himself I might be inclined to believe that.
But I really find it hard to imagine this guy getting any LULZ right now.

Re:Why?

Theres not necessarily a "clear title" in the case of towers as they are often on *other people's land* which means that the tower itself is only "owned" by the operator in some loose sense based on the agreement with the actual landowner. Trusting (incorrectly) that the FCC, being a governmental body, has scrutinized their registration database is within the realm of what a bank will do.

LOL

What a jackass. As if the contractor wasn't going to get caught. At some point the rightful owners were going to find out. I bet the person who switched the records voted for Trump.

To everyone wondering what was gained

When I, a small wISP owner, want to access a tower I look up the tower owner in the FCC database. I then contact said owner and proceed to work out a lease agreement. When I, a small wisp owner, want a bank loan I attach my FCC Database records as part of proof of ownership. The structure itself very often does not have records with the county like land does. The land can be owned by J. Q. Public, Et Al. Now I have $12M worth of assets and can get a 3 to 5m loan with a very attractive rate because its so far under my asset value.

Definitely something that needs fixing, but

I think the article is a bit pretentious, to me this sounds a little like listing a house for sale on a realtor website/MLS system despite not holding the title. It may be annoying to the homeowner when they start getting people looking around but anyone actually trying to go through a purchase process is going to find out pretty quickly that the person attempting to sell the property isn't the legal owner. While it could cause some snafus with issuing maintenance fines/warnings, I doubt any would be overly serious.

Re: I'm noticing some things...

The average IQ of a Trumo voter is 40.

Re: I'm noticing some things...

Pot. Kettle. Black.

You aren't exactly impressing me with your inability to spell a commonly used 5 letter word.

Re: I'm noticing some things...

I guess you never made a typo. The o is right next to the p. Mistakes happen. Fuck off spelling nazi.

Seriously??

[JustAnotherOldGuy]

"Changing ASR ownership is an easy process by applying online for an FCC Registration Number (FRN) which is instantly granted whether the factual or inaccurate information is provided. Then, once logged in, an FRN holder can submit a form stating that they are the new owner of any or multiple structures in the database. As soon as it is submitted, the change is immediately reflected in the ASR."

That is a breathtakingly bad process. Epic, in fact.

Thousands of security analysts around the country are feeling light-headed right now and are looking for a place to lay down. Thousands of others are reaching for aspirin to to try damp down the near-fatal brain cramp they got when they read this magnificent example of sheer bureaucratic stupidity.

Re:Seriously??

"Changing ASR ownership is an easy process by applying online for an FCC Registration Number (FRN) which is instantly granted whether the factual or inaccurate information is provided. Then, once logged in, an FRN holder can submit a form stating that they are the new owner of any or multiple structures in the database. As soon as it is submitted, the change is immediately reflected in the ASR."

That is a breathtakingly bad process. Epic, in fact.

Thousands of security analysts around the country are feeling light-headed right now and are looking for a place to lay down. Thousands of others are reaching for aspirin to to try damp down the near-fatal brain cramp they got when they read this magnificent example of sheer bureaucratic stupidity.

Actually, I don't really see a problem with instant update. It is convenient and wouldn't need to be waiting for a long process like in any government agency.

The problem, however, is that the FCC notification system has been broken and no one noticed it (or they ignored it). The notification system is supposed to send a notification to both the previous and new owner regarding the change. It is the way that FCC want to push the responsibility on to the previous owner (to verify whether or not the change of owner is valid), but they are in the wrong because their system is malfunction. The problem is that the new owner gets the notification but not the previous owner (read TFA). If their system is working correctly, the problem wouldn't be escalated to this point.

Not what my news source said

[barbariccow]

My news source says that this guy was actually legitimately buying the towers, but because of some backroom HILBAMA scheme after he spent the money it got reversed, he was blamed for hacking.

As far as motivation, according to several anonymous sources that couldn't be contacted for further details, word on the street was this guy had a lot of secret details THE GOVERNMENT DOESN'T WANT YOU TO KNOW about the REAL story of..... BatBoy!

William M. Nix

No one really know what Mr. Nix was or is trying to accomplish by trying to take owner ship, but after having many phone calls and meeting him at a hotel parking lot in Wadena MN with the local PD on site. Well I believe that Mr. nix has Some drug problems as well as mental. And now I'm not saying that to be a smart As$.. I worked that case on try clean up the site's that he has been trying to live on that is owned by Subcarrier Communications. Mr. Nix has broken into about 9 of Subcarrier sites in 2 states. My company "Multi Purpose Dan LLC" from N.C has been working for Subcarrier for 4 years now in over seeing the sites mostly on the east coast but from time to time I go on to new turf.