Celluar fraud program on Network TV - comments?
Laurence Chiu
program or network) about cellular fraud. They demonstrated how easy it
was to get equipment that can suck ESN's from the sky and then program
your own phones with it.
Conclusion was
1) check your phone bill carefully (this makes sense of course)
2) only switch on your phone when making calls since the devices can get
numbers when your phone is on, not just when making a call.
The latter doesn't make so much sense. After all isn't part of the appeal
of cell phones being able to be reached anywhere or are we supposed to
carry pagers also? Of course having to pay for incoming calls is a
detraction but nevertheless...
Finally will any of the digital technologies like GSM and the various
available in the US be able to secure the transmission of the ESN so that
it isn't so easy to grab?
Just curious to know.
Thanks
______________________________________________________________________
Laurence Chiu | lc...@crl.com
Walnut Creek, California | Tel (work) (510)412-4730
Robert J. Keller
lc...@crl.com (Laurence Chiu) writes:
>2) only switch on your phone when making calls since the devices can get
>numbers when your phone is on, not just when making a call.
>The latter doesn't make so much sense. After all isn't part of the appeal
>of cell phones being able to be reached anywhere or are we supposed to
>carry pagers also?
Obviously if you use your cellular phone to _receive_ calls you won't want
to leave it off ... but there is a substantial percentage of cellular
users who do not give out their cellular number and typically only use the
unit to _place_ calls.
--
Robert J. Keller, P.C. (Federal Telecommunications Law)
<r...@telcomlaw.com> Tel: 301-229-5208 Fax: 301-229-6875
4200 Wisconsin Ave NW #106-261 Washington DC 20016-2146
finger me for info on F.C.C. Daily Digests and Releases
Laurence Chiu
Robert J. Keller <r...@clark.net> wrote:
>
>lc...@crl.com (Laurence Chiu) writes:
>
>>2) only switch on your phone when making calls since the devices can get
>>numbers when your phone is on, not just when making a call.
>
>>The latter doesn't make so much sense. After all isn't part of the appeal
>>of cell phones being able to be reached anywhere or are we supposed to
>>carry pagers also?
>
>Obviously if you use your cellular phone to _receive_ calls you won't want
>to leave it off ... but there is a substantial percentage of cellular
>users who do not give out their cellular number and typically only use the
>unit to _place_ calls.
>
>--
> Robert J. Keller, P.C. (Federal Telecommunications Law)
I wonder if this is motivated by the fact that you get to pay for
incoming calls in the US (I am not aware of any other country but I could
be wrong) that does this - the caller gets charged, rather than the
threat of ESN theft.
Laurence Chiu
John Doe
general public to assume the responsibilities and obligations of the
corporations. The typical manipulation is through fear tactics, ie-
Guard your credit cards, or better yet buy insurance, in case they are
stolen or used fraudulently. Do this, do that, all to help corporate
america lower *their* exposure. The card company is absolutely responsible
for all fraudulent usage, not the cardholder, and in the unlikely event
that the cardholder doesn't even notify the cardcompany when they learn of
the loss then the holders exposure is still limited to a maximum of $50.
How many millions of dollars do idiots spend on those "card loss insurance
scams"?
Now comes the big fear of cell fraud. It costs the Cellcos millions a year.
So all gather round and help the mega-corps realize an even bigger bottom
line and do as they say and modify *your* behavior to help them earn more.
Newsflash- if their system is full of holes, and someone grabs your ESN
and calls the world for a month, guess what? You're not liable for one
penny. (please don't jump in here and recite how their loss translates
to higher costs for everone. They make millions even with the fraud, which
is a big tax deduction at year end) But please, like good sheep, do as
you're conditioned, modify your behavior to help the cellcos fight their
*problem*. How much longer before they offer *cell fraud insurance*?
Final rant- The insurance industry went State to State and, with the media
lapdogs in tow, convinced the people and the lawmakers of most States that
helmet-less motorcyclists were costing millions of dollars in claims. That
their exposure was intollerably large...blah blah. So now that the public
has been forced to modify their behavior to save the inscos millions-How
much of those savings have they returned to the public in the form of
reduced premiums, or did they keep it all for themselves...
Once again I've had too much coffee...
Mr Dion Wiggs
: I recently watched part of a network news program (can't remember the
: was to get equipment that can suck ESN's from the sky and then program
: your own phones with it.
Yet another great invention from the USA !
: Conclusion was
: 1) check your phone bill carefully (this makes sense of course)
: 2) only switch on your phone when making calls since the devices can get
: numbers when your phone is on, not just when making a call.
: The latter doesn't make so much sense. After all isn't part of the appeal
: of cell phones being able to be reached anywhere or are we supposed to
: carry pagers also? Of course having to pay for incoming calls is a
: detraction but nevertheless...
: Finally will any of the digital technologies like GSM and the various
: available in the US be able to secure the transmission of the ESN so that
: it isn't so easy to grab?
GSM is "impossible" to grab (so the manufacturers say), as the data
transmitted is triple encoded using a very large number key, *and*, the
transmission type of GSM (as opposed to Etacs, and AMPS) is completely
different in that, the older types of phones transmit on one frequency
only whilst in a call,(unless they move to another channel), whereas GSM
phones use a transmission technique called "frequency hopping"
(originally employed by the armed forces for security reasons) only the
GSM mobile and base station know the channels on which to hop (there are
approx 10 different frequencies in one transmission hop), and the data
which the base station transmits to the Mobile, is triple encrypted again.
All this is to ensure that it is about as se3cure as the authorities will
allow.
(incidentally, in the early days of gsm, when it was still in the
conceptual stages, the encryption was even more complex, but after
certain intelligence agencies complained to the telecommunications
agencies about their inability to listen in (national security and all
that), the designers of the system had to make it a little easier to
crack (and then let the spying agencies involved know how to decrypt the
code)....so ultimately, no matter how secure youthink the new GSM
protocols are, the intelloigence networks can still listen in to your
conversations if they want to, and can access all your billing details
etc.....Smacks of george orwell!)
------------------------------------------------------------------------------
for further advice, email ga...@xxact.com.hk
------------------------------------------------------------------------------
NEVER PUT YOUR WILLY IN A BLENDER!
------------------------------------------------------------------------------
mwil...@inter.nl.net
Hi,
> All this is to ensure that it is about as se3cure as the
authorities will allow.
Do you use GSM in Hongkong?
Mike (NL)
Bruce McGuffin
GSM is "impossible" to grab (so the manufacturers say), as the data
transmitted is triple encoded using a very large number key, *and*, the
transmission type of GSM (as opposed to Etacs, and AMPS) is completely
different in that, the older types of phones transmit on one frequency
only whilst in a call,(unless they move to another channel), whereas GSM
phones use a transmission technique called "frequency hopping"
(originally employed by the armed forces for security reasons) only the
GSM mobile and base station know the channels on which to hop (there are
approx 10 different frequencies in one transmission hop), and the data
which the base station transmits to the Mobile, is triple encrypted again.
(deleted)
GSM has a number of service options in it. One is frequency hopping. My
understanding is that currently no GSM operator supports the frequency
hopping option. From discussions I have had with base station suppliers,
it appears that available GSM base stations do not have the
capability to support frequency hopping.
With regard to encryption, it is true that the GSM encryption
algorithm is being simplified. I have seen a report posted on the internet in
April 1994 by Stewart Fist, which claims that until the new algorithm is
in place, all operators have disabled encryption, and are transmitting in
the clear.
While GSM has the hooks for good security, it looks to me like they aren't
being used. I would like to hear from people familiar with the other
digital standards (IS-54 and IS-95) about security on those systems.
Bruce McGuffin
mcgu...@ll.mit.edu
Greg Herlein
regardless of the value of the call. Only when I am remote and *expect* a
call that I do not want to miss, do I leave it on.
The major problem with this is that when I am remote, I do not want to use the
cell phone to retreive voice-mail... our company has issued warnings about
this, since there wee some cases of folks recording the cell calls to retreive
the "secret code" password, and then using the voice mail system in the off
hours for criminal purposes...
/**************************************************************************
Greg Herlein (gc...@pge.com) ! "Confidence is supreme until you
These comments are mine and are ! understand the problem"
not those of my employer ! - unknown
**************************************************************************/
Alex Dawson
Laurence Chiu
Alex Dawson <alex_...@italic.DIALix.oz.au> wrote:
>I think that the thing would only apply to Analouge mobile phones not digital
Of course. Since you use GSM in Australia for your digital network,
I guess the crooks would have to use different equipment to steal
ESN's
______________________________________________________________________
Laurence Chiu Walnut Creek, California
Tel: 510-412-4730 (work) Internet: lc...@crl.com
hewison simon j
: In article <13.47...@italic.DIALix.oz.au>,
: Alex Dawson <alex_...@italic.DIALix.oz.au> wrote:
: >I think that the thing would only apply to Analouge mobile phones not digital
: Of course. Since you use GSM in Australia for your digital network,
: I guess the crooks would have to use different equipment to steal
: ESN's
The crooks would need an awful lot of equipment, and patience to steal the
equivalent of ESNs on GSM.
Firstly, there's the IMEI number of the handset. This is a 15 digit number
that identifies the HANDSET, not the user. I don't think that any GSM operators
get shirty if you start swapping SIM cards.
Then there's a 20 digit (at least) that identifies the SIM card.
Then the digital signal is (normally) scrambled,
Then the crook would need equipment to completely erase and reprogram a SIM
card, and know the structure of the information to put on the SIM card to
effectively copy the SIM card (minus, of course the PIN)
As for whether the GSM (and derivative) networks will instantly detect duplicate
identity strings for handsets/sim cards. I would assume they would, and the
sensible thing to do would be to instantly shut down service on the handset(s)/
sim card(s) in question, and wait for the real owner to phone in and then
arrange something.
I'm not sure what Analogue networks the Australians have, but I'm sure they've
got some.