Terrorist Group Clones Phones
From The Register:
Affiliates of terrorist organization Hezbollah cloned the mobiles of senior executives of Canadian operator Rogers Communications, including chief exec Ted Rogers. Even though the firm had technology in place to trigger alerts over suspicious departures in call activity, Rogers staffers were too frightened of inconveniencing bosses to do anything about the fraud, Canadian paper the Globe and Mail reports.
The scam only came to light after law professor Susan Drummond challenged a mobile phone of C$12,000 she received after her return from a month-long trip to Israel. The monster mobile bill listed more than 300 calls made in August to foreign countries including Libya, Pakistan, Russia and Syria. Drummond was told she'd have to foot the bill despite her protests than she'd never previously made overseas calls using the account. Her normal bill was around C$75.
Clone cell phones? How does this happen?
This is how the bad guys cloned phones
First, they used a scanner to record electronic serial numbers (ESNs) and Mobile Identification Numbers (MINs), or telephone numbers. Then they programmed their own mobile phones to transmit the ESN/MIN data to the cell phone network.
Most people would complain about a huge cell phone bill with multiple calls to unknown phone numbers, but the terrorist group counted on the Rogers staffers to be too afraid to say anything about the exec's irregular phone bill. This strategy worked... For a while at least.
Should you be worried?
The answer is no, for a few reasons. Cell phone service providers quickly implemented encryption technology on their networks to prevent scanners from picking up your ESN/MIN information. Even if someone did get it, and managed to program it into another device, it would be fairly obvious it wasn't you making the calls.
When you make a phone call from your device, the information is transmitted to the nearest cell site. Your phone then "camps" on that cell site until it is "handed off" to the next cell site.
Let's say you have been making phone calls from Washington DC during one billing cycle. When you get your bill, you see that calls have been made from Toronto, Ontario during the same billing cycle.
Your phone company will then go through each disputed call, and compare it to other calls made around the same time. If you made six calls in the morning of December 17th from Washington, DC, and a phone call to Libya made from Ontario shows up on the bill within a few minutes of the ones made from Washington DC, your phone company will know something is wrong, and fix it.
Don't worry about it though, it's a non-issue. Most phone companies use complicated encryption technology, which renders this practice almost impossible.
Oh, by the way, I forgot to mention that cell phone cloning is only possible with Analog phones. It was a pretty common problem in the US about 10 years ago, but the practice is next to impossible now.
It's much easier to steal your personal information from the garbage and open a cell phone account in your name than it is to clone your actual cell phone ESN.
Rogers has agreed to cover any costs associated with this bill. In fact, this has been such a PR nightmare for Rogers that CEO Ted Rogers himself has agreed to visit the woman's home for tea to discuss the issue. Seems Ms. Drummond is a bit of a consumer vigilante:
"Although she's glad that Rogers has offered to settle the dispute, Ms. Drummond says she will continue to pursue underlying issues, including a contentious clause in the Rogers contract that forbids consumers from taking the company to court or joining a class-action lawsuit against it."
"It's completely ridiculous," she said. "I'm glad that we got somewhere with this fight, but it shouldn't take a law professor and a technology journalist to make them behave like decent corporate citizens."
Maybe someone can help me. My ex (3 years ex) has made criminal charges against me that I have
been stalking him and making threatening phone calls. I have saved all my phone bills for months
and they do show his number on my bills but I have definately not been making them. I need some-
one who can help me figure out how this can be happening so I can form a defense?
As a rogers tech i can firmly say that no one can ever clone your phone again on our network. We no longer use CDMA/TDMA which requires the ESN/MIN. Now we Use GSM technology which what actually ties the phone to your account is the SIM card without that your account will not get billed. So the only way this would technicaly occur in similarity would be if someone stole your phone, or your SIM card and placed the calls. And by that time i hope you've been smart and reported it Lost or stolen so we could block/ban the sim off the network. When we Block/ban the only call a person can make is to *611 which goes directly to us, when they try and verify the account to take the block off we'll notice the discrepency's and report it as fraud.
^^^ Call your provider and ask to double check the equipment on your phone to see which IMEI/ESN/MIN is on your account, and to see what IMSI the calls are coming from (IMSI is a number unique to every sim card)
Audrie, I came across your article by chance. I noticed that your article was written in 2005 however we are in 2007. Your article is either deadly outdated or you are totally in the dark about cell phone hacking systems.
This so called Hisbollah, alqaida conspiracies are becoming so ridiculous. Why would hisbolla have to use a stolen rogers system to make their calls when they can simple use another cell phone in their local area without fear. Better yet buy a simple long distance phone card (with very good rates by the way...since they use VOIP) from the local variety store and use a bell pay telephone to make their $12000 bill calls.
First of all, there is no way on earth that rogers wireless will allow a $12,000 personal phone bill unless they were incapable of stopping the charges. Rogers has a system called un-usual phone bill use monitoring. It monitors phone bill usage and will stop unusual or excessive phone use and force the customer to call them or a "rogers loss prevention center representative(basic form for rogers basic security) will call you"
Additionally they have a phone bill cap based on customers credit info of $300 cap increments, i,e 300, 600, 900 etc. An individual with a super "A" credit has an automatic Max cap of $1200. (unless they have shown a history to have paid previous bills of such amounts, then they are increased to a high maximum cap)
This is to prevent fraud calls incase an individual losses a phone etc. The rogers system network will automatically cut a user off without even a human being involved. So the bullshit story that rogers employess were afraid of angering their bosses is simply a lie.
For Rogers to allow the phone bill to rise that much would mean they were personally involved or simply the hacker was too good that rogers could not even prevent the invasion on their network. So it does not matter whether a user's SIM card was cloned or not. This brings to mind that only secret service government organisation like FBI or CSIS are capable of such invasive technology beyond the company network to stop it. (case example was in spain and Itally when the FBI used an italian technician to install invasive technology on that spanish network. The technician was later found dead. Police claimed that he committed suicide.) Now think. A university professor was the candidate of this fraud? what relation does this professor have with hisbollah?
What has been known to happen is that fraudsters created a system of phone bill piggy backing. Meaning that after your sim card is cloned, they make these calls and appear on the victims bills without the victim knowing. Even for a cloned sim. only one SIM can be used at a time. Meaning that if the victim attempts to use their phone while the fraudster is using the Cloned SIM, rogers network system will immediately detect that and block that number completedly off the system, thus disabling that clone. The victim will be assigned a new number.
So However successfull a clone fraudster is, rogers can easily stop it due to the fact that the network system will not allow them to bill more than the credit cap. So bill piggy backers and sim cloners are limited to the amount of loss they can prevent. Usually no more than $1200 at a time per victim, per phone number.
What is more interesting was that since 2003, rogers sim cards are the newere V2 SIM cards which untill today has been impossible to clone by simple fraudsters who's gain are limited to longdistance bill fraud. (this does not mean that there are peopel out their of superior motive who have not yet cloned the V2 SIM Cards)
However the V1 sim cards are very clonable. Even a local fraudster acan clone a V1 on his desk top at home. Meaning that if you had the same rogers sim card before 2003, you are most likely to still have the V1 sim card. As of sept/2007 V2 sim cards are very difficult to clone by local fraudsters. (note that rogers could issue a total recall for their V1 SIMS and replace it with V2 SIMS. They have not done so claimimg costs)
So Only serious organisations such as government are able to crack it. Another misconception that you mentioned is that the cell phone tower to tower transmission of encryted information is secure. That is really untrue.
For your information the GSM transmission algorithm known as the A51 and A52 has since been cracked. So the so called GSM security is a mith. By simple using a $500 small base station terminal with signal booster(which you can buy online from japan, singapore and china) a fraudster has to be in close proximity to the intended target. Such that when the target uses their cell phone, instead of the Rogers towers picking up the GSM signal, the intruders mini base station will pick up the GSM signal before the rogers tower. There for the callers EMI, SIM number info and even encrypted voice communication is intercepted. Then by using a simple $99 dollar decryptor software, everything is decrypted. (for your information some over zeolous rogue local police forces like in Toronto police are known to have these gadgets and have illegally used them to Assist in their investigations of Bad guys. - telephone tapping Warrants are sometimes denied to police officers by judges and the police make do with what they can.)
That should tell you really how easy it is to get info to clone your sim card or even listen to your conversation.
Farther more it has been known that FBI especially have a intrisive software spy like a microphone trojan that they called "lisper" that can be sent to a target in form of a text message. When the Target reads the text message, it installs the lisper on the phone. Therfore as long as the target has a battery in the cell ophone, it will continually keep recording any voice conversations around the target and transmitting it to the sender of the "lisper" withoiut their knowledge. This same "lisper is also able to dial numbers quitly from the users phone and forward the conversation to another phone" however the reciepeient of the call will see a caller display of that that the lisper chooses to show them" In th end the reciepeient thinks it is some when else calling. However for international calls the bill will come back to the cell phone owner. The sender of the lisper expects the bill owner to call the phone company and complain.
For rogers to have refused at first to accomodate the professors bill is simply corporate iressponsibility or better yet. They were pre-informed of what exactly was going on. My suspicion for this case is that the Security agencies used a "lisper". In the hope of flashing out so called hisbollah and alqaida. The Israeli Mossad are the first uses of such "lisper" programs and such non destructive listening and privacy invasion systems.
Now the more complicated aspect of phone invasion has to do with "SIM server gateways" that compliment VOIP, GSM and landline technology in merging. Companies like cisco, protech etc have built gateway systems that use SIM cards to dial using VOIP systems so as to avoid paying the costly air time charges associted with cell phones.
Through rogers very own dishonest employees in the activation dept, this technology has in a way offered the Fraudsters a superior angle in cloning and piggy back billing technology. Rogers has not openly admitted to what is really going on but i will discuss this in technical detail after you have responded.
Andrew. Your comment sounds like a Bourne Identity script. Who knows why or how the charges appeared on the bill, but several sources confirmed the charges including the Globe and Mail's Peter Cheney.
Are cell phone conversations completely secure? Probably not, you're right.
Should the everyday consumer worry much about it? Probably not.
I have Sprint, and when I received my $2500 phone bill I was a little upset. I saw that calls were made internationally. When I complained to Sprint a Supervisor told me that it the FCC's problem and I needed to contact them. Then, I was told to find out what towers were being used I would have to go to a Sprint retail center and dial 911. I needed an officer present for that information. I later found out if I did that the police would of charged me $300 in fines for calling. Sprint in unbelievable. I reported it, and it took them 18 days to finally stop it. My bill total for this was over $5,000. They could of had it stopped at $2500 if they pointed me in the right direction.
Hate to tell you guys but this happened February 2008. It's still out there and it very much happening. It could happen to anyone.
I too have sprint and have been having billing issues. We switched to sprint from nextel in December.Though we have the same plans we had with nextel, and we never went over our minutes with Nextel, ever since we switched to sprint we have had crazy overage charges. This last month my husand opened up a business phone with another carrier and only used his sprint phone to call me(sprint to sprint) and now they are saying he went over 600 plus minutes last month. When I called today to complain that something had to be wrong they finally admitted that there could be an issue with "fraud" They are now sending us something that lists all the calls that were made in the last few months so we can address any calls that are on our bill that are not ours.
I'm so mad though. We have been complaining for months that something is wrong. We had no idea that cellphone cloning even existed, but sprint did. Why would they not offer to do this for us months ago when this all started so we could have avoided paying months of cell phone bills that are not ours!
What was the end result for you. Did they offer you anything for the inconvience? They need to automatically start sending out itemized statements to avoid such scams. If I had a list of calls to look at every month I would have known what was wrong in the first place!
WOW. It's so annoying and frustrating to have someone tell you that "it doesn't exist" or is "Impossible" when you are sitting there experiencing it first hand. What a nightmare. We have a new phone from a NON affiliated Sprint store which we did not know considering it had the sprint name AS BIG AS DAY on the marquee. Some Quadi or Iraqi or something guy did the transaction and it has been nothing but a CHALLENGE from day one. Some beep sound will happen then it will say "Device cannot be used during phone call" or whatever and it happens all of the time. My other line will hang up while I'm on a call. Or it will make the hang up sound and HANG ME UP too seconds later. I can't send a call sometimes because "data call still in progress" or whatever. AND MY BILL is HIGHER than normal after that transaction. It's crazy and annoying to say the least.
FOREIGNERS LIVING OFF OF THE BACKS OF HARDWORKING AMERICANS. GROSS!
Andrew, very informative, thanks.
I have a cell on the Fido/Rogers gsm network and checked my bill for
August/08 and found irregular billing of text msgs .
It appears that 35 msgs were sent at 3:00 a.m. - 3:10 a.m. to another
local area Fido phone that I know nothing about.
Phone was off and I was sleeping when it occured.
Called billing today and they removed the charge with me asking and receiving a block on outgoing text as I simply do NOT use it.
Question, is my phone being targeted for piggyback billing and do I need to change sim cards ( currently an older v1 card ) ?
I'm having the same problem you had. I'm getting charged for international calls that I have never made. How exactly did you get your credit back? What was the real problem, why did you end up getting the bill in the first place?
Well it happened to me twice already. I was charged 2 times with rogers for text messages from Canada to US.
First time I was outside the country (43 sms) the second time I was inside (4 sms)
I was able to get the chargers but if it happens the third time it will be very annoying. Moreover they don't believe you and they say it is impossible to happen. Now I know it is just BS.
If it happens again I am cancelling my plan with Rogers
This may or may not be something however I would appreciate anyones input on this matter.
I am currently with Bell Mobility and have been for over 7 years. My bill has always been between $70 - $80 My October statement came in at $291 I was completely baffled! I called bell to find out what was wrong, and they advised me that there was calls to a "special number" and these calls totalled $198! The rep said that there were calls placed for only 1 min per call but each minute charged $39.99! she put me on hold for about 5 minutes to resesch and explain. When she came back on she told me that the calls were to a #40 from my blackberry, and the name of the company is TAXI HIC located in the province of Quebec! I live in Toronto, and I know that on the date all these calls were made I was in Toronto!!! She couldnt give me any other infomation as that was apparently all this number showed,
My question is has anyone ever heard of #40? or a company called TAXI HIC!?
I dont want to call the number from my cell phone in fear that it will charge my bill that $39.99 again!
I currently have a cloned phone, well I have the real one someone else has the cloned one. Sprint, they know about but cant stop it. Finally had the international LD blocked again as they keep turning it back on from the web (the cloned phone user)
I caught the bill early and it was only $653 for calls made in one day over a period of a few hours to Cuba and other countries.
The problem is there is another physical phone out there with my number calling god knows who. Calls in the US are free under my plan and I am on the unlimited plan so it doesn't really bother me. But when they use my phone my phone does not ring! This is my business phone and it is so important that it be able to get calls through. This happened (started) in December of 09. Today is 1/6/10 and it is still out there with no solution in sight.
My daughter (age 10) just got a phone (verizon) & it is cloned. She received 2 unknown texts last night. I called the number & the girl said that was her Uncle's number. I called verizon, they told me 2 people could not possibly have the same # and ignored my concerns. Caught it early enough that there were only 5 texts done. I had the number changed & this afternoon she received a call from the same # as the night before. Called Verizon again & talked to a wonderful rep, who immediately talked to a supervisor & tech support. She tried to transfer my call to the Fraud Dept, special in cloning, & they only work business hrs. So basically if you realize you are getting screwed & it is the wknd, or after 5pm, then you have to wait until Monday to get the problem resolved. I made them disconnect the phone for now.
Ha ha ha. What do you mean people shouldn't be worried?
I used to work in a sprint call center- and all people need to clone your phone is two 10 digit numbers, the nature of these numbers won't be mentioned for obvious reasons. This can be easily done if you have physical access to someone's device. There is a 6 digit number that unlocks the programming menu, from there you can view and edit the programming info- at which point the person doing the cloning would write down the info, or just program those two ten digit numbers into his or her device. Viola- cloned phone. It might be encrypted over the air with a Ki, but there are still ways around that... Sprint works on the CDMA network and uses no SIM card- only for internationally roaming, which would require a dual band CDMA/GSM device, or what we call world capable.
ATT, T-mobile, and Verizon work on the GSM network and they all use SIM cards, or Subscriber Identification Module- to identify and authenticate the subscriber. These cards can be easily cloned if someone has access to the card itself. This card can be copied using a smart card reader, certain kinds of which can be purchased for less than $15. The encrypted information can easily be decoded with a bruteforce cracker in less than a few hours if you have a decent computer. This information can then be reprogrammed onto a prepaid SIM. Once again- cloned phone.
The upside is that equipment for catching this info over the air is very expensive, so physical access to the device and/or card is the most likely way of cloning a phone. Sounds to me like jealous husbands and wives would be more likely to clone someones phone...
And the only other problem I have with this article is that it is totally inaccurate-
The ESN information has nothing to do with cloning a phone. ESN stands for Electronic Serial Number- which is a device specific number, for example: two iPhones will not have the same ESN. The only use for an ESN is for the company to send an over the air signal, or OTA/Ad-Hoc signal, to that specific device to program it- and this is only done by Sprint or Clearwire. Where as the ESN for an ATT or Verizon does nothing other than identify that specific device.
And I think what you meant by MIN is MDN- which is the user's actual phone number.
Keep in mind- I won't tell you what numbers you would really need for obvious reasons- but it is still possible to catch those numbers out of the air, it's just that the equipment to do so is very expensive, and usually only purchased by law enforcement agencies and government agencies- like the FBI.
But to be frank, I can clone your phone in less than two minutes- it's not really that hard.
By the way- Frosty- if you want that to stop call sprint and tell them about it being cloned- then tell them you want them to change the MSID and reprogram the device. Ta-da, no more cuban calls. And while you're at it- you should have a rep make a fraud case for you, and ask that someone remove your PTN from any sprint.com account it might be associated with since you didn't authorise it. They'll call you back within 72 hours to let you know what happened.
D-cat- you should just request a new SIM card- problem solved.
I work in fraud prevention in a small company, in a small country in Europe. All discussions here were very helpfull for me. I'm interested to know more in this area.
From my understanding, text messages cannot be cloned. Only phone calls can. So if you are receiving spooky text messages or if someone is saying that you're number is sending them text and it's really not, then it may be a case of "spoofing"... not cloning.
Also, hacking/tapping into someone's phone is not the same thing as cloning. If you think someone (ex-boyfriend, mother-in-law, etc.) is hacking into your phone to listen to your phone conversations or intercept your emails, then consider yourself a very special person because ...unless you are a member of the Taliban and you have FBI on your tail...this rarely happens; side note: my life is way too boring for anyone to want to listen in on my calls. However, a master factory reset should fix that issue.
Now, normally someone who is cloning a phone does not know the person they are cloning. I believe most "cloners" are just trying to make some dinero at the expense of others. I can tell you how many times I've been to New York and encountered some shady person from the street trying to sell me a cell phone from the back of their car trunk or backpack that they say is already activated and I can use for long distance. Which means most of the people who are using the cloned phones don't even know they are using an illegal phone. However, if your phone has been cloned then you should a get or buy a different phone and this should resolve your problem.
we got bill on new years day, 18 calls to cuba, took at least an hour talking to multiple people at sprint, they did belatedly admit that someone had cloned the phone and the bill would be adjusted accordingly. It was obvious that the calls were fraudulent, as many were only two or three minutes apart.
they then changed the number on the phone system, not the phone number. this messed up the apps such as internet and who knows what as we haven't yet checked gps, etc.
not exactly the world class service we expected when we signed up for the everything included no surprise service when we got the new phone.