(mobile-ip) Cellular Phone Fraud Operator Arrested (Summary and Comments)

owner-mobile-ip@sunroof2.eng.sun.com Sat, 22 October 1994 02:26 UTC

Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: owner-mobile-ip@sunroof2.eng.sun.com
Date: Thu, 20 Oct 1994 21:37:55 -0500
Message-Id: <01.1994Oct20.21h37m55s.PAUL@TDR.COM>
To: Cellular List -- Cellular EC <cellular@slcdec.dfv.rwth-aachen.de>, "Telecom Digest <risks@csl.sri.com> Mobile IP list <mobile-ip@ossi.com> Privacy <comp-privacy@uwm.edu> Commercialization <com-priv@psi.com> Problems List <problems@tdr.com> Risks" <risks@csl.sri.com>
Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
>From: Paul Robinson <PAUL@tdr.com>
Subject: (mobile-ip) Cellular Phone Fraud Operator Arrested (Summary and Comments)
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Orig-Sender: owner-mobile-ip@sunroof.eng.sun.com
Precedence: bulk
Reply-To: mobile-ip@sunroof.eng.sun.com

>From: Paul Robinson <PAUL@TDR.COM>
Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
-----
The following article summary is followed by some comments:

   In a Front Page article appearing in the Wed 19 Oct 1994 {Washington (DC)
Times} entitled "High-Tech sleuthing busts cellular phone fraud ring" 
reporter Doug Abrahms tells us that Clinton Watson and two other persons
were arrested Monday for selling cellular phones with altered serial
numbers, causing the charges to be sent to legitimate cellular users.
   According to an Indictment in U.S. District Court in San Jose, when
police raided Watson's house, they found 30 phones with counterfeit ID, 16
altered memory chips and 600 mobile phone numbers which could be used for
fraudulent calls.  Some of Mr. Watson's phones had as many as 12 different
ID numbers, thus spreading usage patterns over a large area.  Other phones
were designed to allow the ID to be changed at will. 
   Police and cellular companies have turned to using 
more sophisticated means to find illegal cellular phones, including 
helicopters, voice prints and traffic analysis. 
   Mr. Watson is a Computer Programmer who designed his own software to 
program integrated circuts to include numbers read from scanners used on 
the cellular band.  The phones so set up were referred to as "lifetime" 
phones since they never got a bill.  They sold for $1,200 to $1,500 and 
have been found all over North America, according to Ron Nessen of the 
Cellular Telecommunications Industry Association (CTIA), which estimates 
that cellular fraud is a $1 million a day problem, with people stealing 
cellular IDs by waiting near tunnels, airports and parking lots to snatch 
the ID code transmitted.
   New York's NYNEX is introducing a PIN code on cellular calls.  The 
Mayor and Police Commissioner of New York City have had the IDs for their 
cellular phones stolen six times this year.  A division of TRW is 
developing a means to prevent calls unless the user's voice print matches 
the print on file.

Comments:

1.  Cellular Companies have been notorious for evading security problems
in their phones.  Rather than spend the money to add encryption in their
switch software, they got a law passed to make it illegal to listen to
cellular frequencies and to build equipment that can monitor cellular
bands. 

2.  Cellular phones transmit call information in the clear, so a thief 
can just use someone else's number and steal a few minutes of airtime 
from them; if you bleed 10,000 customers of ten extra minutes a month, 
almost none of them individually will recognize that their bill is ten 
minutes too high.  Unless customers complain, the Cellular Company 
won't care.

3.  A typical practice of an aerospace/military contracting company like
TRW is to try an implement and expensive complicated system such as voice
print matching instead of something simple and cheap like a device to 
implement either Kerberos validation, S/Key style one-time passwords, or
MD-4/MD-5 arithmetic checksum of some stored value.  Putting such methods 
in as an inexpensive box like a Radio Shack tone dialer might cost users $20 
and installing it in new phones might cost an extra $2 or $3.  Persons 
having portable PCs could run a program to generate the code.  Since 
everything is done without a secret being transferred, the software to do 
this can be public and nothing is compromised.

4.  Does using a biometric validation system on a communications network 
scare anyone?  I can think of a half-dozen reasons to dislike it, 
including:
- use of the system to track and locate dissidents and anyone the people
who run the government don't like;
- my sister wants me to call someone for her and find out something 
without them knowing it's her asking; I don't match her car phone profile; 
- I borrow her car to do an errand; I can't call her back to let her know 
what I found out for her;
- Bugs in the software might not recognize the owner with a cold, after an 
accident that damages their throat, or after some forms of surgery;
- Checking voice prints will require very heavy processing capability, 
quite likely slowing down call connection times;
- I bug someone's car and simply play back the recording to unlock their 
phone. 

I think that this is an attempt to "kill flies with nuclear weapons," 
e.g. excessive overkill.  There are cheaper alternatives such as
mathematical verification that will probably be quite effective without
using a system that requires expensive and complicated subsystems such as
voice print recognition. 

-----------------------------------------------------------------------------
IETF Mobile IP Working Group Mailing List - Archives:  playground.sun.com
Unsubscribe:	unsubscribe mobile-ip		(as message body, not subject)
Direct all administrative requests to majordomo@sunroof.eng.sun.com

(mobile-ip) Cellular Phone Fraud Operator Arreste… owner-mobile-ip