- Email: [email protected]
Pressure to charge hacker
December 7994
Computer Fraud & Security Bulletin
losses have amounted to nearly half a billion dollars. Using sophisticated undercover operations, law enforcement and private industry teams hope to stop the rapid growth of cellular phone cloning. To catch Watson, the Secret Service and the San Jose US Attorney teamed up with AT&T’s Corp Cellular One of San Francisco, California. In addition to bringing in Watson, the Secret Service also arrested two of his partners and confiscated thousands of dollars worth of equipment. In addition, Glendale police also in California, broke up one of the most active cellular phone fraud rings in the country. More than 50 cellular phones reprogrammed to steal phone calls and thousands of dollars worth of hardware for altering cell phones were seized. Before any cellular phone call is connected, the cellular phone transmits two numbers to the carrier’s computerized switching equipment. One is the phone’s Mobile Identification Number (MIN), given by the cellular phone company and the other is an Electronic Serial Number (ESN) unique to each customer’s phone. Both numbers are stored on a chip inside the phone. Once the numbers are transmitted, the computerized switching equipment compares the two. If they match, the caller is assumed to be legitimate and the called is put through. The problems arise when thieves intercept the MIN and ESN numbers as they are transmitted. The stolen numbers can be reprogrammed onto another phone in a process that takes less than a minute. Cloners charge $80 to $100 a month for unlimited free calling using the fake numbers. When the phone companies realise what is happening, the cloners simply reprogram the phone with another set of stolen numbers. Some phone companies have been taking steps to prevent cellular phone fraud. LA Cellular has introduced a new service called Fraud Protection Feature (FPF) which lets customers control access to their own accounts. Using a personal code customers can dial the phone company to block the use of an account for outgoing calls if they know that they do not require them for a period of time. The account will still receive incoming calls and the block on outgoing
2
calls can be lifted with a phone call and the use of the same personal code. LA Cellular also plan more sophisticated methods. Operation Blackbird will use special equipment to recognize differences in radio waves created by variations in each cellular phone. By matching the radio waves with the MIN and ESN numbers transmitted, the company will be able to verify call authenticity.
More simple is the use of monitoring
facilities on usage patterns of customers. If the pattern is broken the cellular phone company is alerted and the customer can be telephoned to check the validity of the calls. If the calls are not legitimate the account is closed and a new one opened.
Pressure to charge hacker A report in Computer Weekly states that the UK’s Crown Prosecution Service (CPS) is facing criticism from the US over its reluctance to charge a youth who is alleged to have hacked into military systems in New York State via the Internet. The reluctance is believed to stem from the unsuccessful prosecution of Paul Bedworth in 1993. A spokesperson for the CPS said, “We have got a file on the case and are not sitting on it. We’ll make a decision shortly. Officials in the US have sent faxes to Scotland Yard in an attempt to find out why the youth has not been charged with any offenses since being arrested in May. The authorities have been investigating the hacking incidents for months. The youth is said to have hacked systems run by the US Air Force and South Korean Atomic Energy Institute. According to somebody at the Institute, apparently there was a “slim possibility” that a UK hacker had stolen some secret nuclear data.
PRIVACY NEWS The privacy issue of BT’s call return service The UK, Data Protection Registrar Elizabeth France has warned people about the risks of two new calling line identification systems that were
01994
Elsevier Science Ltd
Computer Fraud & Security Bulletin
losses have amounted to nearly half a billion dollars. Using sophisticated undercover operations, law enforcement and private industry teams hope to stop the rapid growth of cellular phone cloning. To catch Watson, the Secret Service and the San Jose US Attorney teamed up with AT&T’s Corp Cellular One of San Francisco, California. In addition to bringing in Watson, the Secret Service also arrested two of his partners and confiscated thousands of dollars worth of equipment. In addition, Glendale police also in California, broke up one of the most active cellular phone fraud rings in the country. More than 50 cellular phones reprogrammed to steal phone calls and thousands of dollars worth of hardware for altering cell phones were seized. Before any cellular phone call is connected, the cellular phone transmits two numbers to the carrier’s computerized switching equipment. One is the phone’s Mobile Identification Number (MIN), given by the cellular phone company and the other is an Electronic Serial Number (ESN) unique to each customer’s phone. Both numbers are stored on a chip inside the phone. Once the numbers are transmitted, the computerized switching equipment compares the two. If they match, the caller is assumed to be legitimate and the called is put through. The problems arise when thieves intercept the MIN and ESN numbers as they are transmitted. The stolen numbers can be reprogrammed onto another phone in a process that takes less than a minute. Cloners charge $80 to $100 a month for unlimited free calling using the fake numbers. When the phone companies realise what is happening, the cloners simply reprogram the phone with another set of stolen numbers. Some phone companies have been taking steps to prevent cellular phone fraud. LA Cellular has introduced a new service called Fraud Protection Feature (FPF) which lets customers control access to their own accounts. Using a personal code customers can dial the phone company to block the use of an account for outgoing calls if they know that they do not require them for a period of time. The account will still receive incoming calls and the block on outgoing
2
calls can be lifted with a phone call and the use of the same personal code. LA Cellular also plan more sophisticated methods. Operation Blackbird will use special equipment to recognize differences in radio waves created by variations in each cellular phone. By matching the radio waves with the MIN and ESN numbers transmitted, the company will be able to verify call authenticity.
More simple is the use of monitoring
facilities on usage patterns of customers. If the pattern is broken the cellular phone company is alerted and the customer can be telephoned to check the validity of the calls. If the calls are not legitimate the account is closed and a new one opened.
Pressure to charge hacker A report in Computer Weekly states that the UK’s Crown Prosecution Service (CPS) is facing criticism from the US over its reluctance to charge a youth who is alleged to have hacked into military systems in New York State via the Internet. The reluctance is believed to stem from the unsuccessful prosecution of Paul Bedworth in 1993. A spokesperson for the CPS said, “We have got a file on the case and are not sitting on it. We’ll make a decision shortly. Officials in the US have sent faxes to Scotland Yard in an attempt to find out why the youth has not been charged with any offenses since being arrested in May. The authorities have been investigating the hacking incidents for months. The youth is said to have hacked systems run by the US Air Force and South Korean Atomic Energy Institute. According to somebody at the Institute, apparently there was a “slim possibility” that a UK hacker had stolen some secret nuclear data.
PRIVACY NEWS The privacy issue of BT’s call return service The UK, Data Protection Registrar Elizabeth France has warned people about the risks of two new calling line identification systems that were
01994
Elsevier Science Ltd