Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security Communications

Cell Phone CEOs Marked For Phone Cloning 255

Posted by Zonk from the better-than-real-cloning dept.
Saint Aardvark writes "When Sarah Drummond got back from Israel, she found a cell phone bill for more than $12,000. She contacted her cell phone provider to let them know that someone had stolen her phone, but they weren't interested in helping her and told her she'd have to pay. In preparing for small claims court, she and her partner found out that not only does her company have the ability to spot unusual activity on a cell phone account, the company executives' own phones have been targeted by a group linked to Hezbollah. From the article: 'They were using actually a pretty brilliant psychology. Nobody wants to cut off [CEO] Ted Rogers' phone or any people that are directly under Ted Rogers, so they took their scanners to our building, like our north building, where our senior top, top, top executives are. They took their scanners there and also to Yorkville, where there are a lot of high rollers and like it would be a major PR blunder to shoot first and ask questions later. . . . Nobody wants to shut off Ted. Even if he is calling Iran, Syria, Lebanon, and Kuwait.'"
This discussion has been archived. No new comments can be posted.

Cell Phone CEOs Marked For Phone Cloning More

Cell Phone CEOs Marked For Phone Cloning

Comments Filter:

  • Rogers Wireless Customer (Score:5, Interesting)

    by Tiberius_Fel ( 770739 ) <`ten.nrobereripme' `ta' `lef'> on Saturday December 17, 2005 @02:33PM (#14280533)
    I'm a Rogers Wireless Customer (no, I won't tell you my phone number :P) and it's a scary thought to see that if somebody stole my phone and ran up a $12 000 bill, they would expect me to pay it. But what really makes me wonder is why they didn't stop to ask somebody! Sure, you don't want to cut off Ted Rogers' phone, but if you told him about it and said "this is unusual activity in your account - are you sure it's not fraud?" it would probably have been a good idea. Credit card companies (that I can recall) do just that.
    • Because credit card companies are responsible for fraudulent charges and cell phone companies aren't.

    • Re:Rogers Wireless Customer (Score:5, Informative)

      by toddbu ( 748790 ) on Saturday December 17, 2005 @02:51PM (#14280613)
      they would expect me to pay it.

      Cell phone companies are masters of telling you one thing but getting you to sign a contract that says something else. When I wanted to add my kid to my family share plan, I told my carrier (Verizon) that I wanted to limit the number of minutes that a phone could call in a month in case a friend stole the phone. They told me that they couldn't do that. Then, without asking, the rep said "but if your phone gets stolen then we'll waive the charges." I told her that I'd accept that if she's put it in writing, but she said she couldn't do that.

      Here's my advice - never, ever, ever trust a cell phone company. Once they have your signed contract, they have no reason to let you off the hook. They love this kind of stuff because people often just pay the bill rather than taking on the expense of hiring a lawyer. In a case like this, I'd just threaten the cell phone company with a class action lawsuit on behalf of the thousands of people who have had this happen to them in the past. The cell phone company, if they are going to put you on the hook for the bill, then has a fiduciary obligation to protect your interests and do everything in their power to stop this kind of fraud. If they don't then they are negligent and share in responsibility to pay the bill.

      If you're really worried about this, get a pay-as-you-go phone. There are plans out there today that compete very well with regular service and some even allow you to use your minutes for more than one or two months.

      • Re:Rogers Wireless Customer (Score:5, Insightful)

        by mi ( 197448 ) <slashdot-2017q4@virtual-estates.net> on Saturday December 17, 2005 @03:12PM (#14280697) Homepage Journal
        Then, without asking, the rep said "but if your phone gets stolen then we'll waive the charges." I told her that I'd accept that if she's put it in writing, but she said she couldn't do that.
        Your story would've been a lot more interesting, if you still signed up, the phone got stolen and Verizon refused to waive the charges. Then, you'd have something to complain about.

        She couldn't put it in writing, because the legal definitions alone would've taken several pages. Verizon does not want to give too much grief to honest customers, who lost their phones, but it does not want to get taken by those, who lie about it either.

        They, probably, look at each case individually, and that is, what she was trying to say.

        That said, your advice to not trust (or partially discount) verbal promises is perfectly sound, of course, and applies to all business dealings.

        • Re:Rogers Wireless Customer (Score:3, Funny)

          by Anonymous Coward
          Please man, use, commas, like someone, other than, Shatner.
        • She couldn't put it in writing, because the legal definitions alone would've taken several pages.

          How do you figure? My credit card company does it in a single paragraph. You shouldn't excuse the cell provider. Even if it was several pages, they could have offered it to me as an option, especially since I requested it.

          That said, your advice to not trust (or partially discount) verbal promises is perfectly sound, of course, and applies to all business dealings.

          I love watching The People's Court. At

      • Or buy a cheap, unlocked, SIM enabled phone off ebay and don't sign a contract at all. Your kids don't need a whiz bang phone, it's highly likely you don't either. :) Either way, you can get pretty much any phone unlocked from ebay so you don't have to worry about a contract, or even what carrier you're using. Take control of your cell phone, don't buy into prepaid.
      • T-Mobile Prepaid [t-mobile.com]. 10 cents/minute if you spend $100. Fewer tricks than other companies. Your time extends to a new year if you spend $10 before the end of the first year, I was told.
        • That's what we settled on for my son. We also just converted my wife's phone. I've got one more phone left that I'm not sure what to do with. I like the ability to periodically PPP to the Internet from anywhere and conduct some business. If I can find a better way to do this that won't cost a fortune then I'd probably switch as well.
    • .. that had been considering a switch to Rogers, but after reading this story, I will never consider them again. I imagine there are probably 10 other people just like me, that will decide not to buy from Rogers in the future. If you take even ten 2 year contracts billed at $50/month, you are already at $12,000 in revenue.

      The bad publicity that Rogers is getting from this, will surely be much more expensive than if they were to simply write off the bill. And trying to settle for $2000? If they are willing

      • .. that had been considering a switch to Rogers, but after reading this story, I will never consider them again.

        Take it from me; I switched from Rogers to Telus and I'd never go back.

        Picture this; between jobs, cell phone is my primary phone (the number is, in fact, in the dozens of resumees I'd handed out), I pay either late or partial payments on all my bills while I try to 'catch up'. Naturally, the billing department begins to harass me. The phone calls become more frequent and nasty as I assert t

    • Yes, cell phones are increasingly becoming more and more like credit cards. I've noticed this trend. You can buy all kinds of ring tones. In some countries, you can pay bills, etc. Isn't it time we start demanding the same assurances. For instance, if someone steals my credit card, the max I'm liable for is $50. Can't that be the case with cell phones too? I for one am going to read the contract more carefully next time. I'd encourage everyone else to do the same.
    • I understand that you may be locked into a contract for wireless service, but that aside: do you intend to continue your service with them? If so, why?
  • As title.

  • This company should be charged... (Score:4, Interesting)

    by The I Shing ( 700142 ) on Saturday December 17, 2005 @02:36PM (#14280548) Journal
    So, in essence, this Rogers company is aiding and abetting terrorist groups by forcing their customers to sponsor cell phone usage by those groups.

    Sounds like just the sort of thing the USA PATRIOT Act was meant to stop, but somehow I doubt that the FBI is going to step in.

  • Well... (Score:2, Insightful)

    by Azureflare ( 645778 )
    At the end of the article, they mention that the company offered to settle for $2,000. That's a LOT better than $14,000+ she'd have to pay if she loses (with interest). I gotta admit she's got guts going up against them, but I think her case is pretty shaky. A lot of her information relies on evidence that is really in the cell phone company's hands (i.e., how the computer system works to detect fraud). When you get into a contract, you're basically at the mercy of the contract holder. It may suck but in
    • My advice: don't back down. It's just as likely that the phone company itself invented this charge out of thin air to buffer its slumping revenues as it is that "hackers" did it. I would not settle for a penny. And I'd start killing executives if they tried to garnish my wages.

      • Re:Well... (Score:3, Informative)

        by bladernr ( 683269 )
        My advice: don't back down.

        Absolutely. Those who don't fight for their themselves don't deserve much respect. But then you go so wrong...

        It's just as likely that the phone company itself invented this charge out of thin air to buffer its slumping revenues as it is that "hackers" did it.

        Wow. You find it just as likely that corporations will invent crimes with no basis in fact (no matter how twisted?). I know Corporations Are Evil (TM) and all ... but isn't this paranoia a little extreme? "I find it

        • Re:Well... (Score:3, Interesting)

          by Max Threshold ( 540114 )
          I've personally had a police officer and/or court agent invent a traffic ticket out of thin air. They didn't even get the make and model of my vehicle right, but they harassed and threatened me for three years just to extort $150 (after waiting a year and a half to even tell me about it so I couldn't get a hearing.) They kept sending threatening letters to my mother, who finally broke down and paid them.

          Such things aren't too surprising from unheard-of little fucktowns in Florida, the fraud and extortio

    • Re:Well... (Score:2, Insightful)

      by Anonymous Coward
      Interesting advice but since the defendant teaches law I would like to think that she may actually have an idea on the subject.

    • I just love your attitude (Score:5, Insightful)

      by cdn-programmer ( 468978 ) <terrNO@SPAMterralogic.net> on Saturday December 17, 2005 @02:54PM (#14280632)
      Hey - lets do some biz. I'll pad the invoices for $20K and then offer to settle for $2K. This way you can feel oh so good as I shake you down for $2000 bux.

      The jerks just love people like you. Over time they figure out where the highbar is and cheat and steal just below this level. Most people will pay rather than fight. I suppose traffic tickets fall into this area as well. But then that is instutionalized right?

      • Traffic tickets are usually your word against the police officer's. Guess who the judge is more likely to believe.

        If you're not guilty, then by all means, make them work for the fine $$$.

        If you're guilty, then take your lumps and move on. Going 50 in a 35 does not mean the 'pigs' are 'out to get you'

        To bring this back ontopic, most companies selling a monthly service/utility will get you with the small fees, not the big ones. 50 cents, 87 cents, vaguely labeled taxes, etc. It adds up.
    • At the end of the article, they mention that the company offered to settle for $2,000. That's a LOT better than $14,000+ she'd have to pay if she loses (with interest).

          That's also about $2000 more than she spent in calls in the first place.
    • Also, did that company manager know she was getting tape recorded by her partner?

      I don't know how it is in Canada, but here in the USA, taping a phone call without informing the other party is very much against the law, unless you have a specific wire-tap court order. Not only that, you must also have your taping equipment make a regular beep, to remind everybody of the taping. I'm not saying she broke the law, but if you're going to try this, make sure you know just what the law is where you are, to ke

      • I don't know how it is in Canada, but here in the USA, taping a phone call without informing the other party is very much against the law, unless you have a specific wire-tap court order.

        Depends on the state. Some allow it, some don't [pimall.com].

        Though I thought that the recorded conversation was in person, not over the phone, which might change things even more. (And finally, it's in Canada, so US law shouldn't apply at all, as you've already mentioned.)

      • It depends on state law. Federal law only requires that one party knows that the call is being recorded, and it doesn't require a beep.

  • Repeated problem? (Score:4, Insightful)

    by Darlantan ( 130471 ) on Saturday December 17, 2005 @02:41PM (#14280566)
    I don't find the fact of who they're targetting, or the fact that they're cloning phones, all that shocking. I do, however, find it a bit fishy that these same (big) people have been _repeatedly_ targetted, and it has been noticed several times. You'd think that some sort of measure would have been put into place by now to at least curb the effectiveness of this tactic when used on these same people. I mean, after the first time my phone got cloned, I think I'd pass word down to the grunts to block calls to certain countries from that phone, as long as there wasn't a high "real" call volume there.

    At any rate, after this being done several times, you'd think they would have some checks in place, but hey...when you own your own huge company, I guess paying your own bills isn't really an issue.

  • Horrible article (Score:2, Insightful)

    by vadim_t ( 324782 )
    Could somebody explain what does this mean? What is involved in cloning, and how does it work?

    Where does the "terror" group come in? What are they trying to do here, and why is it a "terror group" if they aren't uh, terrorizing anybody?

    And most importantly, what is the point of making some random person pay for a CEO's phone usage? Is it an attack against the CEO, her, or just intended to create problems for Rogers?

    • Re:Horrible article (Score:2, Informative)

      by Terp82 ( 934838 )
      Were you reading the same article as the rest of us?

      1) Cloning is the process of mimicking a cell phone's identity such that calls you make appear to have been made from your unsuspecting victim's phone.

      2) Hezbollah IS a terrorist organization. Where have you been that you do not know this?

      3) The CEO is paying for the TERRORISTS' calls, not the other way around!

      RTFA!
    • Terrorist groups often finance their operations with petty crime, like credit card fraud.

  • limits and call-backs (Score:4, Insightful)

    by penguin-collective ( 932038 ) on Saturday December 17, 2005 @02:50PM (#14280603)
    You should be able to set upper limits for your cell phone expenses, plus have people call you back if there is unusual activity.

    Credit card companies do this for credit cards and it works fine. There is no reason not to do it for cell phones, other than that cell phone companies hope you'll run up lots of charges. The reason why they hope you do that is because, unlike credit card charges, cell phone charges are not real money. That is, if you complain about your $10000 cell phone bill, it costs them little to "forgive" it, whereas a $10000 credit card bill is real money.
    • Except that the $12,000 isn't just imaginary money. I'd be willing to bet that the cell phone carrier doesn't own all the towers, but instead leases the use of them, probably an a bandwith use rate. And if $12,000 is rung up in one month, chances are the theif was making a lot of international or toll calls. The company has to pay out for those as well.

      But yes, there should be an upper limit. And the company should call and ask if there is any significant unusual activity (I'd say that even as low as

  • So don't pay! (Score:5, Insightful)

    by MLopat ( 848735 ) on Saturday December 17, 2005 @02:52PM (#14280626) Homepage
    Here's a simple solution... don't pay your bill! Just because you receive an invoice from a company, it does not mean that you need to pay it. If you want to dispute the charge, switch providers and let things run their course.

    Now some people worry about their credit ratings... well up here in Canada, our credit bureaus are private corporations with very little responsibility to anyone and in fact there are only two. The credibility of the credit system in this country is weak at best. For example, if I decide to invoice each and everyone of you, and do not receive payment, I simply send this information to the credit bureau and a black mark is added to your record. You will NOT be notified, and likely won't discover this until you need to apply for credit. When you discover this blackmark, your only recourse is to have a note amended to your file to explain the accusation. Unfortunately this does little, if anything at all.

    That's why, for any significant purchases (i.e. a mortgage on a home, or large car loan) creditors look to our income to debt ration first, and weigh that heaviest.

    Long story short: don't pay the bill, and in a few years when it finally reaches court (after the company makes several attempts to settle for significantly less), explain your situation and countersue for court fees.

    • Credit ratings (Score:3, Informative)

      by nuggz ( 69912 )
      Well the reason credit ratings are important is they can.
      Prevent you from getting credit, this includes such thing as electric service without substantial deposits.
      It could prevent you from getting the loan, or a good rate on a car or mortgage.
      You might not get an apartment if you are unable to pay.
      Or a job
      It could raise your insurance rates.

      Quite simply poor credit is a black mark that could affect much of how you live your life.

      As for disputing, they have to correct all wrong information upon being inform
      • If you're the kind of successful person who happens to be a CEO or near-CEO that is targetted for a phone issue, you probably have many other things giving you a good credit rating: wicked income, stuff that can be sold (cars, houses, etc) for money, and other forms of credit (credit cards, for example).

        There's a 7-year timeout on a bad credit mark. I'd sure as hell do it.

    • Re:So don't pay! (Score:4, Informative)

      by v1 ( 525388 ) on Saturday December 17, 2005 @03:35PM (#14280801) Homepage Journal
      Let me explain why "let things run their course" does not work with credit reports.

      Someone I used to work with got an unpleasant surprise when he was applying for a car loan. He was rejected due to bad credit. He got a credit report and found out that he had a bounced check from a gas station in Oregon a year previous. He had never been to Oregon before.

      He contacted the station owner to find out that someone with the same first and last name as him had passed a bad check. The account had long since been closed and that name was no longer living at the account's address, so the owner searched the web and found a hit on the name, my coworker, and filed a nonpayment record on his credit report.

      Now whether the owner believed him or not that it was not him, it really did not matter. The owner wanted his $28 and was not going to remove the mark until he paid him. This is extortion. And in this case, there's really nothing you can do about it.

      He ended up sending a money order for $28 plus bounced check charge to the owner, who then removed the mark from his credit report.

      Now in this case the owner had at least something tangible (the check) and at least a very weak reason to point the finger, (same name) but really, he didn't even need that. He could have just decided to thumb through the phonebook and file a false report on anyone he spotted, and really there is no easy recourse for the victim. Eventually the mark on the report will expire, but all you can do is wait if the person really does not want to remove it or is extorting you and you don't feel like paying him off.

      Whoever set up the credit reporting system with so weak of safeguards and checks/balances, needs to be slapped repeatedly.
      • There are recourses for the victim. It will take a little time, but he can file a dispute with the credit bureaus. In the scenario you describe I believe he would get cleared.

      • Re:So don't pay! (Score:3, Insightful)

        by Fencepost ( 107992 )
        Beyond the option of challenging the report with the credit reporting system (which would trigger a return to the original reporter for more information, etc.) your coworker probably had several other courses of action. The simplest would probably be small claims court in his home state with a suit for libel with provable damages. Just because I as a small business owner have a bad check with "William Gates III" on it and an address that's no longer any good doesn't mean that I get to tell the credit report
    • After a while of not paying, you debt will be given to a Collection Agency.
    • I agree with your post and I'll append something very important that you missed: Move and don't tell them. You'll have to change to a new unlisted landline phone number (or get another cell plan), but it'll be like dropping off the face of the planet.

      Of course this is if you really don't deserve to get stuck with an outrageous bill (as in the case of being billed $12,000 for stolen phone service). And this is only really an option if you're an apartment dweller or don't mind selling the house. If you're onl
    • Hehe, judging by how many companies fail and get taken over, it most likely wont exist
      any more.

  • Sounds Fishy I RTFA (Score:5, Informative)

    by puto ( 533470 ) * on Saturday December 17, 2005 @02:59PM (#14280656) Homepage
    Ad nausea, I work for a large cell carrier.

    I investigate these types of charges on a weekly basis. And when something like this happens, we investigate and write off all the charges no problem.

    I am sure her phone was stolen. But where was it stolen from? Her house? Her car?

    Note the article said her phone was STOLEN, not cloned, two very different actions.

    More than likely she had it with her. It was stolen and she did not notice it gone. And when she got home she had a huge phone bill.

    If the phone was stolen in her home country, she could have filed a police report, showed it to rogers and they would have written it off.

    If the phone was stolen overseas, when she noticed it gone, should have immediately called and reported in.

    As someone who travels internationally, I tend to keep the phone with me on trips. Most people do. The article is very light on these details.

    If it was a GSM phone they generally need access to the phone and have to grab and clone the sim. So physical access is needed for the device.

    The article mentions that the owners of rogers got scanned and cloned. When was it, soounds like they used TDMA phones, which was probably a few years back when it happened.

    Rogers is GSM and I would imagine the pres and his execs would have using gsm for at least 2 if not three years for now.

    I googled for info on this and could not find any article about the CEO of rogers being cloned.

    A lot of times the maids in hotles, cruise ships, will use the customers phones when they are not around. That is why if you leave a phone in a room that is not your own, lock it, hide the sim. Battery in a different place. Little personal responsibility.

    So I think before we pass judgment we should get the rest of the story.

    Puto

    • I agree it does sound fishy. The same thing happened to me while travelling in a middle eastern country that shall remain nameless. I handed the phone to the family car driver to get a local SIM card (GSM). The vendor kept my US SIM and gave me a new local SIM card. When I go back home to the US, there was about $400 worth of charges on my Cingular bill. I tried to fight it but ended up paying. It was my fault. I should never have let my phone/SIM out of my sight.
    • Yup. I think somebody missed the distinction between stealing a physical phone and cloning a phones identity.

      I could be mistaken, but I don't think it's possible to clone a GSM or CDMA phone remotely. You can only do that with analog CDMA, which has been very uncommon in Canada for years.

      Are you liable for calls made on your physical cell phone by an authorized person? That's not much different then someone breaking in to your house and using a lot of expensive phone sex. There is probably precedent for tha
    • The article says she was in Israel for a month, and got the large phone bill for that time. Do Israel and Canada use the same system? If not, I can easily believe she left her cell phone at home, where it could be stolen. If she seldom uses it, I can see not keeping track of it at all times (I routinely forget where I leave mine, so I zip it into a pocket on my backpack), and not immediately noticing it was gone.

      Basically, her side of the story is not that unbelievable.

      • Israel is GSM as is most of the rest of the world. So her phone could be used there or in ANY country of the world. GSM is pretty much the international standard.

        And it seems odd that she was in israel and there were calls made to israel and sorrounding countries.

        I would say she lost her phone in israel. Did not report it stolen by the time she got back, and the charges were racked up.

        Puto

  • Whis is this Ms. Hopper? (Score:4, Funny)

    by IANAAC ( 692242 ) on Saturday December 17, 2005 @03:01PM (#14280662)
    She sounds like a teenage girl. "... our building, like our north building" and "... our senior top, top, top executives".

    I know it's a minor nit, but you'd think that when you're actually talking with the press you could say something more intelligent than "I was all like totally surprised".

    • She sounds like a teenage girl. "... our building, like our north building" and "... our senior top, top, top executives".

      She sounds like the goddamn President of the United States of America!

      I know it's a minor nit, but you'd think that when you're actually talking with the press you could say something more intelligent than "I was all like totally surprised".

      "Put it in my pocket, got the ear things on." [washingtonpost.com]

  • Just a stolen phone.. (Score:5, Informative)

    by swmccracken ( 106576 ) on Saturday December 17, 2005 @03:12PM (#14280700) Homepage
    Firstly, Rogers appears to be running a GSM network, so cloning the phone means NOTHING WHATSOEVER and is actually quite unnecessary -- any 'ol GSM phone will work.

    What you need to clone is the SIM - the little chip that is associated with your number. Stick it in any GSM phone (more or less) and off you go, you have that subscriber's identity.

    While it is possible to clone a SIM, you need access to the SIM and a smart card reader for several hours to crack the encryption. (At least in the earlier SIMs, they may have improved the situation since, I hope so.) This isn't a matter of reading an identification number off, you need to read off the private key from the SIM - something that was supposed to be imposssible but there are weaknesses in certain versions of the encyption algorithm.)

    Anyway, this particular case is not about SIM cloning, merely boring old cellphone being stolen. (It's admitted as such when the article states, "Ms. Drummond quickly determined what had happened: Someone had stolen her phone while she was away. She called Rogers Wireless, which told her there was nothing it could do, and she would have to pay the entire amount".)

    The whole misleading piece about phone cloneing is mostly sensational journalism - it seems some employees claimed that some terrorist groups cloned the CEO of the cellphone's company's cellphone. (And remember that the person at the centre of the story - one Ms Drummond - merely had her phone stolen, a much more boring case.)

    Anyway, Ms Drummond failed to notify her cellphone provider that her cellphone was stolen and then complained that the theif used it. The fraud detection system didn't detect it and it seems she therefore argues that it's not her fault. Even though I'd guess the cellphone company doesn't owe you anything when it comes to detecting fraudlant use of your phone.

    Moral of the story: As soon as you know your SIM is stolen, CONTACT YOUR CELLPHONE COMPANY! They can block outgoing calls on it saving you a lot of money.

    (GSM cellphone companies can also block phone IMEI's - stopping a theif from using that phone in the future - but only do this once the phone is known stolen as it's a real pain to get that undone.)

    If her phone/SIM had been cloned, then yes, the cellphone company would have an issue on its hands. As it is, all that's happened is silly girl didn't report a stolen phone. Happens all the time, nothing to see here, move along.

    Oh, and it's easy for a cellphone company to transfer a number to a new SIM.
    • But how does the local cell know who you are when you make a call? Surely the phone must transmit some identifying information. If it does that, and you can scan for it, you can reproduce it. Seems like a lot of those terroristy types are here on student visas, and a lot of them are studying electrical engineering. At my EE school, a lot of the students were of Middle Eastern descent, and one of our choices for senior design project was to design an entire cell phone network. Not much of a stretch to think

      • Replay attacks don't work. (Score:5, Informative)

        by swmccracken ( 106576 ) on Saturday December 17, 2005 @03:41PM (#14280824) Homepage
        Yes, the phone does transmit some identifying information once authorised - but identification is not authentication!

        To authenticate and authorise the phone/SIM pair to the network, the phone is just a go-between, shuttling information from over-the-air to the SIM and back again. (In case you're not aware, the SIM is a physical chip. In the old days, it was a smart card; these days it's just the chip of a smart card on a piece of plastic just a little larger than the chip.)

        The network sends an unique challange to the SIM (via the phone) and the SIM has to respond approproately using shared-secrets and techniques not too dissimilar from private-key / public-key cryptography. Replaying this is of no value to you because next time you want to authenticate, the challange will be different! (And I believe the Network is also authenticated to the SIM as well - I don't know the details that well).

        The theory is that the shared secret (Ki) is never transmitted over the air - it's known to the network and to your SIM and that is all - it was designed to it was impossible to retreive it directly from the SIM.

        It is an active process involving bidirectional communication, not a passive "this is my number".

      • I assume there's a cryptographic signature going on. Your phone creates a packet, sends it to the SIM card to be signed, and then it's transmitted to the tower. If the SIM card is designed properly, you have to physically have access to the SIM card to be able to sign packets (and therefore have the identity that you have).

        Not sure if this is how it works, but it should be. Replay attacks should not affect modern communication infrastructure!

    • So, you did read the article, right? (Score:4, Interesting)

      by jschottm ( 317343 ) on Saturday December 17, 2005 @04:11PM (#14280929)
      Moral of the story: As soon as you know your SIM is stolen, CONTACT YOUR CELLPHONE COMPANY ... As it is, all that's happened is silly girl didn't report a stolen phone.

      I know reading the article is frowned upon here and all, but it does kind of point out that the woman had been out of the country for a month and returned to find a huge phone bill. In the course of investigating what happened, she was told that her company did have pattern matching/potential abuse detection software deployed but ignores the results. The "silly girl" is an edge case due to the length of her being out of the country, but I don't have a lot of sympathy for the phone company. They chose to ignore what was 99.999% an abusive situation either to profit or out of complete cluelessness. Neither case gets a whole lot of sympathy from me. Here's a basic algorithm:

      If an account's monthly balance >= 3*Average of 3 previous month's total charges, chances are something is wrong. Of course, you have to add checks for a new account, but that's not that much more difficult.
    • The article is indeed very vague, but as I read it, she was abroad when her phone was stolen. She probably didn't have it with her, as the GSM's in the USA use a different band to communicate and are therefore incompatible with most of the rest of the worlds GSM networks. She probanly came home after a month or so, and found a bill, but no phone.
      • Actually er no.

        Israel runs 900 and 1800 mhz. Most phones sold in the past 2 years are tri-band. Though Canada is 850 and 1900 tri-band and quad band phones will hit the network just fine.

        Rogers phones are supplied from the same batches for cingular and ATT so they will more than likely have the 1800 tacked on because companies in the states do push it in some areas.

        And being a lawyer she probably has a higher end phone that has no trouble roaming overseas.

        Puto
  • Why have the cell phone companies not encrypted the communications which make it easy to scan for the codes needed to clone phones? OK, that is a silly question, it would cost them more money to implement than the fraud that it allows. Besides, they probably get a significant number of customers to just pay the fraudulent charges. Which means it is not impactinig the companies bottom line. And what are few pissed off customers? Even if customers change services there is enough churn between cell provi
  • First, she said her phone was "stolen", then she said Ted Rogers' phone was "cloned" by a group.

    Also, she was on a trip to "Israel", and the "group" has "links to" Hezbollah.

    Then the article says that Rogers Co. knew that Ted's phone was cloned ...

    That alleged group is not named, nor what the "links" are.

    Makes for a great headline though: "How a terror group cloned Ted Rogers' cellphone"

    She is not a high ranking exec, just an academic, so why did the pattern of her calls not trigger a service stoppage for h

    • Re:Let us see ... (Score:3, Insightful)

      by Down8 ( 223459 )
      She is not a high ranking exec, just an academic, so why did the pattern of her calls not trigger a service stoppage for her?
      IF you even scanned the article, you should have caught the mention that their fraud alerts systems did not alert her b/c they know she has a significant income and "sterling credit", so they knew they'd get their money, even though they had suspicions of fraud.

      -bZj
      • Actually the article doesn't say that that is the case. It just mantions that possibility as an unproven (and denied) conspiracy theory.
      • I did scan the article.

        This is what Drummond and Gefen think is the reason.

        Ms. Drummond and Mr. Gefen believe that the company bases the decision on a customer's creditworthiness. "If you have the financial history, they let the meter run," Ms. Drummond said.

        One more unsubstantiated claim in this article.

        (Not that I am defending Rogers or big corporations, but this whole thing smells of sensationalism. All the juicy attention grabbing keywords, Hezbollah, Terror groups, cloning of exec phones, conspiracy of

  • Reminds me of that Wired article (Score:5, Funny)

    by TubeSteak ( 669689 ) on Saturday December 17, 2005 @03:15PM (#14280715) Journal
    on three blind Israeli Phreakers http://www.wired.com/wired/archive/12.02/phreaks_p r.html [wired.com]

    Yekutiel "Kuty" Lavi, a security specialist at Bezeq International, Israel's largest telco and a frequent victim of the Badirs, angrily complains, "Every day people try to steal from us, but nobody has ever stolen from us the way the [three brothers] did. When they dial, they use the middle finger."
    Isn't that just a great mental image?

  • Incorrect detail (Score:3, Funny)

    by AndroidCat ( 229562 ) on Saturday December 17, 2005 @03:20PM (#14280733) Homepage
    Nobody wants to shut off Ted.

    Ted Rogers? In a heartbeat! Let him go through his own crummy "customer service" to get reconnected.

  • the phones of top Rogers executives had been the target of repeated cloning by a group linked to Hezbollah

    Really, so now Hezbollah has activities that are outside of Lebanon? As a Christian Lebanese citizen, I find this somewhat shocking. I should be the last one to try and protect Hezbollah, but it's just unfair when I see them mentioned in articles as a "terrorist" group, in the same way Al-Qaeda. Hezbollah has always been, and is limited to the Lebanese territory... now what the boundaries of those ter

  • This is a terribly written article... (Score:3, Interesting)

    by merc ( 115854 ) <slashdot@upt.org> on Saturday December 17, 2005 @03:52PM (#14280858) Homepage
    A journey of 1,000 miles begins with a single step -- and so it was that law professor Susan Drummond's long, strange trip into the world of wireless security, where she learned that a terrorist organization had appropriated Ted Rogers' cellphone number, was launched by the arrival of a phone bill for $12,237.60.

    Okay, thanks for introducing Ms. Drummond. Who the hell is Ted Rogers and what did that have to do with Ms. Drummonds number being cloned. I don't think they did a very good job of explaining that. I read the article twice and still have no idea who Ted Rogers is.

    "They were cloning the senior executives repeatedly, because everyone was afraid to cut off Ted Rogers' phone,"

    Uh.. okay, well.. why didn't they do it to Ms. Drummond's phone either? Crappy article.
  • Aiming at their calls to (!Terrorist!) countries is just trying to get back to them. Focus instead on the real problem, of Rogers overcharging people.

    In our case, they added 10-20$ CAD to our Internet bill. We complained, they apologized and removed the additional amount. Next month we again saw additional charges. In total they overcharged us 3 times. Since we cant audit monthly bills, we switched to Bell (another hated ISP for various reasons). I've since warned every Rogers customers to check their bills
  • The summary calls her Sarah, the article calls her Susan...

    A few mistakes in a summary is to be expected here, but at least get the name right...
  • i actually typoed that as "lies" originally... ironically it might just fit... anyways:

    Jan Innes, a vice-president with Rogers Communications, confirmed that the company has an automatic fraud-detection system that flags suspicious calling patterns, but refused to say how it works. "We do not give out information that might help people get around the system," she said.

    Translation: "Our system is not fool-proof, and we are aware it can be exploited, but are doing nothing to prevent it. We are instead

  • Why I hate cell phone service providers (Score:3, Insightful)

    by krunk4ever ( 856261 ) on Saturday December 17, 2005 @06:30PM (#14281725) Homepage
    I posted this on my blog somewhile back: http://www.krunk4ever.com/blog/?p=56 [krunk4ever.com]

    What Grinds My Gears: I've probably made this rant before, but I really really hate the help cell phone service providers provide when you lose your phone. In other words, NO HELP. A friend recently lost his cell phone and it irked me since the T-Mobile was giving him the same bullshit they gave me. Once again, I could never see WHY they wouldn't help us track the phone or help the law enforcement track down the thief? What more easier way is there when a thief is carrying a tracking device!?!?! There should be a list of all reported stolen phones and when someone tries to make a call from that phone, it'll try to locate the person through triangulation and notify the nearest police department to that area (which is easily doable since 911 works on a cell phone). Another service easily providable is any call made from that phone no matter what # was dialed (besides emergency #s like 911) will be forwarded to 1 particular # which the own can set. I mean in the event where the owner loses the phone and the person who found the phone wants to return it, he'd probably try to call someone on that list and ask if they knew who owned this #. By being able to forward all calls to say your home line, you won't have to worry about long distance charges and you can be certain if they try to make a call, it'll be forwarded to you. Another extremely stupid idea is that when you lose your phone is that they recommend that you suspend your account to prevent the thief from putting charges on your bill. However if you're under contract, suspending your account VIOLATES the contract and you're forced to pay the cancellation fee. Which really only leaves you instead of suspending the account to immediately purchase a new phone and swap it onto the current plan. I've asked before if it was okay to suspend the account, but continue paying for the service until I could get a new phone. They apologize and said they couldn't do that. OH MY GOSH! I'm willing to pay for a service which I WILL NOT BE USING, but instead they make it harder on the customer and force them to either get a new phone immediate or suspend the service and pay the cancellation fee.
  • In all honesty...How the hell could Rogers miss out on $12,000 worth of phone calls. I'm fairly certain that in their entire customer database only a few customers could actually produce this kind of traffic. If Rogers thinks a judge will let them bilk one woman for making $12,000 worth of phone calls I think common sense will kick in.

Slashdot Top Deals

"The great question... which I have not been able to answer... is, `What does woman want?'" -- Sigmund Freud

Close