edtjda@magic322.chron.com (Joe Abernathy) (03/13/91)
[Moderator's Note: Although I do not normally accept copyrighted
material with distribution restrictions placed on it for use in the
Digest, this exception is being made at the request of Mr. Abernathy
who has graciously given me the exclusive republication rights to his
article on the net. I hope you enjoy reading this special report. PAT]
***** PLEASE NOTE RESTRICTIONS *****
Permission is hereby granted for one-time redistribution in the
TELECOM Digest / comp.dcom.telecom newsgroup on Usenet and associated
mailing lists or BBS' which normally re-distribute TELECOM Digest. All
other uses, including paper and electronic distribution or storage on
any electronic medium, are strictly prohibited with the exception of
the TELECOM Digest / comp.dcom.telecom archives at lcs.mit.edu.
Republication information can be obtained from Joe Abernathy at (800)
735-3820, edtjda@chron.com. Do not reprint / republish this article
without explicit permission from Mr. Abernathy and the {Houston
Chronicle}. This notice must remain intact with this issue of the Digest.
***** PLEASE NOTE RESTRICTIONS *****
Criminals dialing for dollars
Long-distance theft taking heavy toll on cellular industry
{Houston Chronicle}, Page 1A, 3/3/91
By JOE ABERNATHY
Copyright 1991, Houston Chronicle
Stolen long-distance service is costing the cellular
telephone industry millions of dollars a month and is emerging as the
main line of communications for drug traffickers and organized crime.
Law enforcement authorities and cellular telephone company
investigators are waging a furious technological battle against the
theft.
It's not the actual losses the industry is incurring, it's the
people who are using these altered phones that attracts federal law
enforcement to the scene,'' said Earl Devaney, special agent in charge
of the Secret Service fraud division in Washington. They are usually
drug dealers, people selling arms.''
A recent bust lends an example. Working with a Houston-based
investigative firm, Devaney's agency tracked an enterprise allegedly
moving arms into Israel and drugs into the United States, with
cellular phones providing the communications link.
But the problem has a much wider base. The perpetrators also
include foreign students or temporary workers, who may innocently or
otherwise chance across an offer for inexpensive international
long-distance service.
We just had a case where some people came to town and set up
three-way conference calling between Houston, Iraq and Kuwait,'' said
the chief financial officer of one cellular service provider. That
fraud can total up to $30,000 in 24 hours.''
Wire services have reported that profiteers in the war region,
where basic services are in a shambles, lately have been charging
$5,000 a month for the rental of cellular phones, plus air time.
Credit and subscription fraud -- phones activated with stolen
personal information -- are half of the problem faced by the industry,
but what has everyone scrambling is the tumbler phone,'' so called for
its ability to tumble illicitly through the electronic serial numbers
that allow cellular phones to go on the air.
It allows the user to have use of the phone essentially without a
bill,'' Devaney said. It also makes it extremely hard for law
enforcement to intercept these calls as we would do under court order
with a landline phone. So it offers the potential user of the phone a
certain amount of anonymity and cuts down on his or her overhead.''
Tumbler phones, available on the black market for $1,500 or less,
have been taking the underworld of Houston and other large cities by
storm. They take the phone bill out of telemarketing, take the trace
out of bookmaking and drug dealing. Each one in use can cost a
cellular service provider hundreds of thousands of dollars.
It's becoming very fashionable, if you're a criminal of any size,
to have one of these phones,'' Devaney said. If you don't have a
beeper and a phone, you're not really a first-class crook.''
In the hands of someone armed with the latest technological skills
and information, tumbler phones represent the perfect crime. They
can't be stopped or traced.
The industry is fighting back as if for its life. Yet the response
is scattershot, with some entrepreneurial cellular companies leaving
security lax for the sake of quick profits.
Spokesmen declined to reveal what percentage of cellular revenue is
consumed by fraud, although some observers estimate it at 15 percent
to 20 percent. During 1990, the industry earned more than four billion
dollars from more than five million customers.
The Secret Service, which is taking on a new role in the fight
against electronic financial fraud on the basis of powers granted in
the 1980s, is the first police agency to respond to this high-tech
crime wave. The FBI became involved in the recent Houston-Iraq case.
Most local police, although aware of cellular phones' popularity,
are not yet briefed on the massive fraud that is taking place.
If some of these high-tech units in these metropolitan police
departments would get involved in this kind of fraud, I think they
would help themselves catch some of the people they've been looking at
in their drug investigations,'' said Devaney, who hopes to develop a
partnership between the cellular industry and federal and local law
enforcement. It would give them an alternative for getting these
people off the streets.''
Thomas Lentini, spokesman for the Drug Enforcement Administration
in Houston, said: There's not a case goes by that we don't see several
cellular telephones. Communications is very important in the drug
trade, and it's basically instant communications.''
One problem is that the state of the art advances so quickly that
it's difficult for officials to keep pace. While the industry stops
one leak, technically skilled criminals are chipping away elsewhere.
Several companies are in a race to offer switching equipment
capable of defeating tumbler fraud. GTE, which is experimenting with
such things as credit card cellular phones in rental cars and
in-flight cellular calls, plans to be the first, hoping to perfect the
technology later this year.
A spokesman for an industry association said, however, that its
impact won't be widely felt until the middle to late 1990s.
Until it arrives, it's like war. And like war, the citizens are
being asked to endure hardships.
One such hardship is call blocking. For years a quiet practice of
the long-distance companies, it is now becoming a mainstay of the
cellular industry. Certain calls placed to or from locations
generating bills that frequently don't get paid simply don't go
through.
A recent example involved a college student who couldn't call a
friend in Israel during an Iraqi bombing. Another case involved a
woman who couldn't call her family in Israel using a calling card from
work. And entire nations in the economic morass of Eastern Europe and
in Central America and South America are blocked. (Such blocking is
legal under current FCC tariffs.)
Many of the cellular companies are now imposing systemwide call
blocking. GTE Mobilnet, which along with Houston Cellular provides
service to customers in the Houston metropolitan area, requires that
all international calls be placed through an operator, using a major
credit card. Houston Cellular allows direct dialing everywhere, but
only to those customers with good credit ratings.
Another type of call blocking involves roaming agreements, which
allow cellular users to place calls from outside the area of their
host companies under agreement with other companies. When these agree
ments are suspended, as is now happening, travelers are denied use of
their phones.
Such steps were triggered by the unique nature of cellular
communications. In order that any number of callers might share the
airwaves, each phone an nounces itself to the cellular network with a
unique electronic serial number (ESN). The local switching equipment
can't tell whether an ESN from another city is phony or stolen, so the
call is completed as a matter of good faith toward the customer.
We had estimates of electronic serial number fraud totaling about
$38 million in the third quarter of 1990,'' said Eric Hill, a fraud
specialist at the Cellular Telecommunications Industry Association in
Washington.
We've seen a reduction down to about $23 million in the fourth
quarter, but that's only due to the fact that many cellular carriers
were suspending roamer agreements with each other and requiring
roaming calls to be made through operators.''
So at the inconvenience of the customers, we've seen a reduction in
fraud, but that's not the direction the industry wants to go.''
Call blocking is often just an inconvenience in the United States,
where traditional phone service is reliable and widely available. To
those doing business in the international market, however, it can mean
the difference between success and failure.
Essentially, cellular phones are attractive to peoqple in Europe
and Asia because the actual phone system is archaic,'' Devaney said.
They aren't luxury items. They're necessary to do business.''
When a call is placed, it rides the airwaves to the nearest cell
site,'' a distance of one to four miles in Houston, depending on
population density. The cell site makes note of the ESN associated
with a call, then routes the call into the broader phone network.
Once in the broader network, a call might next go through the
jurisdictions of one or more regional carriers, and one or more long
distance or foreign carriers. The originating cellular company
eventually will pay each of these companies for the service used,
regardless of whether it is itself able to collect from a customer for
the call.
The subscriber is of course liable to us, but we're the customer of
the long-distance carrier,'' said the chief financial officer whose
firm was victimized by the Houston-Persian Gulf phone theft operation.
We estimate that about 20 percent of all roamer revenue goes down
the fraud drain,'' said Hill of the CTIA.
Fraud is presenting a number of faces to the industry, and
indirectly, to its customers.
Tumbler phones are normal cellular phones that have been modified
with a specially programmed computer chip to use either a phony
electronic serial number or that of a paying customer. The modified
phones can tumble'' through numbers, placing per haps just one call on
someone's bill before moving on to the next victim or the next phony
serial number.
Another side to the problem is credit and subscription fraud.
Little more than a thorn to traditional phone service providers, it is
crippling in the young and fractious world of cellular phones.
It's a growth industry, with very little fraud prevention in
mind,'' Devaney said. Most of the people involved in the cellular
industry are entrepreneurial in nature. They're risk-takers, and that
doesn't always go hand in hand with security.''
Using fairly straightforward means, crooks can get a phone
activated using the name and Social Security number of a law-abiding
citizen. This phone will then be good for one month to three months of
service, depending on the cellular company's accounting procedures.
A lot of times, the bad guys will have someone planted in the
cellular company, too,'' enhancing the opportunities to get phones
activated illicitly, said Michael Guidry of the Houston-based security
firm Guidry & Associates.
A crook won't always stop with one phone. In an increasingly
popular scam referred to as a call sell'' or phone shop'' operation,
any number of phones may be used. For a cost averaging $25 per 15
minutes, these enterprises let customers place anonymous calls
throughout the world.
Each phone obtained using stolen personal information can generate
up to $270,000 in revenue before the accountants catch it, Guidry
said. If it is instead a tumbler phone, revenue is open-ended, since
its calls can't be readily traced.
Large-scale abuse also is carried out by crime rings, such as one
that the Secret Service, working with Guidry's firm, recently busted.
Allegedly engaged in making arms shipments to Israel and drug
shipments to the United States, this ring embraced five levels of
organization and over 20 storefronts concentrated in Los Angeles and
New York.
You're looking at organized crime at its finest,'' said Guidry, who
is regarded by some law enforce ment officials as the top security
expert on cellular fraud.
Firms such as his replace a missing link between cellular
companies, most of which have no internal security teams, and law
enforcement. Fraud is the industry's problem, but when solving fraud
also solves crimes involving drugs and guns, the police get
interested.
Although disputed by industry spokesmen, some investigators even
fear that a high volume of criminal use could be helping to shape the
cellular industry.
Organized crime spurs technology development, and
telecommunications fraud is connected with it,'' said Langford
Anderson of the Communications Fraud Control Association, a
clearinghouse for fraud main tained by the telephone industry. We
think organized crime is responsible for certain developments within
the cellular industry.''
Regardless of how strong that connection is now, it has the
potential to grow rapidly, much as the cellular industry is itself
rapidly evolving.
Cellular companies are expanding, they're going overseas, and
they're facing a lot of fraud problems unless they get a handle on it
now,'' said Devaney of the Secret Service. If they go into that with
their eyes closed, the criminals will take advantage of it. Where
there's opportunity for industry growth, there's opportunity for
criminals.
I'm looking for the industry to join us in this battle. We're
engaging high-tech criminals on a daily basis in the federal
government now, and the challenge to the Secret Service, the FBI and
other agencies is to at least be able to stay even with high-tech
criminals.
We depend very heavily on the industries that are being victimized
to help us,'' he said. We've had a great deal of success with the
credit card companies and hard line (phone companies) such as AT&T,
and we're hopeful we'll find similar success in the cellular
industry.''
A Houston cellular executive predicted that such cooperation, along
with the aging process, would solve today's concerns.
The problem really is that once we stop the tumblers, they'll find
another way,'' he said. Because it's such a new industry, people try
and find new ways to defraud you every day of the week.''
--------------
[Moderator's Note: My sincere thanks to Joe Abernathy and the {Houston
Chronicle} for permission to bring you this special report. In the
next issue of the Digest (V11 #201) this topic will continue with a
follow up article discussing recent actions by the Secret Service. PAT]yarvin-norman@cs.yale.edu (Norman Yarvin) (03/15/91)
edtjda@magic322.chron.com (Joe Abernathy) writes: > The industry is fighting back as if for its life. Yet the response > is scattershot, with some entrepreneurial cellular companies leaving > security lax for the sake of quick profits. The above paragraph contradicts itself blatantly. Abernathy presumably has access to Usenet, and is possibly computer-literate. Why then doesn't he include the critical fact that the insecurity of cellular phone systems which his article mentions can be completely eliminated by the simplest of security arrangements? (i.e. not just blindly accepting new ESNs) There are of course more sophisticated attacks. Once cellular companies turn off the automatic enabling of new ESNs, thieves may take to stealing ESNs off the air. Even this can be prevented, but only by adding encryption, which would obsolete existing phones. Media accounts that I have seen uniformly fail to properly represent the ephemeral nature of the structures that are violated in phone/computer crime. These are not physical systems, whose structure -- and whose security -- is severely limited by costs of materials. If they do not include watertight security, that is because they were designed or are operated in violation of some very simple principles. Having real security is a minor nuisance to all involved, but both the picking up pieces after fraud and the blocking of calls where fraud is rampant are major nuisances. The sooner these basic aspects of computer security become a part of our society's common knowledge, the better.
floyd@ims.alaska.edu (Floyd Davidson) (03/16/91)
> We just had a case where some people came to town and set up > three-way conference calling between Houston, Iraq and Kuwait,'' said > the chief financial officer of one cellular service provider. That > fraud can total up to $30,000 in 24 hours.'' Hmmmm. 1440 minutes in 24 hours, so the combined cost of calling Iraq and Kuwait is about, ahhh, $22 a minute, or $11 to either one alone per minute. That is fairly sensational. It should have been written up in the {National Enquirer}. Floyd L. Davidson | floyd@ims.alaska.edu | Alascom, Inc. pays me Salcha, AK 99714 | Univ. of Alaska | but not for opinions. [Moderator's Note: It does seem a bit steep, doesn't it! Even if you took an entire weekend -- 48 hours -- you'd be looking at $5.50 per place/minute, which is still too high, considering international phone charges are $2-3 per minute maximum. What does the cell phone cost per minute? And is the connection left open all the time; never closed once in 24 hours? Someone gave Joe some bum information, I'm afraid. PAT]
edtjda@uunet.uu.net (Joe Abernathy) (03/17/91)
floyd@ims.alaska.edu (Floyd Davidson) writes: >> We just had a case where some people came to town and set up >> three-way conference calling between Houston, Iraq and Kuwait,'' said >> the chief financial officer of one cellular service provider. That >> fraud can total up to $30,000 in 24 hours.'' > Hmmmm. 1440 minutes in 24 hours, so the combined cost of calling Iraq > and Kuwait is about, ahhh, $22 a minute, or $11 to either one alone > per minute. [Moderator's Note: Actually, its $20.83 per minute, but go on ... PAT] You overlooked one thing, however. It's three-way conference calling, so the cellular company is paying for both those lines in both directions across the ocean. Norman Yarvin <yarvin-norman@cs.yale.edu> writes: > Abernathy presumably has access to Usenet, and is possibly > computer-literate. Still haven't found an alternate source for your alt.sex feed, eh, Norman? > Why then doesn't he include the critical fact that > the insecurity of cellular phone systems which his article mentions > can be completely eliminated by the simplest of security arrangements? Pointless hostility aside, I disagree that a simple solution is possible to the problem. At the inception of the industry, yes, the problem would have been more simple. But at this stage, what is required is fast, precall account validation at the switch, made possible by a central repository of valid ESNs and PINs. GTE just completed a field test in Los Angeles of such a system, which validated calls in two or three seconds. The problem is that nobody will be buying it until the current stuff wears out. Your other question/flame suggested that it is not possible for the industry to offer a coherent response to the problem while still having individuals service providers contributing to the problem. That suggests to me primarily that you aren't a cellular telephone user, or at least that you didn't purchase your phone in a competitive market. In Houston, for instance, we have two providers, and one is much more of a staid, traditional company, while the other is fiercely entrprenuerial. I don't mean to link them to problems within the industry because at this stage neither of them is running a particularly lax ship. But this sort of situation amply illustrates how the industry can both be solving a problem and making it worse at the same time. Regards, Joe Abernathy (800) 735-3820 [Moderator's Note: Addressing only the first part of your response let me ask what do you mean 'paying for both lines in both directions' ?? There is ONE charge per call. There are TWO calls in progress at the same time, admittedly both international. At the highest rate possible for either call, the cellular company is paying maybe $3 per call/minute. on the international link. *Maybe*. So we have $6 per minute plus the cellular phone charges. Are these thirty or forty cents per minute each? If you can squeak $7 per minute out on this, that would be a very generous estimate. Charging for everything you can think of, how do you begin to approach $10.42 per call/minute, or $20.83 per minute overall? And that $20.83 per minute -- using your $30,000 per day estimate -- means the connection is left up continuously, otherwise the rate per minute of use must of necessity be even higher. Sorry, Joe, I really think you got a bum steer. If the source lied to you about the losses involved, what other information might have been incorrect? PAT]
edtjda@uunet.uu.net (Joe Abernathy) (03/19/91)
Patrick writes: > So we have $6 per minute plus the cellular phone charges. Are these > thirty or forty cents per minute each? If you can squeak $7 per minute > out on this, that would be a very generous estimate. Charging for > everything you can think of, how do you begin to approach $10.42 per > call/minute, or $20.83 per minute overall? And that $20.83 per minute > -- using your $30,000 per day estimate -- means the connection is left > up continuously, otherwise the rate per minute of use must of necessity > be even higher. Well, let me stress that it wasn't my estimate, it was that of a company's chief financial officer, who requested anonymity for obvious reasons. I'm not checked out on the tariff structures for international cellular calls, which weren't the focus of my story, but on rechecking my notes I see that he did say clearly that he had to pay double charges on each line. Assuming he was misguided on this point, the only other thing I might offer is that the foreign carriers sometimes add reprehensible charges to a call -- the Kingdom of Saudi Arabia has been tacking 75 cents a minute onto soldiers' AT&T calls. We have no way of knowing what sort of special fees might be incurred in the actual war zone, whose infrastructure was bombed into the past 100 years by some reports. One wire report said just the rental of a cellular handheld was $5,000 a month right now. One might further assume that it would take some serious combat pay to convince a crew to do maintenance on a cell site -- a not insignificant structure -- in the midst of the world's most intense saturation bombing. Having offered a defense of the man, let me now offer the untold negative side of the story, and then perhaps we can be done. The way that you get federal police agencies -- particularly the U.S. Attorney's office and FBI -- interested in financial crimes is to convince them that a serious financial loss was sustained. And it sometimes turns out that the estimate of loss was higher than the actual proveable loss. We saw this graphically depicted in the case of one Craig Neidorf, and I suspect that it's at work in every case of financial fraud. Best regards to all, Joe Abernathy [Moderator's Note: While you are correct that you must convince the authorities that a crime of some substance has been committed, there is such a thing as crying wolf once too often. Overstating your case can backfire at times. But even ten thousand dollars per day of cellular fraud is pretty outrageous, and overall your story was good. I thank you for sharing with us, and hope you will bring more articles over from the {Chronicle} from time to time. PAT]
nsoley@.com (Norman Soley) (03/21/91)
In article <telecom11.208.1@eecs.nwu.edu> floyd@ims.alaska.edu (Floyd Davidson) writes: X-Telecom-Digest: Volume 11, Issue 208, Message 1 of 14 >> We just had a case where some people came to town and set up >> three-way conference calling between Houston, Iraq and Kuwait,'' said >> the chief financial officer of one cellular service provider. That >> fraud can total up to $30,000 in 24 hours.'' > Hmmmm. 1440 minutes in 24 hours, so the combined cost of calling Iraq > and Kuwait is about, ahhh, $22 a minute, or $11 to either one alone > per minute. And if both of them are inmarsat phones then these are completely reasonable estimates. The rate card in the front of my white pages says C $12.00/min. Norman Soley - Systems Administrator - Oracle Corporation Canada 155 University Ave. Suite 400 Toronto, Ontario (416)-362-7953 X646 nsoley@cnseq1.oracle.com uunet!torsqnt!cnseq1!nsoley "These opinions are mine, not the company's"