Fighting Cellular Fraud, New York To Washington BEDMINSTER, NEW JERSEY, U.S.A., 1995 JAN 6 (NB) -- Bell Atlantic Mobile (BAM, parent NYSE:BEL) and NYNEX Mobile Communications (parent NYSE:NYN), two large US cellular phone carriers, are about to block automatic "roaming" service in New York City and surrounding areas. Starting January 9, BAM customers who place calls in the city will need to enter a personal identification number (PIN) issued by BAM in order to complete the call. The new policy is an antifraud measure to combat criminals who steal cellular service, BAM said. The PIN system was developed by NYNEX and is in use inside the City now, NYNEX sources said. Both firms emphasized that the new policy is no magic wand to do away with cellular fraud. However, as a BAM spokesperson told Newsbytes, the combination of restricted roaming and PIN numbers will "raise the bar again" where cellular fraud is concerned. Under the new system, the two cellular carriers will restrict calls in the greater NYC area by roaming customers from a "Fraud Protection Zone" that includes Washington, D.C.; Baltimore; Pittsburgh; and greater Philadelphia, including Delaware and southern New Jersey. BAM adopted the new measures because of increasing problems with cloning, in which a criminal picks off a cellular customer's automated phone IDs during a legitimate call and uses them to make a "clone phone." The cloned phone can be used to make calls for which the legitimate customers, not the cloners, are billed. AT&T's Steve Fleischer, speaking to Newsbytes, said such cloning operations have become such a successful criminal industry that some criminals sell the phones with 30-day guarantees. "If a number is cut off, you can bring it back to the cellular bandits and have it reprogrammed for no additional charge," he explained. "It costs the carriers around $1 million a day." He paused, then added: "It just shows how big a demand there is for wireless communications." Under the new policy, customers from inside the protected zone who want to use their phones at standard "roaming" rates in New York City must first contact BAM by dialing 211 from their cellular phone. After they provide proper identification and select a PIN code, the company deactivates the fraud zone lock-out. NYNEX spokesperson Kim Ancin told Newsbytes that customers with PIN numbers place calls as much usual by dialing the destination number and pressing the Send button. However, on protected phones, the customer then punches in the PIN number and presses Send again. Ancin explained that the PIN number goes out on a frequency different from the initial send. Cellular bandits use special equipment to pick up a legitimate phone's mobile identification number (MIN) and electronic serial number (ESN), which until now have been enough to clone a phone. However, she said, adding a PIN number on a second frequency makes cloning much more difficult. BAM said it would not activate the fraud protection lock-out in northern New Jersey, where calls to New York City are local calls. However, since customers who travel frequently into the city are at risk from cloning, the firm strongly recommended that northern New Jersey customers sign up for a PIN. Eventually, the firm said, all new customers will be required to select PINs. BAM said if a bandit does succeed in cloning a PIN-equipped phone, a customer can simply change the PIN number. Customers without PIN numbers must bring their phones back to a carrier or dealer to install a new phone number, notify business associates and friends of the number change, and modify business cards and stationery. There is no extra charge for PIN numbers, which are implemented by software at the carrier's switch, BAM's Fleischer told Newsbytes. The feature will not affect commonly used cellular services like voice mail or call waiting. Calls to 911, 611 and 411 will not require a PIN. (Craig Menefee/19950106/Press Contact: Steve Fleischer, 908-306-7539 or Brian Wood, 908-306-7508, both of BAM; Kim Ancin, 914-365-7573, or Jim Gerace, 914- 365-7712, both of NYNEX) ------------------------------------------------------------------------- To find out more about the anon service, send mail to help@anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin@anon.penet.fi.
-----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, an172607@anon.penet.fi writes:
AT&T's Steve Fleischer, speaking to Newsbytes, said such cloning operations have become such a successful criminal industry that some criminals sell the phones with 30-day guarantees.
"If a number is cut off, you can bring it back to the cellular bandits and have it reprogrammed for no additional charge," he explained. "It costs the carriers around $1 million a day."
He paused, then added: "It just shows how big a demand there is for wireless communications."
Does anyone else think this is funny (in both senses of the word)? The cell-phraud system shows a demand for cheap, though illegal, phone service. The wireless aspect is pretty much incidental to the fraud aspect, no? - -- Roy M. Silvernail [ ] roy@cybrspc.mn.org PGP public key available by mail echo /get /pub/pubkey.asc | mail file-request@cybrspc.mn.org These are, of course, my opinions (and my machines) -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLw7vEhvikii9febJAQGLlgQAiteZ/51syb6gSkiwWMLs9oQ+99hMxbps L7rshpeQ0xDM7GN+Szz4PiQ4CQrqMlxxkvgppsrRbU2E5WPv8IGvW9pa6gWx8Y9B H/ZwmjSz1lIMCATh5osFt9myK3nkwHasxjGYqpyJJwcbTd+rQi8/lIv1EYcxv+HX qtiHdjrFvbE= =D0AH -----END PGP SIGNATURE-----
Oh brother, here we go again. Now the bandits are not only going to listen in for the serial numbers of the phone, but they'll listen in for (what?) touch tones of the block out numbers passwords? This has certainly not stopped promiscous mode ethernet sniffers from grabbing passwords, and I doubt it would long keep the bandits out... :-( If only these guys would wake up and use strong crypto... This is a perfect example of a government caused fucked up on a grand scale due to the fact that we now have an installed base of millions of insecure cell phones and cell stations. It's probably not too late for the cell companies to start introducing crypto cell phones, but the longer they wait, the harder the switch, and what's worse is that they've taken the attitude that "So what if we loose millions, we'll just raise the prices and get it all back anyway." You certainly won't find me sporting a cell phone until we get something a bit more secure. :-I At least the beeper black market isn't as vicious... =============================================================================== | + ^ + || ' . . . . . . . Ray (Arsen) Arachelian || | \|/ || . . . ' . ' . : . . rarachel@photon.poly.edu || |<--+-->||. . . |' '| .' . . ... ___ sunder@intercom.com || | /|\ || . . \___/ . . . : .... __[R] || | + v + || . oOOo /o.O\ oOOo :. : .. |A| "And bugs to kill before I sleep"|| =========/---vvvv-------VVVV------------|I|----------------------------------/ / . : . ' : ' |D| This signature pannel is / / The Next Bug to kill(tm) --- now open. / /___________________________________________________________________/ GCS d++(---)(-) H s+++/++ !g !p !au a- w-(+) (!v | v) C+++++ Coherent++++ L+ 3 C+ V+ P? E- N++ K- W W--- M++ V-- po- Y+++ t:[tos+, tng--, ds9+] 5 !j !R G? tv+ b+++ D+ B--- e+(- | *) u--- h+++ f+(++) r++ n+(---) x**(++)
On Sun, 22 Jan 1995, Arsen Ray Arachelian wrote:
Oh brother, here we go again. Now the bandits are not only going to listen in for the serial numbers of the phone, but they'll listen in for (what?) touch tones of the block out numbers passwords?
The celluar companies "solution" to this problem for AMPS phones is laughable.
If only these guys would wake up and use strong crypto... This is a perfect example of a government caused fucked up on a grand scale due to the fact that we now have an installed base of millions of insecure cell phones and cell stations. It's probably not too late for the cell companies to start introducing crypto cell phones, but the longer they wait, the harder the switch, and what's worse is that they've taken the attitude that "So what if we loose millions, we'll just raise the prices and get it all back anyway."
My understanding is CDMA based digital celluar go a long way toward this. CDMA uses direct-sequence spread-spectrum based transmission, should keep everyone but the TLA's out.
You certainly won't find me sporting a cell phone until we get something a bit more secure. :-I At least the beeper black market isn't as vicious...
Consider getting digital celluar service. The current widely deployed digital celluar standard, TDMA, is less secure than CDMA above, but is more than enough to keep 99% of the cell bandits out. CDMA should be available from USwest and Pacific Telesis (possibly others) by the end of the year. -- Christopher E Stefan * flatline@u.washington.edu * PGP 2.6ui key by request
participants (4)
-
an172607@anon.penet.fi -
Arsen Ray Arachelian -
Christopher E Stefan -
roy@cybrspc.mn.org