[liberationtech] New Satphone Safety Guide

Jacob Appelbaum jacob at appelbaum.net
Thu Dec 13 01:06:08 PST 2012 

Collin Anderson:
> I thought I might resurrect this extremely dead thread with an note I found
> after a friend sent a copy of Alan Gross's lawsuit against USG and his
> former employer. It may be of interest to a number of people on the list --
> also I would like author's title, "DCNO FOR INFORMATION DOMINANCE" (with
> caps).
> 
> http://www.public.navy.mil/bupers-npc/reference/messages/Documents/NAVADMINS/NAV2012/NAV12347.txt
> 
> 5.  INMARSAT BGAN DISCREET SUBSCRIBER IDENTITY MODULE (SIM) CARDS ARE
> AN OPTION WHEN PURCHASING SERVICE FROM DISA.  THESE DISCREET SIM
> CARDS PROVIDE INCREASED OPERATIONAL SECURITY PROTECTION.* THE ONE *
> *DRAWBACK IN PURCHASING A DISCRETE SIM CARD COMPARED TO A STANDARD SIM*
> *CARD IS THAT CALL COMPLETION WILL BE DENIED BY THE SERVICING INMARSAT *
> *WHEN OPERATING IN THE CHINA AND RUSSIA GEOGRAPHIC AREAS.* THE COST OF
> THE DISCRETE SIM CARD IS THE SAME AS A STANDARD SIM CARD. IF
> ALTERNATE COMMUNICATIONS ARE NOT AVAILABLE, USERS OF INMARSAT BGAN
> ARE ENCOURAGED TO CONSIDER THE ADDITION OF A STANDARD SIM CARD WHEN
> AN IMPORTANT OPERATIONAL CONNECTION IS NECESSARY.


I found this:

http://www.disa.mil/Services/SATCOM/~/media/Files/DISA/Services/SATCOM/SCO/MSS_Customer_Ordering_Guide.pdf
I guess in theory, with the ISDN module - you could have location
"anonymity" limited to a given spot beam and then the CryptoPhone ISDN
could be used for content confidentiality. That seems almost OK if
you're able to point your transmitter directly at the bird.

I'm still game to acquire one - I guess that DISA (?) won't sell me one?
Will they sell them to the general public?

While sorta unrelated - this seems worth mentioning:

  http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA493741

All the best,
Jacob

> 
> 
> 
> 
> On Thu, Mar 22, 2012 at 5:00 AM, Jacob Appelbaum <jacob at appelbaum.net>wrote:
> 
>> On 03/21/2012 09:19 PM, Collin Anderson wrote:
>>> Would anyone in this conversation be so kind as to satisfy a tangential
>>> curiosity of mine. The case of Alan Gross in Cuba seems so wrapped up in
>> an
>>> under-explained and over-hyped piece of equipment:
>>>
>>> On his final trip, he brought in a "discreet" SIM card -- or subscriber
>>>> identity module card -- intended to keep satellite phone transmissions
>> from
>>>> being pinpointed within 250 miles (400 kilometers), if they were
>> detected
>>>> at all.
>>>
>>>
>>> http://www.businessweek.com/ap/financialnews/D9SSHGPG2.htm
>>>
>>> Beyond the obvious issues with that statement; does anyone know what they
>>> are referring to?
>>>
>>
>> Whoa - I had not caught that part of the story with Alan Gross... I
>> wonder how he got his hands on the SIM? I've tried to get them and it's
>> non-trivial. It requires either favors, a trade or basically a ton of
>> cash from the "right" group of people.
>>
>> My understanding is that there are some special SIM cards that have two
>> unique properties that matter for location privacy. The first property
>> is that the HLR database knows that the SIM is special and so it will
>> authorize a connection without a GPS location in the initial uplink. The
>> second is that the device (phone, modem, etc) firmware knows that this
>> SIM is special by checking some field on the SIM itself and so it won't
>> send the GPS coordinates but rather the spot beam. We can easily
>> discover what the field is with a SIMTrace[0] tap if we acquire one of
>> these SIMs.
>>
>> My understanding is that the firmware still fetches the GPS coordinates.
>> It then looks up the GPS location in a coverage table of all spot beams
>> for the planet and then the firmware returns the spot beam where the GPS
>> coordinates are located. The device then sends the spot beam into space,
>> etc.
>>
>> A few years ago I found some public data on this and I think the company
>> offering these SIMS in public is Deltawave[1] - I haven't however found
>> an obvious way to buy them on their website. This is also very specific
>> to BGAN and it is quite clearly a network by network, firmware by
>> firmware specific information.
>>
>> In theory if we capture the setup with a discreet SIM with SIMTrace, we
>> can MITM a normal BGAN SIM and fake a a discreet SIM response with just
>> a few dollars of hardware. The network might reject it, obviously. But
>> hey, if anyone has a discreet SIM sitting around, I'd be more than happy
>> to see if it works in a country where it is legal to not send the GPS
>> location of the device.
>>
>> Alternatively, one could pick a BGAN device and build a GPS MITM tool
>> for the actual hardware without any such special SIM...
>>
>> All the best,
>> Jacob
>>
>> [0] http://www.sysmocom.de/products/simtrace
>> [1] http://www.deltawavecomm.com/
>>
> 
> 
> 

--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list