Tracking a CellPhone that's switched off

Rew

jmcc wrote:

The story was that Mossad had managed to get someone in the environment of a Palestinian known as "The Engineer" to provide a rigged mobile phone with an embedded explosive device to the target. The head of Mossad was reputed to have called the target and said something like "listen closely". It has the kind of black humour associated with spookdom and "The Engineer" was assassinated in this manner.

Regards...jmcc

Wasn't that the Russians with a Chechan leader? The incident we are refering to is where the guys car was hit by a missile.

jmcc

Rew wrote:

Wasn't that the Russians with a Chechan leader? The incident we are refering to is where the guys car was hit by a missile.

That was the one with a satellite phone Rew. The Russians supplied the Chechen leader with a satellite phone possibly to negotiate a ceasefire with him. The negotiations didn't work out and they had some air to ground missiles locked on the satellite phone. I think he was in open ground rather than in a car when the missiles hit.

There was also an incident in the Middle East where a landrover was hit by missiles from a Predator. Apparently it was carrying some Al-Qaida targets but I don't know if mobiles were used for targeting.

The scary thing about mobile phones is that they are effectively providing a full trace on a person's movements through cells and have been for years and illuminating contact networks around an individual phone.

Regards...jmcc

John R

jmcc wrote:

The last cell id that the phone was in prior to being switched off is recorded in the phone. The logs are perhaps the simplest way of doing things. The problem with large rural areas is the size of the cells - they are not micro-cells where phones can be tracked in cells that are approximately 100 m or so.

Regards...jmcc

Is there any way to get phones to display the cell ids that they are logged into?

One of the UK companies, vodafone AFAIR has/had cells that would display the cells location name on the phone.

jmcc

John R wrote:

Is there any way to get phones to display the cell ids that they are logged into?

One of the UK companies, vodafone AFAIR has/had cells that would display the cells location name on the phone.

There area some fixes for phones that can be used to enable the engineering menu on some handsets. These will show the cell ident in hexadecimal. This is a basic facility and you would need to correlate it with base locations/names (I was working on a mobile phone based search engine in 2003 and did this for some of Waterford.) The UK service is a bit more advanced and probably uses smaller cells.

Regards...jmcc

ressem

Is there any way to get phones to display the cell ids that they are logged into?

Yes, on modern phones.

See JSR 179 for J2ME which can provide cell number and signal strength. You can do the same with the Symbian API.

jmcc

ressem wrote:

Yes, on modern phones.

See JSR 179 for J2ME which can provide cell number and signal strength. You can do the same with the Symbian API.

Yep but all you will get will be the hexadecimal ident of the cell rather than a plaintext name. Vodafone and O2 don't like giving out that kind of data and from monitoring handoffs, the cell sizes and coverages seem to vary considerably.

Regards...jmcc

sharkman

John R wrote:

Is there any way to get phones to display the cell ids that they are logged into?

One of the UK companies, vodafone AFAIR has/had cells that would display the cells location name on the phone.

There is a hidden menue on older Nokia's called Network Monitor which you can enable .

I have used this and it identifies cells you are uslng plus subcells and so could be used for triangulation .

For a full rundown of the hidden menues see HERE

Snowbat

Rew wrote:

The point ahs been made in this thread that the phone was not off just out of coverage and that they boosted the local cells to try pick it up. Which makes sense and explains why the story came out that it was off and that they were boosting the signal to “activate it”.

I presume "boosting the signal" was a lazy way to describe rolling a COW (cell-on wheels) portable cell site into fringe/zero coverage areas to hunt for the out-of-coverage phone, followed by standard DF techniques?

Some posters in this thread need to adjust their tin foil hats
http://zapatopi.net/afdb.html

Rew

Snowbat wrote:

I presume "boosting the signal" was a lazy way to describe rolling a COW (cell-on wheels) portable cell site into fringe/zero coverage areas to hunt for the out-of-coverage phone, followed by standard DF techniques?

Could have been anything there were no specfics given.

tck

jmcc wrote:

Yep but all you will get will be the hexadecimal ident of the cell rather than a plaintext name. Vodafone and O2 don't like giving out that kind of data and from monitoring handoffs, the cell sizes and coverages seem to vary considerably.

Regards...jmcc

cell id's can be just as useful, a simple FOI request to get lists can be made (if you phrase the info right) - i need lists within a certain range of schools etc.. to check if they are within legal range (won't someone please think of the children!)

vodaphone users can send the letter p on its own to 0872422426 to see in plaintext where they are (usually the cell area to which they are connected to)

darraghrogan

tck wrote:

vodaphone users can send the letter p on its own to 0872422426 to see in plaintext where they are (usually the cell area to which they are connected to)

TCK this is deadly. Do you know any other codes?

Darragh

Capt'n Midnight

tck wrote:

cell id's can be just as useful, a simple FOI request to get lists can be made

or just look them up on http://www.siteviewer.ie

Site Details
Site Name Site ID County Site Co-Located? Antenna Height Above Ground (Metres) Transmission Type Operator
Hermitage 5030 Dublin No 10 GSM900 O2

monster_fighter

jmcc wrote:

Wow such a cryptographical insight. Are you a "technology journalist"? GSM encryption is not that difficult to crack. Indeed in 1999, it was possible to crack an encrypted GSM conversation (derive the key) with a PC with 128MB and about 70G of hard drive space in under 60 seconds [1]. That was roughly a desktop spec in 1999. The intelligence agencies measure their crypto computers in acres. The GSM algorithms were also weakened so that the intelligence agencies could monitor them without any difficulty. You probably weren't around when the first of them were posted on the Usenet group sci.crypt.

Yes, your right about the security. My bad.

My problem wasn't that I wasn't around at the time, but rather hadn't bothered looking at GSM security since the mid 90's.
Back then it took...

Golic[4] describes a general time-memory tradeo attack on stream ciphers (which was independently discovered by Babbage [2] two years earlier), and concludes that it is possible to find the A5/1 key in 2 22 probes into random locations in a precomputed table with 242 128 bit entries. Since such a table requires a 64 terabyte hard disk, the space requirement is unrealistic. Alternatively, it is possible to reduce the space requirement to 862 gigabytes, but then the number of probes increases to O(228). Since random access to the fastest commercially available PC disks requires about 6 milliseconds, the total probing time is almost three weeks. In addition, this tradeoff point can only be used to attack GSM phone conversations which last more than 3 hours, which again makes it unrealistic.

... much longer to crack GSM.
http://cryptome.org/a51-bsw.htm

jmcc wrote:

Expert on electronic surveillance via satellite as well? Ever heard of Echelon and the UKUSA agreement? To put it bluntly - if you rely on what the "technology journalists" publish, you will probably draw the wrong conclusions about technology, cryptography, electronic intelligence gathering and the security of communications. These people rarely have much of a clue about technology in general let alone this very complicated set of aspects of it.

I think you missed my point. I was said that landlines were insecure and very little is done about it. I know the Brits monitor traffic from here to there (and the EU) on a regular basis.

regards,

m

tck

monster_fighter wrote:

I think you missed my point. I was said that landlines were insecure and very little is done about it. I know the Brits monitor traffic from here to there (and the EU) on a regular basis.

regards,

m

do you have any evidence or proof to back that up ?

John R

tck wrote:

do you have any evidence or proof to back that up ?

http://www.rte.ie/news/1999/0715/tapping.html

tck

John R wrote:

http://www.rte.ie/news/1999/0715/tapping.html

yeah thats old news

Slutmonkey57b

Hmm ... expert advice from an Open University graduate no less. And a bloke who thinks that phones that emit radiation have to be nuclear.

You need to contact the spooks at www.gchq.gov.uk and tell them you've read:

http://fas.org/irp/program/process/rapport_echelon_en.pdf


secret tip: you can Haxx0r their website by pressing alt-k very quickly!

Don't forget to email them pressoffice@gchq.gsi.gov.uk with the subject:
L0l english n00bz I h4xxz0rd yur s1t3! yull n3v4r g3t m33 1z t00 1337!

Then they'll tell you all about echelon and how it is that they can switch on your phone and use it like a bugging device without you even being aware.

jmcc

monster_fighter wrote:

Yes, your right about the security. My bad.

My problem wasn't that I wasn't around at the time, but rather hadn't bothered looking at GSM security since the mid 90's.
Back then it took... ... much longer to crack GSM.

Right and if you carefully read the abstract of the paper you quoted then you would have noticed the reference to hardware based attacks by "large organisations". The large organisations tend to be the intelligence agencies and large corporate intelligence (CI) operations.

The GSM algorithms were weakened so that the state agencies could monitor the conversations without difficulty. The blackworld is almost always a few years ahead of the white world when it comes to comms and cryptography. Dedicated custom hardware codebreaking equipment is standard. The PC is a very ineffective device when it comes to attacking systems (something I know from experience rather than just reading about it). Actually there was a case where Hans Blix's and Kofi Annan's GSM conversations were intercepted - it made the news so there will be records of it on Google etc. The smartcards used on GSM when it was compromised were not that complex and it was inevitable that they would have been compromised openly given the amount of smartcard expertise dedicated to breaking the satellite television Pay TV systems at the time. (Don't tell me - you were too busy looking at the security of these systems instead of GSM during the mid '90s and you are the guy who broke Sky. )

If you still think GSM is hard to crack for state intelligence agencies then you just don't understand the reality of the situation. It is also possible for a state agency to lawfully intercept mobile phone conversations and it is possible for them to do so at the exchange level.

Regards...jmcc

tck

jmcc wrote:

Right and if you carefully read the abstract of the paper you quoted then you would have noticed the reference to hardware based attacks by "large organisations". The large organisations tend to be the intelligence agencies and large corporate intelligence (CI) operations.

The GSM algorithms were weakened so that the state agencies could monitor the conversations without difficulty. The blackworld is almost always a few years ahead of the white world when it comes to comms and cryptography. Dedicated custom hardware codebreaking equipment is standard. The PC is a very ineffective device when it comes to attacking systems (something I know from experience rather than just reading about it). Actually there was a case where Hans Blix's and Kofi Annan's GSM conversations were intercepted - it made the news so there will be records of it on Google etc. The smartcards used on GSM when it was compromised were not that complex and it was inevitable that they would have been compromised openly given the amount of smartcard expertise dedicatd to breaking the satellite television Pay TV systems at the time. (Don't tell me - you were too busy looking at the security of these systems instead of GSM during the mid '90s. )

If you still think GSM is hard to crack for state intelligence agencies then you just don't understand the reality of the situation. It is also possible for a state agency to lawfully intercept mobile phone conversations and it is possible for them to do so at the exchange level.

Regards...jmcc

in relation to the Kofi Annan incident, they even bugged the supposedly 'safe' meeting rooms, had the devices underneath the floorboard

http://cryptome.org/un-bug.htm (some nice pics), bugging and intercepting known terrorists is acceptable but the secretary general of the united nations (and getting caught) is stupid!

John R

tck wrote:

yeah thats old news

If you knew about that already then why did you ask for evidence?

tck

John R wrote:

If you knew about that already then why did you ask for evidence?

i thought maybe there was some actual proof/evidence (besides linking to a news story)

juteen

spam. go away.