Re: Cell phone=tracking device?

Find out about what the US Secret Service claims are some of the most dangerous eavesdropping devices.

Page 1 of 2

Editor's Note: This story was first published on August 25, 2000.

Heard a strange click on your Cell Phone ? It just might have been someone listening in. Ever seen an unknown number on your phone bill? Someone may have cloned your phone.

The devices are out there. They're contraband. It's illegal to possess them, to use them, and illegal to use any of the information gained from using them.

From pens used to eavesdrop on conversations to "magic boxes" for Cloning Cell Phone s, the US Secret Service has confiscated a wide array of eavesdropping gadgets. These high tech tools have been used in the latest round of scams, schemes, and underhanded shenanigans.

Robert Weaver has seen most of them. He heads the New York Electronic Crimes Task Force and is the the assistant to the special agent in charge at the US Secret Service in New York.

The contraptions at his offices are "confiscated equipment, representing five years of work and over eight hundred cases [with] arrests and convictions," he told "CyberCrime's" Alex Wellen. "Each one of them [that] we progressed with, we learned from."

Weaver claims one device first recorded the credit card number, then the passcode from unsuspecting travelers using pay phones in "one of the largest telecommunications scams in the United States."

That was one of the simpler eavesdropping devices the team has seen. Since 1995, Weaver and his crew have used the confiscated gadgets to educate and train other law enforcement agencies, along with private sector groups.

Cloning, without the sheep
Magic boxes and "copy cats" are two contraband items that clone mobile phones. Just plug them into a Cell Phone , and suddenly you can reprogram the phone to accept a stolen phone number.

If that doesn't do the trick, Weaver advises, "what the bad guys do is they open it up on the back, they reprogram the chips on the inside, and they make this phone do something illegal and accept stolen information and stolen property."

Weaver's collection also includes telephone plugs, pens, and power strips, all used to surreptitiously eavesdrop on conversations. One plug was a crucial piece of evidence in the Bernhart Bowitz case.

"We started to focus on an individual," says Assistant US Attorney Eric Friedberg. "Bernard Bowitz market[ed] over the Internet, which was somewhat unusual at that time. Back in 1995, [he] started marketing an illegal device [to] clone cellular phones."

Unlike the magic box (which stored only one stolen number), Bowitz' cell tracker could store 99 phone numbers. That's the key to fraud.

"If I spread my usage over a hundred stolen telephone numbers so there's only ten stolen calls on each number," Friedberg explains, "it flies under the radar of the programs that the telephone company is running [to detect fraud]."

Beyond cloning, the cell tracker could also be used to monitor other cell phone conversations or even bug a room. To do that, someone calls the phone number of the cell tracker, then dials a special code, and the phone in the room never actually rings. The phone's owner never even knows that someone's called the number, but the phone can monitor the room's conversation.

Packed with features as it is, the cell tracker did not actually steal the phone numbers.

"In this case," Friedberg says, "the defendant was using another peripheral device called an ESN reader."

An ESN reader works by intercepting the phone's unique Electronic Serial Number, as well as its MIN (Mobile Identification Number) -- in other words, your telephone number. Normally, both numbers are authenticated at a cell tower, but with an ESN reader someone can intercept and steal the pair, in a "man-in-the-middle attack."

The ESN and the MIN are then uploaded to a cloned cell phone.

"If I took an ESN reader, such as the one that this defendant sold and put it on this table," Friedberg asserts, "by the end of this interview, that ESN reader would probably have captured a thousand stolen numbers."

Bowitz "sold at least a dozen ESN readers to the undercover [agent], and they came with pamphlets about how you program them, how you use them to capture numbers," Friedberg says.

The first email wiretap
But capturing Bowitz back in 1995 called for groundbreaking investigative techniques, including the first email wiretap.

"We basically made it up as we went [along]," Friedberg admits. "The Internet service provider that we were dealing with had no precedent for technically being able to do this, and they actually had to write software that would create a BBC box, like a blind carbon copy, so that anything that went in or out of the defendant's email box would be blind carbon copied to our email box that we then could access."

"We did an email wiretap, court-ordered, for eighty-five days, and [got] over thirteen hundred intercepts. Twenty-four hours a day, domestically, internationally, around the world, we intercepted them here," Weaver concludes.

"It proved to be very fruitful," adds Friedberg, "because we could see who else the defendant was dealing with, in terms of both the distribution of the phones stateside and the manufacture of the phones overseas."

'The most dangerous eavesdropping devices'
Even though the case is five years old, the cell tracker phone and ESN reader remain two of the most dangerous eavesdropping devices smuggled into the country, according to Friedberg and Weaver.

"I think now there are still very serious attacks on privacy of communications through a variety of different software and hardware," Friedberg says. "We're still seeing a lot of very intrusive illegal eavesdropping devices being marketed, both in traditional forms and over the Internet."

Page 1,2



Page 2 of 2

In addition to the Bowitz case, the New York office has seen landmark high tech cases. Suspects have intercepted police pages and eavesdropped on information sent to police cruisers.

Robert Weaver, of the US Secret Service explains how pager intercepts can be found online. When linked with the appropriate software and cabling device, they can allow anyone with a scanner to see pages.

"Connect the scanner to the computer, and set it to pager frequencies," says Weaver. "In this particular case, a news agency, Breaking News Network, intercepted the New York City police and fire departments' [messages]."

In fact, Fort Lee, New Jersey-based Breaking News Network pled guilty to intercepting the alpha-numeric text messages in New York City in 1997. The case was "the first time, in history, that a news agency pled guilty to eavesdropping on [law enforcement]."

And while police frequencies are in the public domain, the pager traffic and text messages are not.

Then there is the 1998 mobile data terminal (MDT) intercept case back.

"When [an MDT] is connected to a scanner," explains Weaver, "it receives and understands and translates the frequency, which are the police frequencies and fire and emergency service frequencies. It'll print out on the screen the user ID and the terminal ID of all the computer terminal transmissions of the police and fire departments."

Assistant US Attorney Eric Friedberg continues, "a defendant was capturing from the air a digital stream of information transmitted from police department headquarters to something called 'mobile data terminals,' which are the computers that are in police cruisers, and this was highly sensitive information. Then the scanner was essentially hooked up with a peripheral device to a laptop and the laptop software, or the software that was running on the laptop, and decoded the stream of digital information."

What sort of digital information?

"It's your social security number, your date of birth, maybe a criminal history record," Weaver says. "Certainly it's not to be displayed on public domain. In this case, it was sold illegally on the Internet.... We bought it in an undercover capacity."

"The MDT case was very serious." Friedberg concludes. "I mean that was a case in which you're taking highly sensitive information [and] sometimes people's lives depend on that information; you're stealing it and possibly using it to your own advantage."
Tweet