Skip navigation

How a terror group cloned Ted Rogers' cellphone

Continued from Page 2

"There's not a lot we can do from this end," Constable Dionne said. "To us, it's just a theft."

Norman Inkster, a security consultant and former RCMP Commissioner, says the theft and cloning of cellphones by terrorists, as well as garden-variety criminals, has created a nightmare for consumers such as Ms. Drummond.

"There have been cases where people got bills as thick as a phone book," he said.

Mr. Inkster said cellphone firms have the technology to spot aberrant usage, and should use it to protect customers.

"They have very sophisticated billing and tracking systems. They can tell when people step outside the normal pattern. I think they should be using the technology to prevent abuse."

Ben Soave, who once headed the federal organized crime unit of the RCMP, agreed that the technology available to cellphone companies should be used more diligently to protect consumers.

"There are very high risks," he said. "And people are paying a steep price."

As part of her legal battle with Rogers, Ms. Drummond has also taken issue with the limits the company tries to impose on consumers who dispute their bills. According to clause 34 of the company's standard contract, customers cannot pursue disputes in court, or engage in a class-action lawsuit against the company.

Instead, the contract stipulates, they must agree to binding commercial arbitration.

In Ms. Drummond's view, this discourages complaints, and prevents aggrieved consumers from learning about others who are in the same position.

"This is an old strategy," she said. "It's divide and conquer."

Cloning cellphones

When a Toronto contractor we'll refer to as Steve wanted a new cellphone, a friend told him he could get one for $120 that had an amazing feature -- no phone bill. The deal was done, and Steve's new phone, a Motorola flip model, arrived in a Bell Mobility box.

The phone worked as advertised. Steve made hundreds of calls, local and long distance, and never got a bill. And then, five months later, his phone went silent. It was only later that Steve learned what he had actually bought -- a cloned cellphone. Someone had copied the identity of a legitimate Bell Mobility phone, and created another one that "piggybacked" on to the existing account.

In many cases, legitimate phone owners fail to notice extra calls tacked on their bills, and the calls go on for months, or even years. In other cases -- like Steve's -- the fraud is spotted, and the extra phone is shut down.

Cellphone cloning has been widely used by organized crime as a moneymaker and by terrorist groups to make hard-to-trace calls. Until the late 1990s, when digital cellphones began pushing out older analog models, cloning was exceedingly easy. In 1998, a group linked to Hezbollah managed to clone analog phones used by Ted Rogers and other senior cellphone executives by intercepting transmissions with small antennas that captured enough information to clone them.

At the moment, the most widely used cellular security system is GSM (Global System for Mobile Communication), which has been adopted by more than 200 carriers worldwide, including Rogers Wireless. Together, these companies have more than one billion customers.

GSM phones use smart cards called Subscriber Identification Modules (SIM) that contain the identity of the cellphone. Among other things, the SIM card allows cell carriers to "poll" subscribers phones by sending out signals that determine whether there is more than one phone operating with the same identity. When duplicates are spotted, they can be deactivated, as in the case of Steve, the Toronto contractor.

Although GSM makes cloning more difficult, it is not impossible. At a recent security conference, a Rogers security official said that a GSM phone could be cloned with "brute force. . . . It takes about 10 to 12 hours to crack the encryption."

Others believe it is far easier. At an IBM security conference in Israel, digital security expert Elad Barkan said that thieves can hack into calls made by GSM phones in "seconds," and quickly crack the encryption using nothing more than a personal computer.

Peter Cheney

Recommend this article? 45 votes

Back to top