1

1. ABSTRACT

Mobile communication has been readily available for several years, and is major

business today. It provides a valuable service to its users who are willing to pay a

considerable premium over a fixed line phone, to be able to walk and talk freely. Because of

its usefulness and the money involved in the business, it is subject to fraud. Unfortunately,

the advance of security standards has not kept pace with the dissemination of mobile

communication. Some of the features of mobile communication make it an alluring target for

criminals. It is a relatively new invention, so not all people are quite familiar with its

possibilities, in good or in bad. Its newness also means intense competition among mobile

phone service providers as they are attracting customers. The major threat to mobile phone is

from cloning.

Today millions of mobile phones users, be it Global System for Mobile

communication (GSM) or Code Division Multiple Access (CDMA), run the risk of having

their phones cloned. And the worst part is that there isnt much that you can do to prevent

this. Such crime first came to light in January 2005 when the Delhi police arrested a person

with 20 cell phones, a laptop, a SIM scanner, and a writer. The accused was running an

exchange illegally wherein he cloned CDMA-based mobile phones. He used software for the

cloning and provided cheap international calls to Indian immigrants in West Asia. A similar

racket came to light in Mumbai resulting in the arrest of four mobile dealers.

Cloning is the process of taking the programmed information that is stored in a

legitimate mobile phone and illegally programming the identical information into another

mobile phone. The result is that the "cloned" phone can make and receive calls and the

charges for those calls are billed to the legitimate subscriber. The service provider network

does not have a way to differentiate between the legitimate phone and the "cloned" phone.

2

Index Terms:

Cell phone cloning, GSM, CDMA, EMIE and PIN,Patagonia

Introduction :

This is the Final Report of the Economic Crimes Policy Team (hereafter, the Team)

regarding the directives contained in the Wireless Telephone Protection Act (Pub.L. 105-172;

April 24, 1998).

The Economic Crimes Policy Team was chartered to advance the Commissions work in

several areas including the development of options for implementing the directives contained

in the Wireless Telephone Protection Act (WTPA).13 This Act effectuated amendments to 18

U.S.C. 1029 (Fraud and related activity in connection with access devices) related to the

cloning of cellular telephones. The cloning of a cellular telephone occurs when the account

number of a victim telephone user is stolen and reprogrammed into another cellular

telephone. This report details the mission, background, analysis, and policy options of the

Team.

While mobile cloning is an emerging threat for Indian subscribers, it has been happening in

other telecom markets since the 1990s, though mostly with regard to CDMA phones. Pleas in

an US District Court in 1997 effectively ended West Texas authorities' first case of `phone

cloning.' Authorities in the case estimated the loss at $3,000 to $4,000 for each number used.

Southwestern Bell claims wireless fraud costs the industry $650 million each year in the US.

Some federal agents in the US have called phone cloning an especially `popular' crime

because it is hard to trace. Back home, police officers say the Yasin case is just the tip of the

iceberg and have asked operators to improve their technology. But the operators claim they

can't do much for now. "It's like stealing cars or duplicating credit card numbers. The service

providers cannot do much except keep track of the billing pattern of the users. But since the

billing cycle is monthly, the damage is done by the time we can detect the mischief," says a

Reliance executive.

Qualcomm, which develops CDMA technology globally, says each instance of mobile

hacking is different and therefore there is very little an operator can do to prevent hacking.

"It's like a virus hitting the computer. Each software used to hack into the network is

different, so operators can only keep upgrading their security firewall as and when the

hackers strike," says a Qualcomm executive.

3

What is mobile phone cloning?

When we look up the dictionary meaning of cloning it states, to create the exact

replica or a mirror image of an subject understudy. The subject can be any thing living or

non-living so here we take into consideration the cellular or mobile phones. So Mobile

cloning is copying the identity of one mobile telephone to another mobile telephone. Every

electronic device has a working frequency, which plays a crucial role in its operation this we shall discuss later. Now the question that arises is how is a mobile phone cloned. I shall be discussing

How Wireless Technology Works

Each cellular phone has a unique pair of identifying numbers: the electronic serial

number(ESN) and the mobile identification number (MIN). The ESN is programmed into

the wireless phones microchip by the manufacturer at the time of production. The MIN is a

ten-digit phone number that is assigned by the wireless carrier to a customer when an account

is opened. The MIN can be changed by the carrier, but the ESN, by law, cannot be altered.

When a cellular phone is first turned on, it emits a radio signal that broadcasts these numbers

to the nearest cellular tower. The phone will continue to emit these signals at regular

intervals, remaining in contact with the nearest cellular tower. These emissions (called

autonomous registration) allow computers at the cellular carrier to know how to route

incoming calls to that phone, to verify that the account is valid so that outgoing calls can be

made, and to provide the foundation for proper billing of calls. This autonomous registration

occurs whenever the phone is on, regardless of whether a call is actually in progress.

4

CLONING STATISTICS

this in detail, because it is a very complex procedure in which we have to be familiar with the

following terms.

Age

5

MEASURES TO BE TAKEN

Service providers have adopted certain measures to prevent cellular fraud.

These include: Blacklisting of stolen phones is another mechanism to prevent unauthorized use. User verification using Personal Identification Number (PIN) codes is one method

for customer protection against cellular phone fraud

Encryption: Encryption is regarded as the effective way to prevent cellular fraud Traffic analysis detects cellular fraud by using artificial intelligence software to

detect suspicious calling patterns, such as a sudden increase in the length of calls or a

sudden increase in the number of international calls.

Blocking: Blocking is used by service providers to protect themselves from high risk

callers.

6

What are GSM and CDMS mobile phone sets?

CDMA is one of the newer digital technologies used in Canada, the US, Australia, and some

South-eastern Asian countries (e.g. Hong Kong and South Korea). CDMA differs from GSM

and TDMA (Time Division Multiple Access) by its use of spread spectrum techniques for

transmitting voice or data over the air. Rather than dividing the radio frequency spectrum into

separate user channels by frequency slices or time slots, spread spectrum technology

separates users by assigning them digital codes within the same broad spectrum. Advantages

of CDMA include higher user capacity and immunity from interference by other signals.

GSM is a digital mobile telephone system that is widely used in Europe and other parts of the

world. GSM uses a variation of TDMA and is the most widely used of the three digital

wireless telephone technologies. GSM digitizes and compresses data, then sends it down a

channel with two other streams of user data, each in its own time slot. It operates at either the

900 MHz or 1,800 MHz frequency band.

Rise of Cell Cloning:

The early 1990s were boom times for eavesdroppers. Any curious teenager with a 100

Tandy Scanner could listen in to nearly any analogue mobile phone call. As a result, Cabinet

Ministers, company chiefs and celebrities routinely found their most intimate conversations

published in the next day's tabloids Cell phone cloning started with Motorola "bag" phones

and reached its peak in the mid 90's with a commonly available modification for the Motorola

"brick" phones, such as the Classic, the Ultra Classic, and the Model 8000.

7

GSM:

Global System for Mobile Communications. A digital cellular phone technology based on

TDMA GSM phones use a Subscriber Identity Module (SIM) card that contains user account

information. Any GSM phone becomes immediately programmed after plugging in the SIM

card, thus allowing GSM phones to be easily rented or borrowed. Operators who provide

GSM service are Airtel , Hutch etc.

8

CDMA:

Code Division Multiple Access. A method for transmitting simultaneous signals over a

shared portion of the spectrum. There is no Subscriber Identity Module (SIM) card unlike in

GSM.Operators who provides CDMA service in India are Reliance and Tata Indicom.

Mobile Phone Cloning Software: Cloning involved modifying or replacing the EPROM in the phone with a new chip which

would allow you to configure an ESN (Electronic serial number) via software. You would

also have to change the MIN (Mobile Identification Number). When you had successfully

changed the ESN/MIN pair, your phone was an effective clone of the other phone. Cloning

required access to ESN and MIN pairs. ESN/MIN pairs were discovered in several ways:

Sniffing the cellular

Trashing cellular companies or cellular resellers

Hacking cellular companies or cellular resellers

Cloning still works under the AMPS/NAMPS system, but has fallen in popularity as older

clone able phones are more difficult to find and newer phones have not been successfully

reverse-engineered.Cloning has been successfully demonstrated under GSM, but the process

is not easy and it currently remains in the realm of serious hobbyists and researchers.

How is a phone cloned?

Cellular thieves can capture ESN/MINs using devices such as cell phone ESN reader or

digital data interpreters (DDI). DDIs are devices specially manufactured to intercept

ESN/MINs. By simply sitting near busy roads where the volume of cellular traffic is high,

cellular thieves monitoring the radio wave transmissions from the cell phones of legitimate

subscribers can capture ESN/MIN pair. Numbers can be recorded by hand, one-by-one, or

stored in the box and later downloaded to a computer. ESN/MIN readers can also be used

from inside an offenders home, office, or hotel room, increasing the difficulty of detection.

9

The ESN/MIN pair can be cloned in a number of ways without the knowledge of the carrier

or subscriber through the use of electronic scanning devices. After the ESN/MIN pair is

captured, the cloner reprograms or alters the microchip of any wireless phone to create a

clone of the wireless phone from which the ESN/MIN pair was stolen. The entire

programming process takes 10-15 minutes per phone. Any call made with cloned phone are

billed to and traced to a legitimate phone account. Innocent citizens end up with unexplained

monthly phone bills. To reprogram a phone, the ESN/MINs are transferred using a computer

loaded with specialized software, or a copycat box, a device whose sole purpose is to clone

phones. The devices are connected to the cellular handsets and the new identifying

information is entered into the phone. There are also more discreet, concealable devices used

to clone cellular phones. Plugs and ES-Pros, which are about the size of a pager or small

calculator, do not require computers or copycat boxes for cloning. The entire programming

process takes ten-15 minutes per phone.

This was how CDMA handsets are cloned but now we face a question that being: -

Do GSM sets run the risk ofcloning?

Looking at the recent case, it is quite possible to clone both GSM and CDMA sets. The

accused in the Delhi case used software called Patagonia to clone only CDMA phones

(Reliance and Tata Indicom). However, there are software packages that can be used to clone

even GSM phones (e.g. Airtel, BSNL, Hutch, Idea). In order to clone a GSM phone,

knowledge of the International Mobile Equipment Identity (IMEI) or instrument number is

sufficient.

10

But the GSM-based operators maintain that the fraud is happening on CDMA, for now, and

so their subscribers wouldn't need to worry. Operators in other countries have deployed

various technologies to tackle this menace. They are: -

1) There's the duplicate detection method where the network sees the same phone in several

places at the same time. Reactions include shutting them all off, so that the real customer will

contact the operator because he has lost the service he is paying for.

2) Velocity trap is another test to check the situation, whereby the mobile phone seems to be

moving at impossible, or most unlikely speeds. For example, if a call is first made in Delhi,

and five minutes later, another call is made but this time in Chennai, there must be two

phones with the same identity on the network.

3) Some operators also use Radio Frequency fingerprinting, originally a military technology.

Even identical radio equipment has a distinguishing `fingerprint', so the network software

stores and compares fingerprints for all the phones that it sees. This way, it will spot the

clones with the same identity, but different fingerprints.

4) Usage profiling is another way wherein profiles of customers' phone usage are kept, and

when discrepancies are noticed, the customer is contacted. For example, if a customer

normally makes only local network calls but is suddenly placing calls to foreign countries for

hours of airtime, it indicates a possible clone.

What is Patagonia?

Patagonia is a software available in the market which is used to clone CDMA

phone.Using this software a cloner can take over the control of a CDMA phone i.e. cloning of

phone.There are other Softwares avai;able in the market to clone GSM phone.This

softwares are easily available in the market.A SIM can be cloned again and again and they

can be used at different places.Messages and calls sent by cloned phones can be

11

tracked.However,if the accuses manages to also clone the IMEI number of the

handset,for which softwares are available,there is no way he can be traced.

Impact of cloning:

Each year, the mobile phone industry loses millions of dollars in revenue because of the

criminal actions of persons who are able to reconfigure mobile phones so that their calls are

billed to other phones owned by innocent third persons. Often these cloned phones are used

to place hundreds of calls, often long distance, even to foreign countries, resulting in

thousands of dollars in airtime and long distance charges. Cellular telephone companies do

not require their customers to pay for any charges illegally made to their account, no matter

12

how great the cost. But some portion of the cost of these illegal telephone calls is passed

along to cellular telephone consumers as a whole.

Many criminals use cloned cellular telephones for illegal activities, because their calls are not

billed to them, and are therefore much more difficult to trace.

His phenomenon is especially prevalent in drug crimes. Drug dealers need to be in constant

contact with their sources of supply and their confederates on the streets. Traffickers acquire

cloned phones at a minimum cost, make dozens of calls, and then throw the phone away after

as little as a days' use. In the same way, criminals who pose a threat to our national security,

such as terrorists, have been known to use cloned phones to thwart law enforcement efforts

aimed at tracking their whereabouts.

Methods To Detect Cloned Phones In A Network:

Several countermeasures were taken with varying success. Here are various methods to detect

cloned phones on the network:

Duplicate detection - The network sees the same phone in several places at the same time. Reactions include shutting them all off so that the real customer will contact the operator

because he lost the service he is paying for, or tearing down connections so that the clone

users will switch to another clone but the real user will contact the operator.

Velocity trap - The mobile phone seems to be moving at impossible , or most unlikely speeds. For example, if a call is first made in Helsinki, and five minutes later, another call is

made but this time in Tampere, there must be two phones with the same identity on the

network.

RF (Radio Frequency) - fingerprinting is originally a military technology. Even nominally identical radio equipment has a distinguishing ``fingerprint'', so the network

software stores and compares fingerprints for all the phones that it sees. This way, it will spot

the clones with the same identity but different fingerprints.

Usage profiling - Profiles of customers' phone usage are kept, and when discrepancies are noticed, the customer is contacted. Credit card companies use the same method. For example,

if a customer normally makes only local network calls but is suddenly placing calls to foreign

countries for hours of airtime, it indicates a possible clone.

Call counting - Both the phone and the network keep track of calls made with the phone, and should they differ more than the usually allowed one call, service is denied.

13

PIN codes - Prior to placing a call, the caller unlocks the phone by entering a PIN code and then calls as usual. After the call has been completed, the user locks the phone by entering the

PIN code again. Operators may share PIN information to enable safer roaming.

How To Know That The Cell Has Been Cloned?

1. Frequent wrong number phone calls to your phone, or hang-ups. 2. Difficulty in placing outgoing calls. 3. Difficulty in retrieving voice mail messages. 4. Incoming calls constantly receiving busy signals or wrong numbers. Unusual calls

appearing on your phone bills

Duplicate Detection

14

Duplicate Detection

Prevention for Cloning?

Uniquely identifies a mobile unit within a wireless carrier's network. The MIN often can be

dialed from other wireless or wire line networks. The number differs from the electronic

serial number (ESN), which is the unit number assigned by a phone manufacturer. MINs and

ESNs can be checked electronically to help prevent fraud. Mobiles should never be trusted

for communicating/storing confidential information.

Always set a Pin that's required before the phone can be used. Check that all mobile devices

are covered by a corporate security policy. Ensure one person is responsible for keeping tabs

on who has what equipment and that they update the central register. How do service

providers handle reports of cloned phones? Legitimate subscribers who have their phones

cloned will receive bills with charges for calls they didn't make. Sometimes these charges

amount to several thousands of dollars in addition to the legitimate charges. Typically, the

service provider will assume the cost of those additional fraudulent calls. However, to keep

the cloned phone from continuing to receive service, the service provider will terminate the

legitimate phone subscription. The subscriber is then required to activate a new subscription

with a different phone number requiring reprogramming of the phone, along with the

additional headaches that go along with phone number changes.

15

2. WIRELESS TELEPHONE PROTECTION ACT:

Because of increasing financial losses to the telecommunications industry and

the growing use of cloned phones in connection with other criminal activity, Congress

passed the Wireless Telephone Protection Act (WTPA) in April 1998. The legislative

history indicates that, in amending 18 U.S.C. 1029, Congress was attempting to address

two primary concerns presented by law enforcement and the wireless telecommunications

industry.1

Manufacturing and Distributing

Section 1029 covers cloning behavior that ranges from mere possession of a cloned phone to

using, producing, or trafficking in cloning equipment. The statutory maximum for these

offenses is ten or 15 years, depending upon the conduct, and are sentenced under 2F1.1.

This guideline provides different punishment levels based on whether any or all of the

following three factors are applicable: the amount of loss involved in the offense the

offense involved more than minimal planning and the offense involved sophisticated

means. However, the current guideline does not provide distinctions in sentence severity

based on whether the defendant was involved in manufacturing or distributing cloned phones.

It is possible that without a separate enhancement for manufacturing or distributing, the

current fraud guideline does not adequately distinguish between possessing a clone.

First, law enforcement officials testified at congressional hearings that they were having

difficulty proving the intent to defraud element of the pre-amendment provision

regarding some equipment used to clone phones.2 Although there is no legitimate reason

to possess the equipment unless an individual is employed in the telecommunications

industry, the prosecution often could not prove that the equipment was possessed with the

intent to defraud.

Second, law enforcement officials often discovered cloning equipment and

cloned cellular telephones in the course of investigating other criminal activities, such as

drug trafficking and other fraud. The use of cloned phones to facilitate other crimes

increases the ability of offenders to escape detection because of the increased mobility and

anonymity afforded by the phones. Gangs and foreign terrorist groups are also known to

sell or rent cloned phones to finance their illegal activities.

16

With these concerns in mind, Congress amended section 1029 in 1998. The significant

changes to the statute include

Elimination of the intent to defraud element with respect to persons who

knowingly use, produce, traffic in, have custody or control of, or possess hardware (a

"copycat box") or software which has been

.

Wireless Telephone Protection Act (Pub. L. No. 105-418, April 24, 1998).

Configured for altering or modifying a telecommunications instrument3. C Modification

of the current definition of "scanning receiver" to ensure that the term is understood to

include a device that can be used to intercept an electronic serial number, mobile

identification number, or other identifier of any telecommunications service, equipment, or

instrument; and C Correction of an error in the current penalty provision of 18 U.S.C.

1029 that provided two different statutory maximum penalties (ten and 15 years) for the

same offense. With respect to cellular phone cloning, the Act makes clear that a person

convicted of such an offense without a prior section 1029 conviction is subject to a

statutory maximum of 15 years; a person convicted of such an offense after a prior section

1029 conviction is subject to a statutory maximum of 20 years.

In addition to the amendments to section 1029, the Wireless Telephone

Protection Act directs the Commission to review and amend the federal sentencing

guidelines and the policy statements of the Commission, and, if appropriate, to provide an

appropriate penalty for offenses involving the cloning of wireless telephones. The Act also

directs the Commission to consider eight specific factors:

(A) The range of conduct covered by the offenses.

(B) The existing sentences for the offense.

(C) The extent to which the value of the loss caused by the offenses (as defined in the

federal sentencing guidelines) is an adequate measure for establishing penalties under the

federal sentencing guidelines.

(D) The extent to which sentencing enhancements within the federal sentencing guidelines

and the courts authority to sentence above the applicable guideline range are adequate to

17

ensure punishment at or near the maximum penalty for the most egregious conduct

covered by the offenses.

(E) The extent to which the federal sentencing guideline sentences for the offenses have

been constrained by statutory maximum penalties.

(F) The extent to which federal sentencing guidelines for the offense(s) adequately achieve

the purposes of sentencing set forth in 18 U.S.C. 3553(a)(2);

(G) The relationship of the federal sentencing guidelines for these offenses to offenses of

comparable seriousness; and

(H) Any other factor the Commission considers to be appropriate.

3. INTRODUCTION

While mobile cloning is an emerging threat for Indian subscribers, it has been

happening in other telecom markets since the 1990s, though mostly with regard to CDMA

phones. Pleas in an US District Court in 1997 effectively ended West Texas authorities' first

case of `phone cloning.' Authorities in the case estimated the loss at $3,000 to $4,000 for each

number used. Southwestern Bell claims wireless fraud costs the industry $650 million each

year in the US. Some federal agents in the US have called phone cloning an especially

`popular' crime because it is hard to trace. Back home, police officers say the Yasin case is

just the tip of the iceberg and have asked operators to improve their technology. But the

operators claim they can't do much for now. "It's like stealing cars or duplicating credit card

numbers. The service providers cannot do much except keep track of the billing pattern of the

users. But since the billing cycle is monthly, the damage is done by the time we can detect the

mischief," says a Reliance executive.

18

Qualcomm, which develops CDMA technology globally, says each instance of mobile

hacking is different and therefore there is very little an operator can do to prevent hacking.

"It's like a virus hitting the computer. Each software used to hack into the network is

different, so operators can only keep upgrading their security firewall as and when the

hackers strike," says a Qualcomm executive.

4. WHEN DID CELL CLONING START

The early 1990s were boom times for eavesdroppers. Any curious teenager with a

100 Tandy Scanner could listen in to nearly any analogue mobile phone call. As a result,

Cabinet Ministers, company chiefs and celebrities routinely found their most intimate

conversations published in the next day's tabloids.

Cell phone cloning started with Motorola "bag" phones and reached its peak in the

19

mid 90's with a commonly available modification for the Motorola "brick" phones, such as

the Classic, the Ultra Classic, and the Model 8000.

GSM:

Global System for Mobile Communications. A digital cellular phone technology

based on TDMA GSM phones use a Subscriber Identity Module (SIM) card that

contains user account information. Any GSM phone becomes immediately programmed after

plugging in the SIM card, thus allowing GSM phones to be easily rented or borrowed.

Operators who provide GSM service are Airtel, Hutch etc.

CDMA:

Code Division Multiple Access. A method for transmitting simultaneous signals over

a shared portion of the spectrum. There is no Subscriber Identity Module (SIM) card unlike in

GSM. An operator who provides CDMA service in India are Reliance and Tata Indicom.

IS FIXED TELEPHONE NETWORK SAFER THAN MOBILE PHONE?

The answer is yes. In spite of this, the security functions which prevent eavesdropping

and unauthorized uses are emphasized by the mobile phone companies. The existing mobile

communication networks are not safer than the fixed Telephone networks. They only offer

protection against the new forms of abuse.

SECURITY FUNCTIONS OF THE GSM AND CDMA:

As background to a better understanding of the attacks on the GSM and CDMA

network the following gives a brief introduction to the Security functions available in GSM.

The following functions exist:

Access control by means of a personal smart card (called subscriber Identity module, SIM)

and PIN (personal identification number)

20

Authentication of the users towards the network carrier and generation of a session key in

order to prevent abuse.

Encryption of communication on the radio interface, i.e. between mobile Station and base

station,

concealing the users identity on the radio interface, i.e. a temporary valid Identity code

(TMSI) is used for the identification of a mobile user instead Of the IMSI.

HOW BIG OF A PROBLEM IS CLONING FRAUD?

The Cellular Telecommunications Industry Association (CTIA) estimates that

financial losses in due to cloning fraud are between $600 million and $900 million in the

United States. Some subscribers of Reliance had to suffer because their phone was cloned.

Mobile Cloning Is in initial stages in India so preventive steps should be taken by the network

provider and the Government.

WHAT IS MOBILE PHONE CLONING?

When we look up the dictionary meaning of cloning it states, To create the

exact replica or a mirror image of an subject understudy. The subject can be anything living

or non-living so here we take into consideration the cellular or mobile phones. So Mobile

cloning is copying the identity of one mobile telephone to another mobile telephone. Every

electronic device has a working frequency, which plays a crucial role in its operation this we

shall discuss later. Now the question that arises is how a mobile phone is cloned. I shall be

discussing this in detail, because it is a very complex procedure in which we have to be

familiar with the following terms.

21

What are GSM and CDMS mobile phone sets?

CDMA is one of the newer digital technologies used in Canada, the US, Australia,

and some South-eastern Asian countries (e.g. Hong Kong and South Korea). CDMA differs

from GSM and TDMA (Time Division Multiple Access) by its use of spread spectrum

techniques for transmitting voice or data over the air. Rather than dividing the radio

frequency spectrum into separate user channels by frequency slices or time slots, spread

spectrum technology separates users by assigning them digital codes within the same broad

spectrum. Advantages of CDMA include higher user capacity and immunity from

interference by other signals.

GSM is a digital mobile telephone system that is widely used in Europe and other

parts of the world. GSM uses a variation of TDMA and is the most widely used of the three

digital wireless telephone technologies. GSM digitizes and compresses data, then sends it

down a channel with two other streams of user data, each in its own time slot. It operates at

either the 900 MHz or 1,800 MHz frequency band.

Some other important terms whose knowledge is necessary are:-

1. IMEI 2. SIM 3. ESN 4. MIN

So, first things first, the IMEI is an abbreviation for International Mobile Equipment

Identifier, this is a 10 digit universally unique number of our GSM handset. I use the term

Universally Unique because there cannot be 2 mobile phones having the same IMEI no. This

is a very valuable number and used in tracking mobile phones.

Second comes SIM, which stands for Subscriber Identification Module.

Basically the SIM provides storage of subscriber related information of three types:

1. Fixed data stored before the subscription is sold

2. Temporary network data

3. Service related data.

22

Next is the ESN, which stands for Electronic Serial Number. It is same as the IMEI

but is used in CDMA handsets. MIN stands for Mobile Identification Number, which is the

same as the SIM of GSM.

The basic difference between a CDMA handset and a GSM handset is that a CDMA

handset has no sim i.e. the CDMA handset uses MIN as its Sim, which cannot be replaced as

in GSM. The MIN chip is embedded in the CDMA hand set.

5. HOW IS A PHONE CLONED?

Cellular thieves can capture ESN/MINs using devices such as cell phone ESN reader

or digital data interpreters (DDI). DDIs are devices specially manufactured to intercept

ESN/MINs. By simply sitting near busy roads where the volume of cellular traffic is high,

cellular thieves monitoring the radio wave transmissions from the cell phones of legitimate

subscribers can capture ESN/MIN pair. Numbers can be recorded by hand, one-by-one, or

stored in the box and later downloaded to a computer. ESN/MIN readers can also be used

from inside an offenders home, office, or hotel room, increasing the difficulty of detection.

The ESN/MIN pair can be cloned in a number of ways without the knowledge of the

carrier or subscriber through the use of electronic scanning devices. After the ESN/MIN pair

is captured, the cloner reprograms or alters the microchip of any wireless phone to create a

clone of the wireless phone from which the ESN/MIN pair was stolen. The entire

programming process takes 10-15 minutes per phone. Any call made with cloned phone are

billed to and traced to a legitimate phone account. Innocent citizens end up with unexplained

monthly phone bills. To reprogram a phone, the ESN/MINs are transferred using a computer

loaded with specialized software, or a copycat box, a device whose sole purpose is to clone

phones. The devices are connected to the cellular handsets and the new identifying

information is entered into the phone. There are also more discreet, concealable devices used

to clone cellular phones. Plugs and ES-Pros, which are about the size of a pager or small

23

calculator, do not require computers or copycat boxes for cloning. The entire programming

process takes ten-15 minutes per phone.

Fig. 1 Cellular cloning fraud procedure

Do GSM sets run the risk of cloning?

Looking at the recent case, it is quite possible to clone both GSM and CDMA sets.

The accused in the Delhi case used software called Patagonia to clone only CDMA phones

(Reliance and Tata Indicom). However, there are software packages that can be used to clone

even GSM phones (e.g. Airtel, BSNL, Hutch, Idea). In order to clone a GSM phone,

knowledge of the International Mobile Equipment Identity (IMEI) or instrument number is

sufficient.

24

But the GSM-based operators maintain that the fraud is happening on CDMA, for now, and

so their subscribers wouldn't need to worry. Operators in other countries have deployed

various technologies to tackle this menace. They are: -

1. There's the duplicate detection method where the network sees the same phone in several

places at the same time. Reactions include shutting them all off, so that the real customer will

contact the operator because he has lost the service he is paying for.

2. Velocity trap is another test to check the situation, whereby the mobile phone seems to be

moving at impossible or most unlikely speeds. For example, if a call is first made in Delhi,

and five minutes later, another call is made but this time in Chennai, there must be two

phones with the same identity on the network.

3. Some operators also use Radio Frequency fingerprinting, originally a military technology.

Even identical radio equipment has a distinguishing `fingerprint', so the network software

stores and compares fingerprints for all the phones that it sees. This way, it will spot the

clones with the same identity, but different fingerprints.

4. Usage profiling is another way wherein profiles of customers' phone usage are kept, and

when discrepancies are noticed, the customer is contacted. For example, if a customer

normally makes only local network calls but is suddenly placing calls to foreign countries for

hours of airtime, it indicates a possible clone.

6. IMPACT OF CLONING:

Each year, the mobile phone industry loses millions of dollars in revenue because of

the criminal actions of persons who are able to reconfigure mobile phones so that their calls

are billed to other phones owned by innocent third persons. Often these cloned phones are

used to place hundreds of calls, often long distance, even to foreign countries, resulting in

thousands of dollars in airtime and long distance charges. Cellular telephone companies do

not require their customers to pay for any charges illegally made to their account, no matter

25

how great the cost. But some portion of the cost of these illegal telephone calls is passed

along to cellular telephone consumers as a whole.

Many criminals use cloned cellular telephones for illegal activities, because their calls

are not billed to them, and are therefore much more difficult to trace.

His phenomenon is especially prevalent in drug crimes. Drug dealers need to be in constant

contact with their sources of supply and their confederates on the streets. Traffickers acquire

cloned phones at a minimum cost, make dozens of calls, and then throw the phone away after

as little as a days' use. In the same way, criminals who pose a threat to our national security,

such as terrorists, have been known to use cloned phones to thwart law enforcement efforts

aimed at tracking their whereabouts.

HOW TO KNOW THAT THE CELL HAS BEEN CLONED?

1. Frequent wrong number phone calls to your phone, or hang-ups.

2. Difficulty in placing outgoing calls.

3. Difficulty in retrieving voice mail messages.

4. Incoming calls constantly receiving busy signals or wrong numbers. Unusual

calls appearing on your phone bills

7. METHOD TO DETECT CLONED PHONES:

Duplicate detection - The network sees the same phone in several places at the same time.

Reactions include shutting them all off so that the real customer will contact the operator

because he lost the service he is paying for, or tearing down connections so that the clone

users will switch to another clone but the real user will contact the operator.

Velocity trap - The mobile phone seems to be moving at impossible or most unlikely speeds.

For example, if a call is first made in Helsinki, and five minutes later, another call is made

but this time in Tampere, there must be two phones with the same identity on the network.

26

Call counting - Both the phone and the network keep track of calls made with the phone, and

should they differ more than the usually allowed one call, service is denied.

PIN codes - Prior to placing a call, the caller unlocks the phone by entering a PIN code and

then calls as usual. After the call has been completed, the user locks the phone by entering the

PIN code again. Operators may share PIN information to enable safer roaming.

Frequent wrong number phone calls to your phone, or hang-ups.

Difficulty in placing outgoing calls.

Difficulty in retrieving voice mail messages.

Incoming calls constantly receiving busy signals or wrong numbers. Unusual calls

appearing on your phone bills.

8. SOLUTION OF THE PROBLEM:

Cloning, as the crime branch detectives divulge, starts when someone, working for

a mobile phone service provider, agrees to sell the security numbers to gray market operators.

Every mobile handset has a unique factory-coded electronic serial number and a mobile

identification number. The buyer can then program these security numbers into new handsets.

The onus to check the misuse of mobile cloning phenomenon falls on the subscriber

himself. The subscribers, according to the officials, should be on the alert and inform the

police on suspecting any foul play. It would be advisable for them to ask for the list of

outgoing calls, as soon as they realize that they've been overcharged. Meanwhile, the crime

branch is hopeful to find out a way to stop the mobile cloning phenomenon.

For example

27

The Central Forensic Laboratory at Hyderabad has reportedly developed software

that would detect cloned mobile phones. Called the Speaker Identification Technique, the

software enables one to recognize the voice of a person by acoustics analysis. These methods

are only good at detecting cloning, not preventing damage. A better solution is to add

authentication to the system. But this means upgrading the software of the operators' network,

and renewing the SIM-cards, which is not an easy or a cheap task. This initiative by the

Forensic Laboratory had to be taken up in the wake of more and more reports of misuse of

cloned mobiles.

9. HOW TO PREVENT CELL CLONING?

Uniquely identifies a mobile unit within a wireless carrier's network. The MIN often

can be dialed from other wireless or wire line networks. The number differs from the

electronic serial number (ESN), which is the unit number assigned by a phone manufacturer.

MINs and ESNs can be checked electronically to help prevent fraud.

Mobiles should never be trusted for communicating/storing confidential information.

Always set a Pin that's required before the phone can be used.

Check that all mobile devices are covered by a corporate security policy.

Ensure one person is responsible for keeping tabs on who has what equipment and that they

update the central register.

How do service providers handle reports of cloned phones?

Legitimate subscribers who have their phones cloned will receive bills with charges

for calls they didn't make. Sometimes these charges amount to several thousands of dollars in

addition to the legitimate charges.

Typically, the service provider will assume the cost of those additional fraudulent

calls. However, to keep the cloned phone from continuing to receive service, the service

provider will terminate the legitimate phone subscription. The subscriber is then required to

activate a new subscription with a different phone number requiring reprogramming of the

phone, along with the additional headaches that go along with phone number changes.

28

How can organizations help themselves?

1. Mobiles should never be trusted for communicating/storing confidential information.

2. Always set a Pin that's required before the phone can be used.

3. Check that all mobile devices are covered by a corporate security policy.

4. Ensure one person is responsible for keeping tabs on who has what equipment and

that they update the central register.

Such preventive measures are our only defence till we get a way or a technique to prevent

cloning of mobile phones.

29

Solution to this problem:

Cloning, as the crime branch detectives divulge, starts when some one, working for a mobile

phone service provider, agrees to sell the security numbers to gray market operators. Every

mobile handset has a unique factory-coded electronic serial number and a mobile

identification number. The buyer can then program these security numbers into new handsets.

The onus to check the misuse of mobile cloning phenomenon falls on the subscriber himself.

The subscribers, according to the officials, should be on the alert and inform the police on

suspecting any foul play. It would be advisable for them to ask for the list of outgoing calls,

as soon as they realize that they've been overcharged. Meanwhile, the crime branch is hopeful

to find out away to stop the mobile cloning phenomenon.

For example -

The Central Forensic Laboratory at Hyderabad has reportedly developed software that would

detect cloned mobile phones. Called the Speaker Identification Technique, the software

enables one to recognize the voice of a person by acoustics analysis. These methods are only

good at detecting cloning, not preventing damage. A better solution is

to add authentication to the system. But this means upgrading the software of the operators'

network, and renewing the SIM-cards, which is not an easy or a cheap task.

This initiative by the Forensic Laboratory had to be taken up in the wake of more and more

reports of misuse of cloned mobiles.

FUTURE THREATS:

Resolving subscriber fraud can be a long and difficult process for the victim. It may take time

to discover that subscriber fraud has occurred and an even longer time to prove that you did

not incur the debts. As described in this article there are many ways to abuse

telecommunication system, and to prevent abuse from occurring it is absolutely necessary to

check out the weakness and vulnerability of existing telecom systems. If it is planned to

invest in new telecom equipment, a security plan should be made and the system tested

before being implemented. It is therefore mandatory to keep in mind that a technique which is

described as safe today can be the most unsecured technique in the future.

30

WHAT CAN BE DONE?

With technically sophisticated thieves, customers are relatively helpless against

cellular phone fraud. Usually they became aware of the fraud only once receiving their phone

bill.

Service providers have adopted certain measures to prevent cellular fraud. These

include encryption, blocking, blacklisting, user verification and traffic analysis: Encryption is

regarded as the most effective way to prevent cellular fraud as it prevents eavesdropping on

cellular calls and makes it nearly impossible for thieves to steal Electronic Serial Number

(ESN) and Personal Identification Number (PIN) pairs. Blocking is used by service providers

to protect themselves from high risk callers. For example, international calls can be made

only with prior approval. In some countries only users with major credit cards and good

credit ratings are allowed to make long distance calls.

1. Blacklisting of stolen phones is another mechanism to prevent unauthorized use. An Equipment Identity Register (EIR) enables network operators to disable stolen

cellular phones on networks around the world.

2. User verification using Personal Identification Number (PIN) codes is one method for customer protection against cellular phone fraud.

3. Tests conducted have proved that United States found that having a PIN code reduced fraud by more than 80%.

4. Traffic analysis detects cellular fraud by using artificial intelligence software to detect suspicious calling patterns, such as a sudden increase in the length of calls or

a sudden increase in the number of international calls.

31

VICTIMS OF PHONE CLONING

Anita Davis, a mobile clone victim. One month, her cell phone bill showed $3,151 worth of calls in one month, to Pakistan, Israel, Jordan, Africa, and other countries.

A Louisville woman was shocked when she got her February cell phone bill from T-Mobile. It was ten times higher than it's ever been before. Equally troubling, she didn't

recognize most of the phone numbers on it.

32

ADVANTAGES

1. If your phone has been lost , you can use your cloned cell phone.

2. If your phone got damaged or if you forgot your phone at home or any other place . Cloned phone can be helpful.

DISADVANTAGES

It can be used by the terrorists for criminal activities.

It can be used by the cloner for fraud calls.

It can be used for illegal money transfer.

33

10. CONCLUSION

Presently the cellular phone industry relies on common law (fraud and theft) and in-

house counter measures to address cellular phone fraud. Mobile Cloning

Is in initial stages in India so preventive steps should be taken by the network provider and

the Government the enactment of legislation to prosecute crimes related to cellular phones is

not viewed as a priority, however. It is essential that intended mobile crime legislation be

comprehensive enough to incorporate cellular phone fraud, in particular "cloning fraud" as a

specific crime.

Some of the forms of fraud presented here have been possible because of design

flaws. The cloning of analogy mobile phones was possible because there was no protection to

the identification information and the cloning of GSM SIM-cards is possible because of a

leaking authentication algorithm. These problems can be countered with technical means.

However, fraud in itself is a social problem.

As such, it may be temporarily countered with technological means but they rarely

work permanently. Mobile phones are a relatively new phenomenon and social norms to its

use have not been formed. Some operators have tried the ``If you can't beat them, join them''

approach and provided services that would otherwise be attained by fraud. As mobile

communication matures, both socially and technologically, fraud will settle to some level.

Until then, it is a race between the operators, equipment manufacturers and the fraudsters.

Mobile Cloning Is in initial stages in India so preventive steps should be taken by the

network provider and the Government the enactment of legislation to prosecute crimes

related to cellular phones is not viewed as a priority, however. It is essential that intended

mobile crime legislation be comprehensive enough to incorporate cellular phone fraud, in

particular "cloning fraud" as a specific crime.

Existing cellular systems have a number of potential weaknesses that were

considered. It is crucial that businesses and staff take mobile phone security seriously

34

11. REFERENCES:

1. IEEE journal for mobile communication

2. Science today magazine

3. Mobile communication Govt. of India reports

4. Mobile phone cloning www.seminarsonly.com

5. Google: www.google.com

6. Wikipedia: www.wikipedia.org

7. Mobile cloning mobiledia.com

http://www.google.com/http://www.wikipedia.org/