Oh look a gawker link. I wonder what's inside?

i am underpaid

I'm an IT professional and a couple of years ago I was wondering how I could make some money on the side, and then I realized that the only people outside of large corporations that would be interested in my services would be drug dealers.

I'm a mobile device analyst, with a specialty in smartphones.

I thought the subject of the article was big time, then

He's set up two crews with his cell phone system.

Two?

asciibaron: i am underpaid

No shiat. Thousands of dollars a month to install keyloggers and maintain a spreadsheet listing of prepaid SIM cards.

I like that he does his work in front of precincts for safety, but all it takes is one uninstalled Angry Birds app and that dude is D-E-A-D.

It fascinates me, the ingenuity of the criminal mind, sometimes, and how some of these people are working much harder at being crooks, than if they just used their innate talents in a non-criminal life.

JerseyTim: StrangeQ: Oh look a gawker link. I wonder what's inside?

An interesting piece of reporting.

Yep. It touches upon a subject near and dear to my heart, SIGINT.

I have to say, though, that I identified a vulnerability in 'Martins' set up. With a bit of patience, it would be rather trivial to identify all the numbers for all the phones. His problem is that the setup rotates back around again.

Say you have 3 dealers, Alvin, Simon, and Theodore. They each get a phone, and they each get 14 SIM cards for each phone, each of which has a different number, and they are pre-loaded with the other numbers.

Say Simon comes under suspicion of the police, for reasons unrelated to their communications. The police go to the wireless providers and say "We suspect Person S, living at 123 XYZ Street is a drug dealer. Here is a subpoena/warrant/request/whatever for all wireless numbers that have made or received calls within a 20 meter radius of that location in the last 3 months".

All they will get is a list of phone numbers like "555-1212 called 555-1231 at 21:45 2012/01/23".

It will be pretty evident that 555-1212 is only used for a single day every two weeks by simply sorting the calls by number and looking at the dates. It's basic farkin' traffic analysis. Even the *POLICE* could handle doing something like that, all you need to do is import the data into a spreadsheet.

So now you've identified the pattern, you can find Simon's other phone numbers, a trivial exercise. And you've also identified the other phone numbers that his phones talk to. You can then ask for location data from the wireless providers to help you figure out who A and T are (Alvin, and Theodore).

The better solution is to simply just get new phones, or new cards, on a regular basis, and to never repeat. If cost is an issue (but why would it be?), a somewhat better solution than a repeating pattern would be to set up a randomized rota: Once a month print out a little mini calendar with each date, and a random number from 1 to 14 for each day of the month (or whatever, more is better), the number corresponding to a particular card. Each day, the members look at their schedule, and swap in the appropriate card. Eventually someone might be able to suss out the network with enough data, but it would be harder than with a regular repeating schedule.

What if the phone system does not work? Does the drug dealers have any recourse? Does he guarantee the system?

How many geeks are going to read this and think they can do it too and start hanging out in the wrong part of town? I picture in my mind, National Lampoons Vacation when Clark has to ask for directions.

dittybopper: JerseyTim: StrangeQ: Oh look a gawker link. I wonder what's inside?

An interesting piece of reporting.

Yep. It touches upon a subject near and dear to my heart, SIGINT.

I have to say, though, that I identified a vulnerability in 'Martins' set up. With a bit of patience, it would be rather trivial to identify all the numbers for all the phones. His problem is that the setup rotates back around again.

Say you have 3 dealers, Alvin, Simon, and Theodore. They each get a phone, and they each get 14 SIM cards for each phone, each of which has a different number, and they are pre-loaded with the other numbers.

Say Simon comes under suspicion of the police, for reasons unrelated to their communications. The police go to the wireless providers and say "We suspect Person S, living at 123 XYZ Street is a drug dealer. Here is a subpoena/warrant/request/whatever for all wireless numbers that have made or received calls within a 20 meter radius of that location in the last 3 months".

All they will get is a list of phone numbers like "555-1212 called 555-1231 at 21:45 2012/01/23".

It will be pretty evident that 555-1212 is only used for a single day every two weeks by simply sorting the calls by number and looking at the dates. It's basic farkin' traffic analysis. Even the *POLICE* could handle doing something like that, all you need to do is import the data into a spreadsheet.

So now you've identified the pattern, you can find Simon's other phone numbers, a trivial exercise. And you've also identified the other phone numbers that his phones talk to. You can then ask for location data from the wireless providers to help you figure out who A and T are (Alvin, and Theodore).

The better solution is to simply just get new phones, or new cards, on a regular basis, and to never repeat. If cost is an issue (but why would it be?), a somewhat better solution than a repeating pattern would be to set up a randomized rota: Once a month print out a little mini calendar wi ...

One issue, is that the calls may not be made from the same location, so that could help the dealers out. The only problem I see with his plan, is that most people are stupid. They will get sick of swapping cards out. They will start to use the same card over and over. Or they will carry the pill bottle with them, or store the pill keeper somewhere at their house. Once they get raided, cops will have all 14 cards. In addition, what if you call me before I swap out and I get busted? The phone now has the number from yesterday, and your number today. I think your randomized idea is an improvement, but again, it involves re-use. That's what did the Germans in with their cyphers. They were supposed to use one-time-only pads, and they started re-using pads multiple times. Thus, it gave a way for the allies to decode their messages. I can't think of any way around it, but if your plan requires a human being to regularly perform a set of actions consistently, your plan has a major flaw. Very few people would be dedicated enough to actually follow through. Laziness will get the better of them.

Also, he mentions needing fake IDs to buy pre-paid phones/sims. Seems to me the easiest/cheapest thing would be just to hop the border to New Jersey and buy your cards from there.

dittybopper: JerseyTim: StrangeQ: Oh look a gawker link. I wonder what's inside?

An interesting piece of reporting.

Yep. It touches upon a subject near and dear to my heart, SIGINT.

I have to say, though, that I identified a vulnerability in 'Martins' set up. With a bit of patience, it would be rather trivial to identify all the numbers for all the phones. His problem is that the setup rotates back around again.

Say you have 3 dealers, Alvin, Simon, and Theodore. They each get a phone, and they each get 14 SIM cards for each phone, each of which has a different number, and they are pre-loaded with the other numbers.

Say Simon comes under suspicion of the police, for reasons unrelated to their communications. The police go to the wireless providers and say "We suspect Person S, living at 123 XYZ Street is a drug dealer. Here is a subpoena/warrant/request/whatever for all wireless numbers that have made or received calls within a 20 meter radius of that location in the last 3 months".

All they will get is a list of phone numbers like "555-1212 called 555-1231 at 21:45 2012/01/23".

It will be pretty evident that 555-1212 is only used for a single day every two weeks by simply sorting the calls by number and looking at the dates. It's basic farkin' traffic analysis. Even the *POLICE* could handle doing something like that, all you need to do is import the data into a spreadsheet.

So now you've identified the pattern, you can find Simon's other phone numbers, a trivial exercise. And you've also identified the other phone numbers that his phones talk to. You can then ask for location data from the wireless providers to help you figure out who A and T are (Alvin, and Theodore).

The better solution is to simply just get new phones, or new cards, on a regular basis, and to never repeat. If cost is an issue (but why would it be?), a somewhat better solution than a repeating pattern would be to set up a randomized rota: Once a month print out a little mini calendar with each date, and a random number from 1 to 14 for each day of the month (or whatever, more is better), the number corresponding to a particular card. Each day, the members look at their schedule, and swap in the appropriate card. Eventually someone might be able to suss out the network with enough data, but it would be harder than with a regular repeating schedule.

This is some nerdy kid who wanted to hang out with gangbangers so went to the club to throw his make your own business card around.

These drug dealers are only paying for peace of mind. Though to be fair, plenty of larges business waste large sums of money for the same thing

ChuDogg: This is some nerdy kid who wanted to hang out with gangbangers so went to the club to throw his make your own business card around.

These drug dealers are only paying for peace of mind. Though to be fair, plenty of larges business waste large sums of money for the same thing

Agreed.

The smartest thing he could do is have a couple of grand in cash, sitting, ready to go at a moments notice. If this network fell apart, or they get busted, who are they coming after first? Better be ready to buy a one-way ticket out of there (being sure to throw your "business" phone in the garbage before you go).

kidgenius: dittybopper: Also, he mentions needing fake IDs to buy pre-paid phones/sims. Seems to me the easiest/cheapest thing would be just to hop the border to New Jersey and buy your cards from there.

I think he's smart enough to claim he's charging triple for fake IDs when he's actually paying the toll to get to Jersey... although the price of those IDs can't be much less than the tolls at this point.

Unimpressed:

Have you seen this man? Wanted for Questioning.

kidgenius: One issue, is that the calls may not be made from the same location, so that could help the dealers out.

Invariably, though, at least some of the calls they would make during the day would be from that location, and the police would have a bunch of data to work with.

The only problem I see with his plan, is that most people are stupid. They will get sick of swapping cards out. They will start to use the same card over and over. Or they will carry the pill bottle with them, or store the pill keeper somewhere at their house. Once they get raided, cops will have all 14 cards. In addition, what if you call me before I swap out and I get busted? The phone now has the number from yesterday, and your number today. I think your randomized idea is an improvement, but again, it involves re-use.

The idea here is to prevent the police from seeing a particular pattern. How do they know that a particular number isn't just some unlucky Shmoe who happens to be walking by? There isn't a regular pattern they can immediately latch on to, though I did point out that with enough data, they could still identify those numbers.

That's what did the Germans in with their cyphers. They were supposed to use one-time-only pads, and they started re-using pads multiple times. Thus, it gave a way for the allies to decode their messages.

Actually, it was the Soviets during WWII. Because of the pressures of creating and distributing one time pad sets globally while the Wehrmacht was knocking on the Kremlin's door, they reused OTPs, which is a major no-no. It allowed us to get a glimpse into their secret agent communications. We never broke more than a small fraction of the traffic, but what we did manage to read was significant. It was called "The Venona Project". I suspect you were confusing that with the Polish/French/British/American efforts to break the various Enigma machine ciphers, or perhaps the German 'GEE' machine which automated one time pad production, but it was broken because the machine produced predictable output (ie., it didn't produce truly random pads).

I can't think of any way around it, but if your plan requires a human being to regularly perform a set of actions consistently, your plan has a major flaw. Very few people would be dedicated enough to actually follow through. Laziness will get the better of them.

This is always a flaw in any communications system.

Also, he mentions needing fake IDs to buy pre-paid phones/sims. Seems to me the easiest/cheapest thing would be just to hop the border to New Jersey and buy your cards from there.

Chuck Schumer is a *US* Senator. If he's proposing something, it's likely that he means federally, not at the state or local level.

JerseyTim: StrangeQ: Oh look a gawker link. I wonder what's inside?

An interesting piece of reporting.

I honestly wasn't expecting that from gawker. Not a celebrity name drop or political sex gossip tale in site. Feels odd.

Another thing about the SIM card swap: it may change the phone numbers, but every GSM phone has a baked-in serial number (IMEI, International Mobile Equipment Identifier). If the cops analyze traffic by IMEI, the SIM swaps mean nothing.

His system is designed to defeat 95% of police investigations. It isn't going to defeat them all. But most likely they don't need to defeat them all. As long as they are running a low level organization that doesn't get into a lot of violent altercations, they aren't going to attract the attention of the types of investigators that will have the quality SIGINT people that can defeat this system.

dittybopper:
So now you've identified the pattern, you can find Simon's other phone numbers, a trivial exercise.

How is that a trivial exercise exactly? How did the figure out what his first phone number was for that matter. You seem to skip over the part where the get the phone numbers. Yes the police can get you phone records, but only if they know your phone number and none of those phones are going to be in their name.

Any relation to Stephen King's IT?

DammitIForgotMyLogin: Or, if the system is set up the way they describe, you just need to track the IMEI number and bingo, you've got all their phones

Fubegra: Another thing about the SIM card swap: it may change the phone numbers, but every GSM phone has a baked-in serial number (IMEI, International Mobile Equipment Identifier). If the cops analyze traffic by IMEI, the SIM swaps mean nothing.

IMEI's can be permanently changed or spoofed rather easily on many phones.

But if they are using cheap phones for the drugs phones anyway, then purchasing a separate phone to use with each SIM is also a trivial matter for drug kingpins. Sure your storage requirement is enlarged to that of a shoebox rather than a pillbox, but then you have 14 separate IMEI's for each of the 14 SIM cards without the need to spoof.

2wolves: dittybopper: I have to say, though, that I identified a vulnerability in 'Martins' set up. With a bit of patience, it would be rather trivial to identify all the numbers for all the phones. His problem is that the setup rotates back around again.

Given the level of knowledge show by the reporter this may not be "Martin's" error.

This is an issue with all reporting.

The thing is that I think "Martin" is clever, but not really as clever as he thinks. He's got no real experience in SIGINT matters, and he doesn't really understand that he's playing against an opponent that has pretty much unlimited resources.

Of course, if he's just setting up 'tactical' communications for what are essentially low-level dealers, it's appropriate enough. You don't necessarily need or want a completely secure system for what are essentially cannon fodder anyway.

If I were in charge of the communications infrastructure for an organization like that, I'd use provably secure methods (like One Time Pads) for my major shipping and other high level arrangements. I'd hire dirt poor South American farmers to roll 10-sided dice over and over, typing the results on manual typewriters on two-part blank forms. That way you can't really duplicate them without it being obvious. All encrypting and decrypting would be done manually by pen and paper, and the used pads immediately burned, along with worksheets and such. I've made pads myself that way:



You'd be surprised at how much key material you can manually generate that way in a relatively short amount of time. A single page takes maybe 30 minutes when you get into the swing of it. A single person working for 8 hours could generate 16 pages, and over the course of 6 days, that's almost 100 pages.

You turn your message into numeric equivalents using a straddling checkerboad, and then you use non-carrying addition to 'add' the pad groups, producing your ciphertext which you can then transmit by whatever method you see fit.

For those kinds of communications, convenience needs to take a back seat to security, and you'd be arranging stuff for the future anyway, so immediacy is less of an issue. Plus, you don't want them to be able to break them after 5 years because they can still charge you.

For organizations dedicated to smuggling large quantities of illicit substances, transferring new pads would be a trivial exercise, and you can place them in tamper-evident packaging so you'll know if a set of pads has been 'blown' during transit.

For the lower-level kind of stuff, "Martin"s solution is OK, but like I said I would tweak it a bit to make it more random.

Any Pie Left: It fascinates me, the ingenuity of the criminal mind, sometimes, and how some of these people are working much harder at being crooks, than if they just used their innate talents in a non-criminal life.

If you know anywhere you can earn two or three grand a month for reloading prepaid phones, keeping a list of SIM cards and running an installer now and then I'd love to hear it....

I think this article says a lot more about the incredible lack of technical knowledge of his clients than it does the quality of his skills.

cenobyte40k: dittybopper:
So now you've identified the pattern, you can find Simon's other phone numbers, a trivial exercise.

How is that a trivial exercise exactly? How did the figure out what his first phone number was for that matter. You seem to skip over the part where the get the phone numbers. Yes the police can get you phone records, but only if they know your phone number and none of those phones are going to be in their name.

Go back and read what I wrote again.

A better idea would be to run your own asterisk server on a vm, get phones with a sip app and wifi only connectivity, and connect only through tor network. or better yet, make your own arduino device with a sip app installed, pointing to your asterisk server. The host server will have the hd passphrase encrypted, bios/power on password, and a self destruct mech if a certain action isnt performed within x mins of uptime.

His technique is so 1990's. Even the name 'burners' for his phone is old, except we used to called them 'burned' or 'burnt'. I recall some old motorola device with an eeprom contained a mix of esn/numbers, but I don't know if that was just a dream. He has too much action for too little pay out.

weiserfireman: His system is designed to defeat 95% of police investigations. It isn't going to defeat them all. But most likely they don't need to defeat them all. As long as they are running a low level organization that doesn't get into a lot of violent altercations, they aren't going to attract the attention of the types of investigators that will have the quality SIGINT people that can defeat this system.

That's true, sort-of. As I pointed out later on, it's a decent low-level tactical comm system. Not perfect, but generally good enough so long as none of them get arrested or otherwise come to the attention of the police.

Phhsssh, old school, about the only thing throwaways are good for is snooping spouses.

child_god: A better idea would be to run your own asterisk server on a vm, get phones with a sip app and wifi only connectivity, and connect only through tor network. or better yet, make your own arduino device with a sip app installed, pointing to your asterisk server. The host server will have the hd passphrase encrypted, bios/power on password, and a self destruct mech if a certain action isnt performed within x mins of uptime.

But now you've got a less useful system, as they'll need to be within wi-fi coverage to make/receive calls. And then you're back to them needing smartphones if they want an inexpensive and simple solution. You've also now got a fixed location that all your communications are running through, so even if you can't see/hear what is being sent, you can start connecting the dots.

dittybopper: JerseyTim: StrangeQ: Oh look a gawker link. I wonder what's inside?

I have to say, though, that I identified a vulnerability in 'Martins' set up. With a bit of patience, it would be rather trivial to identify all the numbers for all the phones.

For this to work, you have to assume the PD has a competent Crime Fighting IT Unit, or authorizes its guys to speak up when they have a suggestion.

NY City might, but bum-fark county nowheresville doesn't.

M-G: child_god: A better idea would be to run your own asterisk server on a vm, get phones with a sip app and wifi only connectivity, and connect only through tor network. or better yet, make your own arduino device with a sip app installed, pointing to your asterisk server. The host server will have the hd passphrase encrypted, bios/power on password, and a self destruct mech if a certain action isnt performed within x mins of uptime.

But now you've got a less useful system, as they'll need to be within wi-fi coverage to make/receive calls. And then you're back to them needing smartphones if they want an inexpensive and simple solution. You've also now got a fixed location that all your communications are running through, so even if you can't see/hear what is being sent, you can start connecting the dots.

Obviously these guys should have sought out a business analyst before jumping straight into an IT solution.

dittybopper: 2wolves: dittybopper: I have to say, though, that I identified a vulnerability in 'Martins' set up. With a bit of patience, it would be rather trivial to identify all the numbers for all the phones. His problem is that the setup rotates back around again.

Given the level of knowledge show by the reporter this may not be "Martin's" error.

This is an issue with all reporting.

The thing is that I think "Martin" is clever, but not really as clever as he thinks. He's got no real experience in SIGINT matters, and he doesn't really understand that he's playing against an opponent that has pretty much unlimited resources.

Of course, if he's just setting up 'tactical' communications for what are essentially low-level dealers, it's appropriate enough. You don't necessarily need or want a completely secure system for what are essentially cannon fodder anyway.

If I were in charge of the communications infrastructure for an organization like that, I'd use provably secure methods (like One Time Pads) for my major shipping and other high level arrangements. I'd hire dirt poor South American farmers to roll 10-sided dice over and over, typing the results on manual typewriters on two-part blank forms. That way you can't really duplicate them without it being obvious. All encrypting and decrypting would be done manually by pen and paper, and the used pads immediately burned, along with worksheets and such. I've made pads myself that way:

[i55.tinypic.com image 320x240]

You'd be surprised at how much key material you can manually generate that way in a relatively short amount of time. A single page takes maybe 30 minutes when you get into the swing of it. A single person working for 8 hours could generate 16 pages, and over the course of 6 days, that's almost 100 pages.

You turn your message into numeric equivalents using a straddling checkerboad, and then you use non-carrying addition to 'add' the pad groups, producing your ciphertext which you can then transmit by wh ...

Your comments in here have been fascinating as hell. Enjoy your month of TF.

Comic Book Guy: our comments in here have been fascinating as hell. Enjoy your month of TF.

Thanks!

BHShaman: dittybopper: JerseyTim: StrangeQ: Oh look a gawker link. I wonder what's inside?

I have to say, though, that I identified a vulnerability in 'Martins' set up. With a bit of patience, it would be rather trivial to identify all the numbers for all the phones.

For this to work, you have to assume the PD has a competent Crime Fighting IT Unit, or authorizes its guys to speak up when they have a suggestion.

NY City might, but bum-fark county nowheresville doesn't.

Bum-fark county drug dealers wouldn't go to that much trouble to secure their communications, either, so it balances out.

dittybopper: Comic Book Guy: our comments in here have been fascinating as hell. Enjoy your month of TF.

Thanks!

Now that he's done you that favor, he's gonna need one in return...

/Offer you can't refuse!

dittybopper: JerseyTim: StrangeQ: Oh look a gawker link. I wonder what's inside?

An interesting piece of reporting.

Yep. It touches upon a subject near and dear to my heart, SIGINT.

I have to say, though, that I identified a vulnerability in 'Martins' set up. With a bit of patience, it would be rather trivial to identify all the numbers for all the phones. His problem is that the setup rotates back around again.

Say you have 3 dealers, Alvin, Simon, and Theodore. They each get a phone, and they each get 14 SIM cards for each phone, each of which has a different number, and they are pre-loaded with the other numbers.

Say Simon comes under suspicion of the police, for reasons unrelated to their communications. The police go to the wireless providers and say "We suspect Person S, living at 123 XYZ Street is a drug dealer. Here is a subpoena/warrant/request/whatever for all wireless numbers that have made or received calls within a 20 meter radius of that location in the last 3 months".

All they will get is a list of phone numbers like "555-1212 called 555-1231 at 21:45 2012/01/23".

It will be pretty evident that 555-1212 is only used for a single day every two weeks by simply sorting the calls by number and looking at the dates. It's basic farkin' traffic analysis. Even the *POLICE* could handle doing something like that, all you need to do is import the data into a spreadsheet.

So now you've identified the pattern, you can find Simon's other phone numbers, a trivial exercise. And you've also identified the other phone numbers that his phones talk to. You can then ask for location data from the wireless providers to help you figure out who A and T are (Alvin, and Theodore).

The better solution is to simply just get new phones, or new cards, on a regular basis, and to never repeat. If cost is an issue (but why would it be?), a somewhat better solution than a repeating pattern would be to set up a randomized rota: Once a month print out a little mini calendar wi ...

I noticed this too, I figured he didn't want to give everything away and it might be his "budget" plan.

Sometimes with security you only can go to the "pain in the ass to figure out" level.

My buddy actually does IT work for a Dominatrix male, porn, and escort services. Which is funny because he's the nerdiest looking dude you've ever seen, but he's 7 feet tall so maybe that has something to do with it.

05231 52017 92252 03249 36714
87868 90892 26484 36361 05231

Everything you need to decode that is in my profile.

Snow Monkey: dittybopper: Comic Book Guy: our comments in here have been fascinating as hell. Enjoy your month of TF.

Thanks!

Now that he's done you that favor, he's gonna need one in return...

/Offer you can't refuse!

I'm available for free SIGINT advice.

/Communicate using sloppy, hand keyed Morse. There aren't any real dittyboppers left anymore, and computers can't reliably copy really bad CW.

You mean you can get paid do that that instead of just having to do it for free for your boss? Shiat.

dittybopper: 05231 52017 92252 03249 36714
87868 90892 26484 36361 05231

Everything you need to decode that is in my profile.

I'm drinking my farkin' Ovaltine, get off it already.

Comic Book Guy: dittybopper: 05231 52017 92252 03249 36714
87868 90892 26484 36361 05231

Everything you need to decode that is in my profile.

I'm drinking my farkin' Ovaltine, get off it already.

It's not Ovaltine without a little St. Brendan's in it.

/I do something similar here in Orlando, just not so much with shady characters.

Any Pie Left: It fascinates me, the ingenuity of the criminal mind, sometimes, and how some of these people are working much harder at being crooks, than if they just used their innate talents in a non-criminal life.

I suspect that before 'Martin' started his endeavours corporate America had decided they didn't want him. Repeatedly. At some point prior to going 'fark it' and taking a drug dealers phone call.

You don't set out to do IT work for the local drug runners (or car crew or shaddy businesses in general) you just end up falling in to it. At least in my experience.