back to article Feds crack phone clone scam that cost Sprint $15m

Federal prosecutors have uncovered a scam that used tens of thousands of cloned cellphones to defraud Sprint out of $15m in lost long distance revenue. The operation dates back to at least the latter half of 2009, when cellular customers began complaining that they were billed for international calls they didn't make, according …

COMMENTS

This topic is closed for new posts.
  1. b166er

    Why

    didn't the network software detect this and ban calls from either handset?

  2. scote
    FAIL

    they should be routinely checking for this anyway

    I worked for UK network about 15 years ago and they used to run reports looking for impossible events that meant there was fraud/cloning going on. More fool Sprint for not doing this, its not hard, and now they have lost $15M

  3. Alan W. Rateliff, II
    Paris Hilton

    Sprint is vigilent against fraud? Horse-hockey.

    > “Sprint regularly monitors and works aggressively to identify and respond to fraudulent activity,”

    I call shenanigans on this one. I obtained evidence of account breaches of myself and almost a dozen other Sprint customers a couple of years back. I made a detailed map of the corporate phone tree while trying to make contact with anyone within Sprint who had even the slightest clue as to what I was presenting to them. I finally managed to get hold of one guy who understood exactly what I had, and he was supposed to have a manager call me the next business day. Never heard from them.

    Sprint's fraud group told me that account breaches are outside of their scope of action until the information is used to make fraudulent purchases or calls. In other words, they did not care that the personal information of at least a dozen customers was somehow in the possession of someone without authorization to have that information. They only cared if the information was used within the confines of Sprint itself. Which, I suppose, constitutes the "fraudulent activity."

    Lies and damned lies. I submitted my stack of evidence to the White Collar Crime Center and let them have a go. Who knows where it wound up.

    Paris, it wasn't mine, I swear.

  4. Henry Wertz 1 Gold badge

    No anti-cloning protection?

    If I even force my phone to roam, then let it go back to Verizon, in too short a period of time I get "We're sorry, your phone could not be authenticated at this time" when I try to make calls. Cloning was a big big problem here back in the analog days, and A-Key authentication was already being rolled out by the late 1980s, along with RF fingerprinting. A-Key authentication also works with CDMA. I'm surprised Sprint didn't implement it, since it's been around since day one of CDMA, I'm also surprised their system didn't flag duplicate ESNs (or MEIDs) showing up on the network.

  5. Flugal
    WTF?

    "Princetta"?

    What a truly splendid name Princetta is.

    That is all.

    1. Winkypop Silver badge
      Thumb Up

      Yes it is but...

      ...I prefer: Johnny Santana

      He sounds like a football player or a B-grade actor.

  6. This post has been deleted by its author

  7. C-N
    Terminator

    $15 M at the going rate

    "Eventually, the Sprint investigators discovered that electronic credentials belonging to “tens of thousands of its customers” were used to make international calls that would have cost $15m had they been billed at the going rate."

    So, about ten or twenty hours worth of calls?

    I wonder how many just paid up, and how many early termination fees were incurred over this.

  8. DaveB
    FAIL

    Its easy

    I filled my car up on the M4 in Reading and paid by credit card. I then drove to White Waltham in Maidenhead and flew a private plane to Northern France. When I tried to pay for lunch on the same credit card I was told it was refused.

    Later in the day I got a call from the credit card company to say somebody had tried to use my card in Northern France after use in Reading. I said yes it was me. I was told it was impossible for me to have been in Reading at 8:00am and Northern France by 1:00pm so I explained.

    I was not unhappy that they refused my card, just used another one, but was very impressed with the fact that they noticed that a transaction was suspect.

    So if credit card companies can do it why not Cell phone Networks.

    1. Donald Becker

      "if credit card companies can do it why not Cell phone Networks"

      >> if credit card companies can do it why not Cell phone Networks.

      Easy answer: you sign or otherwise authenticate credit card transactions. You are also likely on camera for bigger transactions. So you can avoid paying for fraudulent charges.

      With a phone, they just assert you made the call. You have to prove that you didn't, which is very nearly impossible. My guess that well over 90% of those falsely billed either didn't notice, or just gave up and paid rather than spend hours trying to get the charges reversed. For Sprint, 90% payment for 'business' that they wouldn't otherwise have is very profitable. There is little motivation to stop it until the problems become too public.

      1. Anonymous Coward
        Unhappy

        No one could clone a user id on OUR system...its always the customer fault

        Where have I heard that before? Oh yes, the banks.

    2. A J Stiles
      Boffin

      Because

      Why? Because the phone companies expect to be able to get paid for the fraudulent calls!

      If the cloned SIM cards were used in the same geographical areas as the originals, and the cloners hadn't been so greedy with the volume of calls they ran up, then the whole scam would have been that much harder to detect.

      (ProTip: Your first clue that someone has a clone of your SIM is text messages disappearing even though the sender received an acknowledgement. Once a phone with a SIM with your number on it has accepted the message, it's deleted from the message service centre. You can prove it, if you must, by cloning your own SIM -- all the kit you need is out there, if you search -- and connecting it up to your last year's mobile. Usual precautions apply: don't have the phones with the original and cloned SIMs switched on at the same time, and stay within range of the same base station. You're not actually breaking any law by cloning your own SIM, but you don't want to draw attention to yourself either.)

  9. James Woods

    wahh wahh wahh

    it's good to see who our feds work for, corporate america.

    Sprint and the other cellphone companies would laugh in your face if you try to dispute phone charges or if you want to terminate a contract early because of poor service.

    All the companies use phones made pretty much with child labor and/or parasitic wages and sell them for big bucks.

    As far as what Alan W. Rateliff II posted, we had an incident like this with a stolen credit card being used to attempt to pay us with PayPal.

    We never approved the transaction, PayPal referred the legitimate customer to us (even though PayPal has the CC information, not us) and they layed it all on our doorstep and we didn't even accept it.

    We handed over all the ip logs and other information that would help PayPal prosecute the people behind it but I know they did nothing.

    Now let them catch one of my servers trying to breach into paypal and watch how long it takes for the feds to show up and pull the cord.

    Good to see our tax dollars hard at work, wouldn't want to see a corporate monopoly lose any money.

  10. Anonymous Coward
    FAIL

    CDMA instead of GSM?

    Now if Sprint would just use real technology instead of that knock-off stuff they use, this wouldn't happen.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022