Great article
A lot of technical and background information explained clearly, thanks!
Hmmm.... so I can set up a local phone network with a backpack...
Following the success of hijacked network Free Libyana, we took the opportunity to talk to some engineers about the complexity of lifting someone else's infrastructure, and discovered there isn't much. In April this year, Ousama Abushagur hacked into the infrastructure built by the Libyana network in Libya. He cut the …
GSM actually has a "private GSM network" option. I know my old Siemens S46 had this choice.
I really don't know if there's any actual spectrum set aside, but the GSM spec allows for the possibility of running your own GSM network within your house or whatever (well, probably meant for businesses) so you could switch your existing phone over and avoid all those fees.
The whole basis of a cell phone intercept based on OpenBTS and a software radio is that there is really NO phone on the market at the moment that follows the GSM standards properly and tell you that it has been instructed to work in unencrypted mode (thanks, anti-terrorist idiots - why couldn't you leave it at LEGAL intercept?).
This means that you set up a cell as "foreign" and null the authorisation so any phone cal log in, then you go live and jam local GSM for a few seconds so each phone will initiate a new seek to the strongest signal (it's not subtle, so you'd only do that if you're in a hurry, otherwise it'll happen in less than 5 mins anyway). And hey, presto, no keys needed and you can intercept anything that is near - as long as you hand off calls nobody will notice a changed route.
The above setup costs less than $1000 (mostly the transceiver). On a budget you can also sniff SMS, that's even easier (because SMS is actually a control signal). A couple of Motorola phones and a laptop and you can reasonably be sure that no SMS in the vicinity escapes. Or get a cheap Chinese receiver for $300 or so - easier to set up.
That's why we set up a secure mobile call service - we *know* how easy it is to intercept as we work with researchers in that field. It takes a bit more knowledge than your average voicemail hack (for which we have solutions too), but it no longer needs a rocket scientist, and this situation is not likely to improve soon.
On events hosted by the CCC there regularly is a home grown GSM network.
http://events.ccc.de/camp/2011/wiki/GSM
You can either do that with a GSM station you bought from eBay (heavy) or use an USRP. (Though I doubt the second will work without external clock)
Actually that's moderately simple. You just need to have a considerably stronger signal than the official uplink station, or you need to use an empty transponder which is turned on.
It is regularly done with UHF Satcom satellites of the US military. On the downlink frequency of 255.55 MHz you will often find satellite pirates.
What I would like to be able to do is when travelling overseas carry a small personal router sized piece of kit that connects back over the internet to a similar device in my home country (can make use of DDNS). This would build and present my home country mobile network for me to make and receive calls as if I were in my home country. I would also expect sms to work. The micro cell bridge would cover a few or perhaps 10-15 meters only and would have an admin interface where I could permission handsets so such that other users would not connect and incur roaming charges thinking they were in my home country. 2 or 3G. Does anyone know of such a product?
Thanks! Craig.
Technically that's easy, even demonstrated earlier this year (http://www.theregister.co.uk/2011/01/26/attocells/), but its also illegal as your operator has no rights to use spectrum elsewhere in the world.
So I wouldn't hold your breath for a solution on this one.
Bill.
Skype?
Call forward from your cell to skype before you set off... Yeah you will pay to recieve calls, but it would still be cheaper.
Bonus.. that 10-15m zone will be much larger - poolside wifi provided in hotel... skype available, anywhere with wifi.. skype available.
or you know, you could just buy a cheap pay&go sim at your destination with a bit of data and use skype on your mobile over the existing 3g.. (Assuming this works - it did years ago when I last used skype on the mobile)
Of such snippets of information is much security theatre built!
How many instances of hi-tech terrorism has the world seen? Precious few. Even lulzsec have managed to cause more irritation and gain vastly wider publicity than politically motivated s'kiddies doing website defacements.
It boils down to the fact that having your phonecalls recorded or having your position tracked or even having your credit card cloned just isn't terrifying in the same way that a few pounds of crude homebrew explosive going off in your local pub is. The latter is much simpler to plan and execute too, requiring much less specialist knowledge or equipment.
...a rescue chopper or Coast Guard boat carrying one of these and rerouting all the 911 calls in the area, boosting the signal of stranded people in the vicinity of disaster areas.
This would be something prepared to replace all the local networks and made recognizable by all mobiles in the area, right?
Remember the latest disaster situations, when all phones, including mobiles, failed?
Oh, they do that already? My mistake.