Cellular Disintegration By Tom Cross September 25, 1995 "It was like watching the disintegration of a person. It can be so, so destructive." That is how Jeremy Crushing's mother described her son's addiction to computers. Crushing was arrested in September for cellular phone fraud. His mother described him as an honors student who became consumed by the heady thrills of the computer underground. She said that the arrest had left her family humiliated and searching for answers. "These kids get involved in all this computer stuff, it becomes a game to them, then its addictive," she said, sobbing. "When Jeremy got involved in computers, we thought, 'Isn't this marvelous?' We were naive. Parents need to be very alert about computers. If I had a youngster today, I'd tell them, 'No modems!'" Her son faces up to 15 years in prison. She decided not to put her home up to secure bail for her only child, saying "I couldn't do that. The bottom line is he had choices. He had the opportunity to stop. He's a very bright young man. Its a waste." For most people, these quotes reinforce a fear of technology. They take such stories very seriously, banning their children from using computers, or locking up their modems. The idea of children being pulled into an evil world filled with hackers and criminals has even prompted congressional action censoring electronic speech. However, some people read these stories and share Jeremy Crushing's frustration. Frustration at being so deeply misunderstood. Most people don't know much about their cellular telephones. You dial the number, push send, and it works; cellular telephones are merely a different kind of phone. However, for a computer hacker, a cellular telephone is much more than just a phone. Computer hackers love to explore technology, and search for creative uses for these technologies which weren't intended. Hackers realize that cellular telephones aren't just phones, they are also radios and computers. When a person places a call on a cellular phone, his billing number and his entire conversation are broadcast on the open air-waves for miles around. This opens cellular telephones up to all sorts of problems. In fact, from a security perspective, the cellular telephone network is one of the worst designed telecommunications networks in the world. Fraud has always been a problem for the cellular industry. In 1984, Southern New England Telephone set up it's first cellular telephone switches. At the time the engineers thought that they owned the only cellular telephones in New England. They turned on the network for a day and drove around their service area with a few phones running tests on connectivity and reception. When they drove back to the office that night they noticed that six fraudulent calls had been placed on their network. They didn't even have any subscribers yet! In 1986, Phrack magazine, a technical and cultural zine for computer hackers, published an extensive article on the cellular standards. They pointed out many different problems in the design of the network which could allow for fraud. The hackers predicted phones which would grab ESNs out of the air, use them for one fraudulent call, and then discard them; providing the user with free service, total anominity, and undetectability. In order to solve these problems the entire cellular network would have to be reworked and rebuilt. The cellular industry didn't want to loose its investment, so it ignored the hackers. Unfortunately, the Mafia didn't ignore the hackers. Today, tumbled and cloned cellular phones are as common as guns in low income inner city neighborhoods. These phones provide drug dealers with anominity and a free way to make deals. More than 80% of the fraudulent calls go to a handful of countries; mainly Columbia, Pakistan, and Turkey. You can rest assured that the callers aren't ordering coffee. Also, drug dealers have found that phone service was an even more lucrative business than drugs. It is almost impossible for illegal immigrants to get a telephone in this country, so street corner call-sell operators have started providing long distance service to those who can't provide proper ID for a legal phone. Another problem has come from the HAM Radio world. Cellular conversations are broadcast for miles around a phone. Anyone with a scanning radio receiver or an old UHF TV can listen in. By the time the cellular industry realized it was in big trouble, it had already invested billions in a poorly designed network. Instead of trying to solve its problems technologically, with encryption or other security tools, the cellular industry handed its problem off to someone else, the United States Government. The first federal law dealing with cellular fraud dealt with scanning. A federal law was passed making it illegal for anyone to listen in on cellular telephone conversations. Of course this is totally unenforceable, however, a few listeners have been surprised when they have called the police to report a crime they overheard and ironically found themselves in jail. It is important to note that the law made an exception for police officers. Any police officer can listen to cellular conversations all he wants, without a warrant. However, the same does not apply to you and I. This law was not enough for the cellular industry. They needed a way to defend themselves from fraud. So, they cooked up a law making it illegal to posses any modified telecommunications device, or even the equipment needed to modify a telecommunications device. This law is so broad the anyone caught with a soldering iron could conceivably be imprisoned for 15 years. How could they get such a draconian piece of legislation passed through Congress? Easy, by hiding it and lying about it. This law was made a part of the Communications Assistance for Law Enforcement Act of 1994; the Digital Telephony Bill. Most remember this as the law which required Telephone Companies to provide wiretaps to law enforcement from anywhere, at any time. The amendments to 18 U.S.C. 1029 in this bill which apply to cellular fraud are so small and scattered that it is not easy to notice them. However, their effects are devastating. These amendments were proposed by the Cellular Telecom Industry Association, and backed with a report on fraud that you can order via fax at (202) 758-0721 #3116. While sound bites claim the cell industry looses as much as 1 million dollars a day to cloned phones, these reports tell a different story. Not only is everything from stolen phones to bad checks thrown into these figures, but the CTIA's own reports show a 65 million dollar discrepancy in various reported losses to fraud for fiscal year 1993. If you think it is fearful that such a draconian law can be passed on such a shaky basis, you haven't heard anything yet. While many law enforcement agencies saw this law as a way to finally go after the Mafia and call sell operators, the United States Secret Service had another idea in mind. Computer Hackers found a multitude of interesting ways to experiment with cellular telephony. Hackers were able to get inside their cell phones and make them do things their designers never imagined. With some understanding of the cell network and some programming experience, hackers could take total control of the cellular network. A company called Network Wizards (info@nw.com) sells an interface which allows one to totally control their cellular phone from their computer. By rearranging the way the cell phone interacts with the network a hacker can see all of the phones that are ringing in his area. Any call can be tapped, disconnected, and even briefly entered. Key presses on other cell phones can be decoded, and the physical location of the caller can even be extrapolated with a little prior research. Hackers discovered these tricks because they love the intellectual challenge and the power of totally understanding something most people cannot begin to grasp. Some hackers went further, adding video games and calculator functions into their cell phones. Most complained loudly to the cellular industry and the public at large about the massive security problems inherent here. Instead of recognition for revealing these problems, they were accused of violating people's privacy The United States Secret Service's policies on fighting phone fraud can be summed up in four words: GO AFTER THE KIDS. The USSS believes that the kids are responsible for finding the security holes and teaching the Mafia. No hackers, no security holes are discovered, no fraud. So, instead of going after the people who steal thousands of dollars in phone service every day, the Secret Service goes after the kids who are trying to learn about the technology. And, they go after them with military force. They raid teenage hackers with 10-20 fully armed agents who circle a house and surprise its residents early in the morning. They ransack the house, seizing any computer equipment, video games, disks, CDs, videos, printouts, books and magazines they can find. Often equipment is damaged or never returned. Then they drag the hacker through the legal system for years, costing him thousands in legal fees. They believe that if they raid hackers as harshly as possible they can scare them and their friends from ever touching a computer again. THAT IS NOT LAW ENFORCEMENT, THAT IS TERRORISM! However, such raids are well documented and relatively common occurrences. One of the USSS's most flagrant abuses is the current case against Ed Cummings, better known as Bernie S. Bernie S. is a Philadelphia computer repair man and a hacker. He sells parts for Red Boxes, devices used by hackers to gain free long distance service. Although using Red Boxes is illegal, selling parts for them, and discussing them, is not. Furthermore, as Red Box fraud is generally committed by experimenters and not those wanting to steal phone service, it costs phone companies little and they generally ignore it. However, Bernie S. was not so lucky. When he met a group of young African American hackers at a 7-11 in Philly to sell some Red Box parts, the owner of the 7-11 decided he must be buying drugs and called the police. Twelve squad cars responded to the call, and they were shocked when they found nothing illegal at all. Determined that they were going to bust somebody for something, they seized all the electronics parts in Bernie S's car. Then, not knowing what they had, they called in the Secret Service. The Secret Service drove out to the police station with a Red Box and actually stole a phone call in order to show the police what they had. Charges were filed, Bernie S. was arrested, and his home was raided. Because he was on probation for an earlier, unrelated offense, his bail was set at $100,000. In trial the judge threw two of the three charges out, and reprimanded the Secret Service for committing the very crime they were charging their defendant with. Not about to be defeated, the Secret Service decided to slap Bernie S. with another set of charges. When they raided his house the SS found an EPROM burner (a standard electrical engineering tool for programming computer chips), a cellular phone, and a computer. Using these tools Bernie S. COULD CONCEIVABLY clone cellular phones. Although there is no evidence that he had ever stolen a call, Bernie S. was arraigned on a whole new set of charges. Furthermore, a book on improvised munitions was found in Bernie S's house. His bail hearing was exactly eight days after the Oklahoma Bombing. Due to the political fever of the time, he was not allowed bail. Bernie S. has been in jail for more than a year. His crime? Curiosity. This is not the only case, the Secret Service has continued its attacks against young computer experimenters with an electronic Bulletin Board System called CELCO 51. Secret Service Agents set up the BBS and invited anyone interested in cellular telephony to take part in the discussions. Once hackers had gotten on the BBS, they were offered money by the administrators for stolen ESNs. Some took the bait and turned criminal, stealing thousands of ESNs and selling them to the SS. Early in September six hackers were raided, with many more raids promised. These were not hard core criminals who are costing the cellular industry millions of dollars every week. These are teenagers who are interested in technology. Many of them are very gifted; one had even designed a calculator program for his OKI cellular phone. These are not people who will grow up to become gangsters and white collar thieves, these are people who will grow up to design secure and innovative telecommunications networks of tomorrow. Look at Steve Jobs and Steve Wozniak, who put away their phone fraud devices and founded Apple Computer Corp., which was primarily responsible for the personal computer revolution. And John Draper, a famous phone phreak who, after surviving years in prison for phone fraud, wrote the first IBM word processor (EasyWriter) and is still active today developing email security tools. Instead, the victims of this sting operation will likely spend most of their adult lives in a jail cell. It was no coincidence that the CELCO 51 raids occured on the opening week of the MGM/UA Blockbuster movie "Hackers." Assistant U.S. Attorney Donna Krappa said, "The movie industry will tend to glamorize these individuals, but the really do cause a lot of loss. People look at them as errant children, that this is a joke, but it actually costs a lot, and that filters down to consumers." However, hackers in the 60's and 70's committed exactly the same types of crimes as todays hackers, and they eventually contributed far more to society than they damaged. But, if you were a cop, who would you rather go after? A harmless computer wiz-kid from the suburbs, who's arrest will bring you media attention from around the globe. Or, a hard core inner-city gangster, who will probably shoot you before you can arrest him, and who will be totally ignored as just another punk pulled off the streets. And, what of computer civil liberties groups, such as the EFF and CPSR, which were formed specifically to fight the draconian laws and misplaced law enforcement we see here? They won't touch it. Its not politically correct to defend hackers anymore. These groups are now backed by multi-million dollar corporations who don't know anything about hackers and don't like anyone who does. Its time we put a stop to this. The hackers are not criminals. The criminals are not hackers. There is no excuse for laws which send kids to jail for 15 years because of their technical curiosity, while hard core theives get off in less than a third of the time. We, as a society, cannot remain ignorant of this anymore.