Cellular Fraud Arms Race Targets Cloners, Hackers By Bill Menezes I n its race to thwart illegal penetration of the phone system, the wireless industry has deployed an arsenal of technological weapons. Arrayed against them are the enemy, ranging from "phreaks" who might penetrate the cellular phone system for kicks to "crackers" seeking to sell illegal service or cause mayhem. One of the most famous, jailed hacker Kevin Mitnick, was indicted last month on new charges stemming from an alleged 2 1/2- year spree of breaking into public and private computer systems and using cloned cellular phones for communications. "Obviously the biggest issue is, as the phone increases its connectivity the phone system becomes more like a distributed database and we become prone to the more classic network hackers," said Robert McKosky, manager of Se- cure Systems for GTE Laboratories in Waltham, Mass. "We're making giant leaps for- ward, which are quite honestly pushed forward by people like Mitnick who convince [us] there is a problem." Those leaps include advanced tools such as authentication, which uses advanced encryption technology to force a phone to identify itself with a unique mathematical code and terminating service to those that can't.

'Most hackers don't want to harm things, they're just experimenters. " Bell Atlantic Nynex Mobile recently added authentication to its Connecticut and western Massachusetts territories. The carrier initially offered the technology in May for its New York market and quickly was followed by AT&T Wireless Services Inc. and SBC Communications. Other solutions include radio- frequency fingerprinting, the technology used by Corsair Communications Inc. in its PhonePrint system. RF fingerprinting tools use signal intelligence technology to identify the unique radio signal emitted by individual phones, spotting and disconnecting clones as they try to access the network. Corsair, based in Palo Alto, Calif., recently won agreements to deploy PhonePrint in BellSouth Cellular Corp.'s Cellular One territories in Wisconsin and Illinois; Vanguard Cellular Systems Inc.'s entire system, beginning in November in several Pennsylvania markets; and system wide for Centennial Cellular Corp. As cloning becomes more difficult, experts also expect a rise in non-technical fraud such as insider or subscriber fraud. Protections include roaming verification software or products that identify suspicious calling patterns, are being developed and deployed by GTE Telecommunications Services, Authentix Network and Coral Systems Inc., among others. But even with next-generation tools it's an uphill battle attacking fraud, which according to the Cellular Telecommunications Industry Association estimates costs the industry $550 million annually. Technical information about telecommunications networks and hardware is available widely on the Intemet, through such sites as Radiophone at www.lOpht.com/radiophone/. The site provides specifications and instructions for re- programming cellular phones from some 50 manufacturers. Hackers say the sites exist for hobbyists and that possessing the information is not illegal, however many acknowledge it could be used for illegal purposes. Even Mitnick gets a measure of sympathy from some, who differentiate between hacker and crook. "At one time he held the hacker ethic of curiosity and creativity, hut has become so obsessed with control of computers that he has lost his original focus," says a hacker known as Dr. Who, creator of the Radiophone site. Others don't buy this argument. "Most hackers don't want to harm things, they're just experimenters," said Guy Cook, president of Denver-based SuperNet Inc., an Intemet service provider hacked by Mitnick who later aided federal agents in tracking his movements in cyberspace. "But the attitude they put forth that it's a benign activity that harms no one is incorrect." Hackers also argue that adequate security for phone and computer networks – not restricted access to technical information – are the best protection, a position supported by some in wireless. El