Following the success of hijacked network Free Libyana, we took the opportunity to talk to some engineers about the complexity of lifting someone else's infrastructure, and discovered there isn't much. In April this year, Ousama Abushagur hacked into the infrastructure built by the Libyana network in Libya. He cut the …
A lot of technical and background information explained clearly, thanks!
Hmmm.... so I can set up a local phone network with a backpack...
Gives a person an excellent outline in which to start populating with local/national data..... how interesting... my mind is a raging torrent, flooded with rivulets of thought cascading into a waterfall of creative alternatives.....
GSM actually has a "private GSM network" option. I know my old Siemens S46 had this choice.
I really don't know if there's any actual spectrum set aside, but the GSM spec allows for the possibility of running your own GSM network within your house or whatever (well, probably meant for businesses) so you could switch your existing phone over and avoid all those fees.
private GSM nets
A few years back I got a tour of the LHC tunnels ar CERN, while they were doing the setup. No public networks that deep underground, but my phone found 6 or 7 interestingly-named private ones. Wouldn't connect, though.
"Disconnecting any base station"
"will light up [the office] like a bloody Christmas tree"
That obviously wasn't an Orange engineer then!
You don't need the crypto
The whole basis of a cell phone intercept based on OpenBTS and a software radio is that there is really NO phone on the market at the moment that follows the GSM standards properly and tell you that it has been instructed to work in unencrypted mode (thanks, anti-terrorist idiots - why couldn't you leave it at LEGAL intercept?).
This means that you set up a cell as "foreign" and null the authorisation so any phone cal log in, then you go live and jam local GSM for a few seconds so each phone will initiate a new seek to the strongest signal (it's not subtle, so you'd only do that if you're in a hurry, otherwise it'll happen in less than 5 mins anyway). And hey, presto, no keys needed and you can intercept anything that is near - as long as you hand off calls nobody will notice a changed route.
The above setup costs less than $1000 (mostly the transceiver). On a budget you can also sniff SMS, that's even easier (because SMS is actually a control signal). A couple of Motorola phones and a laptop and you can reasonably be sure that no SMS in the vicinity escapes. Or get a cheap Chinese receiver for $300 or so - easier to set up.
That's why we set up a secure mobile call service - we *know* how easy it is to intercept as we work with researchers in that field. It takes a bit more knowledge than your average voicemail hack (for which we have solutions too), but it no longer needs a rocket scientist, and this situation is not likely to improve soon.
You do not need OpenBTS
Cough, cough, what do you think portable BTSes have been used for during the last 10 years?
Actually the CCC does this regularly
On events hosted by the CCC there regularly is a home grown GSM network.
You can either do that with a GSM station you bought from eBay (heavy) or use an USRP. (Though I doubt the second will work without external clock)
Any one up for a Lulzsec mission?
I can imagine lulzsec reading this article. And thinking hmmmmmm this could be fun........
set to auto-tweet everything it sees?
for maximum lulz
This story was extremely interesting, informative and well written. A star example of Reg Journalism. Thank you!
OK you bought your surplus 4.8m dish off eBay.
How hard could it be to hijack the Broadcast TV satellites?
is one of many such.
Actually that's moderately simple. You just need to have a considerably stronger signal than the official uplink station, or you need to use an empty transponder which is turned on.
It is regularly done with UHF Satcom satellites of the US military. On the downlink frequency of 255.55 MHz you will often find satellite pirates.
One reason why it's so easy
You can't get an engineer to a satellite, so it's handy to be able to use the same tricks as the pirates. You keep the security in a place where you can repair it
"brought in kit"?
Where did it come from? Who brought it in? Who paid for it? Was it something someone could put in their backpack and bring through customs. Would it need a car to transport it, a truck or maybe a helicopter? etc
Bridging networks over IP
What I would like to be able to do is when travelling overseas carry a small personal router sized piece of kit that connects back over the internet to a similar device in my home country (can make use of DDNS). This would build and present my home country mobile network for me to make and receive calls as if I were in my home country. I would also expect sms to work. The micro cell bridge would cover a few or perhaps 10-15 meters only and would have an admin interface where I could permission handsets so such that other users would not connect and incur roaming charges thinking they were in my home country. 2 or 3G. Does anyone know of such a product?
given that you would need an internet connection at your location anyway..
Call forward from your cell to skype before you set off... Yeah you will pay to recieve calls, but it would still be cheaper.
Bonus.. that 10-15m zone will be much larger - poolside wifi provided in hotel... skype available, anywhere with wifi.. skype available.
or you know, you could just buy a cheap pay&go sim at your destination with a bit of data and use skype on your mobile over the existing 3g.. (Assuming this works - it did years ago when I last used skype on the mobile)
Re: Bridging networks over IP
Technically that's easy, even demonstrated earlier this year (http://www.theregister.co.uk/2011/01/26/attocells/), but its also illegal as your operator has no rights to use spectrum elsewhere in the world.
So I wouldn't hold your breath for a solution on this one.
The vodafone sure signal is "technically" such a product I believe
However I think it has some location sensing protection built in (not sure if its GPS or network based)
Is it just me (probably)
but information like *this* would be far more useful to a bunch of wannabee terrorists than some scanned PDF of "The Anarchists Cookbook". ...
Tragically, it isn't just you.
Of such snippets of information is much security theatre built!
How many instances of hi-tech terrorism has the world seen? Precious few. Even lulzsec have managed to cause more irritation and gain vastly wider publicity than politically motivated s'kiddies doing website defacements.
It boils down to the fact that having your phonecalls recorded or having your position tracked or even having your credit card cloned just isn't terrifying in the same way that a few pounds of crude homebrew explosive going off in your local pub is. The latter is much simpler to plan and execute too, requiring much less specialist knowledge or equipment.
I can see...
...a rescue chopper or Coast Guard boat carrying one of these and rerouting all the 911 calls in the area, boosting the signal of stranded people in the vicinity of disaster areas.
This would be something prepared to replace all the local networks and made recognizable by all mobiles in the area, right?
Remember the latest disaster situations, when all phones, including mobiles, failed?
Oh, they do that already? My mistake.
Insurgents, armies, UN bombing runs, bah. A real sysadmin would keep the network up:
- NASA boffin: RIDDLE of odd BULGE FOUND on MOON is SOLVED
- Pic Mars rover 2020: Oxygen generation and 6 more amazing experiments
- Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
- Plug and PREY: Hackers reprogram USB drives to silently infect PCs
- Boffins spot weirder quantum capers as neutrons take the high road, spin takes the low