Why
didn't the network software detect this and ban calls from either handset?
Federal prosecutors have uncovered a scam that used tens of thousands of cloned cellphones to defraud Sprint out of $15m in lost long distance revenue. The operation dates back to at least the latter half of 2009, when cellular customers began complaining that they were billed for international calls they didn't make, according …
> “Sprint regularly monitors and works aggressively to identify and respond to fraudulent activity,”
I call shenanigans on this one. I obtained evidence of account breaches of myself and almost a dozen other Sprint customers a couple of years back. I made a detailed map of the corporate phone tree while trying to make contact with anyone within Sprint who had even the slightest clue as to what I was presenting to them. I finally managed to get hold of one guy who understood exactly what I had, and he was supposed to have a manager call me the next business day. Never heard from them.
Sprint's fraud group told me that account breaches are outside of their scope of action until the information is used to make fraudulent purchases or calls. In other words, they did not care that the personal information of at least a dozen customers was somehow in the possession of someone without authorization to have that information. They only cared if the information was used within the confines of Sprint itself. Which, I suppose, constitutes the "fraudulent activity."
Lies and damned lies. I submitted my stack of evidence to the White Collar Crime Center and let them have a go. Who knows where it wound up.
Paris, it wasn't mine, I swear.
If I even force my phone to roam, then let it go back to Verizon, in too short a period of time I get "We're sorry, your phone could not be authenticated at this time" when I try to make calls. Cloning was a big big problem here back in the analog days, and A-Key authentication was already being rolled out by the late 1980s, along with RF fingerprinting. A-Key authentication also works with CDMA. I'm surprised Sprint didn't implement it, since it's been around since day one of CDMA, I'm also surprised their system didn't flag duplicate ESNs (or MEIDs) showing up on the network.
This post has been deleted by its author
"Eventually, the Sprint investigators discovered that electronic credentials belonging to “tens of thousands of its customers” were used to make international calls that would have cost $15m had they been billed at the going rate."
So, about ten or twenty hours worth of calls?
I wonder how many just paid up, and how many early termination fees were incurred over this.
I filled my car up on the M4 in Reading and paid by credit card. I then drove to White Waltham in Maidenhead and flew a private plane to Northern France. When I tried to pay for lunch on the same credit card I was told it was refused.
Later in the day I got a call from the credit card company to say somebody had tried to use my card in Northern France after use in Reading. I said yes it was me. I was told it was impossible for me to have been in Reading at 8:00am and Northern France by 1:00pm so I explained.
I was not unhappy that they refused my card, just used another one, but was very impressed with the fact that they noticed that a transaction was suspect.
So if credit card companies can do it why not Cell phone Networks.
>> if credit card companies can do it why not Cell phone Networks.
Easy answer: you sign or otherwise authenticate credit card transactions. You are also likely on camera for bigger transactions. So you can avoid paying for fraudulent charges.
With a phone, they just assert you made the call. You have to prove that you didn't, which is very nearly impossible. My guess that well over 90% of those falsely billed either didn't notice, or just gave up and paid rather than spend hours trying to get the charges reversed. For Sprint, 90% payment for 'business' that they wouldn't otherwise have is very profitable. There is little motivation to stop it until the problems become too public.
Why? Because the phone companies expect to be able to get paid for the fraudulent calls!
If the cloned SIM cards were used in the same geographical areas as the originals, and the cloners hadn't been so greedy with the volume of calls they ran up, then the whole scam would have been that much harder to detect.
(ProTip: Your first clue that someone has a clone of your SIM is text messages disappearing even though the sender received an acknowledgement. Once a phone with a SIM with your number on it has accepted the message, it's deleted from the message service centre. You can prove it, if you must, by cloning your own SIM -- all the kit you need is out there, if you search -- and connecting it up to your last year's mobile. Usual precautions apply: don't have the phones with the original and cloned SIMs switched on at the same time, and stay within range of the same base station. You're not actually breaking any law by cloning your own SIM, but you don't want to draw attention to yourself either.)
it's good to see who our feds work for, corporate america.
Sprint and the other cellphone companies would laugh in your face if you try to dispute phone charges or if you want to terminate a contract early because of poor service.
All the companies use phones made pretty much with child labor and/or parasitic wages and sell them for big bucks.
As far as what Alan W. Rateliff II posted, we had an incident like this with a stolen credit card being used to attempt to pay us with PayPal.
We never approved the transaction, PayPal referred the legitimate customer to us (even though PayPal has the CC information, not us) and they layed it all on our doorstep and we didn't even accept it.
We handed over all the ip logs and other information that would help PayPal prosecute the people behind it but I know they did nothing.
Now let them catch one of my servers trying to breach into paypal and watch how long it takes for the feds to show up and pull the cord.
Good to see our tax dollars hard at work, wouldn't want to see a corporate monopoly lose any money.