The Unlikely Effort To Build a Clandestine Cell Phone Network

Lashdots writes: Electronic surveillance has raised concerns among Americans and pushed an estimated 30% of them to protect their privacy in some form. Artist Curtis Wallen has taken that effort to dramatic lengths, documenting how to create a "clandestine communications network" using pre-paid phones, Tor, Twitter, and encryption. The approach, which attempts to conceal any encryption that could raise suspicions, is "very passive" says Wallen, so "there's hardly any trace that an interaction even happened." This is not easy, of course. In fact, as he discovered while researching faulty CIA security practices, it's really, comically hard. "If the CIA can't even keep from getting betrayed by their cell phones, what chance do we have?" he says. Still, he believes his system could theoretically keep users' activities hidden, and while it's hard, it's not impossible.

Re:

[postbigbang]

Go ahead. Click the link. Get your IP address registered NOW! Oh, wait....

no point

[Anonymous Coward]

Hard and impossible are the same in this case.

If you want it enough to do the hard, you've probably already attracted the kind of interest to make it impossible.

Re:

[silas_moeckel]

It's perfectly compatible, search is not supposed to be secret. If they serve you a search warrant for you phone they should be able to go clone it etc and attempt to penetrate the crypto all they want.

Re:

[BlueStrat]

How is that compatible with the construct of a free and open society based on the rule of law, which has allowances for "search" of a person's private effects?

Short of a Judge's orders in a particular ongoing investigation and/or court case, there is no obligation on the part of citizens to create/store/retrieve their papers/data and effects so as to make a search easier. Or even possible.

If I and someone else creates a language only we understand and converse over the telephone, we are not obligated to teach any TLAs/LEAs that are recording/monitoring how to understand our new language.

Any such requirement would likely fail court challenges due to it's prior-res

Re:

[amxcoder]

Everyone knows you use a wet sponge to moisten the envelope if you don't want your saliva on it. Or now days, you can use peel n' stick envelopes, but have to be careful not to touch the sticky part with your finger. Or you wear latex gloves when creating and sending your "top secret" letters.

avoid the CIA with this one weird trick

[turkeydance]

honeypot.

Re:

[k3vlar]

Seducing and blackmailing a hot female enemy agent; I love the honeypot.

Wow, much Tor, OTP and Faraday's Cage!

[krkhan]

Like all the amazing cryptographic solutions from people whose understanding of security boils down to Tor == anonymous and OTP == tehshitz, the article conveniently glosses over the exchange of OTP key or the Twitter account name.

Whatever channel is used for agreeing upon those essentials, it will complicate claim of "hardly any trace that an interaction even happened" quite significantly.

Re:

[psyclone]

And like one of the consultants in the article said, why not just use GPG on Pastebin?

Post to .onion site then?

[psyclone]

What if you skipped Pastebin and any other "internet" site and only posted your GPG messages on a .onion site? Then you don't need to use a TOR exit node. For just a few users it might also be suspicious, but hard to track. But if thousands of users were doing it, there could be enough noise to hide in.

We have the technology

[camg188]

Smartphones are so powerful now that cryptography software hasn't caught up yet. We have the computing power in phones now to do things not possible just a couple years ago. You could do things like real time steganography where the real audio message is hidden inside a fake conversation. The hardware is here, we just need an app for that.

Re:

[Spy Handler]

there's already an app for that.

You can't find it in Apple or Google stores, though. That would kind of defeat the purpose.

Won't work in many countries

[jonwil]

Here in Australia (and probably in many other countries too) you have to undergo a complete identity check before you are allowed to open a prepaid phone account.

I am surprised the USA still allows you to obtain a phone number that has absolutely zero records indicating who obtained it. But I suspect companies like TracFone and AT&T that sell a lot of these prepaid phones don't want to have to deal with the ID checks and have been able to lobby the government against them.

Re:Won't work in many countries

[Frosty Piss]

Here in Australia

I've heard that things like privacy and freedom are hard to come by in Australia.

Re:

[GumphMaster]

Both have become endangered species of late, and our government is treating them with same dismissive attitude it uses for other endangered species.

Re:

[Frosty Piss]

That's a shame. Why has the Right Wing been able to take hold their? Do the majority of Australians think that way?

Re:

[swb]

They're merely reclaiming their heritage as a penal colony.

Re:

[PRMan]

Well of course. If you lived in a country entirely peopled by criminals, you'd think differently about crime... ;)

Re:

[Mullen]

It would be a nightmare to check ID's for little junk pre-paid phones and SIM cards in the store. No one really cares anyways.

Re:

[david_bonn]

It would be a nightmare to check ID's for little junk pre-paid phones and SIM cards in the store. No one really cares anyways.

Except when some whackjobs blow something up or kill someone and it turns out it was organized with prepaid phones then a lot of people are going to care a lot.

Re:

[amxcoder]

Not ever having a prepaid phone, but living in the US, I am actually surprised too. Not in a bad way though, I don't think you should have to be identifiable to have a phone and I think it's great if you actually can get an anonymous phone if you desire too. I'm just surprised with all the loss of freedoms we've had in the US in the last decade that you are still allowed to buy a prepaid phone without showing ID and giving a SSN or something because "think of the children".

Logically, there is no reason

Re:

[Cafe Alpha]

I doubt they're that sophisticated yet.

Maybe one day they'll do that.

Rite Aid?

[drkim]

You bought the burner @ Rite Aid?
Now, if they want to backtrack the phone to the POP, they will have lovely, multiple, security videos of your face.

At least give some random kid $5 bucks to go in the store and buy it for you.
Sort of the opposite of buying beer when you're a minor...

Re:

[grcumb]

Wouldn't it be easier to change the SIM card? Destroy the old SIM card instead? Destroying the cell phone seems like a waste. Just delete the incoming call log.

Most phones have a unique handset (i.e. hardware) identifier which is accessible during a telephone or internet session. It's in firmware, but you may or may not be able to change it on demand.

Re:

[amxcoder]

Yes, the SIM can be changed, and that will change the phone number, but the phones are encoded with a IMEI number, which is like a serial number unique to each phone. The IMEI number is tranmitted to the cell towers and is how the cell providers track what kind of phone you have and other details.

The Feds have made it a FELONY to change the IMEI number of the phone, so even if you have the expensive equipment to do it, they've made it hard to get and illegal to use. This is how many organized theft rin

This is funny ...

[michaelamerz]

... I have thoroughly enjoyed the article. But to be honest: A burner phone and an untraceable credit card may very well come in handy - if you are planning to move assets overseas to avoid the IRS. I am doing IT security for a living. I don't have the need for new identities or slipping under the radar. I secure my valuable digital assets, I use entoend encrypted voice channels, file exchange, emails, chat and messaging if necessary and I have different systems for surfing and working. So - here is my advi