- Joined
- Sep 15, 2011
- Messages
- 3
- Reaction score
- 0
- Points
- 1
- Age
- 56
- Location
- Romania
- Website
- spyology.myforum.ro
Recently we've found a very interesting website, that is selling a special kind of mobile phones: anti-interception, anti-tracking cell phones.
The approach of whole thing is pretty new, in terms of mobile security: instead of protecting your mobile communications by using crypto phones, its better to know exactly when your mobile phone get intercepted by third parties, hence you can develop deception techniques, intoxication procedures, etc.
Please let me quote them:
"Assuming that you are a target for an intelligence agency or any entity having enough financial resources to buy a GSM interceptor, have a guess on what they will do in case the you use an encrypted cell phone.
For sure they will use some other ways to get the info they need. They will not wait for some security flaws, they will not try to perform a deciphering attempt. They will simply bug your home, office and vehicle, will spy on your computer, will intercept your mail and will use covert human intelligence sources and whatever it takes to obtain relevant information about you and your activities. They can easily bypass the communication protection provided by the encrypted phones by simply collecting relevant informations from other sources. Simple as that.
On today market there are a variety of devices to encrypt your conversation. Though using of encryption to protect your privacy might be the prudent choice, the method has its own disadvantages:
A.You never know if encryption you use is indeed trustworthy and there is no reliable way to check it. Most of the encryption applications developers are not making public the source code. There can be (and most of the time there are) back doors used by law enforcement agencies.
Introducing a back door into a crypto system does not even require active cooperation of the manufacturer of the equipment. All it takes is one bribed programmer to compromise an entire product.
Some manufacturers of cryptographic equipment have a track record of hidden cooperation with intelligence agencies and interested private parties. Some of them are not even using publicly scrutinized and standardized crypto algorithms (like Diffie-Hellman, SHA256, AES and Twofish), but “proprietary” encryption methods that are not available for public evaluation. Several “proprietary” crypto-algorithms that were not subject to public review have been shown to be easily breakable in the past, like the COMP128 algorithm that is in use in many GSM networks for authentication, so the “proprietary crypto” approach has to be regarded as very risky.
B. Using of such devices might make you look suspicious and attract undesired attention to you.
C. If you are targeted by an intelligence agency, encrypting your mobile communications does not mean that you are 100% protected against eavesdropping. Think about that: will they drop you just because you use encrypted communication? No, for sure.. Being a challange for them, will find another ways to get the informations thet need. Sure, for a short period of time your secrets will remain... secret. But any decent agency will find at any time security breaches, gathering info they need about you, by any means.
Actually by encrypting your phone conversations, you are telling them that you have something important to hide and you force agencies to use other ways to gather intelligence.
D.An encrypted call is not so... encrypted, as you think. Even if you use a crypto phone, the GSM operator or the entity that operates a GSM interceptor can find out pretty much information such as:
- The phone number dialled by you or the phone number that is calling you. Hence, they can figure out the caller location and even his real identity. It is only a matter of time. They can (and they will do) tape his cell phone in order to find out who it is and what your relation with him is.
- The conversation length, time stamped.
- Your location at the moment of phone conversation.
- Your geographical location at every moment, by some simple and effective triangulation techniques.
Other crypto phone proven weaknesses:
- Some GSM interceptors can perform a DoS attack on your crypto phone, making that phone unavailable for use, for as long as they want. This occurs when crypto phone uses GPRS/data connection in order to transmit encrypted voice.
- Many modern GSM interceptors can downgrade your crypto phone connection from 3G to 2G, by simply jamming 3G uplink frequencies, which is a standard procedure. By doing that, many crypto phones that use data connections will fail and become useless.
- With carrier help, the phone IMEI can be blocked on the network.
- A GSM interceptor can perform a DoS attack on a BTS by continuously sending RACH bursts to all phones in the given area. This will affect all cell phones, including crypto phones from a certain area.
So, even if you use a crypto phone,there can be figured out the phone number and the person identity you are talking over the phone, your accurate locations, communication patterns etc. They will not know what you are talking about, but they will know when, for how long, where and who with. Sure, the voice call itself usually cannot be decrypted in a resonable period of time. But information above can be (and will be) used to find out in the end, your secrets.
That is why crypto phones can be used only for a short period of time as secure communication devices. In fact, being predictable is one of the worst choice on intelligence battlefield. And using a cryto phone means that you are more than predictable.
The only conclusion that you can make: instead of protecting your secretive communications in blind by using crypto phones, it is better to know when someone wants to find out your secrets and when they are trying to locate you. Then you can act advisedly, taking the right decisions and even influencing them by different deception techniques.
Do not assume that your secrets are hunted by various entities, all the time. This is not going to happen. Find out exactly when you are a target and for how long."
You can read more, here: https://x-cellular.com
Original message
Recently we've found a very interesting website, that is selling a special kind of mobile phones: anti-interception, anti-tracking cell phones.
The approach of whole thing is pretty new, in terms of mobile security: instead of protecting your mobile communications by using crypto phones, its better to know exactly when your mobile phone get intercepted by third parties, hence you can develop deception techniques, intoxication procedures, etc.
Please let me quote them:
"Assuming that you are a target for an intelligence agency or any entity having enough financial resources to buy a GSM interceptor, have a guess on what they will do in case the you use an encrypted cell phone.
For sure they will use some other ways to get the info they need. They will not wait for some security flaws, they will not try to perform a deciphering attempt. They will simply bug your home, office and vehicle, will spy on your computer, will intercept your mail and will use covert human intelligence sources and whatever it takes to obtain relevant information about you and your activities. They can easily bypass the communication protection provided by the encrypted phones by simply collecting relevant informations from other sources. Simple as that.
On today market there are a variety of devices to encrypt your conversation. Though using of encryption to protect your privacy might be the prudent choice, the method has its own disadvantages:
A.You never know if encryption you use is indeed trustworthy and there is no reliable way to check it. Most of the encryption applications developers are not making public the source code. There can be (and most of the time there are) back doors used by law enforcement agencies.
Introducing a back door into a crypto system does not even require active cooperation of the manufacturer of the equipment. All it takes is one bribed programmer to compromise an entire product.
Some manufacturers of cryptographic equipment have a track record of hidden cooperation with intelligence agencies and interested private parties. Some of them are not even using publicly scrutinized and standardized crypto algorithms (like Diffie-Hellman, SHA256, AES and Twofish), but “proprietary” encryption methods that are not available for public evaluation. Several “proprietary” crypto-algorithms that were not subject to public review have been shown to be easily breakable in the past, like the COMP128 algorithm that is in use in many GSM networks for authentication, so the “proprietary crypto” approach has to be regarded as very risky.
B. Using of such devices might make you look suspicious and attract undesired attention to you.
C. If you are targeted by an intelligence agency, encrypting your mobile communications does not mean that you are 100% protected against eavesdropping. Think about that: will they drop you just because you use encrypted communication? No, for sure.. Being a challange for them, will find another ways to get the informations thet need. Sure, for a short period of time your secrets will remain... secret. But any decent agency will find at any time security breaches, gathering info they need about you, by any means.
Actually by encrypting your phone conversations, you are telling them that you have something important to hide and you force agencies to use other ways to gather intelligence.
D.An encrypted call is not so... encrypted, as you think. Even if you use a crypto phone, the GSM operator or the entity that operates a GSM interceptor can find out pretty much information such as:
- The phone number dialled by you or the phone number that is calling you. Hence, they can figure out the caller location and even his real identity. It is only a matter of time. They can (and they will do) tape his cell phone in order to find out who it is and what your relation with him is.
- The conversation length, time stamped.
- Your location at the moment of phone conversation.
- Your geographical location at every moment, by some simple and effective triangulation techniques.
Other crypto phone proven weaknesses:
- Some GSM interceptors can perform a DoS attack on your crypto phone, making that phone unavailable for use, for as long as they want. This occurs when crypto phone uses GPRS/data connection in order to transmit encrypted voice.
- Many modern GSM interceptors can downgrade your crypto phone connection from 3G to 2G, by simply jamming 3G uplink frequencies, which is a standard procedure. By doing that, many crypto phones that use data connections will fail and become useless.
- With carrier help, the phone IMEI can be blocked on the network.
- A GSM interceptor can perform a DoS attack on a BTS by continuously sending RACH bursts to all phones in the given area. This will affect all cell phones, including crypto phones from a certain area.
So, even if you use a crypto phone,there can be figured out the phone number and the person identity you are talking over the phone, your accurate locations, communication patterns etc. They will not know what you are talking about, but they will know when, for how long, where and who with. Sure, the voice call itself usually cannot be decrypted in a resonable period of time. But information above can be (and will be) used to find out in the end, your secrets.
That is why crypto phones can be used only for a short period of time as secure communication devices. In fact, being predictable is one of the worst choice on intelligence battlefield. And using a cryto phone means that you are more than predictable.
The only conclusion that you can make: instead of protecting your secretive communications in blind by using crypto phones, it is better to know when someone wants to find out your secrets and when they are trying to locate you. Then you can act advisedly, taking the right decisions and even influencing them by different deception techniques.
Do not assume that your secrets are hunted by various entities, all the time. This is not going to happen. Find out exactly when you are a target and for how long."
You can read more, here: https://x-cellular.com