It’s a scene being played out by more cellular phone customers every month: Their eyes widen, their mouths drop open and sometimes they gasp as they stare incredulously at a monthly bill with page after page of charges-sometimes in the hundreds or even thousands of dollars-for calls they never made.
Chances are the customer’s cellular phone number was “cloned,” a system of fraud that’s costing the cellular industry $1.3 million a day and providing free and virtually untraceable communication for gangs, drug traffickers and international terrorists.
Rick Sweezy of Car Phone Center Inc., a Cellular One dealer in the Chicago area, says as many as a dozen people a day have been coming in to have phones re-programmed after their numbers were stolen. One customer’s bill included dozens of calls to Germany, Israel and Yugoslavia.
Cloning-stealing a cellular phone number and electronic code and using it without being charged for air time-is a major concern for the cellular industry. Growing at the rate of 28,000 new customers every day, the industry is losing almost 4 percent of its annual revenues to fraud. Most of that loss can be traced directly to cloning.
“Los Angeles, Miami and New York had been the big problem areas, but now it’s happening everywhere,” says Mike Houghton, a spokesman for the Cellular Telecommunications Industry Association in Washington. “They’ll go into any area where they think they have a good shot at not being detected.”
“They” are cellular crooks, who have come up with a number of methods for stealing air time, the valuable commodity sold by the cellular industry.
The earliest scam was “tumbling fraud,” which involved the use of fake numbers that weren’t detected by early verification systems until calls had been completed. When computer validation of signals became more sophisticated, that no longer worked and cloning was born.
“Once they couldn’t make up the numbers any more, they had to have real ones,” explains Houghton. The numbers the thieves need are a telephone’s electronic serial number, which is installed by a manufacturer and cannot be altered, and the unit’s phone number. Those two numbers are needed to signal a cellular network’s computers that a call should be allowed to pass.
So how do the bad guys get the numbers? Illegally, of course. Internal security has reduced the number of “inside jobs” involving the selling of numbers by cellular dealers or employees.
These days, the theft is more frequently accomplished by the use of stolen equipment, specifically a device called an electronic serial-number reader, known as an ESN reader. The equipment “reads” the signals as they’re being transmitted on the airwaves.
When a portable phone is activated and then roughly every 15 minutes thereafter, the unit transmits the phone number and ESN. These signals also are beamed when a customer’s interrupted call resumes, such as when emerging from a tunnel.
Knowing this, thieves often wait near tunnel exits or in places where people are likely to be turning on their phones, as they often do when leaving parking garages, airports or shopping malls.
Theives frequently get help from cellular users themselves, says Gib Wolf, manager of fraud prevention for Ameritech Cellular Services.
“A lot of computer magazines run advertising from companies that say, `We’ll do what your cellular carrier won’t: Just send in your cell phone and we’ll program a second phone with the same number.’ And they will,” says Wolf. “But once they have your phone number and ESN, they can give it to 10, 20, a hundred other people. It’s just handing them the information.”
To guard against thefts, Wolf says cellular phone users should use the “lock” feature on their phones when it’s not being used and never give their number to anyone who represents himself as a cellular technician “testing” the line.
He also advises customers to never leave a portable phone where someone might be able to get the ESN off the battery, where it’s sometimes printed, and then get the phone number by punching a two-button sequence on the pad.
Most customers have no idea their phone has been cloned until the bill arrives, but there may be a few early warning signals. Among those are incoming calls from strangers or for strangers. Some users have discovered the cloning when they try to call someone who’s borrowing their car and reach a party they don’t know.
Selling the stolen numbers is big business, since they can be programmed into the handset of new phones or cloned onto blank computer chips. The possibilities for re-use and resale are limited only by the imagination of the phone bandits.
In some cities, small businesses provide a front for backroom “phone banks,” where international calls are made on “cloned” phones, and users-often non-English-speaking immigrants-pay lower rates than they would on legitimate phones.
There is also a market of willing-and equally larcenous-buyers for cellular phones already programmed with cloned numbers. The hefty upfront cost, sometimes as high as $1,000, is offset by the promise of no monthly bills for airtime usage. The only catch is that the phones become useless when numbers are disconnected by the cellular carriers after they discover the cloning.
In a growing number of cases, the stolen numbers are used to provide a tough-to-track communications avenue for a growing number of violence-based crime networks.
“These days, cloned phones are a conduit for a much more violent nature of crime,” says Mary Drury, a U.S. Secret Service agent and leader of the Chicago field office’s cellular fraud investigations unit.
“A lot of operations are drug-based, others are involved in weapons trafficking and even terrorism,” Drury says. “Now we’re looking into cloning by Middle Eastern groups, West Africans-specifically Nigerians-and we’re even seeing organized Russian groups using cloned phones.”
Initial investigation of cellular fraud is generally tackled by the cellular companies.
Because it is their air time that is being stolen, they are not required to get a court order to electronically eavesdrop on illegally made phone calls, as the Secret Service is.
“We’re trying to work with the industry, because it’s difficult for us to work these cases alone,” says Drury. “They have resources and the money and most importantly the potential mechanisms to safeguard against cloning.
More than a dozen different vendors now offer fraud-detection systems to cellular companies. Among the most popular is software that detects changes in calling patterns, such as an increase in volume or simultaneous calls being made from different parts of the country.
The other focus is on new technologies and systems that further cut back on the possibility of stealing numbers.
“They’re actually trying to put unique identifiers onto the phone; in some cases, it’s actually like a distinct `phone print’ that simply cannot be cloned,” says Houghton of the cellular phone association.
Gina Machatelli, director of marketing communications for Cellular One in Chicago, says her company often recommends that customers consider upgrading to digital phones, which are more expensive but reduce the likelihood of cloning.
“It’s a different technology,” says Machatelli. “When a call is transmitted, it’s almost like a `secret handshake’ that has to go through a number of changes, so it’s harder to clone. It also provides privacy, because calls can’t be picked up by scanners. It’s not foolproof, but it is better.”
But as is usually the case where easy money can be made, the thieves are often a step ahead of the good guys.
As Houghton puts it, “We’re waging a high-tech war against high-tech crooks.”
