Cellular Carriers Try New Tricks to Beat Bandits
The voice on the cellular phone belongs to a thief. He claims to have earned about $250,000 in cash, cars and cocaine by stealing phone service from cellular carriers and reselling it to drug dealers and other customers. In a 45-minute call on an illegally cloned phone, the crook, who calls himself Rubin Velasques, blithely offers this assessment of carriers’ efforts to stop bandits like himself:
``They’re losing the battle.″
Indeed they are. Tantalized by the huge profits to be made plundering the wireless industry, cellular pirates have become bolder and more sophisticated, outwitting just about every antifraud remedy that cellular companies have tried.
Now the industry is preparing a new electronic arsenal of antitheft techniques. They include digital ``fingerprinting″ of phones, encrypted call-and-respond ``authentication″ systems, databases on deadbeats and voice recognition. ``The problem hit an unsuspecting industry in the late 1980s. Now we’re armed and ready with more powerful tools,″ says Roseanna DeMaria, a vice president at AT&T Corp.’s McCaw Cellular unit.
If the past is any indication, though, cell-fraud rings are already working on ways to get around the industry’s next moves. ``For every silver bullet out there, there’s some guy in a garage hacking away to try and defeat it,″ says Michael Guidry, a former Texas state trooper who runs the Guidry Group security agency in Houston. Lex Wilkinson, president of Walters, Wilkinson & Associates Inc., a security company in Easton, Pa., adds: ``These people aren’t chumps. They are some of the most talented engineers in the world.″
Cellular theft has soared fivefold in just three years, growing faster than the industry itself. While the major cellular trade group conservatively pegs losses at close to half a billion dollars a year, some consultants say the real number is approaching $1 billion. That would be a startling 7 percent of industry revenue, more than twice the fraud rate in the far larger long-distance business.
Some 40 percent of the industry’s losses are due to a low-tech form of fraud, according to Lightbridge Inc., a Waltham, Mass., security firm. Cellular-phone users rack up high bills and refuse to pay, then sign up later with a new service. To help reduce the problem, Lightbridge has compiled a database of 200,000 subscribers with a history of failing to pay their cellular bills. Carriers can check the database and refuse to sign up suspect customers.
For years, cellular companies blithely passed on the losses from fraud and unpaid bills to all of their customers in monthly bills. That won’t be so easy in the future, as the traditional cellular industry’s growth, in terms of usage per customer, starts to slow, and prices come under pressure from new suppliers of wireless ``personal communications services.″
Customers are partly to blame for soaring fraud. When cellular systems impose new security such as PIN codes, even honest customers grumble about having to dial a few extra digits.
Cellular companies have contributed to the problem, too. Determined to expand their networks, the companies failed to plug glaring security gaps and consistently underestimated their adversaries. They didn’t link far-flung rival networks to track theft, and they failed to include encryption techniques early on. Now they are catching up, but with methods that are incompatible from system to system, making it tougher to impose a nationwide crackdown.
Cellular theft started out as a low-tech pursuit: Crooks would steal a phone to make ``free″ calls until the number was shut down. Today, skilled teams use scanners to pilfer phone numbers and security codes, ``cloning″ the data into thousands of pirate phones for drug dealers and others who want untraceable communications. The crooks also run ``call-sell″ operations, letting immigrants call overseas at one-third the normal cost.
The pirates exploit easy access to the public airwaves. Every 15 minutes or so, a cell phone emits an electronic serial number to update the network on the user’s location. Crooks hang out near busy areas _ financial districts, bridges, tunnels _ and use scanners to pluck the codes off the airwaves.