Wednesday, 21 August 2013

The Prism Break Challenge - Part 2

MoCh - Challenge #9 September 2013 - The Prism Break Challenge

... or "how to make untraceable phone calls from a mobile phone"

Since I am soon going off the grid, to prevent Big Brother from seeing me, I have started doing some preparations. One of the things that I've have sorted out is getting myself a mobile subscription and a mobile phone that is completely unknown to Big Brother.

A new mobile phone
The first and easy thing to do was to get hold of a new and unused mobile phone. I dropped by Clas Ohlson and bought their cheapest model, a simple no-smartphone mobile. As well I paid by cash, to make sure there is no way to trace that exact mobile back to me.

Why a new mobile phone?
Every mobile has got a unique IMEI number, which is submitted to the mobile network when the phone is used. For a previously used mobile phone there will be a connection in between the IMEI and the user, hence the phone will be "dirty" and can be used to track you down.

A new mobile subscription
The second step is to get a new mobile subscription. This step is harder and some skills in social engineering is required to succeed. A few years back anyone in Norway could buy a prepaid mobile subscription without having it registered on you as a person. Those days are gone as Big Brother wanted to see more. So today if you want to buy a prepaid mobile card you need to identify yourself.

How to register a Chess prepaid card.

Most providers have two ways of registering as a new prepaid customer. You can either send them a text message, with your name and your Norwegian national identity number (the ID number will be verified against the national database of valid ID numbers). Or if you're not a Norwegian, hence without Norwegian ID, you can register at the shop where you buy the subscription.

Shop owners are required to verify the ID of people buying these subscriptions, but luckily there are shops around that will let you register without a proper valid ID if you pretend to be from overseas.

So, drop buy a kiosk, pretend to be from somewhere else (whatever country that is plausible, depending on your skills in languages and your looks). Make up a good story why you don't have the ID with you. Like you have been robbed, only have some cash, did get a mobile from a friend and have to call someone. Or present some piece of paper, with your fake name, address, date of birth that you claim is a valid form of ID in your home country, and get angry and start talking very loud if the shop owner tells you that it is not valid.

And once more, the subscription should be paid by cash, as you don't want to leave any electronic traces upon "checkout".

The Prepaid Subscription
An alternative way of how this could be done is presented here. Of course, there is no resemblance to any real people, occurrences in real life or what have you got.

A small kiosk, no people except for Mr Kioskowner standing behind the counter. Mr Me walks inside.

(while walking towards the counter, smiling)
Hello, Sir. How are you today?

Hello. Not bad at all. Yourself?

Oh, I am good as well. Thanks for asking. I do need a prepaid mobile card, do you sell this?

Yes, I do. What do you want?

I don't know anything about these things. What options do I have?

Are you going to make a lot over overseas calls, or mainly calling within Norway? We have Lebara, Tele2, Chess, Telenor and a few more. Telenor are expensive by the way.

I won't make any overseas calls, I think. Chess sounds like a good name, how much is it?

Chess is a good choice. It's 99 kr.

(while handing over 100 kr in cash)
OK, I will take the Chess one then.

Mr Kioskowner hands over a small envelope containing the new prepaid mobile subscription.

(while looking at the envelope, looking confused)
Can I just start using this, or is there something I have to do?

You need to register. You can send a text message to the number on the envelope there, or I can register it for you now.

Sounds easier for me to let you register.

No problem, just come back here and we'll do it on my computer.

Mr Me walks around the counter, and Mr Kioskowner opens the Chess prepaid mobile registration page in his browser.

OK, I can just fill out the few fields there myself. My name, postal number and my national Id number.

Yes, it is easy.

Mr Me starts filling out the fields, using his newly created identity. While he does this he sees that there is one checkbox for "foreigners". Saved by the bell a new customer enters the kiost, and Mr Kioskowner turns away to serve that person. Mr Me quickly clicks the "foreigners" checkbox. The field for Norwegian ID number disappears, and new input fields shows up on the webpage, like fields for date of birth, address, country, type of ID and ID number. Mr Me fills out the fields as quickly as possible. He picks a random country from the list, and types in 10100 as a random post number.

Mr Kioskowner finishes helping the other customer.

(turning back towards Mr Me, and looking at the PC screen)

So, is it OK?

(slightly stresses, while continuing to fill out the fields, not looking up)
Yes, everything is OK. Soon done.

Very quickly Mr Me picks "passport" as ID, and types in "0193723" as "ID number". Followed by a quick click of the "Submit" button. Mr Kioskowner that keeps staring on the screen takes up his glasses from his breast pocket, and puts them on. At the same time the page is done loading, and a "successful registration" message shows up.

There, all done! Thank you so much.

No problem. My pleasure.

Mr Me leaves the kiosk.

To keep the subscription "clean" the only way to recharge is to buy refill cards in shops, paying with cash.


Please note
The location of the phone will be tracked, so if you for example turn it on at home for the very first time Big Brother might see in what area where it first was activated. If you are truly paranoid you should not use the phone from your home location. Big Brother is also analyzing usage patterns. So if your usage is different to the average (like how many people you contact, the length of calls, number of text messages, what you write and so on) some computer system in a basement somewhere might flag your number as suspicious. Then Big Brother will take an extra look at what is going on. Also note that if you use the phone to call the same people that you normally contact the subscription will be linked back to you. Think of it, who else is calling your parents, girlfriend / boyfriend and other friends? Each person has got a very unique calling pattern.

