GSM & A5

ravi.singh ravi.singh at tinyworld.co.uk
Wed, 23 May 2001 19:09:53 +0100 

hi, i would like to know if there is any way of tracing a mobile phone (ie
it whereabouts) if you know the number. i would apreciate any help you could
give me in this matter. thanks.
----- Original Message -----
From: "Owen Lewis" <oml@eloka.demon.co.uk>
To: <ukcrypto@chiark.greenend.org.uk>
Sent: Wednesday, May 23, 2001 2:03 PM
Subject: RE: GSM & A5


>
>
> > -----Original Message-----
> > From: ukcrypto-admin@chiark.greenend.org.uk
> > [mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of Ross Anderson
> > Sent: 23 May 2001 09:46
> > To: ukcrypto@chiark.greenend.org.uk
> > Subject: Re: GSM & A5
> >
> >
> > There is an extensive discussion in my book about the design and
> > consequences of GSM security. It's an interesting case study, as the
> > mechanisms do quite different things for the different principals.
> >
> > * It helps the subscriber very little: it doesn't stop premium-rate
> > scams, and although it blocks casual air-link eavesdropping it
> > doesn't stop the big government agencies, who do almost all of the
> > eavesdropping in the known universe.
>
> Among other things, you're better at hyperbole than I am.
>
> I don't know much about pan-galactic eavesdropping but I know something
> about electronic eavesdropping in the UK and the odd place elsewhere.
>
> AFAIK, the last attempt to quantify the amount of 'unofficial' electronic
> surveillance being conducted was a Met study c. 1992. Before discussing
that
> it will be useful to have a quick reminder of what the main sources for
> equipment for this purpose are.
>
> 1. Around the world, there are small R&D outfits run by X, Y & Z nations.
> These can develop almost any item to spec and but are equipped to produce
a
> one-off or short, hand-built runs of (say) up to 10-off. If the production
> requirement is larger than that, it is cheaper to put out an OTT to
commerce
> for the system.
>
> 2. Leading on from the above there are electronics manufacturers large and
> small who will tender for such classified contracts.
>
> 3. The small manufacturers that specialise in this type of work also
supply
> o'seas govts, NGO's, 'security' companies and other, mainly corporate
> customers in good standing. These firms to not advertise and are unknown
to
> the general public. Were one to call one without a proper introduction,
they
> are unlikely to give one as much as the time of day.
>
> 4. There are companies, some international and some very small that do
> advertise and sell over the counter and by mail order and e-commerce. A
> minority of these manufacture and most simply badge out devices produced
by
> firms in cat 3 or even, occasionally, in cat 2. Much of the stuff sold in
> this category is heavily hyped and sells more on expectations rather than
> performance but (most of) it does work to some extent. It's good enough
for
> the husband who wants to spy on his wife of the business man who wants to
> spy on his partner. This, together with cat 3, is the only market that is
> visible and in any way quantifiable. It is also without doubt the largest
in
> in terms of numbers of systems produces but not necessarily in terms of
> value.
>
> Working from the advertising spends and turnover figures from filed
> accounts, The study of the UK cat3/4 market concluded that in the Met area
> alone (and about 10 years ago), the gross sales of surveillance systems
was
> about £12M per year and on a rising trend. Taking the average price of a
> system (then) as about £500, this means that about 24,000 systems per year
> were being sold annually in the Met area.
>
> Little or none of this stuff would have been for home govt use. Certainly,
a
> fair amount of this stuff is exported but there is also substantial but
> unquantifiable importation from sales outlets in the US, Spain, Taiwan,
> Japan, Denmark, France, Germany and Italy in particular.
>
> By observation, until recently, the most common use of bugs was in
domestic
> or trivial disputes. Serious use in commercial espionage was relatively
rare
> but could be lethal to corporate life when it occurred. These days, it
could
> be that the largest group of users have become the police and some
> non-national security oriented govt depts.
>
> Go clubbing or to a massage parlour these days and watch for the chap in a
> baseball cap. The cap is quite possibly fitted with a high definition
> pinhole/wide angle camera and GHz band transmitter, with or without an
audio
> channel. Meet a game warden in some African game parks and their bush hats
> may be similarly fitted.
>
> Personally, I doubt that anyone knows the amount of watching and listening
> that is going on. Certainly, the more one learns the more one needs
> constantly to revise upwards any tentative estimate. whatever the total,
its
> colossal. My belief is that only a small fraction of the total is of a
> 'national security' type, as I would understand the meaning of that label.
>
> re GSM etc:
>
> > The moral is: don't ask `is this equipment secure?' but `for whom is
> > this equipment secure?'
>
> Sometimes. Often, the question might be 'for what purpose is this
equipment
> secure?'
>
> Owen
>
>
>