[liberationtech] New Satphone Safety Guide

Collin Anderson collin at averysmallbird.com
Wed Dec 12 20:04:11 PST 2012 

I thought I might resurrect this extremely dead thread with an note I found
after a friend sent a copy of Alan Gross's lawsuit against USG and his
former employer. It may be of interest to a number of people on the list --
also I would like author's title, "DCNO FOR INFORMATION DOMINANCE" (with
caps).

http://www.public.navy.mil/bupers-npc/reference/messages/Documents/NAVADMINS/NAV2012/NAV12347.txt

5.  INMARSAT BGAN DISCREET SUBSCRIBER IDENTITY MODULE (SIM) CARDS ARE
AN OPTION WHEN PURCHASING SERVICE FROM DISA.  THESE DISCREET SIM
CARDS PROVIDE INCREASED OPERATIONAL SECURITY PROTECTION.* THE ONE *
*DRAWBACK IN PURCHASING A DISCRETE SIM CARD COMPARED TO A STANDARD SIM*
*CARD IS THAT CALL COMPLETION WILL BE DENIED BY THE SERVICING INMARSAT *
*WHEN OPERATING IN THE CHINA AND RUSSIA GEOGRAPHIC AREAS.* THE COST OF
THE DISCRETE SIM CARD IS THE SAME AS A STANDARD SIM CARD. IF
ALTERNATE COMMUNICATIONS ARE NOT AVAILABLE, USERS OF INMARSAT BGAN
ARE ENCOURAGED TO CONSIDER THE ADDITION OF A STANDARD SIM CARD WHEN
AN IMPORTANT OPERATIONAL CONNECTION IS NECESSARY.




On Thu, Mar 22, 2012 at 5:00 AM, Jacob Appelbaum <jacob at appelbaum.net>wrote:

> On 03/21/2012 09:19 PM, Collin Anderson wrote:
> > Would anyone in this conversation be so kind as to satisfy a tangential
> > curiosity of mine. The case of Alan Gross in Cuba seems so wrapped up in
> an
> > under-explained and over-hyped piece of equipment:
> >
> > On his final trip, he brought in a "discreet" SIM card -- or subscriber
> >> identity module card -- intended to keep satellite phone transmissions
> from
> >> being pinpointed within 250 miles (400 kilometers), if they were
> detected
> >> at all.
> >
> >
> > http://www.businessweek.com/ap/financialnews/D9SSHGPG2.htm
> >
> > Beyond the obvious issues with that statement; does anyone know what they
> > are referring to?
> >
>
> Whoa - I had not caught that part of the story with Alan Gross... I
> wonder how he got his hands on the SIM? I've tried to get them and it's
> non-trivial. It requires either favors, a trade or basically a ton of
> cash from the "right" group of people.
>
> My understanding is that there are some special SIM cards that have two
> unique properties that matter for location privacy. The first property
> is that the HLR database knows that the SIM is special and so it will
> authorize a connection without a GPS location in the initial uplink. The
> second is that the device (phone, modem, etc) firmware knows that this
> SIM is special by checking some field on the SIM itself and so it won't
> send the GPS coordinates but rather the spot beam. We can easily
> discover what the field is with a SIMTrace[0] tap if we acquire one of
> these SIMs.
>
> My understanding is that the firmware still fetches the GPS coordinates.
> It then looks up the GPS location in a coverage table of all spot beams
> for the planet and then the firmware returns the spot beam where the GPS
> coordinates are located. The device then sends the spot beam into space,
> etc.
>
> A few years ago I found some public data on this and I think the company
> offering these SIMS in public is Deltawave[1] - I haven't however found
> an obvious way to buy them on their website. This is also very specific
> to BGAN and it is quite clearly a network by network, firmware by
> firmware specific information.
>
> In theory if we capture the setup with a discreet SIM with SIMTrace, we
> can MITM a normal BGAN SIM and fake a a discreet SIM response with just
> a few dollars of hardware. The network might reject it, obviously. But
> hey, if anyone has a discreet SIM sitting around, I'd be more than happy
> to see if it works in a country where it is legal to not send the GPS
> location of the device.
>
> Alternatively, one could pick a BGAN device and build a GPS MITM tool
> for the actual hardware without any such special SIM...
>
> All the best,
> Jacob
>
> [0] http://www.sysmocom.de/products/simtrace
> [1] http://www.deltawavecomm.com/
>



-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121213/6122baec/attachment.html>

More information about the liberationtech mailing list