Cyberscams

A new form of criminal attack is lurking out there, one that could devastate both wireless carriers and their customers. In this form of criminal enterprise, the carrier may actually become the facilitator of an attack against the customer. In fact, government and commercial espionage on wireless telecommunications may be greater than all of the fraud and hacker community threats combined.

CYBERSPYING As the wireless industry races to expand from domestic to global services, it seems unaware that expanded use of wireless communications and data provide a wealth of opportunities for national governments and commercial enterprises to expand their intelligence gathering. Intruding on wireless communications may not hit a carrier's bottom line directly, but it may affect global enterprises' economies. It also could affect the national economy and security of nations worldwide.

Spying on telecommunications has become such a concern in the recently established European Union of nations that representatives are flooding the European Parliament with recommendations concerning controls over international monitoring of telecommunications systems.

In An Appraisal of the Technologies of Political Control, a white paper published by the Omega Foundation for the European Parliament, the authors stated "modern snoopers can buy specially adapted laptop computers and simply tune into the mobile phones active in the area by cursoring down their number. The machine will even search for numbers 'of interest' to see if they are active." The writers also said, "These bugs and taps pale in significance next to the national and international state-run interception networks."

The same document stated that certain police agencies use digital monitoring to track the whereabouts of certain social classes and races living in certain red-lined areas of the European community.

Although the North American wireless industry is rapidly converting from analog to digital technology, European government agencies are relying (sometimes illegally) on digital technology to pinpoint mobile phone users. They view the phones as miniature tracking devices that provide information that they can store for future analysis. The same report to the European Parliament cited the Swiss Police, which has secretly tracked the whereabouts of more than 1 million mobile-phone users, recording their locations down to within a few hundred yards. Although such efforts to track wireless subscribers often are efforts to suppress terrorism or other capital crimes, people being tracked are reported to include politicians, labor leaders and corporate executives.

On Nov. 20, 1998, the European Surveillance Union reported "massive attempts" on the part of European police forces to acquire the ability to eavesdrop on U.S.-based satellite systems. The report referred to Mobile Satellite Services (MSS) as "collective and simple locations for monitoring solutions."

In an internal document entitled ENFOPOL 98, from the Police Cooperation Working Party, the European police community reportedly asked for access to "all signals created at the observed facilities" to be made accessible, as well as all related technical services and data; the redirecting of telephone calls, conference calls, voice mail and other communications forms. Even inbound and outbound connections, which are not completed, were taken into consideration.

The Police Cooperation Working Party is the same group that recommended in 1995 that European police "tag each individual subscriber in view of a possibly necessary surveillance activity."

And, ENFOPOL 98 called for making all of this data available to "legally empowered authorities" immediately. The document stated, "The data relevant to connections should be made available within milliseconds after the call is made in order to allow the collation of the event and the details of the call." One driver in this push to access wireless communications by the European police is the fear that it will lose some of its current voice-channel-monitoring capabilities in an all-digital environment. Routinely monitoring analog voice channels is quite simple.

In a Statewatch bulletin released in 1997, the EU Council of Ministers reportedly laid out new requirements for European carriers that the editor of Statewatch said "will create a system that can monitor everyone and every form of communication."

As reported by Telepolis, the proposal called for the surveillance of "any form of telecommunications -- be it data, encrypted or in clear form, mobile telephony" and "new satellite mobile services."

CALEA'S IMPLICATIONS The passage of CALEA has placed the U.S. wireless industry in an awkward position. The act attempts to balance the need for the FBI and other law enforcement agencies to carry out legitimate surveillance of suspected criminals in the digital environment with the costs involved in providing those capabilities. At the same time, as international terrorism and organized crime threaten to increase, the FBI is emerging as the principal law enforcement agency in the fight against those threats.

In Intelligence and Counterintelligence: Proposed Program for the 21st Century, Robert David Steele, Open Sources president, stated, "it merits emphasis that the FBI ... will be the most important element of the U.S. intelligence community in the 21st century because it will be responsible for the survivability of our national communications and computing architecture, the protection of our intellectual property and the creation of a state and local intelligence community focused on economic development and law enforcement."

Clark Staten, Emergency Response and Research Institute executive director, said he thinks this statement suggests that national commercial communications networks face a direct threat. In Staten's white paper, Asymmetric Warfare, the Evolution and Devolution of Terrorism; The Coming Challenge for Emergency and National Security Forces, he said, "Particularly of concern is the possibility that conventional terrorism and low-density conflict will be accompanied by computer infrastructure attacks that may cause damage to vital commercial, military and government information and confront communications systems."

SNOOPING TO CYBERWARFARE According to the Center for Strategic and International Studies (CSIS), U.S.-based telecommunications systems also could become the target of foreign governments bent on attacking the U.S. information infrastructure.

In its book, Cybercrime, Cyber-terrorism, Cyberwarfare, CSIS stated that terrorists and rogue nations could destabilize and destroy targeted states and societies, including the United States, through computer networks, telecommunications systems and databases.

The report said, "Most experts agree that commercial telecommunications and information systems supporting critical infrastructures will be primary targets in information warfare attacks against the United States." The report recommended that "the private sector must play a major role in any national strategies for information security."

Governments are not the only entities that threaten U.S. communications industry security. Organized crime has joined the world of high technology. In another report on its Global Organized Crime Project, CSIS stated, "The rise in transnational organized crime is an unfortunate by-product of globalization, through which technological advances and lower barriers to trade have created a seamless electronic environment and empowered new classes of actors which bypass nation states ... the criminal organizations are not monolithic, but act as networks, pursuing the same types of joint ventures and strategic alliances as legitimate global businesses. The diffuse and dynamic nature of transnational operations makes criminal enterprises ... difficult to identify and counter."

In a 1995 United Nations address, President Bill Clinton recognized "the growing nexus between terrorists, narcotics traffickers and other international criminals that have been fostered by developments in international communications, travel and information-sharing."

How much damage has been done? In The Next World, author James Adams stated, "Almost all of the Fortune 500 corporations have been penetrated electronically by cybercriminals. The FBI estimates that electronic crimes are running at about $10 billion a year. But, only 17% of the victimized companies report these intrusions to law enforcement agencies."

How is cybercrime accomplished? CSIS reports that "tens of thousands of high-powered scanners are being smuggled out of Asia every month. They can intercept and record law-enforcement-agency mobile phones, faxes and even landline communications. Organized crime groups also use them to steal proprietary secrets from high-tech companies."

The Defense Science Board Task Force on Information Warfare predicted that shortly after the beginning of the new millenium, attacks on U.S. information systems by terrorists, transnational crime syndicates and foreign espionage agencies will be "widespread."

Although the wireless industry is concerned about government and commercial spying abroad, equipment capable of unauthorized monitoring is sold openly on the U.S. market. Spytec, a surveillance and security equipment supplier, lists monitoring equipment for surveillance of GSM, faxes, data and cellular telephone communications among its products.

Electronic Countermeasures advertises its Cellular Analysis System 8000 with capabilities for monitoring data and voice systems in AMPS-TDMA digital configurations, as well as analog. However, Electronic Countermeasures limits its sales to only wireless service providers and law enforcement.

WIRELESS IMPLICATIONS These facts imply that the wireless industry has a broad challenge. To effectively address cyberspying, the industry must:

* Suppress criminal fraud and theft that directly impact its profitability;

* Protect itself from determined hackers who threaten to invade and compromise networks;

* Find ways to accommodate legitimate law enforcement efforts to prevent international crimes that can undermine the national economy;

* Understand that it will play an increasingly important role in the intelligence and counterintelligence efforts of all people it serves in the growing international telecommunications arena.

Finally, the industry must recognize that its systems are far more likely to be targets of both private and public attacks in the future. By playing a role in the intelligence community, it will be in a better position to foresee and defend itself against those attacks.

Spying on one's neighbors is not a recent phenomenon and is not always outside the U.S. government. Australia, Canada, Great Britain, New Zealand and the United States have shared intelligence gathered through telecommunications systematic monitoringsince 1948. Such intruding on private conversations may be for legitimate national security purposes; yet, some confidential commercial information leaks to industrial competitors around the globe.

Recent examples include a highly sensitive negotiation between a French company and a prospective Brazilian buyer. In the 11th hour of negotiations, a U.S.-based supplier suddenly appeared with a better offer and won the contract. Other examples include major deals lost at the last minute among competing international airplane and automobile manufacturers and international telecommunications companies.

How pervasive is wireless telecommunications routine monitoring? In a recent report to the European Parliament, the authors referred to it as "a global surveillance system that stretches around the world to form a targeting system on all key Intelsat satellites used to convey most of the world's satellite phone calls, Internet, e-mail, faxes and telexes."