I thought I might resurrect this extremely dead thread with an note I found after a friend sent a copy of Alan Gross's lawsuit against USG and his former employer. It may be of interest to a number of people on the list -- also I would like author's title, "DCNO FOR INFORMATION DOMINANCE" (with caps).
http://www.public.navy.mil/bupers-npc/reference/messages/Documents/NAVADMINS/NAV2012/NAV12347.txt 5. INMARSAT BGAN DISCREET SUBSCRIBER IDENTITY MODULE (SIM) CARDS ARE AN OPTION WHEN PURCHASING SERVICE FROM DISA. THESE DISCREET SIM CARDS PROVIDE INCREASED OPERATIONAL SECURITY PROTECTION.* THE ONE * *DRAWBACK IN PURCHASING A DISCRETE SIM CARD COMPARED TO A STANDARD SIM* *CARD IS THAT CALL COMPLETION WILL BE DENIED BY THE SERVICING INMARSAT * *WHEN OPERATING IN THE CHINA AND RUSSIA GEOGRAPHIC AREAS.* THE COST OF THE DISCRETE SIM CARD IS THE SAME AS A STANDARD SIM CARD. IF ALTERNATE COMMUNICATIONS ARE NOT AVAILABLE, USERS OF INMARSAT BGAN ARE ENCOURAGED TO CONSIDER THE ADDITION OF A STANDARD SIM CARD WHEN AN IMPORTANT OPERATIONAL CONNECTION IS NECESSARY. On Thu, Mar 22, 2012 at 5:00 AM, Jacob Appelbaum <[email protected]>wrote: > On 03/21/2012 09:19 PM, Collin Anderson wrote: > > Would anyone in this conversation be so kind as to satisfy a tangential > > curiosity of mine. The case of Alan Gross in Cuba seems so wrapped up in > an > > under-explained and over-hyped piece of equipment: > > > > On his final trip, he brought in a "discreet" SIM card -- or subscriber > >> identity module card -- intended to keep satellite phone transmissions > from > >> being pinpointed within 250 miles (400 kilometers), if they were > detected > >> at all. > > > > > > http://www.businessweek.com/ap/financialnews/D9SSHGPG2.htm > > > > Beyond the obvious issues with that statement; does anyone know what they > > are referring to? > > > > Whoa - I had not caught that part of the story with Alan Gross... I > wonder how he got his hands on the SIM? I've tried to get them and it's > non-trivial. It requires either favors, a trade or basically a ton of > cash from the "right" group of people. > > My understanding is that there are some special SIM cards that have two > unique properties that matter for location privacy. The first property > is that the HLR database knows that the SIM is special and so it will > authorize a connection without a GPS location in the initial uplink. The > second is that the device (phone, modem, etc) firmware knows that this > SIM is special by checking some field on the SIM itself and so it won't > send the GPS coordinates but rather the spot beam. We can easily > discover what the field is with a SIMTrace[0] tap if we acquire one of > these SIMs. > > My understanding is that the firmware still fetches the GPS coordinates. > It then looks up the GPS location in a coverage table of all spot beams > for the planet and then the firmware returns the spot beam where the GPS > coordinates are located. The device then sends the spot beam into space, > etc. > > A few years ago I found some public data on this and I think the company > offering these SIMS in public is Deltawave[1] - I haven't however found > an obvious way to buy them on their website. This is also very specific > to BGAN and it is quite clearly a network by network, firmware by > firmware specific information. > > In theory if we capture the setup with a discreet SIM with SIMTrace, we > can MITM a normal BGAN SIM and fake a a discreet SIM response with just > a few dollars of hardware. The network might reject it, obviously. But > hey, if anyone has a discreet SIM sitting around, I'd be more than happy > to see if it works in a country where it is legal to not send the GPS > location of the device. > > Alternatively, one could pick a BGAN device and build a GPS MITM tool > for the actual hardware without any such special SIM... > > All the best, > Jacob > > [0] http://www.sysmocom.de/products/simtrace > [1] http://www.deltawavecomm.com/ > -- *Collin David Anderson* averysmallbird.com | @cda | Washington, D.C.
-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
