Rediff.com« Back to articlePrint this article

Getting HUGE phone bills? Your SIM may have been cloned!

March 14, 2012 14:50 IST

Vicky Nanjappa takes a look at the looming menace of SIM card cloning

Today, crime syndicates have become bigger, and techniques such phone hacking and theft of IP addresses are being used for bigger gains. Over the past couple of years, we have heard of phones being hacked and the same being used to bounce off calls in the name of the original user.

Take the recent arrest in Philippines which was based on a complaint by phone giant AT&T. It was alleged that a group of terrorists had hacked into phone networks in a bid to raise money which was allegedly used for the 26/11 attack on Mumbai.

Prior to this there was also a major incident involving Hezbollah terrorists who cloned the mobile phones of senior officials. This came to light when Susan Drummond, a law professor challenged a bill of nearly $12,000 which she had received. On her itemised bill, she had found that calls had been made to Pakistan, Libya, Syria and Russia at a time when she was out of town.

An operation of this nature would effectively mean calls and transactions are being made by terrorist groups under some other name which effectively protects the identity of the terrorist. Moreover, they clone cell phones of ordinary customers who are not being monitored by intelligence agencies.

The process involved in phone cloning is extremely simple for a terrorist. They record the Electronic Serial Number and also the Mobile Identification Number before programming their mobile phones to transmit MIN and ESN to their mobile network.

When a call is then made by the real owner of the phone, the information gets transmitted to the nearest site and then it remains on that site until it moves to the next site. This would mean if you have been making a call from New Delhi in one billing cycle, you would be surprised to see in your bill that all the calls that have been made are from Bengaluru or any other place which these terrorists have chosen to call from.

Now speaking of the risk that India as a country faces, it may be pertinent to note that the concept of SIM cloning is something that appears to be catching on very soon. Very recently, security agencies had raised an alarm regarding this concept which today is being used by criminals and say that it could well be a good tool for terrorists as well.

For a crime cartel which aims to clean you up of funds, it is quite an easy procedure. They buzz you once and if you happen to miss that call and then return it, they very quickly pick up your ESN and make a call which you would be billed for.

In most cases, it takes a very long time for the victim to realise as to what is going on. In addition to this, these criminals also tend to pick up information regarding any financial transactions that have been made on the cell phone and using the data available they generate funds for themselves as well.

Today there is not a single bank which does not offer a financial transaction through the mobile phone. Security experts say although these are easy ways of making a transaction it poses a great security risk in case your SIM or phone is cloned. The phone saves data or your transactions which could be accessed by criminals or terrorists and used for disruptive purposes.

Such incidents are coming to light in India. However, the transactions through a cloned SIM card have not been very big. They have been instances to show that small amounts such as Rs 100 have been taken out of an account.

In other instances there have been calls which have been made at the expense of the real user. Most people do not dispute small claims and this is proving to be advantageous to the criminal.

Looking at a couple of cases in India it has been seen that mobile cloning is more popular with the CDMA technology. It is easier to clone a phone using CDMA technology as such networks give access to both the ESN and the MIN unlike a GSM phone.

Hence, returning a call is sufficient for the criminal to get access of the vital numbers. Those operators who deal with CDMA technology are however working on this threat and claim that they have put in place encryption technology which prevents scanners from picking up your information.

However considering the fact that the GSM technology is more popular these criminals have also found a way to clone the SIM card as well. But there is a long but easy procedure involved in this which would require the criminal to have the SIM card they want to clone with them.

A GSM SIM would not have an ESN. However, if the criminal does manage to get access to the SIM card, they he would be able to very easily obtain both the ESN and the MIN. A device to scan the SIM is available for as less as $5.

The SIM is scanned to extract the code. The code is then placed into the card software and then copied on to a new SIM card and they get a cloned SIM card at the end of it.

This would mean that the person wanting to clone the SIM card would actually have to steal one.

Pavan Duggal, an expert with cyber laws explains that there could be instances when such a syndicate involved in SIM cloning could also be involved with some service providers. These providers give out information regarding the SIM cards and it could be cloned.

Speaking about the laws in India unfortunately we do not have any to deal with SIM cloning. SIM cloning as a phenomenon has not been touched by the IT Act of 2000. However, in 2008, mobiles phones were brought under the ambit through an amendment although there is no mention of SIM cloning in it.

Regarding the punishment there is no real section available for SIM cloning. However Section 66 of the IT act could be applied which speaks of a fraud that is committed. Once again this is a bailable offence and if convicted it prescribes 3-year-imprisonment and a Rs 5 lakh fine which again is hardly a deterrent.

"There is a need to amend the IT act," says Duggal. Most importantly, SIM cloning has its biggest impact on the subscriber whose SIM is cloned. The person could face unnecessary legal complications. Hence there is a need for an amendment to at least aid such victims from being harassed unnecessarily.

Vicky Nanjappa in Bengaluru