[ISN] How Tiny Swiss Cellphone Chips Helped Track Global Terror Web

From: InfoSec News (isn@private)
Date: Thu Mar 04 2004 - 03:12:00 PST

  • Next message: InfoSec News: "[ISN] Announcing The Black Hat Briefings call for papers"

    http://www.nytimes.com/2004/03/04/international/europe/04PHON.html
    
    [This story has no information security content, but definately an 
    interesting read nevertheless.  - WK]
    
    
    By DON VAN NATTA Jr. and DESMOND BUTLER
    Published: March 4, 2004
    
    LONDON - The terrorism investigation code-named Mont Blanc began
    almost by accident in April 2002, when authorities intercepted a
    cellphone call that lasted less than a minute and involved not a
    single word of conversation.
    
    Investigators, suspicious that the call was a signal between
    terrorists, followed the trail first to one terror suspect, then to
    others, and eventually to terror cells on three continents.
    
    What tied them together was a computer chip smaller than a fingernail.  
    But before the investigation wound down in recent weeks, its global
    net caught dozens of suspected Qaeda members and disrupted at least
    three planned attacks in Saudi Arabia and Indonesia, according to
    counterterrorism and intelligence officials in Europe and the United
    States.
    
    The investigation helped narrow the search for one of the most wanted
    men in the world, Khalid Shaikh Mohammed, who is accused of being the
    mastermind of the Sept. 11 attacks, according to three intelligence
    officials based in Europe. American authorities arrested Mr. Mohammed
    in Pakistan last March.
    
    For two years, investigators now say, they were able to track the
    conversations and movements of several Qaeda leaders and dozens of
    operatives after determining that the suspects favored a particular
    brand of cellphone chip. The chips carry prepaid minutes and allow
    phone use around the world.
    
    Investigators said they believed that the chips, made by Swisscom of
    Switzerland, were popular with terrorists because they could buy the
    chips without giving their names.
    
    "They thought these phones protected their anonymity, but they
    didn't," said a senior intelligence official based in Europe. Even
    without personal information, the authorities were able to conduct
    routine monitoring of phone conversations.
    
    A half dozen senior officials in the United States and Europe agreed
    to talk in detail about the previously undisclosed investigation
    because, they said, it was completed. They also said they had strong
    indications that terror suspects, alert to the phones' vulnerability,
    had largely abandoned them for important communications and instead
    were using e-mail, Internet phone calls and hand-delivered messages.
    
    "This was one of the most effective tools we had to locate Al Qaeda,"  
    said a senior counterterrorism official in Europe. "The perception of
    anonymity may have lulled them into a false sense of security. We now
    believe that Al Qaeda has figured out that we were monitoring them
    through these phones."
    
    The officials called the operation one of the most successful
    investigations since Sept. 11, 2001, and an example of unusual
    cooperation between agencies in different countries. Led by the Swiss,
    the investigation involved agents from more than a dozen countries,
    including the United States, Pakistan, Saudi Arabia, Germany, Britain
    and Italy.
    
    Cellphones have played a major role in the constant jousting between
    terrorists and intelligence agencies. In their requests for more
    investigative powers, Attorney General John Ashcroft and other
    officials have repeatedly cited the importance of monitoring portable
    phones. Each success by investigators seems to drive terrorists either
    to more advanced - or to more primitive - communications.
    
    During the American bombing of Tora Bora in Afghanistan in December
    2001, American authorities reported hearing Osama bin Laden speaking
    to his associates on a satellite phone. Since then, Mr. bin Laden has
    communicated with handwritten messages delivered by trusted couriers,
    officials said.
    
    In 2002 the German authorities broke up a cell after monitoring calls
    by Abu Musab al-Zarqawi, who has been linked by some top American
    officials to Al Qaeda, in which he could be heard ordering attacks on
    Jewish targets in Germany. Since then, investigators say, Mr. Zarqawi
    has been more cautious.
    
    "If you beat terrorists over the head enough, they learn," said Col.  
    Nick Pratt, a counterterrorism expert and professor at the George C.  
    Marshall European Center for Security Studies in
    Garmisch-Partenkirchen, Germany. "They are smart."
    
    Officials say that on the rare occasion when operatives still use
    mobile phones, they keep the calls brief and use code words.
    
    "They know we are on to them and they keep evolving and using new
    methods, and we keep finding ways to make life miserable for them,"  
    said a senior Saudi official. "In many ways, it's like a cat-and-mouse
    game."
    
    Some Qaeda lieutenants used cellphones only to arrange a conversation
    on a more secure telephone. It was one such brief cellphone call that
    set off the Mont Blanc investigation.
    
    The call was placed on April 11, 2002, by Christian Ganczarski, a
    36-year-old Polish-born German Muslim whom the German authorities
    suspected was a member of Al Qaeda. From Germany, Mr. Ganczarski
    called Khalid Shaikh Mohammed, said to be Al Qaeda's military
    commander, who was running operations at the time from a safe house in
    Karachi, Pakistan, according to two officials involved in the
    investigation.
    
    The two men did not speak during the call, counterterrorism officials
    said. Instead, the call was intended to alert Mr. Mohammed of a Qaeda
    suicide bombing mission at a synagogue in Tunisia, which took place
    that day, according to two senior officials. The attack killed 21
    people, mostly German tourists.
    
    Through electronic surveillance, the German authorities traced the
    call to Mr. Mohammed's Swisscom cellphone, but at first they did not
    know it belonged to him. Two weeks after the Tunisian bombing, the
    German police searched Mr. Ganczarski's house and found a log of his
    many numbers, including one in Pakistan that was eventually traced to
    Mr. Mohammed. The German police had been monitoring Mr. Ganczarski
    because he had been seen in the company of militants at a mosque in
    Duisburg, and last June the French police arrested him in Paris.
    
    Mr. Mohammed's cellphone number, and many others, were given to the
    Swiss authorities for further investigation. By checking Swisscom's
    records, Swiss officials discovered that many other Qaeda suspects
    used the Swisscom chips, known as Subscriber Identity Module cards,
    which allow phones to connect to cellular networks.
    
    For months the Swiss, working closely with counterparts in the United
    States and Pakistan, used this information in an effort to track Mr.  
    Mohammed's movements inside Pakistan. By monitoring the cellphone
    traffic, they were able to get a fix on Mr. Mohammed, but the
    investigators did not know his specific location, officials said.
    
    Once Swiss agents had established that Mr. Mohammed was in Karachi,
    the American and Pakistani security services took over the hunt with
    the aid of technology at the United States National Security Agency,
    said two senior European intelligence officials. But it took months
    for them to actually find Mr. Mohammed "because he wasn't always using
    that phone," an official said. "He had many, many other phones."
    
    Mr. Mohammed was a victim of his own sloppiness, said a senior
    European intelligence official. He was meticulous about changing
    cellphones, but apparently he kept using the same SIM card.
    
    In the end, the authorities were led directly to Mr. Mohammed by a
    C.I.A. spy, the director of central intelligence, George J. Tenet,
    said in a speech last month. A senior American intelligence official
    said this week that the capture of Mr. Mohammed "was entirely the
    result of excellent human operations."
    
    When Swiss and other European officials heard that American agents had
    captured Mr. Mohammed last March, "we opened a big bottle of
    Champagne," a senior intelligence official said.
    
    Among Mr. Mohammed's belongings, the authorities seized computers,
    cellphones and a personal phone book that contained hundreds of
    numbers. Tracing those numbers led investigators to as many as 6,000
    phone numbers, which amounted to a virtual road map of Al Qaeda's
    operations, officials said.
    
    The authorities noticed that many of Mr. Mohammed's communications
    were with operatives in Indonesia and Saudi Arabia. Last April, using
    the phone numbers, officials in Jakarta broke up a terror cell
    connected to Mr. Mohammed, officials said.
    
    After the suicide bombings of three housing compounds in Riyadh, Saudi
    Arabia, on May 12, the Saudi authorities used the phone numbers to
    track down two "live sleeper cells." Some members were killed in
    shootouts with the authorities; others were arrested.
    
    Meanwhile, the Swiss had used Mr. Mohammed's phone list to begin
    monitoring the communications and activities of nearly two dozen of
    his associates. "Huge resources were devoted to this," a senior
    official said. "Many countries were constantly doing surveillance,
    monitoring the chatter."
    
    Investigators were particularly alarmed by one call they overheard
    last June. The message: "The big guy is coming. He will be here soon."
    
    An official familiar with the calls said, "We did not know who he was,
    but there was a lot of chatter." Whoever "the big guy" was, the
    authorities had his number. A Swisscom chip was in the phone.
    
    "Then we waited and waited, and we were increasingly anxious and
    worried because we didn't know who it was or what he had intended to
    do," an official said.
    
    But in July, the man believed to be "the big guy," Abdullah Oweis, who
    was born in Saudi Arabia, was arrested in Qatar. "He is one of those
    people able to move within Western societies and to help the
    mujahedeen, who have lesser experience," an official said. "He was at
    the very center of the Al Qaeda hierarchy. He was a major
    facilitator."
    
    In January, the operation led to the arrests of eight people accused
    of being members of a Qaeda logistical cell in Switzerland. Some are
    suspected of helping with the suicide bombings of the housing
    compounds in Riyadh, which killed 35 people, including 8 Americans.
    
    Later, European authorities discovered that Mr. Mohammed had contacted
    a company in Geneva that sells Swisscom phone cards. Investigators
    said he ordered the cards in bulk.
    
    The Mont Blanc inquiry has wound down, although investigators are
    still monitoring the communications of a few people. Christian
    Neuhaus, a spokesman for Swisscom, confirmed that the company had
    cooperated with the inquiry, but declined to comment.
    
    Last year, Switzerland's legislature passed a law making it illegal to
    purchase cellphone chips without providing personal information,
    following testimony from a Swiss federal prosecutor, Claude Nicati,
    that the Swisscom cards had become popular with Qaeda operatives. The
    law goes into effect on July 1.
    
    One senior official said the authorities were grateful that Qaeda
    members were so loyal to Swisscom.
    
    Another official agreed: "They'd switch phones but use the same cards.  
    The people were stupid enough to use the same cards all of the time.  
    It was a very good thing for us."
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Mar 04 2004 - 05:24:07 PST