THE VIRGINIAN-PILOT
Copyright (c) 1996, Landmark Communications, Inc.
DATE: Sunday, May 12, 1996 TAG: 9605120136
SECTION: FRONT PAGE: A1 EDITION: FINAL
SOURCE: BY LYNN WALTZ, STAFF WRITER
LENGTH: Long : 231 lines
Federal agents have shut down the largest cellular ``clone-phone'' operation ever discovered in Hampton Roads, culminating a year-long investigation that is expected to target several more operations in the region.
Clone-phone operations steal legitimate cellular phone numbers from the airwaves, then program them into other phones. They then sell the phones on the black market to people - mainly drug dealers - who use them to make free, illegal calls on somebody's else's tab.
The local operation, based in Virginia Beach, may have cost local cellular companies as much as a quarter-million dollars, agents testified in federal court Friday. As many as 100 people may have been provided with telephones programmed with the numbers of legitimate customers in Hampton Roads and other cities.
Secret Service agents seized at least 60 cellular phones in five raids last week and made two arrests.
Forty of the phones and 1.4 grams of opium were found in the home of Derrick ``Dashon'' Wilson and Kisha Miller in the 3200 block of Lakecrest Road in Virginia Beach. The two were charged with possession of illegal cellular phones, a felony. Wilson was ordered held without bond Friday.
Phones also were found in a home in the 1900 block of Gravenhurst Drive and an apartment in the 5300 block of Justin Court, both in Virginia Beach. A recording studio on South Witchduck Road and a mailing business in the 200 block of Providence Road in Chesapeake also were searched. Wilson has an interest in both businesses. Because search warrants are sealed, it was unclear if anything was seized in the businesses.
But at the home on Lakecrest Road, agents found computers with cloning software, lists of cellular phone numbers and instructions for re-programming cellular phones with new numbers.
GTE Mobilnet estimates that about 650 phones have been cloned in Hampton Roads since January, and about 1,000 statewide. They could not determine how many of those were related to the Virginia Beach operation.
Illegal use of clone phones has skyrocketed in Hampton Roads since 1994. That year, cellular fraud cost local companies about $10,000 a month. Last year, the figure jumped to $250,000 a month, or about $3 million a year. Nationally, losses are projected at more than $1 billion for 1996.
When phones are cloned, in essence, two identical phones exist. Since the cellular system can't tell them apart, calls from both phones are processed and billed to the same account.
Fraudulent bills are usually discovered before customers are charged. Thus the major impact on legitimate customers is higher rates and inconvenience.
Though customers are not billed for fraudulent calls, companies must pay each other for the use of each others' systems for long-distance use whether the use is fraudulent or not. Those costs are passed on to customers.
Customers are inconvenienced when their numbers have to be changed after their phones are cloned. Customers may also have to use calling codes or credit cards rather than using direct-dial service in areas where fraud is rampant.
Alarmed by the increases in fraud, GTE Mobilnet approached the Secret Service last year and the two formed a partnership that combined GTE's computers and phone records with the law-enforcement powers of the federal government.
The Federal Communications Commission and U.S. Customs supported the investigation, and in January a joint task force was formed that added Norfolk Police, State Police and 360 Communications.
``We believe we have made a major dent in the clone market in Hampton Roads,'' said Secret Service agent in charge Lawrence Kumjian. ``As we inventory what has been seized, we will have a greater feel for the magnitude of the operation.''
Kumjian said the raids represent the first major target of the investigation and mark the first time federal agents have busted a clone phone operation in the region.
``Obviously, we're very excited,'' said Carla Ussery, local general manager for GTE. ``Anybody who has been cloned knows what a hassle it is.''
Cloning phones is relatively easy and getting easier every day. And as equipment becomes increasingly portable and more sophisticated, thieves are more mobile and faster. Some thieves can snag a number and clone a phone in minutes.
Thieves take advantage of the cellular system, which relies on signals from phones to antennas to keep track of where the phones are.
The signal is actually two numbers. One is the serial number for the phone, the other the assigned phone number. The numbers are sent to antennas whenever the phone is turned on or used, and at regular intervals.
Thieves look for locations where cars are started frequently, such as airports and factories. Car phones send a signal each time the car is started. Tunnels are a good spot because phones signal the system when they emerge from a tunnel.
Intercept devices can print out lists of stolen numbers or store them for downloading to a computer. Computers are used to program the stolen numbers into cellular phones, often stolen themselves. The phones are then leased or sold.
Once a phone is cloned, the new illegal phone number is good anywhere from a few days to a few weeks. Once the fraud is discovered and the phone turned off, the illegal user can reprogram the phone with another stolen number or pay to have it reprogrammed.
Typically, clone service runs between $100 to $150 a month on the black market. That's more expensive than a basic legitimate service, but there are two perks: One is unlimited calling anywhere in the world. The other is anonymity and protection from call-tracing.
Usually, a clone number is guaranteed for 30 days to coincide with the billing cycle. That's because the phone numbers are cut off when the fraud is discovered and customers must pay to be reconnected with a new number.
But in the Virginia Beach case, GTE left about 19 clone lines operational instead of shutting them down. This allowed federal agents to use intercept technology in reverse. Agents programmed the clone numbers into an electronic device that searched for those numbers in the airwaves. The device pointed them to a neighborhood near Bow Creek Golf Course.
On May 3, court affidavits show, as Secret Service agents watched, Kisha Miller walked out of her Lakecrest Drive home and got into her Toyota Paseo. She plugged a cellular telephone into the car's cigarette lighter. As she placed a call, agents got a strong signal from her phone. It had been cloned.
Clone phone fraud grew swiftly in the late 1980s and early 1990s in three of the nation's largest markets - New York, Miami and Los Angeles - partly because the drug trade uses those three cities as bases of operation.
But as companies there aggressively pursued fraud, savvy criminals moved to outlying markets, where prevention technology had not caught up.
``That's why you're seeing the increase in your geographical area,'' said Tom McClure, director of the Cellular Telecommunications Industry Association in Washington. ``It's starting to migrate away from those cities. . . . A whole new group of carriers is being defrauded.''
As drug dealers move through Hampton Roads between Miami and New York, they bring with them knowledge and information about cloning. Cloning is nearly always associated with the drug trade. In raids last week, agents found opium. Evidence presented in federal court Friday showed that Wilson has a drug-dealing conviction in New York.
Still, GTE officials were surprised to learn that a cloning operation had been set up in Hampton Roads. Previously, numbers were cloned only when customers from Hampton Roads were in roaming mode in markets like New York.
``Right about this time last year, we started noticing our fraud losses increasing rapidly,'' said Ussery of GTE Mobilnet. ``Immediately, we went to the Secret Service for help.''
Ussery said one bill - never sent to a customer - was more than $150,000. Ussery also turned to GTE's headquarters in Atlanta, where a bank of personal computers was being used to stop fraud. A software program called CloneDetector analyzes millions of phone calls looking for the call patterns that identify potential clone phones.
The program is based on probabilities and looks for usage not typical to the caller's normal calling patterns. The program highlights numbers it believes are cloned.
For instance, it is impossible for one phone to make two calls at the same time, or to make calls from two places at the same time.
If you call your mother in Iowa every Friday, and suddenly, one Friday, you call Shanghai and talk for three hours, the software program red flags your account.
Once numbers are flagged and confirmed as fraudulent, the entire calling record for that number is placed in a large database. The software looks for a link between numbers called from different accounts. The system asks the question: What is the likelihood that all these people would call the same number?
By the time ``link analysis'' is completed, phone companies are able to provide law enforcement a web-like blueprint of an illegal cellular phone operation. Based on calling patterns, they can often determine the provider of the service and the customers.
The problem is, they don't know who they are, only what their cellular phone numbers are. That's where law enforcement steps in. Starting only with the cellular numbers and some of the land lines frequently called from those numbers, they can often locate the phones.
Then, with the help of property and Department of Motor Vehicles records, they figure out who's using them and make the arrest.
By national standards, Hampton Roads' problem is still small potatoes. One-fourth of all cellular phone calls made in Los Angeles are from clone phones.
When a New York City cloning operation was busted in October, authorities seized 3,000 phones and documents indicating that 27,000 cellular phones had been cloned, costing phone companies $27 million.
Current anti-fraud measures have cut fraud substantially in large markets, but at a cost, companies say. A new technology will have to be put in place before fraud can be completely prevented.
In the meantime, local markets are beginning to experiment with PINs, or personal identification numbers.
``We really don't like those,'' said Jim Thoreen, of 360 Communications. ``They're a real hassle for customers. On the other hand, it's a hassle to have your phone cloned, your bills adjusted and your numbers changed. That's also bad, so there's a balance.
``As long as these guys are out there, you can't help but affect your customers in some way.''
Local users now need PINs only when they pass by a high-fraud area like New York City or Washington. To use a PIN, a customer enters the telephone number, presses the SEND button, then enters the PIN.
One reason cloning is spreading across the country is that PINs have been effective in large markets, so thieves are moving.
The best hope for the future, most fraud experts believe, is a system called ``authentication,'' a technology based on secret military communications.
In this system, when a new account is set up, the customer's phone and a land-based authentication center are both programmed with a secret algorithm.
An algorithm is any systematic method of solving a problem through repetitive calculations. With computers, they can be very complicated and done very swiftly.
When the phone seeks service, a central switching station sends out a random number to the phone and to an authentication center. The algorithms at both locations take the random number, the phone's serial number, the phone number and other secret data and produces a response.
Both the phone and the authentication center send their responses to the switch. If they match, the call goes through. If not, it doesn't. In a computer age, this can be done nearly instantly - before a call goes through - without the customer noticing. It is already being implemented in the New York market.
``We think over the next few years, this will put an end to cloning,'' Thoreen said. ``There's always the off chance that somebody will discover a new mathematical approach to defeating it. Nevertheless, we put great stock in it as an industry.''
McClure agrees that authentication is the answer, but says it will be costly and time-consuming.
``We had it tested by a noted cryptologist who said it would hold for 20 years,'' McClure said.
The problem is turning in the phones. There are 35 million analog phones on the system that broadcast the old way. Though some new phones are being manufactured with the new technology in place, all old phones would have to be replaced for the new system to work.
McClure said it would be at least seven years before the new technology is introduced. By then, he estimated that 50 million phones would be out there.
``Once we put authentication in, how do we get rid of those phones?'' McClure said. ``AT&T has five million customers. Southwestern has 4 million customers. That's a lot of people standing in line to exchange their phones.'' ILLUSTRATION: Graphics
VP
FRAUD LOSSES IN HAMPTON ROADS
JOHN CORBITT/The Virginian-Pilot, KRT
HOW CELLULAR PHONE NUMBERS ARE PIRATED
[For complete graphics, please see microfilm]
KEYWORDS: CELLULAR PHONE FRAUD CLONE-PHONES STING OPERATIONS
ARREST by CNB