Clandestine public telephony is getting riskier
Bruce Schneier brought to our attention the performance and ease of use of off-the-shelf data-mining tools for social networking analysis. With a few million CDR that sort of tool can identify user communities in the physical, temporal and social dimensions. ThorpeGlen’s graphical user interface screenshots are particularly impressive.
Needless to say that SIM swapping does not work as the IMEI is still available – that is old news. But swapping both SIM and teminal is not the solution either anymore as behavorial analysis can nowadays still yield a match. This may be the end of the road for communications security in durable networks by pure compartimentalization. Instead of acquiring random prepaid accounts, clandestine operators should now focus on creating sufficient decoy activity so that the social signal is drowned in enough misleading connexions – and maybe only stolen accounts provide enough credible noise to evade profiling. Doing that without a single mistep is going to be difficult, especially under the sort of pressure that justify such precautions.
But whatever the performance of the analysis system, casual mobile phone use in a clandestine context is getting more risky – if this is an off-the-shelf system, just imagine what custom systems can do for the most advanced nations.