updated August 2010
updated October 2010
updated December 2010
updated April 2011
updated September 2011
updated October 2011
Dear Chief Executive/Managing Partner
Industrial espionage mobile phones
May I bring the following points to your attention, and your colleagues',
in case you are not already aware of them:
1 The location of a mobile phone can almost
always be determined, wherever it is in the world, often accurate to less
than 100 metres. If you are attending a meeting with your mobile, then
presence can be detected. So can the presence of anyone else who is
there with their mobile.
1.1 The same applies to satellite
2 Mobile phone records show who you rang
and who rang you, when and for how long, as you know from reading the
bills. Your associates, the people you are dealing with, can be identified.
3 Since 1 October 2007, 652
public bodies in the UK have had the right to access your mobile phone
records. This includes not only the bodies you might expect the
police, the security services, HMRC and the Financial Services Authority
but also every
local authority in the country, the Gaming Board for Great Britain,
the Food Standards Agency, the Environment Agency, the Scottish Ambulance
Service Board, ...
3.1 It must be hard for an industrial spy
to find a rotten apple but, with 652 barrels to choose from in the UK
alone, the difficulty has been much reduced since last October.
4 Mobile phone conversations can be bugged.
5 That is well known. More extraordinary,
it is possible for an eavesdropper, without your knowing it, to turn your
mobile phone into a microphone
so that all conversation in the vicinity of the phone is transmitted back
to the eavesdropper. Hard to believe, but it is confirmed by the FT
and the BBC.
5.1 It is possible for your mobile phone
to act as a microphone at meetings even if it is switched off. Again hard
to believe, again it is confirmed by the FT and the BBC. It doesn't apply
to all mobile phones but, with some, when you turn them off, they are
not really off, just in standby mode, and the only way really to turn
them off is to remove the battery.
6 When Blackberries are used to send and
receive emails, those emails all pass through computers controlled by
(Research in Motion), the Canadian suppliers of the Blackberry. If they
want to, RIM can read your emails [questionable, denied by RIM].
6.1 The same applies to any internet service
provider. Many countries, the
UK included, have legislation entitling the authorities to read your
emails, whether sent from PCs or mobile phones.
6.2 If they find a device that they can't
monitor, some countries have been known to ban it. In France, for example,
MPs are banned from using Blackberries. And India
are currently (10 March 2008) considering a ban on Blackberries nationwide.
The reason given is that their security services find it hard to monitor
Blackberry emails either the authorities can read your emails or
you can't use the service.
Is an industrial spy going to bother with any of this wizardry to tap
into negotiations you would prefer to be confidential? I have no idea.
But note that if someone thinks it would give them a commercial advantage,
it would be illegal, but they could*.
- * Robert Winnett, 21 March 2008, Daily Telegraph, 'Revealed:
the dirty tricks of rogue traders':
- A hedge fund based in London set up a "dirty-tricks
unit" to manipulate share prices and get illicit information on companies
in an attempt to make millions on the stock market, an insider has revealed.
- As the official hunt began for the rogue traders who
tried to bring down Britain's biggest mortgage lender, HBOS, The Daily
Telegraph can reveal a whistle-blower's account of how a multi-billion
pound fund allegedly used illegal tactics to drive down stock prices.
- Private detectives were allegedly employed to hack
into executives' emails and telephone records ...
- 1 August 2010, BBC: UAE
'moves to suspend some Blackberry services':
- Blackberry maker Research in Motion (RIM) has not
yet commented on the latest UAE reports, which come amid a row dating
back to 2007 about allowing TRA [the UAE telecoms regulator] access
to the code for RIM's encrypted networks so it can monitor email and
- Nic Fildes, 5 August 2010, The Times, Indonesia
joins threat to ban BlackBerrys:
- Indonesia has become the latest country to put pressure
on Research in Motion after threatening to ban the use of BlackBerry
devices unless the Canadian company sets up local servers ... RIM has
been in the spotlight since the United Arab Emirates said that it would
ban the instant messaging and e-mail functions used by an estimated
750,000 users in the Gulf state as it was unhappy with the way that
the data is encrypted and sent to the technology company’s offshore
- Jessi Tabalba, 5 August 2010, The Guardian, Saudi
BlackBerry messaging ban: security or snooping?:
- Nic Fildes, 7 August 2010, The Times, BlackBerry
‘near deal to open messages to Saudis’:
- The makers of BlackBerry mobile phones appear to have
backed down in the face of demands from Saudi Arabia to allow the state
to monitor messages sent on its devices ... Saudi Arabia switched off
the signal for four hours yesterday citing security concerns over BlackBerry’s
encrypted message service, which cannot be read by third parties ...
Blackberry’s manufacturer Research In Motion (RIM) stores encrypted
data in its home country, Canada, which the Saudis say does not meet
their regulatory criteria or licensing conditions ... But today Saudi
officials said the two sides had reached a preliminary deal on granting
access to users’ data that will avert a ban on the phone’s messenger
service in the kingdom.
- P.C., 9 August 2010, The Economist, Spies,
secrets and smart-phones:
- ... He then went on to say how "mind-boggling" are
the capabilities of America's National Security Agency and its British
counterpart, GCHQ. To this blogger, that sounded like: "Yes of course
we can hack Skype calls and all the rest, but we have to pretend we
- Bill Ray, 8 October 2010, The Register, UAE
- The United Arab Emirates has cancelled the planned
ban on RIM's BlackBerry service, saying that it no longer represents
a threat to national security, but not explaining why.
- Bill Ray, 6 December 2010, The Register, BlackBerry
to Indian gov: Ban us, you have to ban Skype too:
- RIM don't seem any more aware of what's going to happen
than the rest of us. The Canadian company rarely comments on governmental
negotiations, other than reiterating that it likes to comply with the
law, but now RIM feels it necessary to remind us that the Indian government
has previously said that BlackBerry users shouldn't be singled out (thus
any ban must also apply to, say, Skype) and that lawful intercept of
BlackBerry communications can easily be carried out at the end user's
premises (the customer's BlackBerry Enterprise Server).
- Josh Halliday, 18 April 2011, The Guardian, UAE
to tighten BlackBerry restrictions:
- BlackBerry users in the United Arab Emirates will
soon be unable to send emails and messages without fear of government
snooping, under tighter restrictions on internet communication in the
- Josh Halliday and Saeed Shah, 30 August 2011, The Guardian, Pakistan
to ban encryption software:
- Internet service providers will be required to inform
authorities if customers use virtual private networks in government
- Millions of internet users in Pakistan will be unable
to send emails and messages without fear of government snooping after
authorities banned the use of encryption software.
- A legal notice sent
to all internet providers (ISPs) by the Pakistan Telecommunications
Authority, seen by the Guardian, orders the ISPs to inform authorities
if any of their customers are using virtual private networks (VPNs)
to browse the web.
- Bill Ray, 7 September 2011, The Register, South
Africa joins the call for BlackBerry messaging keys:
- South Africa has joined the call for access to the
BlackBerry Messaging service, quoting the usual security concerns and
pointing out that the UK plans much the same thing.
- Anna Leach, 28 October 2011, The Register, RIM
backdoor access for Indian probers:
- RIM has opened a monitoring centre in Mumbai to help
the Indian government sip data from Blackberry users there, said the
Wall Street Journal today, quoting unnamed sources.
- Ryan Gallagher and Rajeev Syal, 30 October 2011, Observer, Met
police using surveillance system to monitor mobile phones:
- Britain's largest police force is operating covert
surveillance technology that can masquerade as a mobile phone network,
transmitting a signal that allows authorities to shut off phones remotely,
intercept communications and gather data about thousands of users in
a targeted area.
- The surveillance system has been procured by the Metropolitan
police from Leeds-based company Datong plc, which counts the US Secret
Service, the Ministry of Defence and regimes in the Middle East among
its customers. Strictly classified under government protocol as "Listed
X", it can emit a signal over an area of up to an estimated 10 sq km,
forcing hundreds of mobile phones per minute to release their unique
IMSI and IMEI identity codes, which can be used to track a person's
movements in real time.
- Bill Ray, 31 October 2011, The Register, Scotland
Yard trackers operate fake mobile base stations:
- ... Tracking people is a good deal easier. Phones
broadcast an identifying number (the TIMSI) which can't immediately
be linked to an individual but can be used to track movements in an
entirely passive way. The lack of identity actually makes the process
(legally) easier, as under the current legislation the privacy implications
disappear when there's no identity.
- The police ... can go back to the network operator
later and link the TIMSI to a real IMSI [see GSM
Security]. That will generally link to a physical person, who might
then have to explain what his/her phone was doing at the time in question.