Fingerprinting Burner Phones
In one of the documents recently released by the NSA as a result of an EFF lawsuit, there’s discussion of a specific capability of a call records database to identify disposable “burner” phones.
Let’s consider, then, the very specific data this query tool was designed to return: The times and dates of the first and last call events, but apparently not the times and dates of calls between those endpoints. In other words, this tool is supporting analytic software that only cares when a phone went online, and when it stopped being used. It also gets the total number of calls, and the ratio of unique contacts to calls, but not the specific numbers contacted. Why, exactly, would this limited set of information be useful? And why, in particular, might you want to compare that information across a large number of phones there’s not yet any particular reason to suspect?
One possibility that jumps out at me—and perhaps anyone else who’s a fan of The Wire—is that this is the kind of information you would want if you were trying to identify disposable prepaid “burner” phones being used by a target who routinely cycles through cell phones as a countersurveillance tactic. The number of unique contacts and call/contact ratio would act as a kind of rough fingerprint—you’d assume a phone being used for dedicated clandestine purposes to be fairly consistent on that score—while the first/last call dates help build a timeline: You’re looking for a series of phones that are used for a standard amount of time, and then go dead just as the next phone goes online.
Consider this another illustration of the value of metadata.
Blarkon • October 14, 2013 6:50 AM
I’m also guessing that you’d be able to figure something out by noticing that certain numbers where often being called by these disposable phones.