Fake Cell Towers Found in Norway

In yet another example of what happens when you build an insecure communications infrastructure, fake cell phone towers have been found in Oslo. No one knows who has been using them to eavesdrop.

This is happening in the US, too. Remember the rule: we're all using the same infrastructure, so we can either keep it insecure so we -- and everyone else -- can use it to spy, or we can secure it so that no one can use it to spy.

Posted on December 16, 2014 at 11:34 AM • 45 Comments


JykkeDecember 16, 2014 12:22 PM

From book The Snowden Files:

It was the same story elsewhere. In 2010 the NSA operated 80 embassy spy stations worldwide. Nineteen of them were in European cities, including Paris, Madrid, Rome, Prague and Geneva – where Snowden worked for the CIA. The Americans also had a station in Frankfurt.

bitstrongDecember 16, 2014 1:03 PM

Maybe off topic, I read about MS et al vs US Courts regarding Emails stored abroad (Ireland, etc).

I think the precedent may now be that, information is not tangible. They don't care where the hard drive is at. If you're in the US and have access to it, then the information is considered in the US. The argument will draw similarities to electrical power. It doesn't matter if it originated in Canada or the North Pole or Cleveland, it only matters where it is consumed.

If these rulings are upheld by the Supreme Court, or the Supreme Court dodges the issue, then we will indeed be living in a different World.

dzfsDecember 16, 2014 1:25 PM


But won't it be strange when a European country asks for information in America?
And what about if Russia, China, Georgia or Andorra asks? Will this be a one-way thing where big countries bully small countries into doing it and don't care if it's the other way around.
And what if it's legal in the country where the servers are but another country want all the user information on it because it has members from a country where it's illegal? ( Drugs, blasphemy, abortion, hate-speech or art )

Who are big enough and similar enough to ask other countries for this kind of stuff?

Not saying it won't happen just that it seems like they need to clear out a lot of things.

AndyDecember 16, 2014 2:37 PM


It's not a case of a country bullying another country. This is a case of the U.S. Gov't trying to muscle Microsoft by saying we don't care if the data is outside of the U.S., it's in your datacenter, and MS is U.S. based, and you have the ability to get it for us - so DO IT!. This will totally kill the U.S. datacenter business. You're going to start seeing more companies starting up outside of the U.S. and/or relocating outside of the U.S. and have no physical assets, employees, or data in the U.S. Additionally, fewer companies located outside of the U.S. will be willing to do datacenter business with American companies, even if the data is housed outside the U.S. This case is horrible for the U.S. tech industry and the millions of people who work in it.

peatDecember 16, 2014 3:21 PM

IMSI catching is neither a surprise. Technology is shown on almost every non scientific conference around the globe. Questions is: which organization is so impertinent and installs faked BSs in an gov'tal area? I can't think of many such organizations.


Why are you talking about future. MS vs NY court was just the tip on the iceberg. What happens under the water surface is a big loss for US companies - home made by NSA and companions: see e.g. http://business.time.com/2013/12/10/nsa-spying-scandal-could-cost-u-s-tech-giants-billions/

albertDecember 16, 2014 4:32 PM

According to the Norwegian link, many of these units are installed in private offices, apartments, etc. It's unlikely you'll be able to drive around and spot 'em. Even if you triangulate the signals to an exact location, you have to B & E to check 'em out.
Here in the US, I assume that the FCC is responsible for regulating cell phone frequency bands, and, in theory, if not detect unauthorized cell systems, then at least investigate reports of suspicious activity, much like they do with Ham Radio and pirate stations. Also, wouldn't the telcos themselves be aware of the fakes. Surely legit towers have IDs.
There's either poor cell phone systems regulation, or collusion between telcos and the spy agencies. Is the system so poorly designed that fake stations can enjoy unfettered operation? Are independent cell systems illegal?
I gotta go...

ThomasDecember 16, 2014 5:09 PM

@Anonymous Coward

> Or they can be filled with backdoors so that NOBUS can exploit them.

Which is true provided you:
a) define "US" as "anyone who knows about the backdoor" instead of "people who look/act/think like me"
b) realise that the number of "US" grows exponentially with time

Earl KillianDecember 16, 2014 6:52 PM

Should a cell tower have to authenticate itself to the phone just as the phone authenticates itself to the tower? If the tower can authenticate, the phone should ignore it. The people who design protocols like WEP and GSM really need to go back to school.

anonymousDecember 16, 2014 7:09 PM

Do you really believe authentication will work against a state-sponsored attacker like the NSA? Fool!

anonymousDecember 16, 2014 7:16 PM

Or against one of the local three-letter agencies which will force the local telecoms to hand over the encryption keys and shares them with foreign services?
The whole phone system is fucked up beyond repair. We don't even know what's going on in the secret closed baseband part of the phones. It's safe to assume the whole system is fucked up beyond repair.

Chris AbbottDecember 16, 2014 8:16 PM

That's why we need to start abandoning the old telephone system and start using encrypted VoIP over 4G and WiFi. Redphone or other SIP systems that use ZRTP and what not would be ideal.

Bruce ClementDecember 16, 2014 8:31 PM


It's been a long time since I uderstood why anyone with any business privacy needs at all would host in the US or with a US controlled company. It's easy enough to say that China, Russia, North Korea are just as bad as the USA, but realistically none of those countries are likely to actually cause me any damage.

Nick PDecember 16, 2014 8:51 PM

@ Bruce Clement

You must not have any valuable intellectual property, political power, access to classified information, or a broadband connection valuable to a bot herder. If you had any of these, you have more to worry about from Russian and Chinese hackers than NSA. Unless you do things that cause NSA's mission problems in a big way. Only then are they more of a threat to you and the foreign groups are still a threat.

Nick PDecember 16, 2014 8:53 PM

EDIT: Just noticed you're in New Zealand not U.S. Still applies as they're a Five Eye's partner with a mutual no espionage agreement.

ThothDecember 16, 2014 8:58 PM

It would be nice if all Embassies and Missions in overseas territory can be marked by the host country as Electronic Red Zone. Proper mapping and distribution of authorized cell towers and electronic access zones near a Red Zone to be distributed publicly so that interception via fake cell towers can be reduced.

Nick PDecember 16, 2014 9:03 PM

@ Chris Abbott

No the other way around. The POTS is reliable, simple, has almost no bandwidth fluctuations, usually works during power outages, and has few attacks coming in relative to Internet lines. A number of apps (incl Zimmerman's PGPfone) and dedicated hardware have done crypto over it. When retailers wanted an alternative to leased lines for EDI, I suggested a combination of Internet for most transfers and a nonprofit third party handling security-critical stuff (eg authentication or key exchange) over POTS lines. Both could even be in a dedicated, hardened appliance. They went for FTP and XML over TCP/IP/Ethernet on Windows/Linux instead. (rolls eyes)

Don't discount POTS, though. It's one of the best ancient technologies we still have if used correctly. Kept me connected through many natural disasters, too. Without keeping track of my minutes. :)

ThothDecember 16, 2014 9:59 PM

@Nick P, Chris Abbott
We could just use the JackPair on the normal telephone line (that's what it was made for) as a starter.

Wondering what's the current progress of the JackPair project.

Anonymous CowardDecember 16, 2014 10:11 PM


Agreed with point one.

Point two... exponentially? I don't know about exponentially but certainly there is a propensity for an increase.

This is further complicated by backdoors that really are NOBUS (like DUAL_EC) where the backdoor amounts to some sort of trapdoor information.

Chris AbbottDecember 16, 2014 10:24 PM

@Nick P.

What you say is interesting. From a reliability standpoint, I think you're right. Crypto over POTS, like PGPfone, I would have assumed to be obsolete and no longer in use. I suppose you could use that. I'm sure, at least with a rooted phone, you could implement something like that on a smartphone. What's interesting though, is, that you have a lot of POTS going on through broadband now, i.e. MagicJack. From what I know, this is essentially what cable companies like Cox and TimeWarner are doing now for POTS. Well, I'm not sure if they're going over IP or a dedicated connection via separate frequency over cable.

Nick PDecember 16, 2014 10:43 PM

@ Thoth

I never thought about that. I was about to say it was a great idea until I remembered that JackPair is targeted specifically at the (GSM?) codec. They don't use the data lines like Cryptophone. Doubt they can be used for POTS.

@ Chris Abbott

The vendors are doing a lot of things internally and are fighting to kill POTS. Who knows how it's actually wired up. I just know it has good properties and in practice you get a lot less attacks than Internet-focused device. Smartphones have a ton of stuff in TCB, much undocumented. Basic modems or drivers have been put on all kinds of things going back decades, including well documented proprietary and open stuff. The rest can be whatever you want it to be. Doubt you can use PGPfone safely as it hasn't been maintained. You could create another one, though.

And you can make it work with POTS and/or Internet. PGPfone did that. Cryptophone still does this. So, there's precedents.

uh, MikeDecember 16, 2014 11:44 PM

If we need to, we can just start mailing cheap cell phones to each other, and use them a little before resending.

NSA Surveillance depends on our 1:1 correspondence with phones. We can break that.

ThothDecember 17, 2014 12:12 AM

JackPair can be programmed (re-programmed) to handle POTS as well. I believe Jeffrey did mention that the machine could be able to be manually loaded and configured as needed.

Besides reprogramming JackPair, they showed a page on how to use JackPair on a normal desk phone as well (http://jackpair.com/how_jackpair_works) all the way bottom of the page. It uses some form of adapter that to do it's tricks.

If it works, it would be one of the best cipher machines in this age (probably).

65535December 17, 2014 2:20 AM

Given that mobile phones are juicy targets for the NSA and other spy agencies let me ask three questions:

1. Is the product JackPair relatively safe from various Three Letter Agencies and how viable is it to ship to various business partners [without interdiction]?

2. Is PGPfone or its newer cousin ZRTP relatively safe from TLA’s and what is its ease of use?

3. Is it feasible for the Average Joe to “root” a mobile phone on a major cell phone carrier's network [say AT&T with a Samsung S3] and use AIMSICD or Darshak on it?

ThothDecember 17, 2014 3:29 AM

JackPair is an open source open hardware project. It is designed to be shipped as a programmable electronic devise to the user and for the user to flash the program in manually (to proof that there is no foul play). Without dedicated cryptographic chips on the chipboard, it would not be possible to be considered as a cryptographic device (which normal PCs would also have to be treated fairly).

I don't think the 1st Gen JackPair would have tamper handling capabilities but the design would be open hardware. You could probably open the device and use the openly published hardware designs to visually check.

A disclaimer: I am not related to the JackPair team so my information maybe inaccurate or outdated. Information are taken from the website or private conversations with members of JackPair team.

Rooting a phone would void warranties and the Android Google Play store if you are willing to let go of. I have not carried out rooting of phone so I can't answer that but it is convenience vs. customization.

Software based crypto (PGPfone/ZRTP) would only be as secure as the hardware is at most.

fajensenDecember 17, 2014 4:44 AM

@Nick P
Who knows how it's actually wired up.

Usually POTS ends directly at the end of the wires in a DSLAM (Digital Subscriber Line Access Module) inside the nearest local exchage - or "gray box along the road" if you live in a rural setting.

After the DSLAM it is IP (and SS7-over-IP signalling) all the way. We get just about a 2 km run of the olde POTS these days (I haven't, my telephone is VOIP straight from the house - if the power goes, I can't call and complain unless I have a mobile).

Some telecoms might still use ATM-networks, but most networks today are IP with a obscenely bloated management layer of QoS, MPLS (and even RSVP (blaaarghh)) on top of IP to fully simulate the old "POTS" ATM / Wired point-to-point connectivity. "Telephone Engineers" really like Management and Wires (real or simulated), nobody else does ;-), It grates against the IP design. These people are retiring, this is for the best.

IP packages are usually tagged from the DSLAM for debugging purposes and traffic management. For all of the IP traffic inside the telecom network one can use the management system to see the path of data traffic (probably one would also see diversions for the benefit of our TLA-friends, so these would prefer to copy the bits off the fibre directly - not so convenient, but more stealthy. QoS and MPLS must the re-assembly easier because it forces the IP data to flow on a defined path rather than letting the routers decide on-the-fly).

Point is: Encrypt voice right at the handset to annoy "Them". "They" can still see exactly who you are calling though.

ThothDecember 17, 2014 4:56 AM

@fajensen, Nick P
That's exactly what JackPair attempted to demonstrate. Handset crypto. Don't wait until the voice hits the logic gates in your phone circuits or about to be transmitted off to the wall socket before you start encrypting it. That will defeat phone circuit implants or carrier interceptions. The only thing you have to worry is how to ensure you disable voice reception on the phone so that when you speak into the encryptor's voice mic, you won't be bugged as well.

DougDecember 17, 2014 8:28 AM


How does that make POTS calls any safer than internet telephony, from the likes of global adversary?

Thanks for the comments.

CassandraDecember 17, 2014 8:49 AM


" "Telephone Engineers" really like Management and Wires (real or simulated), nobody else does ;-)"

Acually telephone engineers like management, and so do you, otherwise you can't tell if the wire is there, or working or not.

If you ignore the control plane, you end up with a network that is not scalable, is unreliable, and for which fix times are very, very long.

As for liking wires, that's really not justified. Ever since multiple voice conversations were multiplexed over co-axial cables, the idea of requiring a single set of wires to carry a single set of conversations was obsolete, and the invention of digitisation and Time Domain Multiplexing gave you voice data in datagrams - a TDM network is simply a data network optimised for carrying a particular type of data. And, much of the USA's long distance network, in its early years, was carried over microwave connections - no wires there.

If you look at the underlying protocol between a DSL modem and the DSLAM, you will see it actually uses ATM. Your nice IP datagrams are being carried over a cell-based carrier, designed to give a huge amount of flexibility that is almost never used. The IP datagrams are actually abstracted by several layers away from the physical wires

StMurrayDecember 17, 2014 9:14 AM

Apparently, it is illegal in some countries to track cell towers. When I got my first Android phone i was curious as to why it seemed to change towers when it did, so I wrote a little program that listened for the connection changes and displayed them to the screen. I published it and the current version also keeps the information in a local database for export. I received the email below. It seems in Sweden it is illegal to even know the legitimate towers, so you have no idea what is a legitimate tower and what is not.

Johnny Dohenee


This app is in conflict with the 5th paragraph in the Swedish law http://www.notisum.se/rnp/sls/lag/19931742.HTM (use Google Translate or simular for translation)

Permission is required by Swedish gov. or assigned authority, to keep information about the Swedish landscape in databases.



Of no action is taken, Swedish authorities will be contacted in the matter for legal action.


J. Dohenee

Nick PDecember 17, 2014 10:03 AM

@ Doug

It lowers their visibility and only allows a point to point link. By itself, though, it's not secure against a serious adversary. You use it in combination with obfuscation and COMSEC techniques.

@ Thoth

Good to know.

@ 65535

About nothing is safe against Five Eyes, esp a device designed in U.S. Might be safe against other parties if they do it right. PGPfone was illustrative but shouldn't be used: no maintenance for over a decade. Rooting phones with step by step instructions for things like Cyanogen mod and hardening guides are pretty straightforward. Make sure phone is on compatibility list first, though. Samsung Galaxies worked best in my experience with the benefit of the Odin tool for fixing them.

mesrikDecember 17, 2014 11:39 AM

@Jim Andrakakis

About Athens Affair, I certainly remember and it popped immediately to my mind once I heard about what happened in Oslo. From that case the most brilliantly arranged was how tracks were disguised. It must have been child's play to load hacked version of update tape loaded (processes had been quite lax in many places in TELECOMS world quite long ...), but anything beyond that they did was quite remarkably planned and implemented feat.

OK, back to this issue. After the Norwegian Aftenposten wrote about the case, in Finland Helsingin Sanomat (in finnish) did some kind of short survey in Helsinki central area using similar CryptoPhone local vendor that Aftenposten used in Oslo.

In short, they did not find anything revealing, but couple of locations phone gave them warning something* might be going on. They also speculated that possible reasons why nothing was found could be either there is no such devices in Helsinki, or they were not operating because nothing special was happening there and because of Oslo case those could have been turned off. They stated that they will continue doing some kind of monitoring for some time being in future too.

OK, Google Translate cannot produce a understandable english from whole that page and I'm too lazy to translate whole text ATM, but here is something for you.

However, relevant points are:

"Sunnuntaina ensimmäinen punainen palkki piirtyy Saunalahden liittymää käyttävään erikoispuhelimeen Eduskuntatalon lähellä Kampissa.

Sama tapahtuu lukemattomia kertoja iltapäivän aikana niin Suomen Pankin luona, Senaatintorilla kuin Kaivopuiston ja Kulosaaren lähetystöalueilla.

Kulosaaressa osa puhelimista putoaa 3G-verkosta 2G-verkkoon. Se on huono merkki, sillä juuri näin toimii valetukiasema: tukiasemaan kiinnittynyt matkapuhelin pakotetaan heikommin salatun yhteyden pariin. Tosin sattuu sitä paljon muutenkin."

From that, freely translated highlights are:

- On sunday first red column was drawn while (local telecom) Saunalahti subscription was used with (the) special phone near Parliament house near Kamppi.

- Same happens countless times during afternoon near Bank of Finland, at Senaatintori (the square around which quite a many ministries and government offices are located), near Kaivopuisto and Kulosaari locations where embassies are.

- At Kulosaari phone drops from 3G to 2G. That's a bad sign, because this is exactly how fake base stations work: phone is forced to downgrade encryption. Though that happens sometimes otherwise too.

StephenDecember 17, 2014 2:37 PM


Makes sense because telecom is usually the first to be attacked in a war. Try contacting the military police instead.

ThothDecember 17, 2014 8:50 PM

You can use JackPair on electronic or analog system. VOIP, POTS or whatever network is supported as long as you have it's conversion kits as shown on the webpage. How does it rank up against a High Strength Attacker (HSA) ? Not quite reliable for defense as long as they have physical access to your device. That means as long as they place backdoors in the hardware, software, firmware or somehow they use some lasers or radar dishes to aim at you to spy on you. Another way is to just switch on all the backdoored devices sitting around you to spy on you. If it is attack on Salsa20 and DH-KEX, then they need to be able to break the protocol (no known breaks on Salsa20 and to break DH they need a quantum computer) presuming the Salsa20 and DH-KE they used are properly implemented and the randomness it generates is crypto strong. A HSA would not simply sit down and listen on the line or try some remote atatcks. They will actively try to disrupt your life to understand you and destroy you. How does it stack against highly advanced highly disruptive attacks ? Not good enough for now.

How to make it more robust:
- Proper compartmentalization of circuits.
- Some form of EMSEC must be implemented.
- Self-destruct upon tampering with good tamper detection capabilities.
- Internal tamper canister with secret key module stored inside. Tamper canister made of metal contains a small physical chemical fuse that will blown up the master secret key memory chip (taken from Ross Anderson's research paper on US Military COMSEC chipboard design).
- Mathematitcal proof of correctness and security for programs and firmware.
- Circuitry and program to detect probing or additional unauthorized circuits.

A lot of the recomendations are highly expensive for the highly serious COMSEC guys. Not easy to get right and probably reserved for national agencies to fund and use only due to the trouble of production, testing, maintenance and research.

NobodySpecialDecember 17, 2014 11:42 PM

>Does anybody really believe this MS preposturing bullshit of a law suit ?

If microsoft loses then Microsoft, Google, Amazon, IBM, etc will effectively be banned from operating services in europe. There are laws about data protection which US companies cannot claim to be obeying if the data can be seized by a US court.

If the US government wanted the data it only had to serve a warrant in Ireland. Ireland is happy to bend over backwards to agree to any US demands, it makes a lot of money from being the Eu headquarters (and tax haven ) for US corporations.

fajensenDecember 18, 2014 3:03 AM

@ Cassandra:

Yes, you are correct, of course.

I tried to make a gentle poke at my former repected and competent colleagues in system mangagement, but, the (in-)joke ended up "sounding" rude and rather not funny. Sorry.

Jim AndrakakisDecember 18, 2014 3:28 AM

@mesrik Very interesting, thanks for the translation.

"At Kulosaari phone drops from 3G to 2G. That's a bad sign, because this is exactly how fake base stations work: phone is forced to downgrade encryption. Though that happens sometimes otherwise too."

I'm no telecom engineer but AFAIK that's true; it's far from a definite proof but it's a warning sign. Especially if this happens in an area where you would expect the coverage to be quite good, like the center of the city with goverment building around.

And anyway, a fake base station is nowhere near as sophisticated as the techniques (reprogramming AXE to use the "lawful intercept" function) used in the Athens story. They're pretty common; even the Greek secret service has a couple, and they're not exactly known for their state of the art equipment :) I've read somewhere that they're even pretty cheap, to the tune of a few thousand dollars. That in turn suggests that it doesn't take NSA to plant one. You could imagine as low motives as opposing political parties (although I would expect Finnish politics to be above that) or "insider trading" types looking for not-yet published information.

mesrikDecember 18, 2014 1:41 PM

@Jim Andrakakis

Yes 3G to 2G forces downgrade from A5/3 (kasumi) to A5/1 which is old and trivial to break with current equipment for anyone trying enough. But like HS article stated that may happen also other reasons. Most commonly it happens when 3G signal is too weak. It's mostly to do with frequencies, lower Hz signal travels further with less energy. GSM (2G) uses usually lower frequencies.

I'm nor telecoms (voice network) engineer. I'm a "data networking guy" (and a security guy these days too) as definition goes in that industry if you work TCP/IP these days and provide management connections etc for telecoms equipment, do network management etc. Third big career segment is transmission, which before mentioned use as service. In short, I dont work for a telecom any more, but I used to many moons ago.

Anyway, I've seen a glimpse how in principle procedures were strict and so appeared the control also first sight, but anyone in industry knew that so much was left for groups and individuals responsibility, that if you knew what to do and how it was matter of will to get around any hurdles. That was also done, in case of emergency instead of going trough many layers of management to get permission to site to fix things faster and restore the service ASAP. These days things may or many not be stricter but 15 years ago they weren't.

Whoever did that AXE hack, it was not trivial. It's a proprietary system, with a implemented in proprietary programming language (Erlang) requiring skills beyond any average hacker. I believe all that strongly points to a state actor not any criminal gang or such.

My first thoughts who would be interested this fake base station class activity in Helsinki if that really is the case. If it is then it's probably is also state sponsored actor either just trawling any information it could and I hardly believe it's any local actor like Finnish Security Intelligence Service (ie. SUPO) and also that would be quite surprise if Finnish Defence Intelligence Agency had anything to do with it.

The latter operates really low key and any active attack like this where there is a chance to be discovered would completely unheard of and off limits. Those guys do passive recollection of signals (SIGINT), they do not actively attack during peace time unless it's a practice simulation and that all happens somewhere deep in mountain where signals do not have any chance to leak anywhere so that somebody else could hear and learn from that.

There are no other legal local instances who would be authored to do that, and those mentioned before I think they are not during peace time. This leaves us with question would it be some criminal gang locally? Hardly if they were they would be trying to listen police not politicians and embassies. I don't believe media / newspapers either would be foolish enough to try this kind of things, so these both are out ruled.

How about some foreign embassy or country agency operating here? Probably they would if they have good reason to believe the chances of being exposed are low enough and benefit from information gained would be worth the risk.

mesrikDecember 19, 2014 3:45 AM


Speculation aside, Finnish Security Intelligence Service (Suojelupoliisi ie. SUPO in finnish) has today morning confirmed, that spying using IMSI catchers has actually happened in Finland.

According Finnish Broacasting Company YLE writing, it has happened multiple times and palaces according to SUPO. There are many short writings having comments from authorities and researchers. (Too many for me to start translating them all ...)

Article also links to Swedish Dagens Nyheter article about similar issues found there. Google Translate works decently with swedish, so here is a link to article using url shortener.

Seems Oslo case was not an isolated case. Some countries security seem to have had some knowledge about it, others were or at least claim they did not know about it. Those who claim they did, deny giving any further information as it would pose risk adversary could make use of any information for their advantage.

JustsomeguyMarch 18, 2015 7:41 PM

Some updates her.

It was the Norwegian Security Intelligence Service (PST) that used these IMSI-catchers, with help from signal experts from the Norwegian military.

At first PST denied it, and pointed fingers at other states and organisations. Now we know they lied. Politicians also lied about it.

Reminds me about when Snowden reviled that Norway delivred 33 million meta data of mobile conversations to the US and told it was not from Norway, but from Afghanistan. Most likely also a lie.

I'm a Norwegian and have finally understood that 'even here' they are using illegal surveillance and lies about it. First I belived them. Now all their words are worthless.

It's just sad.

Go protect yourself.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.