Man
Professional
- Messages
- 3,070
- Reaction score
- 606
- Points
- 113
Do you dream of intercepting other people's SMS from anywhere on the planet or organizing wiretapping? Technically, it is feasible! We tell you more in the article.
Hello everyone, dear friends!
Our topic today will be quite complex, but each of you will be able to implement it, with the necessary skills. As a result of today's article, you will understand how to make your own personal listening complex, and you will also be able to raise your personal cellular network.
The article turned out to be quite long, so you can make some tea and get comfortable. Let's begin!
Today you will learn about two methods of intercepting GSM traffic. Moreover, I will tell you how to implement them.
The first type is ARFCN interception, absolute radio frequency channel number. What is it? This is the radio frequency number on which your mobile operator broadcasts. How can this method of interception be implemented? It can be implemented using a ready-made interception complex. These interception complexes are sold freely, you can find and buy them - the complex includes a laptop, and an antenna is connected to the laptop. What does this laptop do? If we launch it, we will be able to see all the channels of mobile operators that are around us. After we launch it, we can connect to any of these channels and intercept information. But we can intercept information only in encrypted form, because mobile operators are concerned about their safety, as well as the safety of their customers. Therefore, you and I can intercept the signal only in coded form. In order to decode it, we will need to use such a concept as "Rainbow tables" and the "Kraken" tool. But this is all very complicated. This passive interception method is difficult to perform even for an experienced hacker, since we will find at least 4-5 absolute radio frequency channel numbers for one mobile operator. Accordingly, we need to connect to this absolute radio frequency channel number and search for information, but in what form will you receive the information?
You won't be able to find any specific phone even with this complex, because phone numbers are not used in the GSM network, they are stored only in the cellular operator's database. For addressing calls and addressing SMS data transfer, only IMSI numbers are used - this is the internal identifier of your SIM card. Therefore, you will first need to find out the subscriber's IMSI. In fact, this will take us 3-4 hours on average. Due to the fact that this interception method is difficult to implement, it is also difficult to detect. That is, we do not create our own fake base station, but we simply wedge ourselves into the communication channel and listen to it.
The next level of interception is interception at the level of the SS7 network. The SS7 network has the English abbreviation SS7. This technology dates back to the 70s. In the 70s, when mobile communications actually began to be implemented, few people thought about security. Because then it was cool, incredible, you carry a small device with you. Then no one thought about security. Now all mobile operators work on this standard. I will also consider the vulnerabilities of the SS7 protocol, but I will immediately say that if you gain access to the SS7 network, you will have full access to the phone of any person anywhere in the world.
Hackers implement it in the following way - you can buy an operator license somewhere in Africa, this license is sold and can be easily found on forums in the darknet, it costs from $ 3000 and up, and you will get access to the SS7 network. Then you can actually find out the geolocation of any subscriber, wherever he is, you can intercept his SMS, you can do absolutely anything with him.
Methods of intercepting mobile traffic using a fake base station are widely used all over the world. Let's imagine that we have some community of people: an organizer, a driver, a technician, they create a hacker group. They collude with bank employees to obtain information about the amount of deposits of residents. And now let's imagine that some citizen Ivanov has several million rubles in Sberbank. A bank employee, for a certain fee, gives us information about the amount in the account. He tells us the mobile number of this subscriber and where this subscriber is located, where he lives. Then, the same driver follows this person, since the bank employee can even provide a photo. He simply follows the location of this depositor and makes up his daily routine. Then, on the chosen day, a technician arrives with the driver. What does the technician do? He climbs onto the roof of the house at night, or just sits in a van, deploys a mobile interception complex. Then it makes itself a base station, initiates the withdrawal of money from the subscriber's account. It filters the SMS on its base station, that is, the SMS will not reach the subscriber, it will remain directly on the base station. All this takes a maximum of 5 minutes. In one night, you can rob a bunch of people in this way, by the morning they will have already boarded a plane and flown away somewhere far away. And the person whose money was stolen will then have to prove for a long time that he is not a fool and did not take it from himself. In this scheme, it is not even necessary to have a team, you can do it all alone, leaked data on deposits is quite possible to buy on forums on the darknet.
If a transaction for a large amount takes place at night, then the bank's security service may find it suspicious, and it may simply block the transaction. But do not forget that you have all the information on this depositor that was provided by the bank employee, and since we have this base station, we can call on behalf of the subscriber. Not to use some banal number substitution in the form of SIP telephony and so on, but we can call the bank on behalf of the subscriber and say that this transaction is legitimate. Provide confirmation, the date of account creation, first name, last name, and so on - we will tell technical support everything.
I would like to tell you about one more method of protection. This is protection from SIM card recovery and protection from number substitution. How is this implemented? It was not for nothing that we told you at the beginning of the article that a mobile number for cellular operators is not an identifier, it is an exclusively internal identifier. Everything is based on the IMSI code. The IMSI code is the SIM card code, I will call it that, I will not give you a boring institute lecture here.
So, when you log into an online bank or, for example, confirm a transaction by phone, how can the bank determine whether this SIM card has been restored? After all, it is possible that a hacker has somehow, through collusion with a mobile network employee, restored this SIM card. How does the bank protect itself from this? It checks your IMSI. How can it check your IMSI? You can do it yourself very easily, I will not show you the services that allow you to do this now, because I do not want to engage in advertising, you can just google it yourself.
There is a so-called HLR request. By performing an HLR request, you can get information about where the subscriber is, whether he is online and his IMSI number. So, with the help of HLR requests, banks check whether the number has been substituted, whether the SIM card has been restored. With the help of an active interception complex, we can avoid all this, accordingly, we can call the bank, we can receive an SMS, and the IMSI number will always be the one that was at the time of registration at the bank. There are few such methods of fraud in the CIS, because 99% of criminals in the CIS are completely retarded, do not develop technologically and are stuck in the 90s. Absolutely anyone can perform such a procedure.
The second point is bypassing the interconnect procedure. What is it? Let's imagine that we went somewhere on vacation and we don't want to pay for roaming, what should we do? We can simply deploy a fake base station at home before leaving, which will retransmit the request to the network of the existing operator. What do we do next? When we go to another country, we simply open the same interception complex there, which creates our operator's network around us, and it connects to our interception complex via the Internet, which is located at home, thus it is possible to bypass the interconnect procedure. For example, we want to use a bank of the Russian Federation, but it allows us to call from roaming, we open this interception complex here, then we can call from absolutely anywhere in the world, and the bank will see that we are in the Russian Federation.
Now let's talk about making and receiving calls to the subscriber's number. Here it is clear, we can even make a clone of the SIM card. The clone can be both virtual and physical. The virtual clone will consist of two identifiers: IMSI and the internal identifier KI (secret key). Having these two identifiers, we can make a complete copy of the SIM card. In exactly the same way, we can make this copy not virtual, but physical. In order to make a physical copy, we need a recording device, you can buy it at the radio market, it is not very expensive. You will also need a clean SIM card on which we will write the information. Previously, all our SIM cards that we had were rewritable, that is, we could take our SIM card and roll absolutely any new number there. Now they have abandoned this procedure. A rewritable SIM card can be bought on Avito, Aliexpress or any radio market. They are sold completely legally. In fact, it can be rewritable an unlimited number of times.
Next, compromising telephone conversations and SMS. A very relevant moment, especially during the same elections. Find information on a competing political party, on some deputy, in order to knock him out of the election race. Because each person has his own skeleton in the closet and what this particular person will have is unknown. In any case, such information can not only serve us during the election race, but it can also be the subject of blackmail. That is, if there is blackmail of some high-ranking person, for his kickbacks, for his shady deals, information about which he reports over the phone. There are most such people. We can use such information for blackmail and obtaining monetary compensation.
All parts, if ordered separately, are completely legal, so there will be no problems at the border.
Hello everyone, dear friends!
Our topic today will be quite complex, but each of you will be able to implement it, with the necessary skills. As a result of today's article, you will understand how to make your own personal listening complex, and you will also be able to raise your personal cellular network.
The article turned out to be quite long, so you can make some tea and get comfortable. Let's begin!
Today you will learn about two methods of intercepting GSM traffic. Moreover, I will tell you how to implement them.
- The first option for intercepting traffic is passive interception.
The first type is ARFCN interception, absolute radio frequency channel number. What is it? This is the radio frequency number on which your mobile operator broadcasts. How can this method of interception be implemented? It can be implemented using a ready-made interception complex. These interception complexes are sold freely, you can find and buy them - the complex includes a laptop, and an antenna is connected to the laptop. What does this laptop do? If we launch it, we will be able to see all the channels of mobile operators that are around us. After we launch it, we can connect to any of these channels and intercept information. But we can intercept information only in encrypted form, because mobile operators are concerned about their safety, as well as the safety of their customers. Therefore, you and I can intercept the signal only in coded form. In order to decode it, we will need to use such a concept as "Rainbow tables" and the "Kraken" tool. But this is all very complicated. This passive interception method is difficult to perform even for an experienced hacker, since we will find at least 4-5 absolute radio frequency channel numbers for one mobile operator. Accordingly, we need to connect to this absolute radio frequency channel number and search for information, but in what form will you receive the information?
You won't be able to find any specific phone even with this complex, because phone numbers are not used in the GSM network, they are stored only in the cellular operator's database. For addressing calls and addressing SMS data transfer, only IMSI numbers are used - this is the internal identifier of your SIM card. Therefore, you will first need to find out the subscriber's IMSI. In fact, this will take us 3-4 hours on average. Due to the fact that this interception method is difficult to implement, it is also difficult to detect. That is, we do not create our own fake base station, but we simply wedge ourselves into the communication channel and listen to it.
The next level of interception is interception at the level of the SS7 network. The SS7 network has the English abbreviation SS7. This technology dates back to the 70s. In the 70s, when mobile communications actually began to be implemented, few people thought about security. Because then it was cool, incredible, you carry a small device with you. Then no one thought about security. Now all mobile operators work on this standard. I will also consider the vulnerabilities of the SS7 protocol, but I will immediately say that if you gain access to the SS7 network, you will have full access to the phone of any person anywhere in the world.
Hackers implement it in the following way - you can buy an operator license somewhere in Africa, this license is sold and can be easily found on forums in the darknet, it costs from $ 3000 and up, and you will get access to the SS7 network. Then you can actually find out the geolocation of any subscriber, wherever he is, you can intercept his SMS, you can do absolutely anything with him.
- Now let's talk about the active interception method.
Methods of intercepting mobile traffic using a fake base station are widely used all over the world. Let's imagine that we have some community of people: an organizer, a driver, a technician, they create a hacker group. They collude with bank employees to obtain information about the amount of deposits of residents. And now let's imagine that some citizen Ivanov has several million rubles in Sberbank. A bank employee, for a certain fee, gives us information about the amount in the account. He tells us the mobile number of this subscriber and where this subscriber is located, where he lives. Then, the same driver follows this person, since the bank employee can even provide a photo. He simply follows the location of this depositor and makes up his daily routine. Then, on the chosen day, a technician arrives with the driver. What does the technician do? He climbs onto the roof of the house at night, or just sits in a van, deploys a mobile interception complex. Then it makes itself a base station, initiates the withdrawal of money from the subscriber's account. It filters the SMS on its base station, that is, the SMS will not reach the subscriber, it will remain directly on the base station. All this takes a maximum of 5 minutes. In one night, you can rob a bunch of people in this way, by the morning they will have already boarded a plane and flown away somewhere far away. And the person whose money was stolen will then have to prove for a long time that he is not a fool and did not take it from himself. In this scheme, it is not even necessary to have a team, you can do it all alone, leaked data on deposits is quite possible to buy on forums on the darknet.
- Now about banking security.
If a transaction for a large amount takes place at night, then the bank's security service may find it suspicious, and it may simply block the transaction. But do not forget that you have all the information on this depositor that was provided by the bank employee, and since we have this base station, we can call on behalf of the subscriber. Not to use some banal number substitution in the form of SIP telephony and so on, but we can call the bank on behalf of the subscriber and say that this transaction is legitimate. Provide confirmation, the date of account creation, first name, last name, and so on - we will tell technical support everything.
I would like to tell you about one more method of protection. This is protection from SIM card recovery and protection from number substitution. How is this implemented? It was not for nothing that we told you at the beginning of the article that a mobile number for cellular operators is not an identifier, it is an exclusively internal identifier. Everything is based on the IMSI code. The IMSI code is the SIM card code, I will call it that, I will not give you a boring institute lecture here.
So, when you log into an online bank or, for example, confirm a transaction by phone, how can the bank determine whether this SIM card has been restored? After all, it is possible that a hacker has somehow, through collusion with a mobile network employee, restored this SIM card. How does the bank protect itself from this? It checks your IMSI. How can it check your IMSI? You can do it yourself very easily, I will not show you the services that allow you to do this now, because I do not want to engage in advertising, you can just google it yourself.
There is a so-called HLR request. By performing an HLR request, you can get information about where the subscriber is, whether he is online and his IMSI number. So, with the help of HLR requests, banks check whether the number has been substituted, whether the SIM card has been restored. With the help of an active interception complex, we can avoid all this, accordingly, we can call the bank, we can receive an SMS, and the IMSI number will always be the one that was at the time of registration at the bank. There are few such methods of fraud in the CIS, because 99% of criminals in the CIS are completely retarded, do not develop technologically and are stuck in the 90s. Absolutely anyone can perform such a procedure.
The second point is bypassing the interconnect procedure. What is it? Let's imagine that we went somewhere on vacation and we don't want to pay for roaming, what should we do? We can simply deploy a fake base station at home before leaving, which will retransmit the request to the network of the existing operator. What do we do next? When we go to another country, we simply open the same interception complex there, which creates our operator's network around us, and it connects to our interception complex via the Internet, which is located at home, thus it is possible to bypass the interconnect procedure. For example, we want to use a bank of the Russian Federation, but it allows us to call from roaming, we open this interception complex here, then we can call from absolutely anywhere in the world, and the bank will see that we are in the Russian Federation.
Now let's talk about making and receiving calls to the subscriber's number. Here it is clear, we can even make a clone of the SIM card. The clone can be both virtual and physical. The virtual clone will consist of two identifiers: IMSI and the internal identifier KI (secret key). Having these two identifiers, we can make a complete copy of the SIM card. In exactly the same way, we can make this copy not virtual, but physical. In order to make a physical copy, we need a recording device, you can buy it at the radio market, it is not very expensive. You will also need a clean SIM card on which we will write the information. Previously, all our SIM cards that we had were rewritable, that is, we could take our SIM card and roll absolutely any new number there. Now they have abandoned this procedure. A rewritable SIM card can be bought on Avito, Aliexpress or any radio market. They are sold completely legally. In fact, it can be rewritable an unlimited number of times.
Next, compromising telephone conversations and SMS. A very relevant moment, especially during the same elections. Find information on a competing political party, on some deputy, in order to knock him out of the election race. Because each person has his own skeleton in the closet and what this particular person will have is unknown. In any case, such information can not only serve us during the election race, but it can also be the subject of blackmail. That is, if there is blackmail of some high-ranking person, for his kickbacks, for his shady deals, information about which he reports over the phone. There are most such people. We can use such information for blackmail and obtaining monetary compensation.
Where can I get the complex?
China is a leading country in terms of GSM interception. The GSM interception complex with all the instructions can be purchased there, and for next to nothing. The interception complex itself is illegal, BUT if you disassemble it and send it in parts, then it is legal.All parts, if ordered separately, are completely legal, so there will be no problems at the border.
