This is why discounting the usefulness of SIGINT is a bad idea.

13 July 2007

At some point in the past year or two, twenty-five undercover CIA operatives traveled to Italy to abduct one Abu Omar, an Islamic cleric suspected of involvement in an act of terrorism in Milan back in 2003. However, they didn't follow secure communications procedures (or those same procedures need to be updated badly), and they were rumbled by Italian law enforcement, who are now trying the agents in absentia for kidnapping. Like many people these days, the operatives used cellular telephones to keep in touch with one another through the course of the op. Unfortunately, the prosecutor was able to get the records from the local cellular companies and piece together which phones were involved, where they were and where they went, when they were there and for how long, and exactly whom they were in touch with. If a phone doesn't go anywhere for seven or eight hours, you can infer that the owner of the phone was staying at location foo. The prosecutor was also able to match up names with op-aliases and break the cover of a least a few of the agents. The operatives phoned home to HQ in NOVA (hi, guys) a couple of times, the commanding officer of a US Air Force base in Aviano, each other (which you can figure out by looking at the patterns in the logs as a whole), and the US consulate in Milan.

The moral of the story? If you're up to anything shady at all, no matter which side of the fence you're on (or think that you're on), don't trust the cellular network. Phones can be uniquely identified, and the computers that drive each cellular repeater can be queried to determine when the phones were last associated with them. Routes of travel can also be reconstructed by searching the records of all cellular repeaters and backtracking in time. Even if you use *67 (or the local equivelent) to block caller ID, that only blocks the display of the call's recipient: Telephony switches and billing computers always have the called and calling numbers in their logs. Just because the associates of a target don't have access to that information, that doesn't mean that local law enforcement won't take a dim view of what you're up to and act accordingly. Also remember that phone calls can be tapped, and not necessarily with a small transmitter and a pair of gator clips attached to a hard line: Telephony switches can be instructed to copy both sides of a conversation to a maintenance port for recording, and everyone concerned won't be any the wiser. Also, to get a cellular phone of any kind, you have to fork over ID of some kind to a phone company to get a service plan opened - if someone can match an alias to a face, they can hunt you down and possibly figure out your other aliases if they're sufficiently motivated to do so.