1
1. ABSTRACT
Mobile communication has been readily available for several years, and is major
business today. It provides a valuable service to its users who are willing to pay a
considerable premium over a fixed line phone, to be able to walk and talk freely. Because of
its usefulness and the money involved in the business, it is subject to fraud. Unfortunately,
the advance of security standards has not kept pace with the dissemination of mobile
communication. Some of the features of mobile communication make it an alluring target for
criminals. It is a relatively new invention, so not all people are quite familiar with its
possibilities, in good or in bad. Its newness also means intense competition among mobile
phone service providers as they are attracting customers. The major threat to mobile phone is
from cloning.
Today millions of mobile phones users, be it Global System for Mobile
communication (GSM) or Code Division Multiple Access (CDMA), run the risk of having
their phones cloned. And the worst part is that there isn’t much that you can do to prevent
this. Such crime first came to light in January 2005 when the Delhi police arrested a person
with 20 cell phones, a laptop, a SIM scanner, and a writer. The accused was running an
exchange illegally wherein he cloned CDMA-based mobile phones. He used software for the
cloning and provided cheap international calls to Indian immigrants in West Asia. A similar
racket came to light in Mumbai resulting in the arrest of four mobile dealers.
Cloning is the process of taking the programmed information that is stored in a
legitimate mobile phone and illegally programming the identical information into another
mobile phone. The result is that the "cloned" phone can make and receive calls and the
charges for those calls are billed to the legitimate subscriber. The service provider network
does not have a way to differentiate between the legitimate phone and the "cloned" phone.

2
Index Terms:
Cell phone cloning, GSM, CDMA, EMIE and PIN,Patagonia
Introduction :
This is the Final Report of the Economic Crimes Policy Team (hereafter, the “Team”)
regarding the directives contained in the Wireless Telephone Protection Act (Pub.L. 105-172;
April 24, 1998).
The Economic Crimes Policy Team was chartered to advance the Commission’s work in
several areas including the development of options for implementing the directives contained
in the Wireless Telephone Protection Act (WTPA).13 This Act effectuated amendments to 18
U.S.C. § 1029 (Fraud and related activity in connection with access devices) related to the
cloning of cellular telephones. The “cloning” of a cellular telephone occurs when the account
number of a victim telephone user is stolen and reprogrammed into another cellular
telephone. This report details the mission, background, analysis, and policy options of the
Team.
While mobile cloning is an emerging threat for Indian subscribers, it has been happening in
other telecom markets since the 1990s, though mostly with regard to CDMA phones. Pleas in
an US District Court in 1997 effectively ended West Texas authorities' first case of `phone
cloning.' Authorities in the case estimated the loss at $3,000 to $4,000 for each number used.
Southwestern Bell claims wireless fraud costs the industry $650 million each year in the US.
Some federal agents in the US have called phone cloning an especially `popular' crime
because it is hard to trace. Back home, police officers say the Yasin case is just the tip of the
iceberg and have asked operators to improve their technology. But the operators claim they
can't do much for now. "It's like stealing cars or duplicating credit card numbers. The service
providers cannot do much except keep track of the billing pattern of the users. But since the
billing cycle is monthly, the damage is done by the time we can detect the mischief," says a
Reliance executive.
Qualcomm, which develops CDMA technology globally, says each instance of mobile
hacking is different and therefore there is very little an operator can do to prevent hacking.
"It's like a virus hitting the computer. Each software used to hack into the network is
different, so operators can only keep upgrading their security firewall as and when the
hackers strike," says a Qualcomm executive.

3
What is mobile phone cloning?
When we look up the dictionary meaning of cloning it states, “ to create the exact
replica or a mirror image of an subject understudy. The subject can be any thing living or
non-living so here we take into consideration the cellular or mobile phones. So Mobile
cloning is copying the identity of one mobile telephone to another mobile telephone. Every
electronic device has a working frequency, which plays a crucial role in its operation this we
shall discuss later. Now the question that arises is how is a mobile phone cloned. I shall be discussing
How Wireless Technology Works
Each cellular phone has a unique pair of identifying numbers: the electronic serial
number(“ESN”) and the mobile identification number (“MIN”). The ESN is programmed into
the wireless phone’s microchip by the manufacturer at the time of production. The MIN is a
ten-digit phone number that is assigned by the wireless carrier to a customer when an account
is opened. The MIN can be changed by the carrier, but the ESN, by law, cannot be altered.
When a cellular phone is first turned on, it emits a radio signal that broadcasts these numbers
to the nearest cellular tower. The phone will continue to emit these signals at regular
intervals, remaining in contact with the nearest cellular tower. These emissions (called
autonomous registration) allow computers at the cellular carrier to know how to route
incoming calls to that phone, to verify that the account is valid so that outgoing calls can be
made, and to provide the foundation for proper billing of calls. This autonomous registration
occurs whenever the phone is on, regardless of whether a call is actually in progress.

4
CLONING STATISTICS
this in detail, because it is a very complex procedure in which we have to be familiar with the
following terms.
Age

5
MEASURES TO BE TAKEN
 Service providers have adopted certain measures to prevent cellular fraud.
 These include:
 Blacklisting of stolen phones is another mechanism to prevent unauthorized use.

 User verification using Personal Identification Number (PIN) codes is one method
for customer protection against cellular phone fraud
 Encryption: Encryption is regarded as the effective way to prevent cellular fraud

 Traffic analysis detects cellular fraud by using artificial intelligence software to
detect suspicious calling patterns, such as a sudden increase in the length of calls or a
sudden increase in the number of international calls.

 Blocking: Blocking is used by service providers to protect themselves from high risk
callers.

6
What are GSM and CDMS mobile phone sets?
CDMA is one of the newer digital technologies used in Canada, the US, Australia, and some
South-eastern Asian countries (e.g. Hong Kong and South Korea). CDMA differs from GSM
and TDMA (Time Division Multiple Access) by its use of spread spectrum techniques for
transmitting voice or data over the air. Rather than dividing the radio frequency spectrum into
separate user channels by frequency slices or time slots, spread spectrum technology
separates users by assigning them digital codes within the same broad spectrum. Advantages
of CDMA include higher user capacity and immunity from interference by other signals.
GSM is a digital mobile telephone system that is widely used in Europe and other parts of the
world. GSM uses a variation of TDMA and is the most widely used of the three digital
wireless telephone technologies. GSM digitizes and compresses data, then sends it down a
channel with two other streams of user data, each in its own time slot. It operates at either the
900 MHz or 1,800 MHz frequency band.
Rise of Cell Cloning:
The early 1990s were boom times for eavesdroppers. Any curious teenager with a £100
Tandy Scanner could listen in to nearly any analogue mobile phone call. As a result, Cabinet
Ministers, company chiefs and celebrities routinely found their most intimate conversations
published in the next day's tabloids Cell phone cloning started with Motorola "bag" phones
and reached its peak in the mid 90's with a commonly available modification for the Motorola
"brick" phones, such as the Classic, the Ultra Classic, and the Model 8000.

7
GSM:
Global System for Mobile Communications. A digital cellular phone technology based on
TDMA GSM phones use a Subscriber Identity Module (SIM) card that contains user account
information. Any GSM phone becomes immediately programmed after plugging in the SIM
card, thus allowing GSM phones to be easily rented or borrowed. Operators who provide
GSM service are Airtel , Hutch etc.

8
CDMA:
Code Division Multiple Access. A method for transmitting simultaneous signals over a
shared portion of the spectrum. There is no Subscriber Identity Module (SIM) card unlike in
GSM.Operators who provides CDMA service in India are Reliance and Tata Indicom.
Mobile Phone Cloning Software:
Cloning involved modifying or replacing the EPROM in the phone with a new chip which
would allow you to configure an ESN (Electronic serial number) via software. You would
also have to change the MIN (Mobile Identification Number). When you had successfully
changed the ESN/MIN pair, your phone was an effective clone of the other phone. Cloning
required access to ESN and MIN pairs. ESN/MIN pairs were discovered in several ways:
 Sniffing the cellular
 Trashing cellular companies or cellular resellers
 Hacking cellular companies or cellular resellers
Cloning still works under the AMPS/NAMPS system, but has fallen in popularity as older
clone able phones are more difficult to find and newer phones have not been successfully
reverse-engineered.Cloning has been successfully demonstrated under GSM, but the process
is not easy and it currently remains in the realm of serious hobbyists and researchers.
How is a phone cloned?
Cellular thieves can capture ESN/MINs using devices such as cell phone ESN reader or
digital data interpreters (DDI). DDIs are devices specially manufactured to intercept
ESN/MINs. By simply sitting near busy roads where the volume of cellular traffic is high,
cellular thieves monitoring the radio wave transmissions from the cell phones of legitimate
subscribers can capture ESN/MIN pair. Numbers can be recorded by hand, one-by-one, or
stored in the box and later downloaded to a computer. ESN/MIN readers can also be used
from inside an offender’s home, office, or hotel room, increasing the difficulty of detection.

9
The ESN/MIN pair can be cloned in a number of ways without the knowledge of the carrier
or subscriber through the use of electronic scanning devices. After the ESN/MIN pair is
captured, the cloner reprograms or alters the microchip of any wireless phone to create a
clone of the wireless phone from which the ESN/MIN pair was stolen. The entire
programming process takes 10-15 minutes per phone. Any call made with cloned phone are
billed to and traced to a legitimate phone account. Innocent citizens end up with unexplained
monthly phone bills. To reprogram a phone, the ESN/MINs are transferred using a computer
loaded with specialized software, or a “copycat” box, a device whose sole purpose is to clone
phones. The devices are connected to the cellular handsets and the new identifying
information is entered into the phone. There are also more discreet, concealable devices used
to clone cellular phones. Plugs and ES-Pros, which are about the size of a pager or small
calculator, do not require computers or copycat boxes for cloning. The entire programming
process takes ten-15 minutes per phone.
This was how CDMA handsets are cloned but now we face a question that being: -
Do GSM sets run the risk of‘’cloning’?
Looking at the recent case, it is quite possible to clone both GSM and CDMA sets. The
accused in the Delhi case used software called Patagonia to clone only CDMA phones
(Reliance and Tata Indicom). However, there are software packages that can be used to clone
even GSM phones (e.g. Airtel, BSNL, Hutch, Idea). In order to clone a GSM phone,
knowledge of the International Mobile Equipment Identity (IMEI) or instrument number is
sufficient.

10
But the GSM-based operators maintain that the fraud is happening on CDMA, for now, and
so their subscribers wouldn't need to worry. Operators in other countries have deployed
various technologies to tackle this menace. They are: -
1) There's the duplicate detection method where the network sees the same phone in several
places at the same time. Reactions include shutting them all off, so that the real customer will
contact the operator because he has lost the service he is paying for.
2) Velocity trap is another test to check the situation, whereby the mobile phone seems to be
moving at impossible, or most unlikely speeds. For example, if a call is first made in Delhi,
and five minutes later, another call is made but this time in Chennai, there must be two
phones with the same identity on the network.
3) Some operators also use Radio Frequency fingerprinting, originally a military technology.
Even identical radio equipment has a distinguishing `fingerprint', so the network software
stores and compares fingerprints for all the phones that it sees. This way, it will spot the
clones with the same identity, but different fingerprints.
4) Usage profiling is another way wherein profiles of customers' phone usage are kept, and
when discrepancies are noticed, the customer is contacted. For example, if a customer
normally makes only local network calls but is suddenly placing calls to foreign countries for
hours of airtime, it indicates a possible clone.
What is Patagonia?
Patagonia is a software available in the market which is used to clone CDMA
phone.Using this software a cloner can take over the control of a CDMA phone i.e. cloning of
phone.There are other Software’s avai;able in the market to clone GSM phone.This
software’s are easily available in the market.A SIM can be cloned again and again and they
can be used at different places.Messages and calls sent by cloned phones can be

11
tracked.However,if the accuses manages to also clone the IMEI number of the
handset,for which software’s are available,there is no way he can be traced.
Impact of cloning:
Each year, the mobile phone industry loses millions of dollars in revenue because of the
criminal actions of persons who are able to reconfigure mobile phones so that their calls are
billed to other phones owned by innocent third persons. Often these cloned phones are used
to place hundreds of calls, often long distance, even to foreign countries, resulting in
thousands of dollars in airtime and long distance charges. Cellular telephone companies do
not require their customers to pay for any charges illegally made to their account, no matter

12
how great the cost. But some portion of the cost of these illegal telephone calls is passed
along to cellular telephone consumers as a whole.
Many criminals use cloned cellular telephones for illegal activities, because their calls are not
billed to them, and are therefore much more difficult to trace.
His phenomenon is especially prevalent in drug crimes. Drug dealers need to be in constant
contact with their sources of supply and their confederates on the streets. Traffickers acquire
cloned phones at a minimum cost, make dozens of calls, and then throw the phone away after
as little as a days' use. In the same way, criminals who pose a threat to our national security,
such as terrorists, have been known to use cloned phones to thwart law enforcement efforts
aimed at tracking their whereabouts.
Methods To Detect Cloned Phones In A Network:
Several countermeasures were taken with varying success. Here are various methods to detect
cloned phones on the network:
Duplicate detection - The network sees the same phone in several places at the same time.
Reactions include shutting them all off so that the real customer will contact the operator
because he lost the service he is paying for, or tearing down connections so that the clone
users will switch to another clone but the real user will contact the operator.
Velocity trap - The mobile phone seems to be moving at impossible , or most unlikely
speeds. For example, if a call is first made in Helsinki, and five minutes later, another call is
made but this time in Tampere, there must be two phones with the same identity on the
network.
RF (Radio Frequency) - fingerprinting is originally a military technology. Even
nominally identical radio equipment has a distinguishing ``fingerprint'', so the network
software stores and compares fingerprints for all the phones that it sees. This way, it will spot
the clones with the same identity but different fingerprints.
Usage profiling - Profiles of customers' phone usage are kept, and when discrepancies are
noticed, the customer is contacted. Credit card companies use the same method. For example,
if a customer normally makes only local network calls but is suddenly placing calls to foreign
countries for hours of airtime, it indicates a possible clone.
Call counting - Both the phone and the network keep track of calls made with the phone,
and should they differ more than the usually allowed one call, service is denied.

13
PIN codes - Prior to placing a call, the caller unlocks the phone by entering a PIN code and
then calls as usual. After the call has been completed, the user locks the phone by entering the
PIN code again. Operators may share PIN information to enable safer roaming.
How To Know That The Cell Has Been Cloned?
1. Frequent wrong number phone calls to your phone, or hang-ups.
2. Difficulty in placing outgoing calls.
3. Difficulty in retrieving voice mail messages.
4. Incoming calls constantly receiving busy signals or wrong numbers. Unusual calls
appearing on your phone bills
Duplicate Detection

14
Duplicate Detection
Prevention for Cloning?
Uniquely identifies a mobile unit within a wireless carrier's network. The MIN often can be
dialed from other wireless or wire line networks. The number differs from the electronic
serial number (ESN), which is the unit number assigned by a phone manufacturer. MINs and
ESNs can be checked electronically to help prevent fraud. Mobiles should never be trusted
for communicating/storing confidential information.
Always set a Pin that's required before the phone can be used. Check that all mobile devices
are covered by a corporate security policy. Ensure one person is responsible for keeping tabs
on who has what equipment and that they update the central register. How do service
providers handle reports of cloned phones? Legitimate subscribers who have their phones
cloned will receive bills with charges for calls they didn't make. Sometimes these charges
amount to several thousands of dollars in addition to the legitimate charges. Typically, the
service provider will assume the cost of those additional fraudulent calls. However, to keep
the cloned phone from continuing to receive service, the service provider will terminate the
legitimate phone subscription. The subscriber is then required to activate a new subscription
with a different phone number requiring reprogramming of the phone, along with the
additional headaches that go along with phone number changes.

15
2. WIRELESS TELEPHONE PROTECTION ACT:
Because of increasing financial losses to the telecommunications industry and
the growing use of cloned phones in connection with other criminal activity, Congress
passed the Wireless Telephone Protection Act (WTPA) in April 1998. The legislative
history indicates that, in amending 18 U.S.C. § 1029, Congress was attempting to address
two primary concerns presented by law enforcement and the wireless telecommunications
industry.1
Manufacturing and Distributing
Section 1029 covers cloning behavior that ranges from mere possession of a cloned phone to
using, producing, or trafficking in cloning equipment. The statutory maximum for these
offenses is ten or 15 years, depending upon the conduct, and are sentenced under §2F1.1.
This guideline provides different punishment levels based on whether any or all of the
following three factors are applicable: the amount of “loss” involved in the offense the
offense involved “more than minimal planning” and the offense involved “sophisticated
means.” However, the current guideline does not provide distinctions in sentence severity
based on whether the defendant was involved in manufacturing or distributing cloned phones.
It is possible that without a separate enhancement for manufacturing or distributing, the
current fraud guideline does not adequately distinguish between possessing a clone.
First, law enforcement officials testified at congressional hearings that they were having
difficulty proving the “intent to defraud” element of the pre-amendment provision
regarding some equipment used to clone phones.2 Although there is no legitimate reason
to possess the equipment unless an individual is employed in the telecommunications
industry, the prosecution often could not prove that the equipment was possessed with the
intent to defraud.
Second, law enforcement officials often discovered cloning equipment and
cloned cellular telephones in the course of investigating other criminal activities, such as
drug trafficking and other fraud. The use of cloned phones to facilitate other crimes
increases the ability of offenders to escape detection because of the increased mobility and
anonymity afforded by the phones. Gangs and foreign terrorist groups are also known to
sell or rent cloned phones to finance their illegal activities.

16
With these concerns in mind, Congress amended section 1029 in 1998. The significant
changes to the statute include—
• Elimination of the intent to defraud element with respect to persons who
knowingly use, produce, traffic in, have custody or control of, or possess hardware (a
"copycat box") or software which has been
.
Wireless Telephone Protection Act (Pub. L. No. 105-418, April 24, 1998).
Configured for altering or modifying a telecommunications instrument3. C Modification
of the current definition of "scanning receiver" to ensure that the term is understood to
include a device that can be used to intercept an electronic serial number, mobile
identification number, or other identifier of any telecommunications service, equipment, or
instrument; and C Correction of an error in the current penalty provision of 18 U.S.C. §
1029 that provided two different statutory maximum penalties (ten and 15 years) for the
same offense. With respect to cellular phone cloning, the Act makes clear that a person
convicted of such an offense without a prior section 1029 conviction is subject to a
statutory maximum of 15 years; a person convicted of such an offense after a prior section
1029 conviction is subject to a statutory maximum of 20 years.
In addition to the amendments to section 1029, the Wireless Telephone
Protection Act directs the Commission to “review and amend the federal sentencing
guidelines and the policy statements of the Commission, and, if appropriate, to provide an
appropriate penalty for offenses involving the cloning of wireless telephones. The Act also
directs the Commission to consider eight specific factors:
(A) The range of conduct covered by the offenses.
(B) The existing sentences for the offense.
(C) The extent to which the value of the loss caused by the offenses (as defined in the
federal sentencing guidelines) is an adequate measure for establishing penalties under the
federal sentencing guidelines.
(D) The extent to which sentencing enhancements within the federal sentencing guidelines
and the court’s authority to sentence above the applicable guideline range are adequate to

17
ensure punishment at or near the maximum penalty for the most egregious conduct
covered by the offenses.
(E) The extent to which the federal sentencing guideline sentences for the offenses have
been constrained by statutory maximum penalties.
(F) The extent to which federal sentencing guidelines for the offense(s) adequately achieve
the purposes of sentencing set forth in 18 U.S.C. § 3553(a)(2);
(G) The relationship of the federal sentencing guidelines for these offenses to offenses of
comparable seriousness; and
(H) Any other factor the Commission considers to be appropriate.
3. INTRODUCTION
While mobile cloning is an emerging threat for Indian subscribers, it has been
happening in other telecom markets since the 1990s, though mostly with regard to CDMA
phones. Pleas in an US District Court in 1997 effectively ended West Texas authorities' first
case of `phone cloning.' Authorities in the case estimated the loss at $3,000 to $4,000 for each
number used. Southwestern Bell claims wireless fraud costs the industry $650 million each
year in the US. Some federal agents in the US have called phone cloning an especially
`popular' crime because it is hard to trace. Back home, police officers say the Yasin case is
just the tip of the iceberg and have asked operators to improve their technology. But the
operators claim they can't do much for now. "It's like stealing cars or duplicating credit card
numbers. The service providers cannot do much except keep track of the billing pattern of the
users. But since the billing cycle is monthly, the damage is done by the time we can detect the
mischief," says a Reliance executive.

18
Qualcomm, which develops CDMA technology globally, says each instance of mobile
hacking is different and therefore there is very little an operator can do to prevent hacking.
"It's like a virus hitting the computer. Each software used to hack into the network is
different, so operators can only keep upgrading their security firewall as and when the
hackers strike," says a Qualcomm executive.
4. WHEN DID CELL CLONING START
The early 1990s were boom times for eavesdroppers. Any curious teenager with a
£100 Tandy Scanner could listen in to nearly any analogue mobile phone call. As a result,
Cabinet Ministers, company chiefs and celebrities routinely found their most intimate
conversations published in the next day's tabloids.
Cell phone cloning started with Motorola "bag" phones and reached its peak in the

19
mid 90's with a commonly available modification for the Motorola "brick" phones, such as
the Classic, the Ultra Classic, and the Model 8000.
GSM:
Global System for Mobile Communications. A digital cellular phone technology
based on TDMA GSM phones use a Subscriber Identity Module (SIM) card that
contains user account information. Any GSM phone becomes immediately programmed after
plugging in the SIM card, thus allowing GSM phones to be easily rented or borrowed.
Operators who provide GSM service are Airtel, Hutch etc.
CDMA:
Code Division Multiple Access. A method for transmitting simultaneous signals over
a shared portion of the spectrum. There is no Subscriber Identity Module (SIM) card unlike in
GSM. An operator who provides CDMA service in India are Reliance and Tata Indicom.
IS FIXED TELEPHONE NETWORK SAFER THAN MOBILE PHONE?
The answer is yes. In spite of this, the security functions which prevent eavesdropping
and unauthorized uses are emphasized by the mobile phone companies. The existing mobile
communication networks are not safer than the fixed Telephone networks. They only offer
protection against the new forms of abuse.
SECURITY FUNCTIONS OF THE GSM AND CDMA:
As background to a better understanding of the attacks on the GSM and CDMA
network the following gives a brief introduction to the Security functions available in GSM.
The following functions exist:
• Access control by means of a personal smart card (called subscriber Identity module, SIM)
and PIN (personal identification number)

20
• Authentication of the users towards the network carrier and generation of a session key in
order to prevent abuse.
• Encryption of communication on the radio interface, i.e. between mobile Station and base
station,
• concealing the users’ identity on the radio interface, i.e. a temporary valid Identity code
(TMSI) is used for the identification of a mobile user instead Of the IMSI.
HOW BIG OF A PROBLEM IS CLONING FRAUD?
The Cellular Telecommunications Industry Association (CTIA) estimates that
financial losses in due to cloning fraud are between $600 million and $900 million in the
United States. Some subscribers of Reliance had to suffer because their phone was cloned.
Mobile Cloning Is in initial stages in India so preventive steps should be taken by the network
provider and the Government.
WHAT IS MOBILE PHONE CLONING?
When we look up the dictionary meaning of cloning it states, “To create the
exact replica or a mirror image of an subject understudy. The subject can be anything living
or non-living so here we take into consideration the cellular or mobile phones. So Mobile
cloning is copying the identity of one mobile telephone to another mobile telephone. Every
electronic device has a working frequency, which plays a crucial role in its operation this we
shall discuss later. Now the question that arises is how a mobile phone is cloned. I shall be
discussing this in detail, because it is a very complex procedure in which we have to be
familiar with the following terms.

21
What are GSM and CDMS mobile phone sets?
CDMA is one of the newer digital technologies used in Canada, the US, Australia,
and some South-eastern Asian countries (e.g. Hong Kong and South Korea). CDMA differs
from GSM and TDMA (Time Division Multiple Access) by its use of spread spectrum
techniques for transmitting voice or data over the air. Rather than dividing the radio
frequency spectrum into separate user channels by frequency slices or time slots, spread
spectrum technology separates users by assigning them digital codes within the same broad
spectrum. Advantages of CDMA include higher user capacity and immunity from
interference by other signals.
GSM is a digital mobile telephone system that is widely used in Europe and other
parts of the world. GSM uses a variation of TDMA and is the most widely used of the three
digital wireless telephone technologies. GSM digitizes and compresses data, then sends it
down a channel with two other streams of user data, each in its own time slot. It operates at
either the 900 MHz or 1,800 MHz frequency band.
Some other important terms whose knowledge is necessary are:-
1. IMEI
2. SIM
3. ESN
4. MIN
So, first things first, the IMEI is an abbreviation for International Mobile Equipment
Identifier, this is a 10 digit universally unique number of our GSM handset. I use the term
Universally Unique because there cannot be 2 mobile phones having the same IMEI no. This
is a very valuable number and used in tracking mobile phones.
Second comes SIM, which stands for Subscriber Identification Module.
Basically the SIM provides storage of subscriber related information of three types:
1. Fixed data stored before the subscription is sold
2. Temporary network data
3. Service related data.

22
Next is the ESN, which stands for Electronic Serial Number. It is same as the IMEI
but is used in CDMA handsets. MIN stands for Mobile Identification Number, which is the
same as the SIM of GSM.
The basic difference between a CDMA handset and a GSM handset is that a CDMA
handset has no sim i.e. the CDMA handset uses MIN as its Sim, which cannot be replaced as
in GSM. The MIN chip is embedded in the CDMA hand set.
5. HOW IS A PHONE CLONED?
Cellular thieves can capture ESN/MINs using devices such as cell phone ESN reader
or digital data interpreters (DDI). DDIs are devices specially manufactured to intercept
ESN/MINs. By simply sitting near busy roads where the volume of cellular traffic is high,
cellular thieves monitoring the radio wave transmissions from the cell phones of legitimate
subscribers can capture ESN/MIN pair. Numbers can be recorded by hand, one-by-one, or
stored in the box and later downloaded to a computer. ESN/MIN readers can also be used
from inside an offender’s home, office, or hotel room, increasing the difficulty of detection.
The ESN/MIN pair can be cloned in a number of ways without the knowledge of the
carrier or subscriber through the use of electronic scanning devices. After the ESN/MIN pair
is captured, the cloner reprograms or alters the microchip of any wireless phone to create a
clone of the wireless phone from which the ESN/MIN pair was stolen. The entire
programming process takes 10-15 minutes per phone. Any call made with cloned phone are
billed to and traced to a legitimate phone account. Innocent citizens end up with unexplained
monthly phone bills. To reprogram a phone, the ESN/MINs are transferred using a computer
loaded with specialized software, or a “copycat” box, a device whose sole purpose is to clone
phones. The devices are connected to the cellular handsets and the new identifying
information is entered into the phone. There are also more discreet, concealable devices used
to clone cellular phones. Plugs and ES-Pros, which are about the size of a pager or small

23
calculator, do not require computers or copycat boxes for cloning. The entire programming
process takes ten-15 minutes per phone.
Fig. 1 Cellular cloning fraud procedure
Do GSM sets run the risk of ‘cloning’?
Looking at the recent case, it is quite possible to clone both GSM and CDMA sets.
The accused in the Delhi case used software called Patagonia to clone only CDMA phones
(Reliance and Tata Indicom). However, there are software packages that can be used to clone
even GSM phones (e.g. Airtel, BSNL, Hutch, Idea). In order to clone a GSM phone,
knowledge of the International Mobile Equipment Identity (IMEI) or instrument number is
sufficient.

24
But the GSM-based operators maintain that the fraud is happening on CDMA, for now, and
so their subscribers wouldn't need to worry. Operators in other countries have deployed
various technologies to tackle this menace. They are: -
1. There's the duplicate detection method where the network sees the same phone in several
places at the same time. Reactions include shutting them all off, so that the real customer will
contact the operator because he has lost the service he is paying for.
2. Velocity trap is another test to check the situation, whereby the mobile phone seems to be
moving at impossible or most unlikely speeds. For example, if a call is first made in Delhi,
and five minutes later, another call is made but this time in Chennai, there must be two
phones with the same identity on the network.
3. Some operators also use Radio Frequency fingerprinting, originally a military technology.
Even identical radio equipment has a distinguishing `fingerprint', so the network software
stores and compares fingerprints for all the phones that it sees. This way, it will spot the
clones with the same identity, but different fingerprints.
4. Usage profiling is another way wherein profiles of customers' phone usage are kept, and
when discrepancies are noticed, the customer is contacted. For example, if a customer
normally makes only local network calls but is suddenly placing calls to foreign countries for
hours of airtime, it indicates a possible clone.
6. IMPACT OF CLONING:
Each year, the mobile phone industry loses millions of dollars in revenue because of
the criminal actions of persons who are able to reconfigure mobile phones so that their calls
are billed to other phones owned by innocent third persons. Often these cloned phones are
used to place hundreds of calls, often long distance, even to foreign countries, resulting in
thousands of dollars in airtime and long distance charges. Cellular telephone companies do
not require their customers to pay for any charges illegally made to their account, no matter

25
how great the cost. But some portion of the cost of these illegal telephone calls is passed
along to cellular telephone consumers as a whole.
Many criminals use cloned cellular telephones for illegal activities, because their calls
are not billed to them, and are therefore much more difficult to trace.
His phenomenon is especially prevalent in drug crimes. Drug dealers need to be in constant
contact with their sources of supply and their confederates on the streets. Traffickers acquire
cloned phones at a minimum cost, make dozens of calls, and then throw the phone away after
as little as a days' use. In the same way, criminals who pose a threat to our national security,
such as terrorists, have been known to use cloned phones to thwart law enforcement efforts
aimed at tracking their whereabouts.
HOW TO KNOW THAT THE CELL HAS BEEN CLONED?
1. Frequent wrong number phone calls to your phone, or hang-ups.
2. Difficulty in placing outgoing calls.
3. Difficulty in retrieving voice mail messages.
4. Incoming calls constantly receiving busy signals or wrong numbers. Unusual
calls appearing on your phone bills
7. METHOD TO DETECT CLONED PHONES:
Duplicate detection - The network sees the same phone in several places at the same time.
Reactions include shutting them all off so that the real customer will contact the operator
because he lost the service he is paying for, or tearing down connections so that the clone
users will switch to another clone but the real user will contact the operator.
Velocity trap - The mobile phone seems to be moving at impossible or most unlikely speeds.
For example, if a call is first made in Helsinki, and five minutes later, another call is made
but this time in Tampere, there must be two phones with the same identity on the network.

26
Call counting - Both the phone and the network keep track of calls made with the phone, and
should they differ more than the usually allowed one call, service is denied.
PIN codes - Prior to placing a call, the caller unlocks the phone by entering a PIN code and
then calls as usual. After the call has been completed, the user locks the phone by entering the
PIN code again. Operators may share PIN information to enable safer roaming.
 Frequent wrong number phone calls to your phone, or hang-ups.
 Difficulty in placing outgoing calls.
 Difficulty in retrieving voice mail messages.
 Incoming calls constantly receiving busy signals or wrong numbers. Unusual calls
appearing on your phone bills.
8. SOLUTION OF THE PROBLEM:
Cloning, as the crime branch detectives divulge, starts when someone, working for
a mobile phone service provider, agrees to sell the security numbers to gray market operators.
Every mobile handset has a unique factory-coded electronic serial number and a mobile
identification number. The buyer can then program these security numbers into new handsets.
The onus to check the misuse of mobile cloning phenomenon falls on the subscriber
himself. The subscribers, according to the officials, should be on the alert and inform the
police on suspecting any foul play. It would be advisable for them to ask for the list of
outgoing calls, as soon as they realize that they've been overcharged. Meanwhile, the crime
branch is hopeful to find out a way to stop the mobile cloning phenomenon.
For example

27
The Central Forensic Laboratory at Hyderabad has reportedly developed software
that would detect cloned mobile phones. Called the Speaker Identification Technique, the
software enables one to recognize the voice of a person by acoustics analysis. These methods
are only good at detecting cloning, not preventing damage. A better solution is to add
authentication to the system. But this means upgrading the software of the operators' network,
and renewing the SIM-cards, which is not an easy or a cheap task. This initiative by the
Forensic Laboratory had to be taken up in the wake of more and more reports of misuse of
cloned mobiles.
9. HOW TO PREVENT CELL CLONING?
Uniquely identifies a mobile unit within a wireless carrier's network. The MIN often
can be dialed from other wireless or wire line networks. The number differs from the
electronic serial number (ESN), which is the unit number assigned by a phone manufacturer.
MINs and ESNs can be checked electronically to help prevent fraud.
Mobiles should never be trusted for communicating/storing confidential information.
Always set a Pin that's required before the phone can be used.
Check that all mobile devices are covered by a corporate security policy.
Ensure one person is responsible for keeping tabs on who has what equipment and that they
update the central register.
How do service providers handle reports of cloned phones?
Legitimate subscribers who have their phones cloned will receive bills with charges
for calls they didn't make. Sometimes these charges amount to several thousands of dollars in
addition to the legitimate charges.
Typically, the service provider will assume the cost of those additional fraudulent
calls. However, to keep the cloned phone from continuing to receive service, the service
provider will terminate the legitimate phone subscription. The subscriber is then required to
activate a new subscription with a different phone number requiring reprogramming of the
phone, along with the additional headaches that go along with phone number changes.

28
How can organizations help themselves?
1. Mobiles should never be trusted for communicating/storing confidential information.
2. Always set a Pin that's required before the phone can be used.
3. Check that all mobile devices are covered by a corporate security policy.
4. Ensure one person is responsible for keeping tabs on who has what equipment and
that they update the central register.
Such preventive measures are our only defence till we get a way or a technique to prevent
cloning of mobile phones.

29
Solution to this problem:
Cloning, as the crime branch detectives divulge, starts when some one, working for a mobile
phone service provider, agrees to sell the security numbers to gray market operators. Every
mobile handset has a unique factory-coded electronic serial number and a mobile
identification number. The buyer can then program these security numbers into new handsets.
The onus to check the misuse of mobile cloning phenomenon falls on the subscriber himself.
The subscribers, according to the officials, should be on the alert and inform the police on
suspecting any foul play. It would be advisable for them to ask for the list of outgoing calls,
as soon as they realize that they've been overcharged. Meanwhile, the crime branch is hopeful
to find out away to stop the mobile cloning phenomenon.
For example -
The Central Forensic Laboratory at Hyderabad has reportedly developed software that would
detect cloned mobile phones. Called the Speaker Identification Technique, the software
enables one to recognize the voice of a person by acoustics analysis. These methods are only
good at detecting cloning, not preventing damage. A better solution is
to add authentication to the system. But this means upgrading the software of the operators'
network, and renewing the SIM-cards, which is not an easy or a cheap task.
This initiative by the Forensic Laboratory had to be taken up in the wake of more and more
reports of misuse of cloned mobiles.
FUTURE THREATS:
Resolving subscriber fraud can be a long and difficult process for the victim. It may take time
to discover that subscriber fraud has occurred and an even longer time to prove that you did
not incur the debts. As described in this article there are many ways to abuse
telecommunication system, and to prevent abuse from occurring it is absolutely necessary to
check out the weakness and vulnerability of existing telecom systems. If it is planned to
invest in new telecom equipment, a security plan should be made and the system tested
before being implemented. It is therefore mandatory to keep in mind that a technique which is
described as safe today can be the most unsecured technique in the future.

30
WHAT CAN BE DONE?
With technically sophisticated thieves, customers are relatively helpless against
cellular phone fraud. Usually they became aware of the fraud only once receiving their phone
bill.
Service providers have adopted certain measures to prevent cellular fraud. These
include encryption, blocking, blacklisting, user verification and traffic analysis: Encryption is
regarded as the most effective way to prevent cellular fraud as it prevents eavesdropping on
cellular calls and makes it nearly impossible for thieves to steal Electronic Serial Number
(ESN) and Personal Identification Number (PIN) pairs. Blocking is used by service providers
to protect themselves from high risk callers. For example, international calls can be made
only with prior approval. In some countries only users with major credit cards and good
credit ratings are allowed to make long distance calls.
1. Blacklisting of stolen phones is another mechanism to prevent unauthorized use.
An Equipment Identity Register (EIR) enables network operators to disable stolen
cellular phones on networks around the world.
2. User verification using Personal Identification Number (PIN) codes is one method
for customer protection against cellular phone fraud.
3. Tests conducted have proved that United States found that having a PIN code
reduced fraud by more than 80%.
4. Traffic analysis detects cellular fraud by using artificial intelligence software to
detect suspicious calling patterns, such as a sudden increase in the length of calls or
a sudden increase in the number of international calls.

31
VICTIMS OF PHONE CLONING
 Anita Davis, a mobile clone victim. One month, her cell phone bill showed $3,151
worth of calls in one month, to Pakistan, Israel, Jordan, Africa, and other countries.
 A Louisville woman was shocked when she got her February cell phone bill from T-
Mobile. It was ten times higher than it's ever been before. Equally troubling, she didn't
recognize most of the phone numbers on it.

32
ADVANTAGES
1. If your phone has been lost , you can use your cloned cell phone.
2. If your phone got damaged or if you forgot your phone at home or any other place .
Cloned phone can be helpful.
DISADVANTAGES
 It can be used by the terrorists for criminal activities.
 It can be used by the cloner for fraud calls.
 It can be used for illegal money transfer.

33
10.CONCLUSION
Presently the cellular phone industry relies on common law (fraud and theft) and in-
house counter measures to address cellular phone fraud. Mobile Cloning
Is in initial stages in India so preventive steps should be taken by the network provider and
the Government the enactment of legislation to prosecute crimes related to cellular phones is
not viewed as a priority, however. It is essential that intended mobile crime legislation be
comprehensive enough to incorporate cellular phone fraud, in particular "cloning fraud" as a
specific crime.
Some of the forms of fraud presented here have been possible because of design
flaws. The cloning of analogy mobile phones was possible because there was no protection to
the identification information and the cloning of GSM SIM-cards is possible because of a
leaking authentication algorithm. These problems can be countered with technical means.
However, fraud in itself is a social problem.
As such, it may be temporarily countered with technological means but they rarely
work permanently. Mobile phones are a relatively new phenomenon and social norms to its
use have not been formed. Some operators have tried the ``If you can't beat them, join them''
approach and provided services that would otherwise be attained by fraud. As mobile
communication matures, both socially and technologically, fraud will settle to some level.
Until then, it is a race between the operators, equipment manufacturers and the fraudsters.
Mobile Cloning Is in initial stages in India so preventive steps should be taken by the
network provider and the Government the enactment of legislation to prosecute crimes
related to cellular phones is not viewed as a priority, however. It is essential that intended
mobile crime legislation be comprehensive enough to incorporate cellular phone fraud, in
particular "cloning fraud" as a specific crime.
Existing cellular systems have a number of potential weaknesses that were
considered. It is crucial that businesses and staff take mobile phone security seriously

34
11. REFERENCES:
1. IEEE journal for mobile communication
2. Science today magazine
3. Mobile communication Govt. of India reports
4. Mobile phone cloning www.seminarsonly.com
5. Google: www.google.com
6. Wikipedia: www.wikipedia.org
7. Mobile cloning mobiledia.com