29 December 2009. GSM A5 Files Published on Cryptome

28 April 1998: Add ISN and Anon message
Link to Crack-A5 file

27 April 1998: Add English version of CCC press release
27 April 1998: Add D2 response
27 April 1998


Date: Mon, 27 Apr 1998 12:33:27 +0200
To: jya@pipeline.com
From: interception <interception@ii-mel.com>
Subject: URGENT - URGENT -URGENT

Dear John,

Pls find enclosed a great event!

Bye,

Christian

----------

ReGSM.txt

Hi,

on 25 Apr 98, you wrote in a message concerning "GSM"
the following:

> Could you pls give a if In Germany an or more example exist
> about a GSM phreak (catcher IMSI)?

Just last Wednesday, the sources for a SIM-card-attack as decribed by the  
both Berekely scientists were made public on the ftp-server of the famous  
German Chaos Computer Club (CCC).

Then on last Friday, the CCC used these to clone a SIM from GSM-operator  
D2 to demonstrate it really works. German news magazine "Der SPIEGEL" will  
report about that in its next issue, published tomorrow.

Here's the press release of the CCC:

__

Chaos Computer Club e.V. - Presseerklaerung
Berlin, Freitag 24.04.1998 23:61 Uhr

Chaos Computer Club bestaetigt gravierendes GSM-Sicherheitsloch
- auch deutscher Netzbetreiber betroffen

Durch eine Schwachstelle in den technischen Standard-Protokollen des
GSM-Netzes ist es moeglich, Chipkarten von Teilnehmern unberechtigt zu
kopieren und auf Kosten ahnungsloser Kunden zu telefonieren.

Die vor einiger Zeit durch die amerikanische Smartcard Developers
Association bekanntgewordene Schwachstelle im GSM-Netz konnte jetzt vom
Chaos Computer Club erstmalig im praktischen Versuch mit D2-Chipkarten
bestaetigt werden.

"Ein Grossteil der weltweiten GSM-Netze kann nach dieser Entdeckung als
unsicher gelten. Auch in GSM-Netzen ist es moeglich, auf Kosten fremder
Kunden zu telefonieren.", sagte CCC-Sprecher Frank Rieger.

Die Sicherheit der GSM-Netze beruhte bisher darauf, dass die
zugrundeliegenden mathematischen Verfahren geheimgehalten wurden. Deshalb
konnten diese Verfahren von der Fachoeffentlichkeit nicht auf
Schwachstellen untersucht werden. Auch die Abhoersicherheit des GSM-Netzes
wurde offenbar auf Draengen von Sicherheitsbehoerden und Geheimdiensten
bewusst eingeschraenkt.

Nachdem die Algorithmen A3 und A8 durch drei amerikanische Forscher
veroeffentlicht wurden, konnten die darin enthaltenen gravierenden
Schwachstellen entdeckt werden.

Der in der Chipkarte des Teilnehmers und der Datenbank des Netzbetreibers
gespeicherte geheime Schluessel kann aus der Chipkarte quasi ausgelesen
werden.

Der mit PC und Chipkartenleser in Erfahrung gebrachte geheime Schluessel
laesst sich dazu verwenden, eine GSM-Chipkarte zu simulieren und Telefonate
auf Kosten des Karteninhabers zu fuehren. Ein haushaltsueblicher PC ist fuer
diese Aufgabe bereits ueberdimensioniert.

Krimineller Missbrauch von GSM-Karten ist beispielsweise durch untreue
Haendler denkbar, die so in der Lage waeren, die Daten von GSM-Karten vor
dem Verkauf zu kopieren und mit den Codes zu handeln. Der normale Kunde
kann den Missbrauch erst bemerken, wenn er seine Rechnung kontrolliert.

"Der Beweiswert von Verbindungsdaten, Bewegungsprofilen und Rechnungen ist
dermassen gesunken, dass eine Umkehr der Beweislast sinnvoll erscheint.",
fasste CCC-Sprecher Mueller-Maguhn das Problem zusammen.

Chaos Realitaets Dienst
http://www.ccc.de/CRD/CRD240498.html
__


--
snailmail : Kai Rohrbacher, Talstr. 24, 76689 Karlsdorf, Germany
phone/fax : +49-7251-41072 | mobile: +49-177-4418371
e-mail/WWW: kairo@maya.inka.de | http://www.inka.de/~maya/index.htm
PGP-key   : mail to info@maya.inka.de, automatic reply
"Ich glaube, dass es im Universum eine hoehere Ordnung gibt
-nur haelt sich kaum jemand an sie!" -Woody Allen


Date: Mon, 27 Apr 1998 16:15:49 +0200 To: jya@pipeline.com From: interception <masson@ii-mel.com> Subject: REACTION D2 ABOUT CRACK SIM: PIN RESIST TO ATTACK Sie brauchen sich keine Sorgen machen, dass unbefugte Dritte auf Ihre Kosten mit Ihrer D2-Karte telefonieren. Bei diesem sogenannten Berkeley-Experiment wurde eine freigeschaltete SIM-Karte und die dazugehoerige gueltige PIN-Nummer genutzt. Wie Sie sich sicherlich denken koennen, ist die Moeglichkeit, dass Ihnen Ihre Karte samt PIN-Nummer verloren geht, sehr unwahrscheinlich. Um das Missbrauchsrisiko zu reduzieren, ist in unserem Netz eine PIN wie bei Scheckkarten obligatorisch. Zusaetzlich ueberpruefen wir taeglich ungewoehnlich hohes Verbrauchsverhalten fuer jede Nummer und schalten bei ungeklaerten Verhaeltnissen ab. Eine unberechtigte Nutzung einer D2-Karte ist nur mittels technisch aufwendiger Rechnerprozeduren moeglich und wenn SIM-Karte und PIN unbefugt in fremde Haende kommen. Die Vervielfaeltigung einer D2-Karte ist bei diesem sog. Experiment nicht gelungen. Wir hoffen, Ihnen mit diesen Informationen weitergeholfen zu haben und stehen Ihnen fuer Rueckfragen selbstverstaendlich gerne zur Verfuegung. Mit freundlichen Gruessen Mannesmann Mobilfunk GmbH InfoTeam Online -------------
Date: Mon, 27 Apr 1998 20:32:22 +0200 To: cypherpunks@ssz.com Subject: EU CRACK SIM: translation From: Ian.Sparkes@t-online.de (Ian Sparkes) A translation of short passage from 'Der Spiegel' Ian ************************************************* __ Chaos Computer Club e.V. - Press release Berlin, Freitag 24.04.1998 23:61 Uhr The Chaos Computer Club has confirmed a serious security hole in GSM - German net operators are also affected. Because of a weak link in the standard technical protocols in the GSM telephone net, it is possible to produce unauthorised copies of customers SIM-cards and to make telephone calls at the cost of unsuspecting customers. The weakness in the GSM network, which was first publicised some time ago by the american Smartcard Developers Association, has for the first time been turned into a practical attack by the CCC using D2 SIM-cards. "A large part of the world wide network can be considered as insecure as a result of this discovery," said CCC spokesman Frank Rieger. "It is also possible to telephone at the cost of other customers." The security of the GSM network was based until now on the fact that the underlying mathematical process was not disclosed, and could therefore not be subjected to peer review to determine weaknesses in it. The security of the GSM network was consciously restricted at the request of security authorities and secret services. Following the publication of the A3 and A8 algorithms by three American researchers, the serious weakness in the algorithms was discovered. The secret key, which is stored in the customer's SIM-card and in the network providers database, can be more or less read out of the SIM-card. The secret key which can be read out of the SIM-card with a PC and a Chipcard reader can be used to simulate a GSM SIM-card, which can then be used to make calls at the cost of the SIM-cards owner. A standard household PC is more than capable of this task. Criminal abuse of GSM cards would be possible, for instance by unscrupulous dealers who would be in the position to copy the data from the GSM cards before sale, and to deal in the codes. The abuse could only be spotted by the customer if he checks his bill. "The reliability of call data, movement profiles and bills themselves has been reduced to such a degree that a change in the in the burden of proof appears sensible." summarised CCC spokesman Mueller-Maguhn. Chaos Realitaets Dienst http://www.ccc.de/CRD/CRD240498.html
Date: Tue, 28 Apr 1998 05:03:35 -0400 (EDT) From: Gary Mounfield <mani@firehouse.net> To: jya@jya.com Subject: Re: [ISN] Hackers Copy Mannesmann Mobile Phone Sim Card (fwd) ---------- Forwarded message ---------- Date: Mon, 27 Apr 1998 19:00:22 -0600 (MDT) From: mea culpa <jericho@dimensional.com> To: InfoSec News <isn@sekurity.org> Subject: Re: [ISN] Hackers Copy Mannesmann Mobile Phone Sim Card From: Felix von Leitner <leitner@math.fu-berlin.de> Date: Tue, 28 Apr 1998 01:36:21 +0200 Subject: Re: [ISN] Hackers Copy Mannesmann Mobile Phone Sim Card > In order to clone a SIM card, the hackers had to have both a copy of the > original SIM card for at least 11 hours and know the PIN number. > Scientists at the University of California and the Smartcard Developers > Association in the USA already reported weaknesses in smaller mobile > telecoms networks at the beginning of April which work on the same GSM > standard as the German networks D1, D2 and E-Plus. This is of course bullshit.  If they used the same standard, they would all be vulnerable.  As a member of the CCC I can clarify a little here. D2 is the only German network using COMP128 right now, which is the GSM reference encryption algorithm.  What we did is "simply" implement the attack outlined by Ian Goldberg et al from Berkeley.  And we made the necessary software available on www.ccc.de, and there are blueprints for useful hardware.  The PIN is not an issue because evil mobile dealers can sell cloned phones now. Our GSM guy says that there are only three networks that are known not to use COMP128 right now, and two of them are in Germany, obviously. For those who speak German, there is a nice round-up on   http://www.ccc.de/D2Pirat/index.html and you can download the software there, too.  There are pictures of the equipment there, too, that look quite cool ;) What we demonstrated was that you can get the pin from the "secure" envelope without traces and that you can use the attack from Goldberg to get the secret key from the card in about 11 hours without overclocking the card or tricks like that.  The URL to Goldberg's method was already posted on ISN I believe.  And we showed that the clone and the original can check into the D2 GSM network at the same time, they just can't place calls simultaneously without error messages.  This all is of course still very useful to criminals who need anonymous phones. BTW: D2 put out some of the typical press blah like "no real damage", "only theoretical attack", "same problem as when you lose your card", stuff like that ;) What remains to be seen is whether the other German mobile carriers use better or just different algorithms. Felix -o- Subscribe: mail majordomo@sekurity.org with "subscribe isn". Today's ISN Sponsor: Dimensional Communications (www.dim.com)
Date: Tue, 28 Apr 1998 11:20:05 -0400 (EDT) From: [Deleted by request] To: John Young <jya@pipeline.com> Subject: Re: [ISN] Hackers Copy Mannesmann Mobile Phone Sim Card (fwd) The last post from Masson, re grabbing IMEI, raises some interesting thoughts. For several years now there have been devices available (not commonly, but available) which will effectively track a GSM cellfone. The units are about the size of a pack of cigarettes (occasionally concealed as such) and will "lock on" to a particular IMEI/IMSI. Tracking in the handheld models is much the same as other simple direction finding / tracking gear. However there are also items available which are closer to the old ETACS tracking sets, giving a map of the surrounding cellsites, and extremely accurate positioning. Very, very nice toys, and outstandingly useful. Makes this month's crypto@c2 discussions on position escrow seem a little redundant :)