Paris terrorists used burner phones and US lawmakers have proposed a bill that would force retailers to record the identity of the buyers of these devices.
Law enforcement and intelligence agencies worldwide are fighting against terrorist organizations operating in their territories, but investigations are hampered by the use of encrypted communications. After the Paris attacks, intelligence agencies made many speculations about possible communication channels adopted by the terrorists, including the use of the PS4 messaging system.
New revelations seem to exclude the above hypothesis, terrorists behind the Paris attacks used burner phones and not encryption to avoid being tracked.
“But the three teams in Paris were comparatively disciplined. They used only new phones that they would then discard, including several activated minutes before the attacks, or phones seized from their victims.” reportedThe New York Times.
The NYT cites a 55-page report compiled by the French antiterrorism police for France’s Interior Ministry and explains how the terrorists have used phones activated less than an hour before the attacks.
“Everywhere they went, the attackers left behind their throwaway phones,” states the post. “New phones linked to the assailants at the stadium and the restaurant also showed calls to Belgium in the hours and minutes before the attacks, suggesting a rear base manned by a web of still unidentified accomplices.” “Security camera footage showed Bilal Hadfi, the youngest of the assailants, as he paced outside the stadium, talking on a cellphone. The phone was activated less than an hour before he detonated his vest.”
Outside the Bataclan theater venue, the investigators found a Samsung smartphone in a dustbin with a Belgian SIM card used exclusively for the operation.
“It had a Belgian SIM card that had been in use only since the day before the attack. The phone had called just one other number—belonging to an unidentified user in Belgium.”
The police have found several unused burner phones “still in their wrappers” in a place used by the group of terrorists.
Burner Phones are an effective and secure method of communication used by criminals and terrorists. Prepaid phones are very cheap, using different mobile devices and different mobile phone numbers each time it is possible to evade monitoring activities operated by the intelligence agencies.
Soon something can change, at least in the US where lawmakers in California have proposed a new bill that would force retailers to verify and record the identity of the buyers of prepaid burner phones or similar mobile devices, as well as SIM cards.
- The full name of the purchaser.
- The complete home address of the purchaser.
- The date of birth of the purchaser.
An authorized reseller making a sale to a buyer not in person shall verify the purchaser information provided under section 2 by requiring the purchaser to submit the following information:
- Valid credit or debit card account information.
- Social Security number.
- Driver’s license number.
- Any other personal identifying information that the Attorney General finds, by regulation, to be necessary for purposes of this section.
The congresswomen explained that the bill will not eliminate the existence of burner phones, it is a necessary measure to prevent terror plots and many other illegal activities.
“This bill would close one of the most significant gaps in our ability to track and prevent acts of terror, drug trafficking, and modern-day slavery,” Speier said in a Wednesday blog post. The ‘burner phone’ loophole is [a glaring gap] in our legal framework that allows actors like 9/11 hijackers and the Times Square bomber to evade law enforcement while they plot to take innocent lives. The Paris attackers also used ‘burner phones.’ As we’ve seen so vividly over the past few days, we cannot afford to take these kinds of risks. It’s time to close this ‘burner phone’ loophole for good.”
There are some aspects that the Bill still doesn’t approach correctly, for example, what happen if a criminal uses a stolen identity?
In the SEC. 3. IDENTIFICATION VERIFICATION, under the “Other Sales” section it is contemplated the possibility of selling to people not in person opening the door to fraudulent purchases.
Source:https://securityaffairs.co/
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.