Global militant organisations are tapping into the vulnerabilities in Bluetooth mobile phone technology for propaganda and recruitment, as well as to filch data for financial gain.
As revealed in an exclusive report by journalist Steve Gold published this week in E&T magazine, investigations by analysts are uncovering the existence of a digital technology branch of al-Qaeda Al-Qaeda's digital R&D division – known as Fariq Jawwal Al-Ansar (FJA) – that exists to research and develop advanced methods of using the latest mobile telephony to propagate the organisation's campaign messages.
According to Nigel Stanley, IT security practice leader with analyst Bloor Research, ‘cellular hacking’ has effectively been being used by al-Qaeda for at least two years. The problem, Stanley says, stems from the fact that while the mobile phone has to authenticate itself to the cellular network, there is no provision in the GSM (2G) or 3G standard for the network to authenticate itself to the mobile handset.
Because of this specific security weakness, the mobile phone – especially newer smartphones such as the iPhone, the wide range of Android handsets and BlackBerry mobiles – pose a real and unknown security risk to enterprise users. Coupled with a prolific growth in mobile malware, Stanley maintains that there has been an exponential rise of interest in malware that affects smartphones from the mainstream cybercriminals, all the way to terrorists such as al-Qaeda engaged in industrial espionage.
One of the key ways in which smartphones can be subverted is down to their relatively unique characteristic of locking on to the most powerful cellular radio signals. This means that if you install a pico-cell GSM basestation – obtainable for just a few hundred pounds – and drive it with suitable software running on a laptop, it is possible to emulate a regular GSM basestation.
Because the pico-cell – a tiny version of a regular basestation typically used in shopping malls and office complexes for in-fill coverage – will have a strong signal to GSM handsets in its vicinity, typically to a range of a few hundred metres, it is possible to 'fool' a standard GSM smartphone into authenticating itself with a pico-cell basestation instead of a regular station some way distant.
Terrorism’s invisible propaganda networks