{"id":4745,"date":"2015-04-07T06:13:45","date_gmt":"2015-04-07T10:13:45","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=4745"},"modified":"2019-11-15T15:24:37","modified_gmt":"2019-11-15T11:24:37","slug":"the-convoluted-art-of-making-private-and-anonymous-phone-calls-2","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/the-convoluted-art-of-making-private-and-anonymous-phone-calls-2\/4745\/","title":{"rendered":"The Convoluted Art of Making Private and Anonymous Phone Calls"},"content":{"rendered":"<p><span id=\"ext-gen3762\" class=\"tx\">Photographer Curtis Wallen\u2019s latest exhibit, \u201cProposition For An On Demand Clandestine\u00a0<\/span><br>\n<span id=\"ext-gen3768\" class=\"tx\">Communication Network,\u201d opened in a Brooklyn art-house Sunday. The work explored what it would\u00a0<\/span><span id=\"ext-gen3767\" class=\"tx\">take for a normal person to make a completely private and anonymous phone call\u00a0<\/span><span class=\"tx\">in the age of\u00a0<\/span><span id=\"ext-gen3766\" class=\"tx\">ubiquitous Internet surveillance<\/span><span id=\"ext-gen3769\" class=\"tx\">.<\/span><\/p>\n<div id=\"ext-gen3758\" class=\"crocodoc-page crocodoc-text-selected\">\n<div class=\"crocodoc-page-inner\">\n<div class=\"crocodoc-page-content\">\n<div class=\"crocodoc-page-autoscale\">\n<div class=\"crocodoc-WMl0DJ crocodoc-page-text\">\n<div id=\"ext-gen3741\" class=\"crocodoc-subpx-fix\">\n<div class=\"tb f275\"><span id=\"ext-gen3770\" class=\"tx\">Ultimately, Wallen\u2019s exhibit is an incredibly convoluted set of instructions that, theoretically speaking,\u00a0<\/span><br>\n<span id=\"ext-gen3771\" class=\"tx\">can be followed in order to make a single phone call outside the scope of government surveillance.\u00a0<\/span><span id=\"ext-gen3772\" class=\"tx\">While Wallen is not a security expert by trade, he did buy a fake driver\u2019s license, Social Security number,\u00a0<\/span><span id=\"ext-gen3773\" class=\"tx\">insurance card and cable bill on Tor with Bitcoin in order to create a working fake identity, Aaron Brown,\u00a0<\/span><span id=\"ext-gen3774\" class=\"tx\">back in 2013.\u00a0<\/span><br>\n<span id=\"ext-gen3775\" class=\"tx\"><\/span><br>\n<span id=\"ext-gen3776\" class=\"tx\">In other words, he has relevant experience in\u00a0<\/span><span class=\"tx\">the world of privacy and anonymity<\/span><span class=\"tx\">. Of course, his\u00a0<\/span><span id=\"ext-gen3777\" class=\"tx\">techniques are subject to technical analysis and their efficacy is debatable, but, in this case, art is about\u00a0<\/span><span id=\"ext-gen3778\" class=\"tx\">the journey and this journey is an absurd one.\u00a0<\/span><span class=\"tx\">Fast Company first reported on Wallen\u2019s project late last\u00a0<\/span><span class=\"tx\">month<\/span><span id=\"ext-gen3779\" class=\"tx\">.\u00a0<\/span><\/div>\n<\/div>\n<\/div>\n<div class=\"crocodoc-page-links\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crocodoc-page crocodoc-page-visible\">\n<div class=\"crocodoc-page-inner\">\n<div class=\"crocodoc-page-content\">\n<div class=\"crocodoc-page-svg\">\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">The absurd lengths one man went to in order to make a completely private phone call: <a href=\"http:\/\/t.co\/i0yZJjtryK\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/i0yZJjtryK<\/a> <a href=\"http:\/\/t.co\/a6sauhJRxH\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/a6sauhJRxH<\/a><\/p>\n<p>\u2014 Fast Company (@FastCompany) <a href=\"https:\/\/twitter.com\/FastCompany\/status\/584083588389478402?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 3, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<\/div>\n<div class=\"crocodoc-page-svg\"><span id=\"ext-gen3802\" class=\"tx\">So, how did Wallen go about making a clandestine phone call?\u00a0<\/span><span id=\"ext-gen3803\" class=\"tx\"><\/span><span id=\"ext-gen3804\" class=\"tx\">First he purchased a Faraday Cage-style evidence bag. These bags protect their contents against\u00a0<\/span><br>\n<span id=\"ext-gen3805\" class=\"tx\">electronic manipulation with a mesh-work of conductive metals. In theory, outside signals cannot\u00a0<\/span><span id=\"ext-gen3798\" class=\"tx\">penetrate a Faraday Cage and, therefore, cannot communicate with a mobile phone placed inside of a\u00a0<\/span><span id=\"ext-gen3806\" class=\"tx\">Faraday Cage.\u00a0<\/span><br>\n<span id=\"ext-gen3807\" class=\"tx\"><\/span><br>\n<span id=\"ext-gen3808\" class=\"tx\">Once he had his bag, Wallen went to a Rite Aid and purchased a pre-paid, contract-less cell phone,\u00a0<\/span><span id=\"ext-gen3809\" class=\"tx\">perhaps better known as a \u201cburner\u201d phone. Presumably he purchased the burner with cash rather than\u00a0<\/span><span id=\"ext-gen3797\" class=\"tx\">a traceable credit or debit card. He then placed the burner phone inside the evidence bag.\u00a0<\/span><\/div>\n<div class=\"crocodoc-page-svg\"><blockquote class=\"twitter-pullquote\"><p>Artist @curtiswallen\u2019s take on how to make a completely #anonymous and #private phone call:<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FE928&amp;text=Artist+%40curtiswallen%26%238217%3Bs+take+on+how+to+make+a+completely+%23anonymous+and+%23private+phone+call%3A\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote><\/div>\n<div class=\"crocodoc-page-svg\">\n<div id=\"ext-gen3788\" class=\"crocodoc-page crocodoc-page-visible crocodoc-text-selected\">\n<div class=\"crocodoc-page-inner\">\n<div class=\"crocodoc-page-content\">\n<div class=\"crocodoc-page-autoscale\">\n<div class=\"crocodoc-WMl0DJ crocodoc-page-text\">\n<div id=\"ext-gen3785\" class=\"crocodoc-subpx-fix\">\n<div class=\"tb f275\"><span id=\"ext-gen3812\" class=\"tx\">Behaviorally speaking, Wallen told Fast Company that he analyzed his daily movements before the\u00a0<\/span><span id=\"ext-gen3811\" class=\"tx\">experiment looking for anchor points and other times when his phone would not change locations,\u00a0<\/span><span id=\"ext-gen3810\" class=\"tx\">which he calls dormant periods. It\u2019s well established that accurately identifying a subject is trivial when\u00a0<\/span><span id=\"ext-gen3793\" class=\"tx\">you have access to that person\u2019s daily location information.\u00a0<\/span><br>\n<span id=\"ext-gen3792\" class=\"tx\"><\/span><br>\n<span id=\"ext-gen3794\" class=\"tx\">Anecdotally speaking, nearly all of us have a fairly standard procedure of daily movements. We wake up,\u00a0<\/span><span id=\"ext-gen3791\" class=\"tx\">we go to work, we sit at work all day and we go home. Generally speaking, no other person travels from\u00a0<\/span><span id=\"ext-gen3790\" class=\"tx\">our exact home to our exact place of work. These are our anchor points.\u00a0<\/span><br>\n<span id=\"ext-gen3789\" class=\"tx\"><\/span><br>\n<span id=\"ext-gen3815\" class=\"tx\">When it was time to activate his burner, Wallen left his actual, daily-use phone at an anchor point during\u00a0<\/span><span id=\"ext-gen3787\" class=\"tx\">a dormant period. He himself then departed from his anchor point with his burner phone in his Faraday\u00a0<\/span><span class=\"tx\">bag. While it\u2019s not totally clear, he could have increased his chances of remaining anonymous by\u00a0<\/span><span id=\"ext-gen3786\" class=\"tx\">travelling by foot or by public transport out of sight of surveillance cameras to avoid systems that track\u00a0<\/span><span class=\"tx\">license plates.\u00a0<\/span><\/div>\n<\/div>\n<\/div>\n<div class=\"crocodoc-page-links\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crocodoc-page crocodoc-page-visible crocodoc-current-page\">\n<div class=\"crocodoc-page-inner\">\n<div class=\"crocodoc-page-content\">\n<div class=\"crocodoc-page-svg\">\n<div id=\"attachment_4740\" style=\"width: 760px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4740\" class=\"size-full wp-image-4740\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2015\/04\/05103952\/curtis-wallan-artwork-1.jpg\" alt=\"Curtis Wallen artwork\" width=\"750\" height=\"600\"><p id=\"caption-attachment-4740\" class=\"wp-caption-text\">Curtis Wallen artwork<\/p><\/div>\n<p><span id=\"ext-gen3818\" class=\"tx\">He then connected to the Internet on a public Wi-Fi access point and used a computer with a clean\u00a0<\/span><span id=\"ext-gen3819\" class=\"tx\">operating system (think\u00a0<\/span><span class=\"tx\">Tails operating system<\/span><span class=\"tx\">\u00a0or maybe a properly configured\u00a0<\/span><span class=\"tx\">Chromebook in\u00a0<\/span><span class=\"tx\">ephemeral mode<\/span><span id=\"ext-gen3782\" class=\"tx\">) to go through the actual activation procedure.\u00a0<\/span><br>\n<span id=\"ext-gen3821\" class=\"tx\"><\/span><br>\n<span id=\"ext-gen3822\" class=\"tx\">In this way, the phone is not attached to anyone\u2019s name or billing information and there is, in theory, no\u00a0<\/span><span id=\"ext-gen3823\" class=\"tx\">way of connecting its registration to someone\u2019s personal computer. In addition, the service provider for\u00a0<\/span><span id=\"ext-gen3824\" class=\"tx\">his real cell phone has no record of his traveling to the place where the phone was activated. Once it\u00a0<\/span><span id=\"ext-gen3825\" class=\"tx\">was set up, Wallen left the phone in a non-anchor point inside the Faraday Bag.<\/span><\/p>\n<div class=\"crocodoc-page crocodoc-page-visible crocodoc-text-selected\">\n<div class=\"crocodoc-page-inner\">\n<div class=\"crocodoc-page-content\">\n<div class=\"crocodoc-page-autoscale\">\n<div class=\"crocodoc-WMl0DJ crocodoc-page-text\">\n<div id=\"ext-gen3781\" class=\"crocodoc-subpx-fix\">\n<div class=\"tb f275\"><span id=\"ext-gen3829\" class=\"tx\">Once the phone is activated, there is the problem of coordinating the actual phone call. Wallen used\u00a0<\/span><span class=\"tx\">a\u00a0<\/span><span class=\"tx\">cryptological system<\/span><span id=\"ext-gen3828\" class=\"tx\">\u00a0called One-Time Pad to encrypt a message containing the burner phone\u2019s number\u00a0<\/span><span id=\"ext-gen3827\" class=\"tx\">and a time for the caller to call the burner phone.\u00a0<\/span><br>\n<span id=\"ext-gen3826\" class=\"tx\"><\/span><br>\n<span id=\"ext-gen3836\" class=\"tx\">It\u2019s important that the call be made during a dormant time so it appears that Wallen is at home or work\u00a0<\/span><span id=\"ext-gen3837\" class=\"tx\">with his actual, daily use cell phone. It seems that he leaves his real phone behind to throw off his\u00a0<\/span><span id=\"ext-gen3838\" class=\"tx\">location.\u00a0<\/span><br>\n<span id=\"ext-gen3839\" class=\"tx\"><\/span><br>\n<span id=\"ext-gen3840\" class=\"tx\">Only the message\u2019s intended recipient would have\u00a0<\/span><span class=\"tx\">the key to decrypt the One-Time Pad encrypted\u00a0<\/span><span class=\"tx\">message<\/span><span class=\"tx\">. Wallen then signed into the Tor anonymity network, signed into an anonymous Twitter\u00a0<\/span><span class=\"tx\">account and posted encrypted message. The person who would call the burner then decrypted the\u00a0<\/span><span class=\"tx\">message and called the number posted at the given time.\u00a0<\/span><span class=\"tx\">\u201cCentral to good privacy, is eliminating or reducing anomalies that would pop up on surveillance radars,\u00a0<\/span><span class=\"tx\">like robust encryption,\u201d Wallen told Fast Company. \u201cSo, I\u2019ve prearranged an account where I\u2019m going to\u00a0<\/span>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crocodoc-page crocodoc-page-visible crocodoc-current-page\">\n<div class=\"crocodoc-page-inner\">\n<div class=\"crocodoc-page-content\">\n<div class=\"crocodoc-page-autoscale\">\n<div class=\"crocodoc-WMl0DJ crocodoc-page-text\">\n<div id=\"ext-gen3841\" class=\"crocodoc-subpx-fix\">\n<div class=\"tb f275\"><span class=\"tx\">post an encrypted message, and that message comes in the form of a \u2018random\u2019 filename, someone can\u00a0<\/span><span class=\"tx\">see that image posted to a public Twitter account, and write down the filename \u2014 to decrypt by hand\u00a0<\/span><span id=\"ext-gen3849\" class=\"tx\">\u2014 without ever actually loading the image.\u201d<\/span><\/div>\n<div class=\"tb f275\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crocodoc-page-autoscale\">\n<div id=\"attachment_4741\" style=\"width: 760px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4741\" class=\"size-full wp-image-4741\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2015\/04\/05103951\/curtis-wallan-artwork-2.jpg\" alt=\"Curtis Wallen artwork \" width=\"750\" height=\"600\"><p id=\"caption-attachment-4741\" class=\"wp-caption-text\">Curtis Wallen artwork<\/p><\/div>\n<\/div>\n<div class=\"crocodoc-page-autoscale\">\u00a0<span id=\"ext-gen3844\" class=\"tx\">Wallen would travel back to where he left the burner phone at the appointed time and answer the\u00a0<\/span><span id=\"ext-gen3843\" class=\"tx\">incoming call. Once that call ended, Wallen wiped (presumably for fingerprints and data) and destroyed\u00a0<\/span><span id=\"ext-gen3842\" class=\"tx\">the burner phone.\u00a0<\/span><br>\n<span id=\"ext-gen3852\" class=\"tx\"><\/span><span id=\"ext-gen3853\" class=\"tx\">That, apparently, is how you make a clandestine phone call.\u00a0<\/span><span id=\"ext-gen3854\" class=\"tx\"><\/span><span id=\"ext-gen3855\" class=\"tx\">Wallen consulted a famous security researcher, best known by his handle \u201cThe grugq,\u201d who described\u00a0<\/span><br>\n<span id=\"ext-gen3856\" class=\"tx\">the process as technically \u201csecure, but probably fragile in practice\u201d and \u201cpossibly too complex and too\u00a0<\/span><span id=\"ext-gen3857\" class=\"tx\">fragile for real world use.\u201d In other words, Wallen\u2019s system could work, technically speaking, but it\u2019s a\u00a0<\/span><span id=\"ext-gen3858\" class=\"tx\">ridiculous work-around.\u00a0<\/span><span class=\"tx\">{In case you\u2019re wondering the kinds of surveillance we are talking about avoiding, John Oliver dropped\u00a0<\/span><span id=\"ext-gen3863\" class=\"tx\">an excellent explanation of how NSA surveillance works on this week\u2019s episode of Last Week Tonight.}\u00a0<\/span>\n<\/div>\n<div class=\"crocodoc-page-autoscale\">\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/XEVlyP4_11M?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Photographer Curtis Wallen&#8217;s latest exhibit, &#8220;Proposition For An On Demand Clandestine\u00a0 Communication Network,&#8221; opened in a Brooklyn art-house Sunday. The work explored what it would\u00a0take for a normal person to<\/p>\n","protected":false},"author":42,"featured_media":4739,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[9],"tags":[426,218,43,886],"class_list":{"0":"post-4745","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tips","8":"tag-mobile-devices","9":"tag-mobile-security","10":"tag-privacy","11":"tag-private-data"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/the-convoluted-art-of-making-private-and-anonymous-phone-calls-2\/4745\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/mobile-devices\/","name":"mobile devices"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4745","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=4745"}],"version-history":[{"count":1,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4745\/revisions"}],"predecessor-version":[{"id":14978,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4745\/revisions\/14978"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/4739"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=4745"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=4745"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=4745"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}