Sections

Services

Information

UK United Kingdom

Phone cloning and Craig Thomson – how plausible are his claims?

How plausible is the claim, by independent MP Craig Thomson, that union rivals may have “cloned” his phone? On Monday, he told Parliament his phone could have been cloned as part of an elaborate conspiracy…

“Cloning” suggests more than one version of the same thing – but is that really what’s happening? Arty Smokes (deaf mute)

How plausible is the claim, by independent MP Craig Thomson, that union rivals may have “cloned” his phone? On Monday, he told Parliament his phone could have been cloned as part of an elaborate conspiracy to implicate him in the use of prostitutes.

Opinion seems divided as to how easy it is to clone a mobile phone. Some say it’s a straightforward matter, others that it’s the province of super-spies only.

Of course the easiest way to prove that it was straightforward would be to actually do it, but it’s not quite that simple.

Not all mobile phones are the same. The ease with which they can be cloned depends on a number of things: access to the phone, the type of network and the type of phone. It also depends on what is meant by “cloning”.

If we mean building an exact replica of the phone, that’s clearly a substantial challenge. But if it just means constructing a phone so that embarrassing calls made on the cloned phone appear on the bill of the other phone, that’s a quite different matter.

Let’s use the second definition.

When the calls in question were made in 2005, there were two main cellular network technologies operating in Australia - CDMA and GSM. The CDMA system was used mainly in rural areas and was shut down in 2008, whereas GSM was and still is, in use across the country.

By all accounts, cloning a CDMA handset is not difficult. It does, however, require a couple of things:

  • access to the phone in question
  • that either the PIN of the phone is known or is not set.

Assuming the person or persons carrying out the cloning had access to the phone then the next step is to obtain the phone’s Electronic Serial Number (ESN). In CDMA networks the ESN is used to link the phone to a particular account.

For popular models of handsets, the ESN is surprisingly easy to obtain from the phone itself. If the phone is not protected by a PIN, obtaining the ESN can be obtained with only a few keystrokes.

After obtaining the ESN, the next step is to purchase another phone and modify its ESN to be that of the original phone. Calls now made from the second phone will have the same ESN as the first phone and will appear on the bill of the first phone. So, if Mr Thomson’s handset was a CDMA one then his story is quite plausible.

If his phone was a GSM handset the story is much more complicated. How old the handset was becomes an important issue. Unlike CDMA systems, GSM phones use a Subscriber Identity Module (SIM) card to link a handset to an account.

Cloning a handset in the sense we’re using the term boils down to cloning the SIM card – and that’s not straightforward. The SIM card is protected by a secret key. But there are some weaknesses in one of the algorithms used in the handset known as COMP128.

There are two versions of COMP128. Version 1 has been compromised. Where the SIM card uses version 1, it is possible to purchase devices that clone the SIM card.

Whether they were available back in 2005 (the period in question in the Craig Thomson story) is a question I don’t have an answer to. But, provided the SIM card was using version 1 of COMP128, it is possible that a copy of the SIM card could be made and then placed in another phone and calls from that phone appeared on the bill for the other phone.

But there are other issues. Some phone companies do not allow SIM cards to be swapped from one phone to another. Each GSM handset has several identifiers apart from the phone number.

There is an identifier associated with the SIM card (the International Mobile Subscriber Identity or IMSI) which links the handset to the account, and an identifier associated with the handset itself (the International Mobile Equipment Identity or IMEI).

The IMEI is burnt into the handset at the time of manufacture. Both these identifiers are transmitted to the network when a call is made. Carriers that prevent SIM card swapping keep a record of the IMSI and its associated IMEI.

If the IMEI is different to what’s recorded, the SIM card has been swapped to another handset and the network will reject connection attempts. So we have yet another question: did Mr Thomson’s carrier prevent SIM card swapping?

Even if it did, that’s still not the end of the story. The carrier prevents SIM swapping by linking IMSI and IMEI. If the IMEI can be changed then the restriction on SIM card swapping could be avoided …

I think that’s probably a good place to stop. Maybe falsifying an IMEI is not super-spy territory, but we are getting there.

Whether or not it would be easy to clone Mr Thomson’s phone depends on many factors. Whether it was CDMA or GSM, whether or not it was a well-known brand; if it was GSM, how old it was; whether the carrier prevented SIM swapping; how much access the person or persons allegedly doing the cloning had to the phone – and so it continues.

In a nutshell, unless more information is forthcoming, it’s difficult to assess how plausible Mr Thomson’s claims are.

Join the conversation

47 Comments sorted by

  1. Sean Lamb

    Science Denier

    Craig Thomson's ability to defend himself is limited by the fact that no one will take him to court over the matter. Until someone does so he has no way of testing the documentation or using discovery processes to find exculpatory evidence.

    Until the HSU or Fair Work Australia or the police either take him to court or lay charges against him, this story is going nowhere. I have never headed a major union but I imagine that if came across such evidence I would first send a please explain to the person responsible, a request for payment and if that was not forthcoming either refer the matter immediately to police or commence civil proceedings to recover the money.

    Anyway its high time the HSU and Fair Work Australia either put up or shut up.

    report
    1. David Boxall

      logged in via Facebook

      In reply to Sean Lamb

      Ever since I saw Craig Thomson on TV, giving his statement to parliament, something's been bothering me and I think I've worked it out. Craig bears a look, very much like that I've seen on victims of workplace psychopaths.
      The achievements of a workplace psychopath can seem almost supernatural, but they spring (in my observations) from relentless and remorseless exploitation of every opportunity to pursue their goal and a remarkable talent of identifying such opportunities.
      Unfortunately, I've never known a workplace psychopath to fail. For a victim, the only option is to flee. I've never known the organisation involved to benefit.
      If Craig was a victim, then he fled one psychopath, only to find another at his new place of work.
      Is he guilty? I don't know.
      Has he had a fair go? I think not.

      report
    2. Sean Lamb

      Science Denier

      In reply to David Boxall

      I also listened to Craig Thomson and found myself simultaneously believing him and kicking myself for being so gullible to do so.

      When people start to cheat and steal they have to keep lying and keep falsifying or admit their guilt. That means you can start with a small lie and then find yourself in a position that you need to keep building on it and sucking more and more people into it.

      So this is the scenario I would construct.
      Jeff Jackson is caught out using union credit cards for prostitutes…

      Read more
    3. Dianna Arthur

      Environmentalist

      In reply to David Boxall

      Sean Lamb

      I had similar gut responses to watching Craig Thomson.

      I am not going to discuss personal details, but I found myself the victim of workplace bullying - the lies that were told, claims made, people I thought were trustworthy, the way something innocent can be completely distorted. I reached a point where I (an avowed atheist) began to believe that I had some kind of hex placed on me - even I could not believe what was happening to me. Thankful I was not a public figure.

      I do not…

      Read more
    4. Dianna Arthur

      Environmentalist

      In reply to David Boxall

      Very familiar. I own a copy of John Clarke's "Working with Monsters" along with an array of similar books - trying to understand. One thing the authors have in common is the advice to get the f*ck out if you find yourself in such a situation.

      As for Craig Thomson, we simply don't know. But here's a thought, the HSU clearly has major corruption problems; from what I can deduce from what little has been released by the media's grabs from the Fair Work report there is reason to suspect that more…

      Read more
    5. David Boxall

      logged in via Facebook

      In reply to Dianna Arthur

      Dianna Art: "One thing the authors have in common is the advice to get the f*ck out if you find yourself in such a situation."
      That's the only tactic I've known to work. Unfortunately, it leaves the psychopath in the organisation. I've never known that to be anything but bad for the organisation. The current state of the HSU is consistent with that.
      I've never known workplace psychopaths to cooperate. It only takes one. One will attract toadies like flies to sh!t. Bureaucracies seem to thrive on it, but it's toxic.
      Dianna Art: "Will we ever know for sure?"
      From experience, probably not.
      In one case with which I'm familiar, the victim was targeted for around 15 years. He was completely unaware; just wondered why his career couldn't get traction, no matter how hard he tried. Eventually, someone pointed out that he was being undermined (and he was not alone). Nothing personal in it; the victims were just means' to the psychopath's ends.
      He took early retirement.

      report
  2. Michael Cordover

    logged in via Twitter

    "Carriers that prevent SIM card swapping keep a record of the IMSI and its associated IMEI."

    I'm not aware of any Australian carrier using this for SIM card locking. While the technology certainly exists, the idea that CT's mobile was protected by it is quite remote.

    Back in '05 SIM cloning was definitely possible. Whether there were off-the-shelf devices available for the purpose I'm not sure, but I recall distinctly that the technology existed in the literature.

    report
  3. Jack Arnold

    Polymath

    Thank you Phillip for this lucid technical explanation.

    However, the problem is legal or social or political rather than technical.

    1. Many of the allegations against the accused involve matters that are now beyond the Statute of Limitations.

    2. No charges have been laid against the accused, and so the right of silence remains the most appropriate defence.

    3. In general, journalists prefer an easy story rather than time consuming in depth research & reporting. So regurgitating Liberal…

    Read more
    1. John Phillip
      John Phillip is a Friend of The Conversation.

      Grumpy Old Man

      In reply to Jack Arnold

      Jack, it would have been nice to hear an explanation (Yea, I know - 'Please Explain'.) from Mr Thomson about the half a million dollars of misappropriated funds that this issue is really about. At no point did he offer one. At no point did he state that he has never used union funds to procure the services of prostitutes. At no point did he apologize to the rank and file members of the HSU whose fees were ripped off. The only thing Craig Thomson did was to point the finger of blame at anyone other…

      Read more
    2. Marilyn Shepherd

      pensioner

      In reply to John Phillip

      He is not accused of stealing or misappropriating $500,000, that is a figment of feeble media minds.

      It's a nice big number isn't it? Sounds good, not like the $5900 that is the actual only contested spending.

      Fair dinkum why do the media in this country even exist when all they do is babble the same bullshit endlessly.

      Kathy Jackson is in bed with Michael Lawler of FWA who was appointed by Tony Abbott to the IRC in 2002 because he was a great union buster.

      If you want some facts instead…

      Read more
    3. John Phillip
      John Phillip is a Friend of The Conversation.

      Grumpy Old Man

      In reply to Marilyn Shepherd

      Marilyn, the point remains that the guy did not answer the questions that have been asked of him. He spent the best part of an hour doing everything but that. Surely if a person is given the opportunity of responding to questions about their behaviour as Thomson was, AND can do so with the shield of parliamentary privilege to protect them, they can be expected to mount some sort of relevant response. All Thomson did was attempting to obfuscate and avoid the matter. If I or anyone else in my profession had these allegations raised against us, we would be immediately suspended until an investigation was completed and charges either laid or dropped. Until Gillard's reaction last week, no sanction was levelled against the member for Dobel.

      report
    4. Gil Hardwick

      anthropologist, historian, novelist, editor and publisher at eBooks West

      In reply to Marilyn Shepherd

      Here again, Marilyn, isn't the real issue that the public remain appalled by all this carry-on? Yes, I grant that the media pack with their wannabe paparazzi are partly at fault in this sordid business, and I do grant that Craig Thomson may well have been set up, that's what happens when you get too close to union bosses and their perpetual infighting. It happens to a LOT of people, and a good reason to opt out of union membership altogether, or at least in good conscience see that your subs go to…

      Read more
    5. Gil Hardwick

      anthropologist, historian, novelist, editor and publisher at eBooks West

      In reply to Jack Arnold

      Jack, you have already been caught out making unwarranted assertions of Liberal Party membership here that were patently untrue, and here again all we get is some sort of ranting innuendo that we are all some sorts of closet Liberals and secret admirers of Fascism. You also, like the rest of the trolls here, choose to log in through an uncheckable generic Hotmail address. I mean, who are you trying to kid?

      Your patent refusal to grant that we are intelligent, reasonable and thoughtful people rightly…

      Read more
    6. Marilyn Shepherd

      pensioner

      In reply to John Phillip

      He does not have to answer to anyone though. And you idiot they are allegations from 7 years ago, before he was even in parliament.

      And if you want to go down the allegations = quitting or admitting gullt and going away good luck with that because at least 6 liberal MP's are currently being sued in civil court or have serious claims made against them .

      Including Tony Abbott for defamation.

      Which is why the notion that innocent until proven guilty is paramount.

      report
    7. Jack Arnold

      Polymath

      In reply to Gil Hardwick

      Oh dear ... a personal attack on myself by a self-confessed card carrying member of the Notional Party; the party you have to celebrate a 19th century future.

      In my own defence:

      1. when has it been a crime to use a free Internet service;

      2. I have sufficient academic paper to contribute to any academic site;

      3. we sacked the Notional Party representatives in Northern Tablelands & New England because they did nothing for the community;

      4. an educated person could reasonably describe…

      Read more
    8. John Phillip
      John Phillip is a Friend of The Conversation.

      Grumpy Old Man

      In reply to Marilyn Shepherd

      No Marylin, I dont think I am an idiot for wanting my representatives to be accountable for their actions and subject to the same level of discipline that I am. If you are happy to turn a blind eye to corruption because of your political bias that says more about your own poor moral standards than mine. So back off the insults, pull your head out of the sand and be honest with yourself.

      report
    9. David Boxall

      logged in via Facebook

      In reply to John Phillip

      Andy, the difference between you and an elected representative is that nobody is relying on you to represent them. To remove a representative from parliament is to disenfranchise an electorate.

      The constitution and parliamentary practice make it difficult to do, for good reasons.

      report
    10. Jack Arnold

      Polymath

      In reply to John Phillip

      Of course I am an "unbiased respondent". When has telling the truth about the Notional Party made a person biased??

      Any "unbiased respondent" would reasonably:

      1. be dismayed by the bullying woman-hating outbursts from the present Opposition Leader without a caucus majority;

      2. wonder when the Liberal Party will elect a true leader & discuss alternative policies to take Australia forward into the 21st century.

      report
    11. Richard Dobson

      logged in via Facebook

      In reply to David Boxall

      Yes, we don't want to "disenfranchise and electorate, hey David?

      Especially because there are no such things as bye-elections in the constitution...

      oh wait...

      report
  4. Ron Chinchen
    Ron Chinchen is a Friend of The Conversation.

    Retired (ex Probation and Parole Officer)

    Difficult to identify with Thomson's situation in certain respects but despite the apparentl fancifulness of his claims, I will reserve judgement given personal experience in union issues. Having held a fairly prominent public service union role myself, I am very familiar with the 'dirty tricks' played at that level though but usually from management of departments, rather than your supposed colleagues.

    My sitaution was somewhat different given that most of our union interests were addressed…

    Read more
    1. Marilyn Shepherd

      pensioner

      In reply to Ron Chinchen

      They said Lindy Chamberlain looked guilty too.

      report
  5. Jack Arnold

    Polymath

    Thank you for your considered comment Andy.

    If there is sufficient evidence within the period of the Statute of Limitations then suitable charges should be laid by a person of standing and the matter aired in a properly constituted court. Trial of anybody by media & innuendo in a kangaroo court is totally unacceptable, especially when the majority owner of Australian media is himself under examination by a UK Parliamentary Committee for inappropriate business conduct.

    Bullies rarely make suitable leaders & the world has experienced Fascist bullies in the past with little relish.

    report
  6. Chris O'Neill

    Retired Way Before 70

    Craig Thomson made the point:

    "Drug dealer A, while sitting in a coffee shop, makes the call to B and the call is lawfully intercepted. However, when the police ask the mobile carrier to provide a record the record shows the call did not emanate from phone A but from another phone—phone C."

    I could do this very easily with SMS messages using my previous mobile phone service provider (Exetel). Using the website, I could send SMS messages with any Australian calling number I wanted. Is it much more difficult to do the same sort of thing with a phone call instead of SMS?

    report
    1. Jack Arnold

      Polymath

      In reply to Chris O'Neill

      Thank you Chris.

      Did you notice the very, very brief coverage of the Thomson speech in the Murdoch media?

      report
    2. Chris O'Neill

      Retired Way Before 70

      In reply to Jack Arnold

      "in the Murdoch media?"

      Or any media. The ABC had zero interest in the detail.

      report
  7. Greg Boyles

    Lanscaper and former medical scientist

    Is it just me or does that Marco Bolano, that Craig accused of setting him up, look like a REAL snake who is entirely capable of doing what Craig is accusing him of?

    report
    1. Richard Dobson

      logged in via Facebook

      In reply to Greg Boyles

      Who is voting these sort of comments as "constructive" ffs? Who are the 4 (5 before I downvoted it) people who think its a constructive comment to say that a person (Marco Bolona) "look like a REAL snake"?

      "LOOKS" ?? "LIKE A SNAKE" ???

      In what way is this comment constructive?

      report
  8. Karl Schaffarczyk

    Law Honours Candidate at University of Canberra

    Thanks for this clear discussion on the technicalities of phone cloning.

    I feel that it's important to raise some simpler possibilities:

    1) The phones don't need to be cloned: working with a person on the inside of the mobile carrier (eg a worker at a mobile activation centre) the SIM card could be temporarily replaced with a new SIM, calls made, and then the IMSI loaded in the system reverted to the original, restoring the original SIM.
    These transactions could potentially occur at a mobile…

    Read more
  9. Russell T

    IT Consultant

    I am fairly sure that I have used my SIM on multiple phones with the same provider(Telstra) over a period with multiple phone. IE I have previously bought a prepaid and inserted my existing SIM in and the Bills kept coming. To me this implies that if someone had access to your phone and took out the SIM and inserted in a similar model which was with the same provider. Made a few calls and then put it back no-one would be the wiser.

    Secondly having regularly received bills from most of the major…

    Read more
    1. Robert Barnett

      logged in via Twitter

      In reply to Russell T

      I agree that swapping out the SIM with a new number and redirecting original calls would be very easy to do. I actually did this when I had a faulty SIM card.

      report
  10. Matt Davis

    Engineer

    You must trying to wind people up by defending Thomson...
    But lets say you are serious. The reason that he hasn't been charged by the police is because embezzlement from a union (unlike a company or individual) must be prosecuted by Fair Work Aust, as a Civil matter. Fair Work - say no more.
    Whether he used the funds for prostitutes ($5,900) or for his personal election campaign expenses (+$200,000), it is still simply theft of union funds. I am sure that the nurses and orderlies whose union…

    Read more
    1. Chris O'Neill

      Retired Way Before 70

      In reply to Matt Davis

      "embezzlement from a union (unlike a company or individual) must be prosecuted by Fair Work Aust, as a Civil matter"

      What a bizarre statute law. What government was responsible for that?

      report
    2. David Boxall

      logged in via Facebook

      In reply to Matt Davis

      Matt Davis: "You must trying to wind people up by defending Thomson ...".
      Not everyone is as certain of the guilt of Craig Thomson as you appear to be. That's why we have a judicial system. Is it healthy to judge someone before they've had their day in court?

      report
  11. Richard Dobson

    logged in via Facebook

    Craig Thomson wasn't set up, that's a fanciful proposition. We all know what happened: he used his union credit card to pay for prostitutes, period. THAT'S what the FWA investigation found, THAT'S what the NSW police investigation found, THAT IS what happened, end of story, no denying it.

    In light of the findings of these investigations by the relevant Government Authorities, Thomson ought to resign. The dignity of parliament demands it. Any assertion to the contrary is partisan nonsense, and don't you biased Labor supporters DARE down vote this comment.

    report
    1. David Boxall

      logged in via Facebook

      In reply to Richard Dobson

      This is probably a troll, but I'll bite.
      Richard Dobson: "Craig Thomson wasn't set up ..."
      He says he was. What evidence do you have to support what, without evidence, would be a potentially libellous assertion?
      Richard Dobson: "We all know what happened: ..."
      I don't. To be so positive would be unhealthy, unless you were in a position to observe all that went on. So just what were you doing in those brothels?
      There are other explanations for Craig Thomsons predicament, for example: https://theconversation.edu.au/phone-cloning-and-craig-thomson-how-plausible-are-his-claims-7247#comment_41123

      Read more
    2. Richard Dobson

      logged in via Facebook

      In reply to David Boxall

      You think you're so tricky, David, and that if you can just sow enough doubt into people's mind then we'll have to say "oh well, I guess we'll never find out, never mind, doesn't matter".

      But the fact is, Thomson was found to have used union credit cards to pay for prostitutes. He was found to have done so not just by the official Federal Government authority who investigated him (FWA), but also by the NSW Police investigation as well.

      That Thomson used union credit cards to pay for prostitutes…

      Read more
    3. David Boxall

      logged in via Facebook

      In reply to Richard Dobson

      Richard Dobson: "...Thomson was found ..."
      Investigations provide evidence. Courts determine what is proven. Craig Thomson has not yet had his day in court. There have therefore been no findings of substance.
      Even members who have been convicted of a criminal offence can, under certain circumstances, remain in parliament. Much as you and Tony Abbott might like it to be otherwise, there is no basis in law or parliamentary practice for Craig Thomson to resign.
      Richard Dobson: "... everything I have said is reasonable ...".
      'Tis the reason of the lynch mob.

      report
    4. Chris O'Neill

      Retired Way Before 70

      In reply to Chris O'Neill

      Looks like some people prefer bare-faced assertions to photographs of evidence.

      Also, this Craig Thomson of Bateau Bay in 2005 managed to have a drivers licence that was issued in, correct me if I'm wrong, 2009. He must have had a time machine.

      report
    5. Richard Dobson

      logged in via Facebook

      In reply to Chris O'Neill

      I've got no idea what you're talking about, but the fact is that both FWA (after a 3 year-long thorough investigation mind you) and the NSW Police FOUND, yes FOUND that Thomson had used his union credit card to pay for prostitutes.

      If there was solid evidence to contradict these FINDINGS, it would have come to light over the course of the 3 year FWA investigation. I'm pretty sure that over the course of the 3 year investigation FWA turned over every stone and rock, and ultimately concluded that…

      Read more
    6. Richard Dobson

      logged in via Facebook

      In reply to David Boxall

      @David Boxall T
      Investigation: 1) The action of investigating something or someone; formal or systematic examination or research.
      2) A formal inquiry or systematic study.
      Both FWA and the NSW police investigated Thomson and found, FOUND, that he had used his union credit card to pay for prostitutes.

      As prostitution is not illegal in NSW, no crime had technically been committed, which means that no presumption of innocence applies. The findings of the two separate, independent…

      Read more
    7. David Boxall

      logged in via Facebook

      In reply to Richard Dobson

      Richard Dobson: "... Thomson must resign for MORAL reasons ..."
      I'd say it's immoral to demand Craig Thomson's resignation. He hasn't been found guilty of anything. Even if he was, he may be entitled to remain in parliament. Those are the rules, much as you and Tony Abbott might wish otherwise.
      That said, I'd advise Craig to get out for the sake of his own health. I've no doubt that Abbott would like to hound him to an early grave, in the hope that his replacement will be more sympathetic to Abbott's cause.
      Richard Dobson: "I'm not a lynch mob ...".
      Can an individual be a mob? You certainly give the distinct impression that you're part of the lynch mob that Tony Abbott has been whipping into a crazed frenzy.

      report
    8. Chris O'Neill

      Retired Way Before 70

      In reply to Chris O'Neill

      http://4.bp.blogspot.com/-Mw6E2zlroZs/Tkt4lJtDa-I/AAAAAAAAC8c/Gykr__qn-as/s1600/2ue+Craig_Thompson+%25281%2529.jpg

      Another very, very curious thing about this image is that the HSU credit card imprint has the name

      "THOMPSON" on it.

      Craig Thomson doesn't have quite the same surname. Is the HSU always this sloppy with the names it gets on its credit cards? There also isn't much point in businesses asking for ID if they're not going to check that the name is right.

      The HSU is legally entitled to ask for its money back and the police are entitled to pursue a Mr Craig Thomson who fraudulently used the credit card of a Mr Craig Thompson.

      report
    9. David Boxall

      logged in via Facebook

      In reply to Richard Dobson

      Richard Dobson: "Both FWA and the NSW police investigated Thomson and found, FOUND, ..."
      The FWA evidence is questionable. If memory serves, the NSW police investigation produced no findings.
      Richard Dobson: "... the community has a collective right to uphold elected representatives to a standard. Why on Earth would you disagree with this?"
      You appear to have difficulty seeing the difference between evidence and proof. How confusing that must be for you.
      While there may be evidence of wrongdoing…

      Read more