Mumbai attacks and SIM cards

Factual Questions
1

I saw HBO’s “Terror in Mumbai” documentary about the 2008 Mumbai attacks and was struck by the audio tapes that they played of cell phone conversations between the terrorists and their handlers in Pakistan.

There were tapes of phone calls taking place early in the attacks, all the way up to the calls when the terrorists executed the Rabbi and his pregnant wife two days later.

I’m trying to figure out how the police have these phone calls recorded. A little Googling reveals that the phone calls were “intercepted by Mumbai police who had fed traceable SIM cards to known terrorist organizations.” This raises a few questions, many of which stem from my total lack of knowledge about SIM cards and how they work. Can anyone explain this to me?

  1. If you have the SIM card info (or a clone of the SIM card), you can eavesdrop on any cell phone conversation taking place with the original card? Is this in real time only?

  2. How the hell did the police figure out which of the presumably thousands of cards they sent out were being used in the attacks? Could they simply see all the cell convos taking place near the attacks? Surely, in Mumbai, there were tens of thousands of cell calls taking place near the attacks.

  3. Could the police have cut off these cell conversations as soon as they knew what was up? I would assume that they wanted to listen to gain clues about who was responsible, but surely after two days of bloodshed and the handlers practically goading the terrorists into killing, they should have pulled the plug if possible.

If you haven’t seen this documentary, I highly recommend it. It is one of the worst things I’ve ever seen but very powerful.

2

America’s NSA is reputed to be recording almost any traffic they can get their hands on. Just because much of India is still rural peasants, does not mean the government can’t get their hands on the latest technology and the smart people to run it. Consider how close they came to nuclear war not too long ago, and things like the Mumbai attacks are real on-going threats - is it any surprise they have set themselves up to do this?

So the question is - do they have intercepts, is it all satellite traffic, do the SIM cards automatically phone home, or what?

If the phone calls are via satellite, then it’s easy - point a dish at the satellite, read every conversation, filter out the ones tagged with that SIM card. There’s probably locations near the border that get a decent signal from whatever satellites Pakistan uses. Ditto if the calls are via those microwave relay towers - just point your dish at the tower. The logistics of covering every microwave chain in a hostile country are more interesting.

If it’s land lines - more interesting. Do they have some sort of tap on the Pakistani land lines? Fiber is kind of tricky to tap undetected (but it can be done). Odds are there are not a lot of copper lines, because large unattended copper items tend to disappear in less law-abiding areas. My bet is on mostly satellite traffic.

Of course, it’s also possible that the Indians have bribed or hacked their way into the Pakistani switches, and simply told the computer to copy them.

A SIM card is basically the personality of the phone. That’s what identifies a phone to the network, and determines what phone number it will use. Apparently Al Quaida misconceptions about SIM privacy and traceability helped the CIA track a number of operatives after 9/11. At very least, you can find which tower the phone is near to right now (if it is on) and likely, from historical records, what calls were made to and from it - and then follow up on the data about the callers.

Every conversation is s series of packets back and forth; these packets are tagged identified as belonging to that phone/SIM so it’s easy to pick out which conversations going by are insteresting with the right computer eavesdrop program.

The FBI or the FCC have mandated that all cellular system have the ability to allow wiretaps. In a country like Pakistan, using simialr technology and even more paranoid law enforcement, I’m sure this capability exists.
If what you are asking is - can then go back and find the calls and replay them - no. I seriously doubt it. But if they planted the SIMs, they were probably listening from the start.

3

So you’re saying that once the attacks started, the police probably looked at the cell phone traffic and were able to pull out the ones using the marked SIM cards? That makes sense.

Seems like they got extremely lucky with their planting of the SIM cards, though.

Would the police have been able to block these calls once they knew they were terrorists? I guess they never actually would, since the risk is too great that the terrorists would simply move to another (untraceable) cell phone, but can they jam a single phone if they know the SIM card info?

4

Absolutely. With the cooperation of the cell carrier it would be trivial, just like shutting off your service if you don’t pay your bill.

5

First, odds are the Indian police had the same problems as the CIA/NSA - way too much information, and not enough translators; and so much happening that the details got lost in the system. They probably did not appreciate what they had until too late. They they went back and pulled out the tapes.

I didn’t see the documentary, is there any indication that they were doing any monitoring in real time? By a few hours after the attack started, if they were on the ball, they knew what SIMs they were looking for and could eavesdrop in real time. They obviously would have no problem doing that in the Mumbai cellular system.

Then it’s a command decision - does it sound like they are getting on-going orders from outside, or coordinating tactics between groups? Maybe then you want to jam their signal, or try to mimic one end and mess up the operation. If all they are doing is venting to others in the group, maybe it’s best to stay low and see what you can learn.

Odds are the operations inside India are heavily infiltrated by the Indian security police (what are they called, “Tactical Tech Support”?) So when someone put out the word that they needed a pile of SIM cards for operations, someone else says “my cousin Rajiv can get them wholesale from a highly trustable source.”

6

Turning off a SIM is as simple as telling the system the SIm is no longer valid. That’s what happens when you don’t pay your bill.

IIRC, the phone when it registers with the nearest tower tells the system not only the SIM number but the phone serial number as well. SO if someone is trying to be clever by switching SIMs in the phone, it should not take snooping software long to discover that the same phone has a different SIM - and now the authorities have an extra pile of leads by tracking down what activity was done with those other SIMs.

The biggest problem in this situation is the amount of data generated. If Rajiv calls 50 or 100 other numbers, then you have to figure out which ones are friends or escort services, which are operatives for the group, and why he would call some random pay phone or something - wrong number or prearranged drop? For this sort of stuff to be fully investigated, you need a huge staff. To do it discreetly without someone saying “the police came by and asked questions” -even harder. You got to really be on someone’s radar to merit this much attention.

7

No, there was no indication that the Indian police were listening in real time. I just assumed that they wouldn’t have been able to record tens of thousands (hundreds of thousands?) of hours of cell phone conversations from all the SIM cards they must have planted.

That’s what’s most chilling in the documentary. The handlers in Pakistan are practically badgering the guys on the phone to kill more people and stop delaying. At one point, the gunman is marveling over, of all things, the size of the computer monitors at the Oberoi hotel. The guy on the phone tells him to shut up and start the fire already and why isn’t he using the grenades?

The worst (and what prompted this question) was the two guys holed up with the Jewish hostages (this was 36 or 48 hours after the attacks started). The gunmen called up their contact in Pakistan and asked what to do now. He deliberated with others (off phone) and came back and told them to execute the hostages and to leave the phone on so he could make sure they really did it. And even then, they delayed for another hour or so and had some lame excuses why they hadn’t done it yet.

Basically, the film left the impression that the gunmen really had to be cajoled and told every little thing to do and that without the guidance over the cell phone, things could have been less awful.

It seems an awful dilemma (if in fact there was one) – leave the phones on and discover intelligence about who is doing this, or cut them off and end up with no evidence but possibly fewer bodies.

8

In Pakistan, you need a an Order from a High Court Judge before you re permitted to wiretap commercial mobile phones.

And until two or three years ago, good luck getting one.