Cellular Phone Firms Fight High-Tech War With Pirates

Neither police investigators nor cellular phone officials know exactly how long Abner Pajounia and Davoud Yashoron operated the alleged dark side of their electronics shop on La Cienega Boulevard.

But Glendale police detectives--who arrested the owners of Master Mobile Sound on Friday and then, posing as salesmen, conducted a sting operation over the weekend--say the store was all too typical of those that have made cellular telephone fraud a high-tech crime of epic proportions.

Police and telephone company officials on Tuesday proudly displayed more than 100 illegal “clone” phones and the computer equipment needed to make them, and said that when the costs of the illegal calls are tabulated, it could turn out to be one of the biggest cellular phone fraud busts ever in Southern California.

But authorities face a daunting task in trying to eliminate a fraud problem that accounts for an estimated $300 million a year in illegal calls nationwide--and Los Angeles, the cellular phone capital of the country, is also the fraud capital.

Now law enforcement officials and cellular phone company technicians--desperate to protect a dynamic industry that has created tens of thousands of jobs and altered the lifestyles of millions of Americans--are redoubling their efforts.

AirTouch Cellular, one of the two big cellular carriers in Los Angeles, has dispatched more than 250 private detectives to scour Southland streets to identify cellular phone fraud. The industry is unleashing an array of powerful new electronic countermeasures that could take a big bite out of the problem--but also might alienate some customers and saddle companies with both financial and operational burdens.

LA Cellular, which is subject to far more fraud than rival AirTouch Cellular, has quietly introduced a code system that could eventually require all customers to electronically “unlock” their cellular phones with an eight-digit code before making calls, according to an internal memorandum obtained by The Times.

The company is also testing an electronic anti-fraud system called Operation Blackbird. Meanwhile, around the country, elaborate fraud detection schemes with names such as “Fraudbuster” and “Clone Detector” are being deployed.

“We have launched our own high-tech war back at criminals,” said Mike Houghton, a spokesman for the Cellular Telephone Industry Assn. “When this first started, we didn’t know how to fight back.”

Most cellular phone fraud involves “cloning,” a process in which a thief steals the electronic serial number of a customer’s cellular phone and programs it into a computer chip, thus making a perfect duplicate, or “clone” of that customer’s phone. While cloning has been going on for some time, it has grown rapidly and become much more sophisticated as the cellular phone industry has exploded.

With 1.2 million customers, LA Cellular and AirTouch operate in the nation’s largest cellular phone market, and while they won’t discuss losses from fraud, market analysts and industry insiders say they have been among the hardest hit companies in the nation.

According to David Gamson, a legislative aide to state Sen. Herschel Rosenthal (D-Los Angeles), author of a bill that raised the theft of cellular phone service to a felony crime beginning this year, about one out of every four cellular phone calls made from Los Angeles is made from a counterfeit phone.

In some poorer Los Angeles neighborhoods, phone counterfeiters offer unlimited long-distance phone calls to customers for about $75 a month, said Detective Richard Garcia, who is assigned to the sheriff’s Lomita station in southern Los Angeles County.

In another variation, phone bandits set up call-selling schemes in which they use two cloned phones patched together and link callers with anyone anywhere in the world for between $10 and $20 per call, said Chuck Ortmann, the resident agent in charge of the Riverside County office of the U.S. Secret Service, which recently busted an Ontario call-sell operation.

While these types of calls do not exactly represent lost business for the cellular carriers--customers in the fraud schemes generally would not be subscribers--the illegal calls soak up valuable capacity on cellular systems. In addition, they can be a major inconvenience for subscribers whose phones are cloned: While they don’t have to pay for clone calls, their numbers have to be changed, and straightening out the billing can be a major hassle.

“I first found out about being cloned when I received a bill for $7,000,” said Kenneth Hirsch, a West Hills dentist. “It looked like a United Nations: There were calls to Chicago, Ireland, South Africa, Russia, Lebanon and all over the U.S.

“When I first called LA Cellular, they told me the fraud department will contact me soon. The next month, an additional $2,000 showed up. . . . This was about four, five months ago. Since then they never got back to me, but they keep sending me the bills. I have called them four, five times.”

LA Cellular officials say they believe that the problem is serious enough that many customers will voluntarily adopt the company’s new Fraud Prevention Feature (FPF), which will require them to enter *56 plus 0 plus a four-digit personal identification number. And some resellers who asked not to be identified said they believe that the company plans eventually to make it a mandatory feature.

Jim Goode, in charge of fraud prevention for LA Cellular, acknowledged that the company plans to push the fraud-prevention feature aggressively, but denied that there are any plans to make it mandatory.

“Cell fraud is a complex problem, and FPF is just one of many tools we use to combat that fraud,” Goode said.

Some of the other tools are elaborate indeed. The Operation Blackbird technology precisely analyzes the radio signals emitted by each phone and uses the information to create an “electronic fingerprint,” which is then checked every time that phone is used. If a mismatch is detected, the call will not go through.

AirTouch has already implemented a similar system called Phoneprint.

Other countermeasures include systems that monitor and record customers’ phone-calling patterns and alert company officials when wide variations are found. A sudden series of calls to Latin America, for example, would trigger an alert if that subscriber had never called there before.

McCaw Cellular is experimenting with a voice-activated system that would require callers to match a voice print kept on record with the company before the phone could be turned on, said Jane O’Donaghue, a company spokeswoman.

And then there are the more conventional methods of thwarting cellular pirates, such as contacting the person who receives an illegal phone call.

“We are going to find out who you are by who you call,” Dave Daniels, head of security at AirTouch promised. “We have no qualms about subpoenaing someone’s mother, brother or sister into court. If they’re foolish enough to want to get friends, relatives and business associates hauled into court, so be it.”

Privately, some law enforcement officers complain that prosecutors have been reluctant to file felony charges even when strong cases are brought to them.

But prosecution is becoming more aggressive: In one of the largest cases to date, Rodney Phillips, 29, of Los Angeles, was recently convicted of possessing more than 20 altered phones and 200 phone numbers that AirTouch officials say were used to make more than $2 million in fraudulent phone calls. Phillips’ sentencing is scheduled for November, said U.S. Atty. Christopher Tayback.

Since last October, the Los Angeles County Sheriff’s Department, guided by information provided by AirTouch, has made 340 arrests for phone fraud, Daniels said. LA Cellular would not provide details of arrests made through its investigations.

Sheriff’s Detective Rich Garcia, hailed both by Daniels and his colleagues as a phone-clone hunter extraordinaire, said LA Cellular’s reluctance to share information with authorities may have made them a favorite target of phone bandits.

“They are the biggest victims in the cloned phones,” he said recently “Eighty percent of our cases are on LA Cellular. They have been more difficult to deal with and didn’t provide information in a timely manner.”

No matter what the companies and law enforcement agencies do, though, the bandits will be working on ways to continue plying their trade. Currently, the technical mainstay of cloning is a an electronic device--called an ESN reader--phone bandits use to send a false signal to trick cellular phones, which respond by identifying themselves with the internal serial number and the phone number.

Serial numbers are also sometimes stolen and sold by company employees. With this information, creating a clone phone is relatively easy.

“I found out about how to put two phones together that work on the same line at the cellular phone store I used to work at. . . . It’s pretty easy,” said one phone pirate who agreed to be interviewed on the condition that his name not be used. “Originally I did it for a couple of friends and then it got out of hand. People started coming over, and they had 30-day guarantees and you have to honor those,” he said.

When these phones are sold by the pirates, he explained, they come with a 30-day guarantee of service. If a phone is shut off before then, the buyer is given another number to use.

The pirate said a phone cloner can get into the business for $6,000 to $10,000. That includes the price of the computer gear needed to reprogram the phones and the fee paid to the technician who actually reprograms the chips.

A well-connected phone-clone salesman can sell 100 phones a week at about $100 per phone. He said the cloned phones are widespread and are used by people across the socioeconomic spectrum. Some businesses use the cloned phones because they are a lot cheaper than paying for a legitimate service, he claims. And many of the people who use these phones, he claims, don’t realize they are using a subscriber’s phone number.

“They just feel like they’re just screwing the phone company and who cares about them?”