Burner Phones - rarely used properly - Compartments may be good enough
Lots of OPSEC Operational Security Guides and social media comments mention "Burner Phones"
e.g. https://riotmedicine.net/static/downloads/riot-medicine.pdf
"A burner phone is a very particular type of phone that must meet the following
criteria:"
Amended list:
- The phone must be purchased individually using cash Bulk purchases (defined as low as two phones at a time !) are often not allowed in e.g. supermarkets even though there are no explicit warning signs This attracts staff attention to an unusual purchase which they may well remember or retain a record of on CCTV
- The SIM card used for the burner phone must be purchased using cash
- The initial activation of the SIM card when it is first registered with the network is stored forever during its lifetime, including Location Data. Do not do this at home or work or at a secret meeting place even if you do not make or recieve any calls.
- The phone and SIM card must be purchased by a user with no other phones or traceable devices on their person at that time
- The phone and SIM card pair must only be used with each other
- The phone must never be taken to locations associated with the user unless it is both off and in a Faraday bag.
- The phone must never be used in the presence of non-burner phones or other devices that can be tracked back to the user.
- Any accounts on the phone must be made anonymously and only ever used with that phone.
- The phone must be used for exactly one action. Few spies, drug dealers or terrorists can afford to do this, unless the Burner Phone is literally for bomb activation or threats
- The phone must only ever contact other burner phones or unaffiliated parties (e.g., an office or opponent who is targeted by the action).
- The phone and SIM card must be destroyed after the action.
- No Apple iOS iCloud or Google drive backups should be enabled on a true burner phone, but may be important for a travel across borders phone.
- Location Services should be turned off on a Burner phone - use a disposable paper map printout
- Do not connect to Home or Work WiFi Access points - Disconnect then Forget any WiFi and Bluetooth you use, several blocks away from a meeting or protest etc. both coming and going
- Securely disposing of a SmartPhone and / or SIM Card is harder than you think, especially if you are under physical survvellance. Several terrorists have thrown their phones down drains etc. only to have them retrieved by the police and forensically examined. Other terrorists have taken the precaution of doing a factory reset and permanently locking their e.g. Apple iPhone (making sure there are no backups in iCloud etc.)
If any of these are violated by any parties involved in an action,
location tracking and network mapping can potentially identify the entire
group.
Also do not use your Burner Phone too soon:
https://twitter.com/spyblog/status/1274485338526924801
One of the Snowden documents, mentioned some of GCHQ's data filtering of billions of Mobile Phone Call DetailRecords
seraching for Burner Phone Closed Loops (suspicious). If the analysts' serach criteria are too strict, they may well miss some real Burner Phones which have called a few innocent numbers
as chaff or a disguise.
https://assets.documentcloud.org/documents/4390404/HIMR-Oct2011.pdf
Another one descibes some Contact Chaining
https://assets.documentcloud.org/documents/4390394/B17-TDB-Knowledge-Sharing.pdf
Obviously phoning a known to be monitored land line or mobile phone e.g. friends or family is lethal to a Burner Phone, but happen due to complaceny or ignorance.
N.B. a friend once "burned" an unused burner phone which they had on them, because their normal phone had run out of battery and it was necessary to call an ambulance in an emergency in the street. All 999 calls in UK are monitored recorded and location tracked, for good emergency services reasons. No credit or even a working SIM card is needed for 999 calls.
Encrypted SIM Cards
It is possible to purchase expensive (£1000 a year) Encrypted SIM cards which try to obscure your physical location somewhat and which try to foil IMSI Catchers e.g. via ia Omerta Digital, which connect to random cell towers rather than the strongest signal
Not broadcasting IMEI and IMSI does hide data, but also makes your phone stand out in data analyses, unless there are several such Encrypted SIMs in the same area. Similar to being the only Tor user on a network at a relevant time, this may be enough circumstantial evidence for a court.
https://omertadigital.com/blogs/news/encrypted-sim-card-how-they-defend-your-privacy
IDENTIFYING YOUR LOCATION (BOTH PRESENT & HISTORICAL)
Another privacy threat is being able to identify your location from cell tower data. With a standard SIM card, a number of markers are provided tying the phone to you & your location. Again we use a series of strategies to render this impossible & tactics used include:Your SIM card doesn't broadcast a IMSI number (this is your phone number)
Your IMEI number is not broadcast
We connect to a random cell tower, not the strongest signal, meaning you can't triangulate the position of the phone
There is no billing information to cross-reference
Our servers also encrypt any geolocation data residing in the call.
So besides protecting your call contents, we also protect your location, an important factor for many investigations.IDENTIFYING YOUR CREDENTIALS, PHONE USAGE & SOCIAL CIRCLES (NAME, ADDRESS, CALL HISTORY FROM RECORDS HELD BY NETWORK PROVIDERS)
Obviously the lack of records means no paper trail can be traced back to you from any calls however we provide a much more significant level of anonymity. Authorities can establish every device a SIM has been used in by merit of the IMSI number broadcast whilst an IMEI can be used to identify every SIM which has been used in a phone. Since our SIMs present neither number these risks are mitigated.