A lot of sites have pointed out the New York Times article by that says that al Qaeda operatives have been tracked because they used the same SIM cards repeatedly. I don’t feel that the New York Times or any of the other accounts explain the story clearly and consisely enough for most readers to follow, so I’ll take my shot at it.
SIM cards are small chip-like devices that allow a GSM-based mobile phone to operate by associating the phone with a phone number, network, and billing information. Until recently, Swiss law allowed people to buy pay-as-you-go SIM cards from mobile phone carriers without having to disclose their identities. This made companies like Swisscom the preferred mobile phone carriers to all sorts of organizations that want to be difficult to track down.
Anyone who knows how GSM mobile phones work knows that it’s the SIM card that identifies the phone to the network. So, if I take my SIM card from one phone and place it in another, the second phone is in many ways indistinguishable from the first one that I was using.
Apparently, senior members of al Qaeda didn’t realize this, and thought that moving SIM cards from phone to phone provided them with security through obscurity. Regular readers of Operation Gadget should know by now that there is no such thing as security through obscurity, particularly if international law enforcement decides to mount a major investigation. The investigation of al Qaeda, reportedly code-named Mont Blanc, wound up recently. It’s probably becoming public now because of changes in Swiss law that require customer identification before a SIM card can be purchased.
The New York Times says that unstealthy use of SIM cards was one factor leading to the apprehension in Pakistan of Khalid Shaikh Mohammed, a man suspected of masterminding the destruction of the World Trade Center. Mohammed’s arrest took place about a year ago.
If these guys were smart enough to get terrorists into the United States, hijack four jumbo jets, and crash three of them into two U.S. landmarks, wouldn’t you think they would have someone on staff who knew how mobile phones operated?