Thomson's phone clone claims uncertain

Independent MP Craig Thomson's claims that calls to Sydney escort services made from his mobile phone were actually made using a clone of his phone seem unlikely, unless a telco insider was involved, according to a security analyst.

Craig Thomson speaking in parliament yesterday.
(Screenshot by Josh Taylor/ZDNet Australia)

A Fair Work Australia report released earlier this month named the former Labor MP as having allegedly misused Health Services Union (HSU) funds when he was the national secretary.

The report alleged that during Thomson's time as the HSU national secretary, he used a Telstra phone to call a Sydney escort agency known as Sydney Outcalls twice at 11.13pm on 7 April 2005, and at 12.05am on 8 April 2005. The report said that three payments on an HSU credit card, totalling $1670, were then made to the same escort agency between 7 and 8 April. This charge was subsequently reversed, and a payment of $2475 was charged to Thomson's Commonwealth Bank MasterCard on 9 April.

Thomson left the HSU in 2007, and was elected as the Labor member for the Central Coast seat of Dobell in the 2007 federal election.

Thomson yesterday spoke for close to an hour in parliament, explaining his side of the ongoing saga, and claiming that his identity had been stolen by HSU rivals out to frame him. He claimed that the HSU had his credit card and driver's licence details on record at the union, which could have been used by others, and said that he had been told by experts that the cloning of his phone was a possible explanation as to why the calls to the escort agency appear on his records.

But HackLabs director Chris Gatford has told ZDNet Australia that it would have been difficult for someone in the HSU to clone a SIM card.

"We pretty much finished up with analog phones back in 2000, so from that point on, GSM phones have been issued — phones with SIM cards. Trying to clone a SIM card, in the best of my experience, is very difficult," he said.

In order to clone Thomson's SIM card, a person would need to obtain Thomson's SIM and International Mobile Subscriber Identifier (IMEI) number, and get hold of the SIM's unique authentication key, in order to copy the SIM. Gatford said that the only way to clone the SIM would be to get physical access to the phone itself — and from there, it would have been much simpler to just make the calls on the stolen phone.

Gatford said that the only way he could see it being possible was if there was a "rogue insider telco employee" assisting the culprit.

"That's really the only way I see it technically being able to be done, because there's a lot of problems with cloning a SIM card, [as] it invalidates the [original]," he said.

Gatford said that an older algorithm used in SIM cards had been cracked once before, but it "was the old version, and we haven't run that for a very long time in Australia".

Call spoofing, where a call appears to be coming from a certain number, would be a simpler way of implicating Thomson, but Gatford said that this would not appear on the phone record itself.

Conversely, Pure Hacking CTO Tyler Miller — who declined to comment on this story when contacted by ZDNet Australia — told the Sydney Morning Herald that SIM cloning would be easy, and could be done through technology obtained on eBay.

Telstra declined to comment on the Fair Work Australia report, and had not responded to questions about network security at the time of writing.