With all the hubbub about the NSA and all the metadata collection they’ve been doing with cell phones, now seems a good time to discuss pre-pay phones (AKA burner phones) and what they can and cannot do for you.
First of all, pre-pay phones are cheep! How cheep? Well the AT&T Go Phone Samsung SGH-a157 is $15 at Wal-Mart. Combine that with another $15 calling card and you have yourself an anonymous cell phone perfect for clandestine dealings at a price that makes it easy to get rid of when your done.
They’re also very easy to set up, just buy it, activated it and add some time and you’re ready to roll. You can set up most pre-pay phones without having to deal with anyone in person. In fact an AT&T Go Phone can be set up without registering any name at all, while others require you navigate to their website to register. Either way you can use a fake name and location if you need to create an online account to manage the pre-pay. Just be sure use Tor or an anonymous VPN if you want to keep your IP address out of the company’s logs.
Having a phone on a different network than your primary cell phone can also be useful in case of emergency, if your primary network goes down for some reason maybe your pre-pay will still work, allowing you to contact your loved ones in the event of a disaster.
By using a cellphone that is not registered to your person, you essentially gain quite a bit of freedom. The number you have will not be associated with you in any way, and if you pay for your phone and cards in cash then you’re even better off.
However if you’re calling people you personally know, the call history could potentially be linked back to you. Also, cameras abound! If you’re doing something super shady “they” can always go back and look at the security camera footage of you buying the phone, use the footage to follow you to your car and then track your car via license plate or if it’s not your car, just follow you with streetlight cameras.
Also, anonymous does not mean untraceable. As long as the battery is in the phone it can be located. Either through cell tower triangulation or GPS. The fact of the matter is if you’re doing things you don’t want the NSA to know about then steal someone’s phone and use it once, then toss it. Recently an article was released discussing how the use of Tor or encrypted email can actually increase scrutiny by the NSA, I wouldn’t be surprised if pre-pay phone data also gets more scrutiny.
Despite the benefits of pre-pay phones, they are definitely not hassle free. Probably the biggest issue is maintaining the phone’s active state. If a phone’s time expires (and your time cards will expire whether you use the time or not) you have a limited amount of time to add more time to your phone (maybe 60 days). If you don’t, then your SIM card is deactivated and you’ll have to get a new one or go to a store to reactivate it. So if you’re looking for an emergency phone to keep in a go bag you will still have to keep up on the time card usage to ensure its ready when you need it.
If you’re like me and just like to keep your Red Team equipment separate from personal equipment, then having a pre-pay phone handy in your gear is really nice for social engineering phone calls and keeping in contact with the rest of your team. This is especially true because you can set the zip code of the phone when you activate it so that you can get a local or non-local number to the target depending on your needs. There are a lot of cheep phones to chose from so you can pick one with the features that you need for your engagement, for example a camera, GPS for mapping, voice recording capabilities for bugging a meeting or Wi-Fi for snooping around.
If you can’t tell I’m a fan of the AT&T Go Phones, they have a nice plan that costs $2/day that you use the phone with unlimited voice and messaging for that day which works out well for me as on a day that I use the phone, I use it a lot. There are a lot of other options as well. You can always get a modern phone and use pre-pay personally. In the long run it’s a ton cheaper then a classic subscription. Places like T-Mobile, Boost and Verizon are all starting to release the latest phones without contract, which can save you a ton of money.
So you’ve performed your tasks and are done with your phone, now what? If you used it for something personal or a legal Red Team engagement, consider donating it to an organization like HopeLine or National Coalition for Against Domestic Violence where they refurbish and sell phones to benefit battered women. Or you can donate them to Cellphones for Soldiers. Just be sure to delete anything off of the phone first (keeping in mind that the data is recoverable) and destroy your SIM Card.
If your use of the phone was for something you wouldn’t want your mom to know about, then toss the phone. Take out the battery and SIM, Break the SIM and toss the phone. Take the battery to a place like Best Buy for their battery recycling so at least that doesn’t wind up in a landfill.
As a side note, if you’re just looking for a different number you can use for personal use like a Craigslist listing or some new guy/girl you just met but they could be a creeper, try out Google Voice. You can give someone your Google Voice number and if things go south just drop the number, problem solved. If you don’t need physical separation of hardware then something like Google Voice is a great way to go. However if you plan on switching this number a lot it could get pricy. Some other options for this could be the Apps available for smartphones including Burner or Hushed, but that can get pricy too as you have to purchase each new number and pay a maintenance fee for keeping it.
You can always use a pay phone too, if you can find one and have change.