The Blind Israeli Arab Hackers – 4Law Cover Story
Israeli National Anti Fraud Unit - Raid in Kfar Kassem House in 14/6/99 after 3 years of tapping the Badir`s , Munther "Ramy" Badir During The Israeli Police Raid concern The Hacking Case.(Photo: Israeli Police Intelligence Lab – Special to 4law)
For the first time at all – The Blind Israeli Arab Hackers told the real story to WIRED Magazine in his February 2004 Issue – to be published on 1/2/04.
In this story they confirmed first also – Hacking into the Israeli State
Attorney `s Computer System include the Communication Lines of the Prosecutor in the Case – Today the Israeli Honorable Judge Doron Porat , as well as The Transportation Ministry Computer System - Changing the car ID of the Police – High Rank Officer Chief Superintendent David Osmo . The officer of the Badir`s – The Blind Hackers Case. 4Law brings here for the first time photo of the raid in the Blind Hackers Case – Near the safe with money we see one of the Blind Israeli Arab Hackers as a cop is inspecting the hidden safe, in the day of operation by the Israeli National Anti Fraud Unit. After the article Slides from the Interpol Cyber Crime Conference on the Badir`s case, in Korea , in 2002. The Badir`s did not cooperate with the Police Investigators.
convicted in spite of their silence. The case of hacking into the Justice &
Transportation systems could not be proved by the police till today…Doron Porat – Former Deputy of
The Central District Attorney in
WIRED MAGAZINE Investigation - 4Law founders assisted the WIRED staff concern
this report in
Issue 12.02 - February 2004
Three Blind Phreaks
How the phone-phreaking Badir brothers ran
By Michael Kaplan
Inside the chintz-filled living room of the Badir family's neat and modest home, a feast of freshly roasted chicken, saffron rice, and seasoned vegetable stew perfumes the air. Friends and relatives pour through the front door to congratulate 27-year-old Munther "Ramy" Badir. He's just been released from prison after serving 47 months for computer-related crimes. Outside, Islamic prayers resonate from speakers on a truck moving slowly down the dusty streets of Kafr Kassem. Everyone in this Israeli village - populated mostly by Arabs - appears ecstatic to have Ramy back.
But he does not see their smiles. Ramy, along with two of his three brothers, has been blind since birth due to a genetic defect. He and his sightless brothers have devoted their lives to proving they can out-think, out-program, and out-hack anyone with vision. (Their sighted brother, Ashraf, is a baker with no tech leanings.) They've been remarkably successful. Ramy says dryly, "A computer that is safe and protected is a computer stacked in a warehouse and unplugged."
Israeli authorities agree. The 44
charges leveled against Ramy, Muzher,
and Shadde Badir in 1999
included telecommunications fraud, theft of computer data, and impersonation of
a police officer. The brothers' six-year spree of hacking into phone systems
and hijacking telephone time ended when they were convicted of stealing credit
card numbers and breaking into the Israeli army radio station's telephone
system to set up an illicit phone company. Unwitting customers - mostly
Palestinians on the
Ramy, the leader and most technologically savvy of the brothers, was the only one sentenced to prison. Muzher, 28, was ordered to perform community service for six months; Shadde, 22, received a suspended sentence - not because he was innocent, the judge made clear, but because of his age.
Those targeted by the Badirs feel less charitable. Yekutiel
"Kuty" Lavi, a
security specialist at Bezeq International,
The Badirs pulled off Mamet-worthy phone cons, employing cell phones, Braille-display computers, ace code-writing skills, and an uncanny ability to impersonate anyone from corporate suits to sex-starved females. On the phone, the brothers morph into verbal 007s, intimidating men, seducing women, and wheedling classified information from steely-voiced security personnel. The phone phreakers' term for this is social engineering: using a combination of brains and guile to obtain codes for trespassing into systems to rejigger them via strings of touch-tone code. Combine this talent with supersensitive hearing - the brothers can dissect an international connection the way wine expert Robert Parker pulls notes from a glass of Bordeaux - and you have what BernieS, a legendary phreaker and contributor to the hacking journal 2600, calls "a formidable skill set."
At one point during my visit with the Badirs, I pull out my cell phone and make a call. Before it even connects, Shadde, who is sitting across the room, recites all 12 digits perfectly.
Ramy smiles at the parlor trick. "It used to be disgusting to be blind," he says. "Today, you scare people. You possess skills that those with sight cannot possibly understand."
Two hours into an afternoon-long interview with the Hebrew-speaking Badirs, my translator's lips lock. He shrugs and tells me that the Badirs have shifted into a secret code. Ramy later explains that as kids he and Muzher developed their own language - reordering letters in mathematically complex ways - after they discovered that other boys were snooping on their conversations. "People said that God cursed our mother by giving her three blind sons," recalls Ramy. "Children beat us on the backs of our legs. Those abuses left scars on our hearts. But they also forced us to grow stronger."
The young Badirs
closed ranks and vowed that their blindness would never be an impediment. They
taught themselves to take apart telephones, to mimic voices and verbal tics,
and to get around Tel Aviv without canes or guide dogs. They became obsessed
with technology and telephones. After encountering their first computer, in
1989, at Tel Aviv's Center for the Blind, Ramy and Muzher became enchanted with the IBM clones. They hung
But Ramy was too ambitious to stop there. "I taught myself to program in all the languages: C, C++, Basic, Java, HTML, PHP, CGI. I built my own black boxes, blue boxes, and red boxes," which, respectively, circumvent billing, generate tones to place free calls, and simulate pulses triggered by money dropped into a pay phone. "I used those boxes to get into and decode phone systems."
In 1993, Bezeq technicians caught the Badirs snagging telephone time for their own use. Things quickly escalated when the brothers obtained the codes to break into PBXs - private branch exchanges - belonging to Bezeq and to the Israeli headquarters of Comverse, Intel, Nortel, and others. PBXs are the computerized nerve centers that operate phone systems; they are designed to be repaired, updated, and altered remotely by technicians using touch-tone codes.
"The Badirs regularly called Bezeq, pretending to be engineers in the field," recalls Eyal Raz, who worked in the telco's international antifraud unit from 1994 to 1999. "They called secretaries and said,
'I need to get in to do a repair. You need to give me the number and password.' Sometimes they succeeded, or else they'd get only the number and try to break the password by using proprietary programs." At other times, a secretary would simply key in the code, providing what seemed like onetime access but actually enabling the brothers to hear touch tones and translate them into numbers they could then use whenever they pleased.
The three used their access to devise
an elaborate moneymaking scheme. According to Raz,
during the mid-1990s the brothers made a deal with a phone sex outfit based in
At the time there were no computer
crime laws in
In 1995, the Badirs turned their attention to a business closer to home. Their target was Israeli phone sex mogul Ben Zion "Bency" Levy, who maintained a database of thousands of customer credit card numbers. Ramy and his brothers went to work on Levy's secretary, patiently convincing her to provide the information that would allow them to unlock the credit card numbers and PINs.
"We knew to approach her gently and break through her psychological barrier," says Muzher. " We had her tell us clues that would lead to the password of her boss's computer."
"I figured out the personality of her boss, learned the numbers that were meaningful to him, and used those numbers to get into his system remotely," says Ramy. In the end, the Badirs seized some 20,000 credit card numbers - and, after being confronted by Levy, caused all of his telephones to ring continuously with no caller on the other end of the line.
In 1996, Levy reported the scam to
Ramy remembers his response to Osmo: "You can chase me for 20 years and you will not find anything to convict me on."
The Israeli Army Radio Station is guarded as if it were a military base. Occupying four floors of a dirty white building on a busy two-lane street in Jaffa, the station is protected 24/7 by a half-dozen armed recruits. In 1998, the brothers joined forces with a group of Jewish and Arab scam artists and targeted the station, intending to hijack phone lines and sell call time on them.
Though they were convicted of
participating in the scheme, the brothers deny they were involved. Ramy is nonetheless willing to speak knowledgeably about
the con. "These were among the most protected lines in the
Why an army outpost? "Those lines cannot be tapped by the police, so there is no monitoring," explains Ramy. "These are the safest lines on which to do something like this."
Authorities maintain that Ramy broke into the army radio station's phone system and activated a dormant function called direct inward systems access, which allows long distance calls to be placed remotely and charged to that particular phone account. He structured the DISA so that as many as 281 people would be able to make telephone calls simultaneously on that single line.
Once the long distance access was in
place, the Badirs' partners set up a switchboard
inside a shack in an orange grove in
It wasn't long before the station realized its bills were excessive and contacted Bezeq. The company's security specialists joined with the Israeli national police in an investigation. They raided the orange grove, arresting several low-level workers at the shack. Only after one of them mentioned that the lines had been set up by blind technicians, says one source close to police, did the probe turn to the Badirs.
At the time, Ramy and his brothers were already in the crosshairs. Suspects in numerous telecommunication crimes, their home phone was frequently tapped by the national police. They reviewed the tap transcripts and spent a year investigating the brothers, hoping to find incontrovertible links between them and the pirate phone company. An intense cat-and-mouse game developed: the Badirs on one side, with fraud investigator David Osmo and prosecutor Doron Porat on the other.
was working on the case, his car's GPS system and email were repeatedly hacked.
"There was a message waiting for him with his password in it," says Ramy, sounding quite pleased. "After that, he changed
his password every hour before giving up on email altogether and using a
typewriter." The brothers reportedly contacted
"The police experienced bad luck," notes Ramy. "Their telephone systems went down, their computers developed bugs. Osmo got big bills for calls that he hadn't made. He believed we were always listening in on him. Sometimes Osmo spoke on the telephone and other calls came across the line as he tried to talk." Ramy smiles devilishly. "He found that to be very annoying."
Ironically, even as they knew the degree to which they were being pursued, the Badirs did not show a lot of restraint over the telephone. "This was our mistake," admits Ramy, who believed that some of his phone lines were secure. "We knew the police were chasing us and trying to catch us. Our overconfidence led us to think they would never do it."
Ramy, Muzher, and Shadde were arrested on a variety of charges relating to computer fraud in connection with their hacks of the radio station and Bency Levy's phone sex operation. Police took them from their home in wrist and leg cuffs, but even in custody, they could not help but show off by conversing in their secret language and announcing telephone numbers that were being keyed in by law enforcers. "When Doron Porat stood next to me," adds Ramy, "he took the battery out of his cell phone."
Ramy was jailed throughout the trial, which dragged on for 27 months and took the prosecutors way beyond their depth of technological expertise. Porat and his team eventually quit trying to explain how the Badirs did what they'd been charged with and focused instead on simply proving they did commit acts like breaking into a phone company switchboard.
In her November 2001 ruling, judge Saviona Rotlevi went easy on Muzher and Shadde but found Ramy guilty of 20 counts concerning Israeli cyberlaw, 4 counts of telecom law violation, and 15 counts of other crimes. The judge sentenced him to 65 months in prison. Among his restrictions: All of his calls were to be made with the assistance of a guard so that he would never touch a telephone keypad.
After nearly four years behind bars, Ramy was released when a judge ruled he'd served enough time. He marks his second day of freedom by repairing with Muzher and Shadde to a small café on the edge of Kafr Kassem. Inside, the brothers order bottles of orange juice and three water pipes. They puff deeply, releasing plumes of fruity-smelling tobacco smoke.
Despite his years in prison, Ramy appears to have no financial worries. Upon arriving
home, he promptly ordered a $20,000 Braille-display computer from
And what will that be? Ramy claims a couple of juicy software programs that he began developing in prison are in the pipeline. "I am inventing a PBX firewall," he says. "I know all the weakest spots of a telephone system. I can protect any system from infiltration."
Ramy insists there are major companies interested in his new software. He talks about big money and big meetings. But he refuses to show what he's working on and won't name anybody who's backing him. One person who sounds perfectly game to be involved is the brothers' old nemesis Eyal Raz. "If he can build that, he'll become a billionaire," predicts Raz, who now works for a Tel Aviv-based phone security firm called ECtel. "The Badirs know so much and are so talented that I would happily use them as consultants."
Ramy insists he has outgrown the scams: "I am going to the other side, coming up with devices that will keep the phreakers out."
You want to believe him, you really do. Maybe it's the truth. Or maybe it's a sweet bit of social engineering designed to generate positive press and position the Badir brothers for their next spree.
Michael Kaplan (email@example.com) wrote about gambling machines in Wired 11.09.