[DoctorOetker]

I am saying I believe the creditcard-sized card that contains a fresh prepaid SIM card, probably contains an RFID loop antenna.

This is trivial to verify or falsify, just buy some acetone in the hardware store:

https://learn.adafruit.com/rfid-iphone/dissolve-the-card

I already bought the acetone, but I did not yet dissolve the SIM card, I want to do this in front of my sister, so she understands why I attach importance to finding out the origin of the unused expired SIM card she sent.

The card is supposedly expired anyway (well to be honest the validity date is printed on a sticker on the outside of the plastic foil package, so in theory it may be a still valid card with a fake early expiration date to encourage my sister to hurry with giving it away...).

I did not yet dissolve the card, but I feel pretty certain there is an RFID coil inside, and that is how they detected and stalled the letter without opening it. Stalled to determine if it is OK or not to allow the card to be sent on or not. "insufficient postage" to increase the possibility of the recipient deciding not to want the letter.

If you can't wait a couple of weeks to hear back from me if there is an RFID tag inside, you can try buying a prepaid SIM card and dissolving in acetone yourself. If you or someone tries this before february, I would like to know the result.

The whole story got me thinking that the human analysts that process and interpret red flags can easily build a repertoire of tricks to arrange for a red flag concerning a person to go off.

If my sister provides me with a name (perhaps even an address) of whoever gave her the card, I could consider tagging the person back (by sending the SIM card to him).

However I think it is unwise:

1) the person who gave it to her would not necessarily be the analyst, it may be an informant (perhaps a criminal turned informant, in which case I am effectively tagging myself into association with a criminal!)

2) if the person who gave it to her was the analyst, and I addressed the letter to Mr [name] "The Tagging Spook" [surname], and possibly arrange for the letter to have insufficient postage, while hilarious that my case file would then contain a red flag associating me with the analyst called out as a spook, it's unclear how he would react. Any future analyst could notice the burnt name of a colleague. He might need to self-report his bypassing of the automated system raising supposedly spontaneous red flags... Also, I estimate it would not be wise of me to go and poke the hornets nest. So I think I will stay with just observing and learning...

[salawat]

http://www.dslreports.com/forum/r28362704-RFID-sim-cards-goo...

https://patents.google.com/patent/US7784693B2

Neat read, and Godspeed.

Not sure whether your theories on there actually being an infrastructure for doing these sorts of things is correct, but even a 5 minute google search seems to suggest it is well within technical capabilities to do so.

Might do some more searching for ISO's and other Engineering standards related to them. Telephony is highly dependent on uniform technical standard adherence, so it's out there somewhere. I doubt that the RFID is in the plastic containg the card, it's probably in the card itself.

The unusual coincidences should be pretty easy to replicate with a P.O. Box, and could be consistent with holding times for information propagation or authorization.

Definitely seems like something to mess with if you are bored!

You'll be amazed the things you can find out when you start to peel back the layers, but don't be disappointed if it's just a coincidence.

[DoctorOetker]

>Not sure whether your theories on there actually being an infrastructure for doing these sorts of things is correct, but even a 5 minute google search seems to suggest it is well within technical capabilities to do so.

The infrastructure would just be an (perhaps surveillance grade) RFID reader and a small office or locker where the suspect letters end up at each post sorting facility, so a security officer or perhaps just the branch manager can store these until the surveillance state replies what to do with the letter.

I also believe it is probable the standards are visible somewhere, just like I remember the bulk of the surveillance state in Europe was/is visible pre-snowden in very high detail through the ETSI (european technology and standards institute) standards.

> I doubt that the RFID is in the plastic containg the card, it's probably in the card itself.

I may have used the incorrect word with "contain", so first the SIM card and the PIN and PUK card are one and the same card, before breaking out the SIM card. I mereley suspect the larger PIN/PUK card to contain the RFID coil, because the perforated C-shape around the SIM has the open part of the C directed at the closest edge. Of course it is possible that the RFID coil is in the smaller piece of SIM card itself, but I don't think so because: the contact pads would provide shielding to the coil, and to have the same total area as a 4 turns in a Credit Card size, the coil would need many more loops. As a designer I would prefer putting the RFID loop in the larger card.

So I did not mean to say that the coil is in the plastic wrap or anything, in case that was how you understood me.

It may seem weird that (if I am right) the surveillance state designed the SIM cards so the connection with the RFID coil breaks, why not design it monolithically such that you can also track used SIM cards in the mail? I simply predict that there is demand for clean SIM cards on the market, and unopened prepaid packages are considered clean, but then the coil is not broken yet... so used SIM card's may turn out safer (if the previous usage was clean)...

I agree the holding times would be roughly reproducible, but I don't want to cram my file full of red flags...

Yeah, spying involves lots of deceit, and as everyone (hopefully) rememmbers from kindergarten, the web of lies only grows (and the observable inconsistencies grow with them)

If it hadn't been stalled, I would probably have ended up calling some friends from university time, probably only spent 2/3's of the call credit before it expires, then simply went on with my life. It's their reckless tradecraft that betrayed them. I have no problem talking openly about what I suspect, I am pretty sure plenty of actual criminals have noticed this before me, but they probably don't talk about it in public fora...

[salawat]

Oh,no worries. I just think that SIM and handset manufacturer's are going the route of integrating NFC into handsets to support SIM stored payment credentials. I know for a fact it's a hot item in the FinTech industry.

Odds are, you could get a generic reader to get a chirp out of an RFID even without the PIN/PUK card that wouldn't be present in any other package.

IF I were an evil surveillance state taking an interest in mail borne SIM cards in ANY state (I mean think about this, if you could automate it, figuring out the networks of people who often send SIM's to each other in and of itself is a useful data point) I'd exploit using a small machine that can be innocuously placed on the sorting line to get that chirp.

Biggest problem I imagine would be possible tipping off through damage caused to EMF/RF sensitive packages, but I've not really looked up the math or engineering involved enough to make an educated guess.

Like I said. Interesting problem, and I seriously hope you're not right. That's levels of cyberpunk dystopia that just shouldn't be possible in anything remotely resembling a healthy society.