Anyone interested in learning more about IMSI catchers and their use by US law enforcement agencies might be interested in this law review article I wrote. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2437678
yep. The cell phone tracking has actively been used for tracking and targeting in Ukraine/Russia war on Donbass by both sides.
Isn't it about time to repeal things like CALEA, or to accept that the cost of having a system like this is that it should be the only system?
"But we're afraid bad guys would act like they live in a surveillance state if they actually knew they lived in a surveillance state!" I... I just don't know how to understand that mindset.
I know there are evil criminals in the world, and I'll bet that having power and dominion over everyone is a fun trip, but it's also corrosive to what the US has always pretended to be.
https://twitter.com/cellhacking/status/524562944928264192
And all over Washington DC:
This one is the most promising: http://signup.spideyapp.com/
http://thehill.com/policy/technology/224129-report-feds-usin...
http://www.foxnews.com/politics/2014/11/13/secret-us-spy-pro...
We have a long way to go in educating the general public about technology, its benefits, and its pitfalls.
P.S. I'm not a wireless guy, so I don't know if there's any kind of a digital giveaway that can distinguish a fake cell tower versus the real one it is spoofing. If there isn't, then perhaps the fault lies with existing wireless comm. standards.
Cellphones are programmed to connect automatically to the strongest cell tower signal. The device being used by the U.S. Marshals Service identifies itself as having the closest, strongest signal, even though it doesn’t, and forces all the phones that can detect its signal to send in their unique registration information. Even having encryption on one’s phone, such as Apple Co. ’s iPhone 6 now includes, doesn’t prevent this process...
The program cuts out phone companies as an intermediary in searching for suspects. Rather than asking a company for cell-tower information to help locate a suspect, which law enforcement has criticized as slow and inaccurate, the government can now get that information itself. People familiar with the program say they do get court orders to search for phones, but it isn’t clear if those orders describe the methods used because the orders are sealed.
Also unknown are the steps taken to ensure data collected on innocent people isn’t kept for future examination by investigators. A federal appeals court ruled earlier this year that over-collection of data by investigators, and stockpiling of such data, was a violation of the Constitution.
This isn't exactly new. Harris' Stingray price list has AIRBRN-KIT-CONUS for sale for $9,000, dating back to 2008: https://info.publicintelligence.net/Harris-SurveillancePrice...
Here's a 2013 post on the so-called DRTBOX: http://electrospaces.blogspot.com/2013/11/drtbox-and-drt-sur...
And another blog post from 2013 saying "Immigration and Customs Enforcement (ICE) purchased $3 million worth of Stingrays over several years, and are purchasing airborne mounting kits for both drones and manned aircraft": http://gritsforbreakfast.blogspot.com/2013/03/bypassing-tele...
An earlier FOIA response from 2012: http://s3.documentcloud.org/documents/479397/stingrayfoia.tx... "The training will cover all of Harris Stringray ll operations from an airborne platform.-Specifically, four students are to attend this special training on three different software packages GSM, and CDM mobile handsets) for the Program... The schedule is more unpredictable due to a large portion of the training taking place in an aircraft."
To summarize: if you live in the U.S.[1], your cell phone info (IMSI etc.) has been slurped up by flying FedGov "dirtboxes" without your knowledge, stored in perpetuity, without any law passed by Congress explicitly authorizing this, in violation of the Constitution's Fourth Amendment, and at best authorized by a secret court order from a secret court. Sigh.
[1] I presume most of the HN US readers live in or near metro areas, and the WSJ article says the program covers "most of the U.S. population." Obviously if you're in Idaho or Alaska, you're less likely to be caught in this particular data vacuum cleaner.
There is precedent: amateur radio operators can use any means available to them to transmit life-critical messages when licensed methods/frequencies don't work. If that was to set up a fake cell phone tower and get phones to connect, then one could argue that one was using the frequencies legally. (IANAL; don't do this and say I said it was OK. The usual case is something like using your amateur radio to contact the coast guard if your ship is sinking.)
As we see mentioned here on HN all the time, there is a massive amount interesting data that can be pulled out of large datasets. The original WP publication[1] about COTRAVELER gives a very nice example of the power in just knowing very-inaccurate (cell-sized) location data. You probably don't even need any particular cell-network identifying number, given how easy it is to correlate this kind of data to other identifiers.
[1] http://apps.washingtonpost.com/g/page/world/how-the-nsa-is-t...
Personally, one thing I like about open source software, is I can host pretty much whatever I want, whenever I want. If this development path continues, I'd imagine that eventually, if there might be some entrepreneuring cell company[0] that would simply encrypt it all anonymously.
Obviously, this would mean a few changes to the way we do things. For example, maybe instead of triangulating your cellular position in an emergency, iOS and Android could create a 'distress' api that would allow for emergency services to access your location, and then alert you with the status. To be honest, it would end up working in a similar way as Emergency and Amber alerts on your device[1].
Realistically, it probably won't happen like this, but if privacy won't be given to us, we need to take it.
[0] http://www.artemis.com/ [1] http://support.apple.com/en-us/HT5795
One of the most interesting and unreported aspects of these Stingray boxes is how they handle the 2G/3G divergence here. In the USA there's also CDMA to think about and I don't know how that handles authentication, if at all. I suspect such IMSI catchers emulate a GSM base station and possibly jam 3G frequencies to try and force phones to downgrade. I don't think there's any way to tell phones to never use GSM even if it's the only option, but if there was, I suspect that'd "fix" things (except most people wouldn't know about or use them). Ultimately the only thing that can stop this is a phasing out of 2G entirely but that won't happen any time soon, and even once it's done, by that point law enforcement will have got used to the ability to just follow everyone around all the time and would insist that they MUST be able to use these devices otherwise chaos and anarchy would follow, so they'd probably mount a vigorous lobbying campaign to get the signing keys.
https://news.ycombinator.com/item?id=8607062
discusses police departments purchasing equipment that will work with phones that can't be forced to 2G (partly in anticipation of carriers switching 2G off).
We, the free people, can build drones and we can also put wifi repeaters on them and we can - instead of sniffing things - actively participate in the construction and maintenance of wide open communication systems, for all to use. Everyone.
That is the other end of the scale of all this secrecy and control - there is another end of the NSA conundrum, and its all about open source. So, you know: getting your own local network started, and stop just 'consuming it' from the powers that be, is sort of a priority folks. If you don't want to have a secret oppressor, push to have fewer secrets kept in the world. Its a fact that the corruption of all governments begin with their secrets.
So .. as someone who has a fleet of small drones above his head right now, albeit sleeping while the lipo's charge, here is a technology I think should be pointed out that is a little less prone to snooping, and with the right kind of neighborhood, gives us all a great amount of freedom to communicate, nevertheless:
Snoop on that, Feds!
This is the go-to defense for surveillance secrecy. However, not discussing such matters allows criminal officials to abuse these powers without repercussion.
Not to mention U.S. citizens!
I mean, if they want to use that argument, then they should actually limit their surveillance to "criminal suspects" and "foreign powers".
>This is the go-to defense for surveillance secrecy.
Indeed. And note how it used to be terrorism that provided the tidy justification for sweeping up large numbers of random U.S. citizens in these operations. Now, just plain ol' criminal suspects and foreign powers provide enough justification for domestic spying.
The goalposts are moving. We will all be accustomed to the surveillance state soon enough. Nothing to see here.
Knowing this is unconstitutional and if there are no government laws (shouldn't be right?) forbidding you from purchasing it, can I sue them if they refuse to sell me one?
Correct me if I'm wrong but putting this machine around Wall Street (given you know how to sell and buy stocks) would probably get you $9k back in less than a day, hm?
I still wonder though, if cellphones technology is secure and traffic encrypted, then how come can they listen to it? Wouldn't it be that Verizon or Apple had to give them some sort of keys to open the traffic and read it? (serious question)
It's illegal for you to do something like this. Very illegal. They would likely arrest you for attempting to purchase one, even if you had done nothing wrong. You could try to sue them, but then you can do that at any time; trying is never the problem, the consequences are.
It's not a situation where they were granted permission to do it, in a Constitutionally friendly sort of way.
These are extra-legal programs, where nobody will get in trouble regardless of the context, and they're simply saying: just try to stop us.
No, and you can't sue any company for refusing to sell you their product. In some cases you can sue if they refuse to serve you based on discrimination (i.e. a restaurant or hotel) under the Federal Civil Rights Act, or even a state-level civil rights act or charter, but that's a different set of circumstances. There are all manner of businesses who refuse to sell their goods directly to the consumer and sell to distributors only, and they aren't getting sued over it.
There's also the issue that using the device, period, is against Federal law, yet our Federal government is doing it anyway. They get away with it because they can[1], but you would likely end up in prison, possibly without a public trial.
[1]I think what they are doing is wrong and illegal, but until a judge puts a stop to it they will continue to get away with it.
If this is legal, why can't they just subpoena carriers for the tower census data?
It was not on flighttrack, no ADS-B info, and too high to see the N number.
Maybe do something like what these guys did, but I'm sure they can come up with even more comprehensive protections:
http://www.wired.com/2014/09/cryptophone-firewall-identifies...
Most phones (anything CDMA, or most everything LTE) use a Qualcomm SOC, with both the baseband and application processor sharing the same memory space. This is a recipe for anything on the application processor being pwned beyond recognition.
The last time I played with Qualcomm/CDMA (around 2007), I used proprietary software (QPST) to do undocumented incantations to clone an ESN from one phone to another. When I called the number, both rang. Picking both up led to hearing the conversation in both. This tells you precisely how good their idea of "encryption" is.
The entire Qualcomm ecosystem is a black box, and is there even a remote chance they don't have a partnership with the NSA? I'm sure San Diego is seen as a key national security interest - if it weren't "secured" by the NSA, then China/Russia intelligence would do so (or an uppity colony looking for a leg up).
I'll happily eat these words when there's an open source GSM or CDMA stack, portable hardware to run it, and the ability to pay for network access anonymously. But fr now, I see Wifi/Mifi as the only plausible way forward.
Given the above, I wonder if the airplanes are also listening to other stuff past cellular.
Works on Intel xgold basebands by giving access to the event log
If so, should we expect that the carriers surrendered their keys to law enforcement to allow them to run fake cell towers that authentically emulate their networks?
(Not to mention that A5/1 is broken, but since Stingrays have been around forever and companies don't like investing into something thats not broken, I don't think they even do that. Certainly not at 9k bucks.)
They are pretty thin though:
http://arstechnica.com/tech-policy/2014/09/cities-scramble-t...
Not just for tracking but an "icbm" kind of drone. First for military use, then for domestic use like how the police always get military weapon, iris scanners, etc.
Hm, I see black market business potential here.
And if there is indeed a unique id, can the fake cell take the id of a real cell and still work with the cellphone company, or would it need the cooperation of the cellphone company? (for example, the cell company would look at hops?)
I guess it's too much to hope that the cellphone companies would try to protect our privacy.
Maybe someday we'll have police running things similar to license scanners but for cellphone conversations. They'll drive around the city recording conversations to detect keywords for illegal activity (herb, drug, murder of crows, etc)
EDIT: actually, I don't think they need to hijack cellphone connections. They can just listen in - at least they used to be able to. We determined the identities of the bombers of our embassies in Africa in the late-90s through cellphone conversations through RC-135s flying along the Africa coast from Diego Garcia, and an intelligence gathering satellite that drags an antenna behind it.
