Digital analyzer. IMSI catcher. Stingray. Triggerfish. Dirt box. Cell-site simulator. The list of aliases used by the devices that masquerade as a cell phone tower, trick your phone into connecting with them, and suck up your data, seems to grow every day. But no matter what name cell-site simulators go by, whether they are in the hands of the government or malicious thieves, there's no question that they're a serious threat to privacy.
That's why EFF is launching the cell-site simulator section of Street Level Surveillance today.
EFF's Street Level Surveillance Project unites our past and future work on domestic surveillance technologies into one easily accessible portal. On this page, you'll find all the materials we have on each individual technology gathered into one place. Materials include FAQs about specific technologies, infographics and videos explaining how technologies work, and advocacy materials for activists concerned about the adoption of street level surveillance technologies in their own community. In the coming months, we'll be adding materials on drones, stingrays, and fusion centers.
Related Stories
In a letter to Senator Ron Wyden, the Department of Homeland Security has acknowledged that unknown users are operating IMSI catchers in Washington, D.C.:
The Department of Homeland Security (DHS) is acknowledging for the first time that foreign actors or criminals are using eavesdropping devices to track cellphone activity in Washington, D.C., according to a letter obtained by The Hill.
DHS in a letter to Sen. Ron Wyden (D-Ore.) last Monday said they came across unauthorized cell-site simulators in the Washington, D.C., area last year. Such devices, also known as "stingrays," can track a user's location data through their mobile phones and can intercept cellphone calls and messages.
[...] DHS official Christopher Krebs, the top official leading the NPPD, added in a separate letter accompanying his response that such use "of IMSI catchers by malicious actors to track and monitor cellular users is unlawful and threatens the security of communications, resulting in safety, economic and privacy risks."
DHS said they have not determined the users behind such eavesdropping devices, nor the type of devices being used. The agency also did not elaborate on how many devices it unearthed, nor where authorities located them.
Also at Ars Technica and CNN.
Related: Police: Stingray Device Intercepts Mobile Phones
ACLU Reveals Greater Extent of FBI and Law Enforcement "Stingray" Use
US IRS Bought Stingray, Stingray II, and Hailstorm IMSI-Catchers
EFF Launches the Cell-Site Simulator Section of Street Level Surveillance
NYPD Making Heavy Use of Stingrays
New York Lawmakers Want Local Cops to Get Warrant Before Using Stingray
New Jersey State Police Spent $850,000 on Harris Corp. Stingray Devices
Scan the online brochures of companies who sell workplace monitoring tech and you'd think the average American worker was a renegade poised to take their employer down at the next opportunity.
[...]
A new wave of return-to-office mandates has arrived since the New Year, including at JP Morgan Chase, leading advertising agency WPP, and Amazon—not to mention President Trump's late January directive to the heads of federal agencies to "terminate remote work arrangements and require employees to return to work in-person ... on a full-time basis."
[...]
The question is, what exactly are we returning to?Take any consumer tech buzzword of the 21st century and chances are it's already being widely used across the US to monitor time, attendance, and, in some cases, the productivity of workers, in sectors such as manufacturing, retail, and fast food chains: RFID badges, GPS time clock apps, NFC apps, QR code clocking-in, Apple Watch badges, and palm, face, eye, voice, and finger scanners. Biometric scanners have long been sold to companies as a way to avoid hourly workers "buddy punching" for each other at the start and end of shifts—so-called "time theft." A return-to-office mandate and its enforcement opens the door for similar scenarios for salaried staff.
[...]
HID's OmniKey platform. Designed for factories, hospitals, universities, and offices, this is essentially an all-encompassing RFID log-in and security system for employees, via smart cards, smartphone wallets, and wearables. These will not only monitor turnstile entrances, exits, and floor access by way of elevators but also parking, the use of meeting rooms, the cafeteria, printers, lockers, and yes, vending machine access.
[...]
Depending on the survey, approximately 70 to 80 percent of large US employers now use some form of employee monitoring, and the likes of PwC have explicitly told workers that managers will be tracking their location to enforce a three-day office week policy.
[...]
Wolfie Christl, a researcher of workplace surveillance for Cracked Labs, a nonprofit based in Vienna, Austria. "We're moving toward the use of all kinds of sensor data, and this kind of technology is certainly now moving into the offices. However, I think for many of these, it's questionable whether they really make sense there."
[...]
Cracked Labs published a frankly terrifying 25-page case study report in November 2024 showing how systems of wireless networking, motion sensors, and Bluetooth beacons, whether intentionally or as a byproduct of their capabilities, can provide "behavioral monitoring and profiling" in office settings.
(Score: 2) by Whoever on Tuesday December 15 2015, @04:16AM
Why do I get this message when browsing on my cellphone at or near transit hubs? Is this related to some surveillance technology in use?
(Score: 2) by frojack on Tuesday December 15 2015, @05:51AM
Is this a serious question?
No, you are mistaken. I've always had this sig.
(Score: 1) by Some call me Tim on Tuesday December 15 2015, @05:26AM
It's all well and good to know what these things do but how the heck would you know if you were connected to one? Build a device to detect these simulators or a phone app to detect them and disable data transfer and make it available to the public, open source for the win.
Questioning science is how you do science!
(Score: 2) by frojack on Tuesday December 15 2015, @05:47AM
Exactly.
If you live in an area with few cell towers, you could monitor the towers for a new one. But that is far too geeky for most people. A simpler approach might be to have an app that mapped signal strength were ever you go in your routine, and then anytime there was a significant change (stronger signal than previously measured) it would notify you. That way each user would build their own private database, and it would not require any exchange of data that might attract police attention.
There are a few apps in the app store that suggest they can detect these things, but most of them look pretty dodgy to me.
The EFF page offers nothing to help you out or even report the location of a suspected stingray (reporting one might get you more attention than you bargained for, and I don't even know if it is legal to reveal a stingray location. They may have a warrant. (Don't laugh, it could happen! Couldn't it?).
No, you are mistaken. I've always had this sig.
(Score: 2) by frojack on Tuesday December 15 2015, @06:04AM
http://www.slate.com/blogs/future_tense/2014/12/31/snoopsnitch_is_an_app_by_the_german_srlabs_that_detects_imsi_catchers_stingrays.html [slate.com]
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Tuesday December 15 2015, @07:03AM
Once detected, you could use the GPS from multiple users or positions to triangulate it as well.
However, for me to use such a tool, I would have to turn on the cellular radio.
(Score: 0) by Anonymous Coward on Tuesday December 15 2015, @01:17PM
Even if they have a warrant, general warrants are unconstitutional. Since Stringrays are mass surveillance devices, warrants don't really matter.
(Score: 2) by wonkey_monkey on Tuesday December 15 2015, @09:06AM
EFF Launches the Cell-Site Simulator Section of Street Level Surveillance
If you're going to alliterate that much, you might as well commit to it:
Selfless society starts street-side surveillance cell-site simulator section
Silly Soylent.
systemd is Roko's Basilisk