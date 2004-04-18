from the a-WOPR-of-a-story dept.
In a letter to Senator Ron Wyden, the Department of Homeland Security has acknowledged that unknown users are operating IMSI catchers in Washington, D.C.:
The Department of Homeland Security (DHS) is acknowledging for the first time that foreign actors or criminals are using eavesdropping devices to track cellphone activity in Washington, D.C., according to a letter obtained by The Hill.
DHS in a letter to Sen. Ron Wyden (D-Ore.) last Monday said they came across unauthorized cell-site simulators in the Washington, D.C., area last year. Such devices, also known as "stingrays," can track a user's location data through their mobile phones and can intercept cellphone calls and messages.
[...] DHS official Christopher Krebs, the top official leading the NPPD, added in a separate letter accompanying his response that such use "of IMSI catchers by malicious actors to track and monitor cellular users is unlawful and threatens the security of communications, resulting in safety, economic and privacy risks."
DHS said they have not determined the users behind such eavesdropping devices, nor the type of devices being used. The agency also did not elaborate on how many devices it unearthed, nor where authorities located them.
mrbluze writes:
"Columbia Tribune / AP reports of Police agencies' reluctance to divulge details about the Stingray cell-phone interception device, whose use has increased since a Supreme Court decision to prevent the use of GPS tracking devices without a warrant. The Stingray is reported to be a suitcase-sized device that pretends to be a mobile phone tower, tricking a cell phone to connect to it instead of the cellphone company's tower, but details on how this works are not revealed.
In one of the rare court cases involving the device, the FBI acknowledged in 2011 that so-called cell site simulator technology affects innocent users in the area where it's operated, not just a suspect police are seeking.
A December 2013 investigation by USA Today found roughly 1 in 4 law enforcement agencies it surveyed had performed tower dumps, and slightly fewer owned a Stingray.
However, a report by GlobalResearch.ca gives much greater detail, including photographs of the device:
When a suspect makes a phone call, the StingRay tricks the cell into sending its signal back to the police, thus preventing the signal from traveling back to the suspect's wireless carrier. But not only does StingRay track the targeted cell phone, it also extracts data off potentially thousands of other cell phone users in the area.
Although manufactured by a Germany and Britain-based firm, the StingRay devices are sold in the US by the Harris Corporation, an international telecommunications equipment company. It gets between $60,000 and $175,000 for each Stingray it sells to US law enforcement agencies."
The ACLU has released documents obtained from Florida public records requests to law enforcement agencies that give a more complete account of the use of Stingray surveillance technology. "Stingrays, also known as 'cell site simulators,' or 'IMSI catchers,' are invasive cell phone surveillance devices that mimic cell phone towers and force phones in the area to broadcast information that can be used to identify and locate them." The Register reports:
Documents obtained by the American Civil Liberties Union have shown that US cops are using the FBI's Stingray mobile phone tracking tech much more often than first thought. And the Feds are going to great lengths to hide the full extent of its use.
"The documents paint a detailed picture of police using an invasive technology - one that can follow you inside your house - in many hundreds of cases and almost entirely in secret," said Nathan Freed Wessler, staff attorney at the ACLU. "The secrecy is not just from the public, but often from judges who are supposed to ensure that police are not abusing their authority. Partly relying on that secrecy, police have been getting authorization to use Stingrays based on the low standard of 'relevance,' not a warrant based on probable cause as required by the Fourth Amendment."
The ACLU requested information about Stingray use from three dozen Florida police departments and found out that the system has been in use in the Sunshine State since 2007 - much earlier than first thought. According to a May 2014 email, the Stingray system has been used in 1,835 cases in Florida, none of which were national-security related. More than a third of cases using the technology involved robbery, burglary, and theft, and the rest were largely "wanted persons" cases.
The documents also included details of a few specific cases where Stingrays have been used. In one, defense lawyers were able to use the FBI's reluctance to reveal details about the technology to get a sweetheart deal of a sentence for their clients.
The Guardian reports about the US Internal Revenue Service (IRS) buying and upgrading Harris Corporation Stingray IMSI-catchers in 2009 (PDF (21 MB) and text (10.2 KB) versions of 2009 invoice) and 2012 (upgrading Stingray II to a HailStorm, see quote below) and that they're now the 13th US federal agency confirmed to use the technology which pretends to be legitimate cell towers in order to eavesdrop on mobile communication. IMSI-catchers are not restricted to "only" catching metadata; they can catch all communications and also perform any kind of addition MITM attack like malware insertion. No warrants are said to be required, only PEN register orders. The invoices was obtained through Freedom of Information Act (FOIA) requests.
Quote from the Guardian article:
The 2009 IRS/Harris Corp invoice is mostly redacted under section B(4) of the Freedom of Information Act, which is intended to protect trade secrets and privileged information. However, an invoice from 2012, which is also partially redacted, reports that the agency spent $65,652 on upgrading a Stingray II to a HailStorm, a more powerful version of the same device, as well as $6,000 on training from Harris Corporation.
The CEO of Harris Corporation is William M. Brown (PDF 54.8 KB) who according to Forbes was number 279 in CEO compensation in 2012. Here's the rest of the Harris Corporation management.
Digital analyzer. IMSI catcher. Stingray. Triggerfish. Dirt box. Cell-site simulator. The list of aliases used by the devices that masquerade as a cell phone tower, trick your phone into connecting with them, and suck up your data, seems to grow every day. But no matter what name cell-site simulators go by, whether they are in the hands of the government or malicious thieves, there's no question that they're a serious threat to privacy.
That's why EFF is launching the cell-site simulator section of Street Level Surveillance today.
EFF's Street Level Surveillance Project unites our past and future work on domestic surveillance technologies into one easily accessible portal. On this page, you'll find all the materials we have on each individual technology gathered into one place. Materials include FAQs about specific technologies, infographics and videos explaining how technologies work, and advocacy materials for activists concerned about the adoption of street level surveillance technologies in their own community. In the coming months, we'll be adding materials on drones, stingrays, and fusion centers.
Shaun Nichols over at The Register (El Reg) is reporting on a New York Civil Liberties Union report (NYCLU) detailing New York City Police Department (NYPD) use of IMSI catchers.
According to the NYCLU's report, the NYPD has used IMSI catchers (essentially mobile cell towers powerful enough to induce all nearby cellular devices to connect to them, rather than commercial cell towers) more than 1,000 times in the past seven years.
From the El Reg article:
According to the NYCLU report, between 2008 and May of 2015 police used stingray hardware 1,016 times, and that permission to deploy the devices required a court order rather than a harder-to-obtain warrant.
The use of stingray devices by police has become a point of contention between law enforcement and groups who see the devices as a violation of personal privacy. Long used by the FBI, stingray devices impersonate legit cellphone towers to monitor nearby mobile phones and track their movements.
[...] "If carrying a cell phone means being exposed to military-grade surveillance equipment, then the privacy of nearly all New Yorkers is at risk," said NYCLU executive director Donna Lieberman.
"Considering the NYPD's troubling history of surveilling innocent people, it must at the very least establish strict privacy policies and obtain warrants prior to using intrusive equipment like Stingrays that can track people's cell phones."
This kind of gives a little more zing to the old saw "Welcome to New York. Now go home."
The New York Civil Liberties Union is pushing a new state bill that would require law enforcement to obtain a warrant prior to deploying a cell-site simulator, or stingray. The bill also includes other new restrictions.
Cell-site simulators, or fake cell towers, are often used by police to locate criminal suspects by tricking their phones into giving up their location. In some cases, simulators can also be used to intercept phone calls and text messages. Use of these devices has been heavily scrutinized in recent years—in September 2015, the Department of Justice said it would require its federal agents to seek a warrant before deployment.
[...] The bill, which was first reported by ZDNET, doesn't mention stingrays specifically. However, it specifically forbids law enforcement from accessing "electronic device information by means of physical interaction or electronic communication with the device" unless they have a warrant. There are a few narrow exceptions, such as exigent circumstances.
Source:
https://arstechnica.com/tech-policy/2017/01/new-york-lawmakers-want-local-cops-to-get-warrant-before-using-stingray/
Information obtained via right-to-know request revealed The New Jersey State Police spent at least $850,000 on stingray devices from Harris Corp.
Authorities didn't respond to NBC10's request to discuss the use of the technology described in more than 100 pages of invoices and other heavily redacted documents detailing the devices purchased. Jeanne LoCicero, deputy legal director ACLU of New Jersey, asked for the same documents that NBC10 sought and received the same response from the department upon further inquiry.
[...] New Jersey State Police department's lack of transparency on the device is not uncommon from what has been seen with other law enforcement agencies at both the local and federal level when similar requests have been made.
Source: https://www.scmagazine.com/850000-spent-on-harris-corp-stingrays-by-new-jersey-state-police/article/733485/
(Score: 0) by Anonymous Coward on Wednesday April 04, @01:39PM
Ever expects the Spanish Inquisition!!
Dare I say “What Russians?”
(Score: 2) by JoeMerchant on Wednesday April 04, @01:56PM (7 children)
How hard could it be to make a Stingray hunter?
You need:
1) to be able to detect that you are communicating with a Stingray - if nothing else, this can be done by referencing against a list of known good-actor network access points.
2) RDF on the signals coming from the tower - they're short burst, but I'm sure the clever guys in our national defense can manage to make RDF work with short burst transmissions...
3) follow the signals.
It might take several connections to zero in on one, but if they're in fixed locations, they should be easily detected and busted. And, if they're rolling, we should get some awesome dashcam footage of the chase.
(Score: 2) by Knowledge Troll on Wednesday April 04, @02:10PM (2 children)
If it moves around constantly I think that'd pretty much make it impossible to direction find. And yes I am a T hunter.
The reason being, for at least all the ways I know how to find a transmitter through radio location, I need a map and to plot the intersection of many bearings to find hypothetical locations for the transmitter then investigate those. It takes quite a while - about half a day - with readings taken from many different locations.
If the transmitter was moving around this technique wouldn't work at all unless it moved from fixed points to fixed points and you increased the time and bearing readings.
(Score: 2) by zocalo on Wednesday April 04, @02:38PM (1 child)
Of course, when the find out that many of the "rogue" IMSI catchers are actually being operated by other US agencies things could get amusing, but I doubt we'll get to hear about that.
UNIX? They're not even circumcised! Savages!
(Score: 2) by Knowledge Troll on Wednesday April 04, @02:48PM
In the movies maybe - I wonder if you have ever done a T hunt? Are you aware of how many reflections and false readings there are? There is a reason you need an entire day's worth of data to find a single point.
After you find the point where the most intersections exist and you travel to that location then you get to start all over again doing the DF process on a local instead of regional scale. All new DF equipment and techniques.
I can't conceive of any system that could finger an exact automobile regardless of the number of receivers involved. You would need to have local receivers ready to DF over the entire hypothetical area the transmitter could be at once that was identified.
This is going to be a massive scale undertaking involving a lot of people not just technology. That's assuming it moves.
Now perhaps there is some new amazing technology that exploits the cell phone's use of CDMA so the DF can use all of the components of multipath that exist, find the one with the lowest delay, and assume that is a signal that exists with out any reflection, which should help with reducing false readings because of reflections which I'd say is the biggest issue.
I'm still not sure that'd help a lot with this task of finding a moving transmitter though.
(Score: 2) by All Your Lawn Are Belong To Us on Wednesday April 04, @02:15PM (2 children)
Fox hunt! [wikipedia.org] (Though the term is definitely not PC today, I prefer the colorful version).
Technically it would probably be FCC responsibility to narrow them down, as their usage requires them to broadcast and doing so without authorization and with interference without a license wouldn't seem legal to me. Good luck with convincing the FCC they should investigate them.
Civilians doing so would be difficult. I don't want to say impossible.
BUT, if it were a foreign government responsible our government could uncover that in short order. If it so desired it would be stopped through normal diplomatic channels - extraterritoriality doesn't cover violation of international broadcasting treaties.
(Score: 0) by Anonymous Coward on Wednesday April 04, @02:18PM
It's hard to say whether this is espionage or cybercrime.
It wouldn't surprise me if the Israelis were behind it in order to figure out what's going on in private conversations between government officials.
(Score: 2) by Knowledge Troll on Wednesday April 04, @02:19PM
Just give the ham radio operators the technology they need to receive the signals and discriminate based on the ID of the rogue cell towers. It may be difficult or even close to impossible but that doesn't mean they won't take the challenge up and then have fun while working on it.
If any civilians are going to be able to DF that thing it would be the hams. I'm sure The Feds/The Man has the technology and experience to do it right now though.
(Score: 2) by DannyB on Wednesday April 04, @02:23PM
It might not be possible to distinguish a Stingray from a legitimate network operator's cell tower.
Sent from my TRS-80
(Score: 2) by DannyB on Wednesday April 04, @02:22PM
This is why we CAN NOT have back doors built into cryptography, or into our devices.
I've said it multiple times before, and I won't link back those this time:
How Stingray works -- two theories:
1. Stingray is an exploit that is impossible to patch. The mobile network protocols were designed back in the day and did not view security as seriously as we do today, and thus they are exploitable. It will take years, upgrading all mobile sets and fixed network sets to switch to safer protocols.
2. Stingray relies on stolen credentials or keys. If the mobile operators knew which ones, they would revoke / change them and Stingray would be b0rked.
Either theory explains the extreme secrecy of Stingray. Law enforcement will even allow the guilty to go free rather than allow Stingray to be scrutinized in court. They will even commit perjury (aka "Parallel Construction") rather than reveal the mere existence of Stingray.
When I posted these theories (multiple times) here previously, I also said that once the secret of Stingray leaks out -- EVERYONE will have it. The poor will be able to spy on the rich. Etc.
Now to the point:
It was inevitable that, like nuclear weapons, Stingray would proliferate. It would fall into the hands of people who you don't want to have it.
This is also proof of why we can't have back doors in our cryptosystems or our computers (including mobile devices). The "secret sauce" to the backdoor WILL leak out. It is an absolute inevitability.
We can have either:
1. Secure systems -- hackers can't get in, but neither can government.
2. Insecure systems -- government can get in, but so can hackers.
(Score: 2) by Dale on Wednesday April 04, @02:40PM
Amusing that DHS suddenly seems to have issues with Stingrays. I thought law enforcement was all about these things just being normal tools that aren't invasive enough to even need to bother with a warrant over. Why be concerned at all now? Of course we know why. It is ok for THEM to use them but not anyone else.