SoylentNews is people
SoylentNews
In a letter to Senator Ron Wyden, the Department of Homeland Security has acknowledged that unknown users are operating IMSI catchers in Washington, D.C.:
The Department of Homeland Security (DHS) is acknowledging for the first time that foreign actors or criminals are using eavesdropping devices to track cellphone activity in Washington, D.C., according to a letter obtained by The Hill.
DHS in a letter to Sen. Ron Wyden (D-Ore.) last Monday said they came across unauthorized cell-site simulators in the Washington, D.C., area last year. Such devices, also known as "stingrays," can track a user's location data through their mobile phones and can intercept cellphone calls and messages.
[...] DHS official Christopher Krebs, the top official leading the NPPD, added in a separate letter accompanying his response that such use "of IMSI catchers by malicious actors to track and monitor cellular users is unlawful and threatens the security of communications, resulting in safety, economic and privacy risks."
DHS said they have not determined the users behind such eavesdropping devices, nor the type of devices being used. The agency also did not elaborate on how many devices it unearthed, nor where authorities located them.
Also at Ars Technica and CNN.
Related: Police: Stingray Device Intercepts Mobile Phones
ACLU Reveals Greater Extent of FBI and Law Enforcement "Stingray" Use
US IRS Bought Stingray, Stingray II, and Hailstorm IMSI-Catchers
EFF Launches the Cell-Site Simulator Section of Street Level Surveillance
NYPD Making Heavy Use of Stingrays
New York Lawmakers Want Local Cops to Get Warrant Before Using Stingray
New Jersey State Police Spent $850,000 on Harris Corp. Stingray Devices
(Score: 3, Interesting) by JoeMerchant on Wednesday April 04 2018, @03:04PM (4 children)
Except that legitimate network operator's cell towers are licensed, registered, and otherwise known entities.
Now, if the Stingray were spoofing an actual tower, and physically located very close to it - that could get interesting.
🌻🌻 [google.com]
(Score: 3, Informative) by Osamabobama on Wednesday April 04 2018, @06:21PM (1 child)
There was a story [techcrunch.com] about this in Seattle last year. The system is referred to as SeaGlass [washington.edu], and is hosted by the University of Washington.
Appended to the end of comments you post. Max: 120 chars.
(Score: 2) by JoeMerchant on Wednesday April 04 2018, @07:31PM
There's no story about this in Washington D.C. from several years earlier. The system is referred to as
Redactedand is hosted by the TLA agency who shall not be named.🌻🌻 [google.com]
(Score: 3, Interesting) by DannyB on Wednesday April 04 2018, @08:27PM (1 child)
And I suspect Stingray's are not licensed, or otherwise known.
I think the very means that enables their operation is either a vulnerability exploit or stolen credentials / keys.
Either the protocol / authentication is so weak that you can fool a mobile device to believe "hey this is an AT&T tower, not a Verizon tower", or it uses some stolen keys that cause the device to believe this. I suspect the protocol involves encryption and proof both ways between the tower and mobile set. The tower also wants to be really sure that the mobile set is authorized, and is paying the bill for making a call, text or data. The mobile operator probably also doesn't want their phones being fooled into using a hacker's network. Now either that mechanism is too weak, or some keys / credentials are compromised.
Why else is even the mere existence of Stingray treated as a major secret? If it is legitimate, it shouldn't need to be any more secret than the mere fact that phone wiretaps can be done. They're trying to keep the secret from the mobile phone operators -- who would actively block Stingrays.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by JoeMerchant on Wednesday April 04 2018, @08:33PM
Agreed.
However, if the Stingray is acting as a legitimate tower, it's not going to be in the legitimate tower's exact location, and that's the giveaway. If it's physically very near, it could be quite hard to tease apart with RDF, but easier to notice when servicing the legitimate tower.
🌻🌻 [google.com]