SoylentNews is people
SoylentNews
In a letter to Senator Ron Wyden, the Department of Homeland Security has acknowledged that unknown users are operating IMSI catchers in Washington, D.C.:
The Department of Homeland Security (DHS) is acknowledging for the first time that foreign actors or criminals are using eavesdropping devices to track cellphone activity in Washington, D.C., according to a letter obtained by The Hill.
DHS in a letter to Sen. Ron Wyden (D-Ore.) last Monday said they came across unauthorized cell-site simulators in the Washington, D.C., area last year. Such devices, also known as "stingrays," can track a user's location data through their mobile phones and can intercept cellphone calls and messages.
[...] DHS official Christopher Krebs, the top official leading the NPPD, added in a separate letter accompanying his response that such use "of IMSI catchers by malicious actors to track and monitor cellular users is unlawful and threatens the security of communications, resulting in safety, economic and privacy risks."
DHS said they have not determined the users behind such eavesdropping devices, nor the type of devices being used. The agency also did not elaborate on how many devices it unearthed, nor where authorities located them.
Also at Ars Technica and CNN.
Related: Police: Stingray Device Intercepts Mobile Phones
ACLU Reveals Greater Extent of FBI and Law Enforcement "Stingray" Use
US IRS Bought Stingray, Stingray II, and Hailstorm IMSI-Catchers
EFF Launches the Cell-Site Simulator Section of Street Level Surveillance
NYPD Making Heavy Use of Stingrays
New York Lawmakers Want Local Cops to Get Warrant Before Using Stingray
New Jersey State Police Spent $850,000 on Harris Corp. Stingray Devices
(Score: 2) by All Your Lawn Are Belong To Us on Wednesday April 04 2018, @08:26PM (3 children)
In fact, now that I think about it, I wonder what there is about a Stingray that makes it better than simply getting a warrant for a wireless company's IMSI data from existing towers. The only things my brain comes up with are A) real-time access, B) ability to triangulate signals to a tighter area or different DF loci than existing towers provide, or C) a Stingray can be used without a warrant to get information that could by parallel construction lead to a warrant to actually tap a given phone.
For those saying "Hey, DF it!".... Yeah, maybe. But this thesis [sipsik.net] presents steps of the GSM handshaking protocols. One can't just use standard radio detection..... you've got all sorts of signals from all sorts of sources on multiple MULTIPLE frequencies to monitor. I'm fairly certain that to make sense of it you'd have to have something beyond just a scanner with directional antenna. You'd need to trace out the network's frequency and signal correction burst tone signals, lock on to them and get their bearings... and these are called bursts for reasons. You'd have to find out how you distinguish a legitimate handshake from a fake one, possibly.
Among other goodies in the thesis is the note that an individual cell phone must validate itself to the tower... but the tower does not need to validate itself to the cell phone - this is the fault point at which Stingray can exist as a technology and not have to make nice with the rest of a carrier network to get what it wants. Anyway, it may be possible but the complexity would require considerably more work than your weekend fox hunt - and those are hard on their own.
This sig for rent.
(Score: 2) by DannyB on Wednesday April 04 2018, @08:31PM (2 children)
GSM is highly frequency agile. In about 2000ish, the spec was at least 6000 pages, back then.
Both mobile sets and network towers are highly frequency agile. Sequential packets are sent on different frequencies. And in various time slots, as I (mis)understand it. The frequency changing avoids multi-path distortion problems. A few packets might get dropped due to multi-path distortion, but most, statistically, won't.
The lower I set my standards the more accomplishments I have.
(Score: 2) by All Your Lawn Are Belong To Us on Wednesday April 04 2018, @10:47PM
We cross-posted above.... What I got out of the paper is that there are synchronization bursts on certain frequencies at certain times, such that a phone can hook itself into the network. But you'd have to recognize and lock on those bursts and DF them. Or look at all signals on a given frequency set and possibly triangulate the tower's side by repeated signals from one bearing. I'm sure that is possible but I'm also sure that it takes considerable specialist knowledge of GSM protocol and somewhat specialized software/equipment to do so.
As to why they're kept ultra-secret to the point of case dismissal. There is more in heaven and earth, Horatio. But I think it is a mixture of security-by-obscurity (if the details are public then strategies to identify them by the targets is increased and this technology isn't just used domestically - other actors of three letters also have a vested interest in keeping the systems as secret as possible) and as you say, desire to not reveal parallel constructionism - it wouldn't be the first time law enforcement dumps a case to conceal that generally.
But the point of Stingrays might be much narrower than content capture - identify the phones (including burners) so that they may be targeted for legitimately warranted surveillance by their identification numbers, not just names. Or possibly by name and then use the Stingray to get the proper numbers so that only the proper phone is surveilled. Which is why (if I get the timeline correctly) they were used for quite awhile before a prosecutor got zealous and thought that the fruits could be used as evidence by themselves. You're right the whole thing smacks of parallel constructionism and as such no department in their right mind will allow the process to be compromised.
This sig for rent.
(Score: 2) by All Your Lawn Are Belong To Us on Wednesday April 04 2018, @10:55PM
Oh, I think I see what you're saying now.... But I think the Stingray is *just* the IMEI interceptor - and not just IMEI but the full representational network string. A secondary device (*not* the "Stingray" and not necessarily directly hooked into the network) could MITM or otherwise monitor that phone's communication stream to intercept its communications. Those intercepted comms form the basis to frame a parallel construction - what is most likely wanted is to make SURE that they've got the right phone.... before they begin the legitimate warranting process.
The initial furor when Stingray came to light IIRC was when a prosecutor wanted to use that information, though, simply to establish presence. Intercepted comms weren't the issue - the court case was given up only because of IMEI Intercept is what I thought it was.
This sig for rent.