by dshibarshin on 11/13/14, 10:38 PM with 67 comments
by csoghoian on 11/13/14, 11:40 PM
Anyone interested in learning more about IMSI catchers and their use by US law enforcement agencies might be interested in this law review article I wrote. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2437678
by ipsin on 11/14/14, 2:39 AM
Isn't it about time to repeal things like CALEA, or to accept that the cost of having a system like this is that it should be the only system?
"But we're afraid bad guys would act like they live in a surveillance state if they actually knew they lived in a surveillance state!" I... I just don't know how to understand that mindset.
I know there are evil criminals in the world, and I'll bet that having power and dominion over everyone is a fun trip, but it's also corrosive to what the US has always pretended to be.
by dmix on 11/13/14, 11:36 PM
https://twitter.com/cellhacking/status/524562944928264192
And all over Washington DC:
by sehugg on 11/13/14, 11:12 PM
http://thehill.com/policy/technology/224129-report-feds-usin...
http://www.foxnews.com/politics/2014/11/13/secret-us-spy-pro...
by mkal_tsr on 11/13/14, 11:53 PM
We have a long way to go in educating the general public about technology, its benefits, and its pitfalls.
by r0h1n on 11/14/14, 4:36 AM
P.S. I'm not a wireless guy, so I don't know if there's any kind of a digital giveaway that can distinguish a fake cell tower versus the real one it is spoofing. If there isn't, then perhaps the fault lies with existing wireless comm. standards.
by declan on 11/13/14, 11:39 PM
Cellphones are programmed to connect automatically to the strongest cell tower signal. The device being used by the U.S. Marshals Service identifies itself as having the closest, strongest signal, even though it doesn’t, and forces all the phones that can detect its signal to send in their unique registration information. Even having encryption on one’s phone, such as Apple Co. ’s iPhone 6 now includes, doesn’t prevent this process...
The program cuts out phone companies as an intermediary in searching for suspects. Rather than asking a company for cell-tower information to help locate a suspect, which law enforcement has criticized as slow and inaccurate, the government can now get that information itself. People familiar with the program say they do get court orders to search for phones, but it isn’t clear if those orders describe the methods used because the orders are sealed.
Also unknown are the steps taken to ensure data collected on innocent people isn’t kept for future examination by investigators. A federal appeals court ruled earlier this year that over-collection of data by investigators, and stockpiling of such data, was a violation of the Constitution.
This isn't exactly new. Harris' Stingray price list has AIRBRN-KIT-CONUS for sale for $9,000, dating back to 2008: https://info.publicintelligence.net/Harris-SurveillancePrice...
Here's a 2013 post on the so-called DRTBOX: http://electrospaces.blogspot.com/2013/11/drtbox-and-drt-sur...
And another blog post from 2013 saying "Immigration and Customs Enforcement (ICE) purchased $3 million worth of Stingrays over several years, and are purchasing airborne mounting kits for both drones and manned aircraft": http://gritsforbreakfast.blogspot.com/2013/03/bypassing-tele...
An earlier FOIA response from 2012: http://s3.documentcloud.org/documents/479397/stingrayfoia.tx... "The training will cover all of Harris Stringray ll operations from an airborne platform.-Specifically, four students are to attend this special training on three different software packages GSM, and CDM mobile handsets) for the Program... The schedule is more unpredictable due to a large portion of the training taking place in an aircraft."
To summarize: if you live in the U.S.[1], your cell phone info (IMSI etc.) has been slurped up by flying FedGov "dirtboxes" without your knowledge, stored in perpetuity, without any law passed by Congress explicitly authorizing this, in violation of the Constitution's Fourth Amendment, and at best authorized by a secret court order from a secret court. Sigh.
[1] I presume most of the HN US readers live in or near metro areas, and the WSJ article says the program covers "most of the U.S. population." Obviously if you're in Idaho or Alaska, you're less likely to be caught in this particular data vacuum cleaner.
by alexggordon on 11/14/14, 4:41 PM
Personally, one thing I like about open source software, is I can host pretty much whatever I want, whenever I want. If this development path continues, I'd imagine that eventually, if there might be some entrepreneuring cell company[0] that would simply encrypt it all anonymously.
Obviously, this would mean a few changes to the way we do things. For example, maybe instead of triangulating your cellular position in an emergency, iOS and Android could create a 'distress' api that would allow for emergency services to access your location, and then alert you with the status. To be honest, it would end up working in a similar way as Emergency and Amber alerts on your device[1].
Realistically, it probably won't happen like this, but if privacy won't be given to us, we need to take it.
[0] http://www.artemis.com/ [1] http://support.apple.com/en-us/HT5795
by fit2rule on 11/14/14, 8:53 AM
We, the free people, can build drones and we can also put wifi repeaters on them and we can - instead of sniffing things - actively participate in the construction and maintenance of wide open communication systems, for all to use. Everyone.
That is the other end of the scale of all this secrecy and control - there is another end of the NSA conundrum, and its all about open source. So, you know: getting your own local network started, and stop just 'consuming it' from the powers that be, is sort of a priority folks. If you don't want to have a secret oppressor, push to have fewer secrets kept in the world. Its a fact that the corruption of all governments begin with their secrets.
So .. as someone who has a fleet of small drones above his head right now, albeit sleeping while the lipo's charge, here is a technology I think should be pointed out that is a little less prone to snooping, and with the right kind of neighborhood, gives us all a great amount of freedom to communicate, nevertheless:
Snoop on that, Feds!
by ChuckMcM on 11/14/14, 4:37 AM
by fragsworth on 11/14/14, 7:33 AM
This is the go-to defense for surveillance secrecy. However, not discussing such matters allows criminal officials to abuse these powers without repercussion.
by coin on 11/14/14, 6:27 AM
by joering2 on 11/14/14, 2:24 AM
Knowing this is unconstitutional and if there are no government laws (shouldn't be right?) forbidding you from purchasing it, can I sue them if they refuse to sell me one?
Correct me if I'm wrong but putting this machine around Wall Street (given you know how to sell and buy stocks) would probably get you $9k back in less than a day, hm?
I still wonder though, if cellphones technology is secure and traffic encrypted, then how come can they listen to it? Wouldn't it be that Verizon or Apple had to give them some sort of keys to open the traffic and read it? (serious question)
by guelo on 11/14/14, 2:22 AM
by bickfordb on 11/14/14, 3:47 AM
If this is legal, why can't they just subpoena carriers for the tower census data?
by hindsightbias on 11/14/14, 7:31 AM
It was not on flighttrack, no ADS-B info, and too high to see the N number.
by higherpurpose on 11/13/14, 11:47 PM
Maybe do something like what these guys did, but I'm sure they can come up with even more comprehensive protections:
http://www.wired.com/2014/09/cryptophone-firewall-identifies...
by m0dest on 11/14/14, 7:27 AM
If so, should we expect that the carriers surrendered their keys to law enforcement to allow them to run fake cell towers that authentically emulate their networks?
by kalleboo on 11/14/14, 12:24 PM
by ck2 on 11/14/14, 6:17 AM
Not just for tracking but an "icbm" kind of drone. First for military use, then for domestic use like how the police always get military weapon, iris scanners, etc.
by somethingnew on 11/14/14, 6:01 AM
by drderidder on 11/14/14, 4:02 PM
by chatmasta on 11/14/14, 4:20 AM
by comrade1 on 11/14/14, 12:02 AM
And if there is indeed a unique id, can the fake cell take the id of a real cell and still work with the cellphone company, or would it need the cooperation of the cellphone company? (for example, the cell company would look at hops?)
I guess it's too much to hope that the cellphone companies would try to protect our privacy.
Maybe someday we'll have police running things similar to license scanners but for cellphone conversations. They'll drive around the city recording conversations to detect keywords for illegal activity (herb, drug, murder of crows, etc)
EDIT: actually, I don't think they need to hijack cellphone connections. They can just listen in - at least they used to be able to. We determined the identities of the bombers of our embassies in Africa in the late-90s through cellphone conversations through RC-135s flying along the Africa coast from Diego Garcia, and an intelligence gathering satellite that drags an antenna behind it.
by dang on 11/14/14, 1:25 AM
by drcoopster on 11/14/14, 1:17 AM