Forgot your password?
Privacy Government The Courts News Technology

FBI Taps Cell Phone Microphones in Mafia Case 274

Posted by Zonk
from the lots-of-conversations-about-merchandise dept.
cnet-declan writes "We already knew the FBI can secretly listen in to car conversations by activating microphones of systems like OnStar. A new Mafia court case suggests that the FBI can do the same thing to cell phones. The judge's opinion and some background information [pdf] are available for reading online. The most disturbing thing? According to the judge, the bug worked even if the phone appeared to be 'powered off.' Anyone up for an open-source handset already?" From the article: "This week, Judge Kaplan in the southern district of New York concluded that the 'roving bugs' were legally permitted to capture hundreds of hours of conversations because the FBI had obtained a court order and alternatives probably wouldn't work. The FBI's 'applications made a sufficient case for electronic surveillance,' Kaplan wrote. 'They indicated that alternative methods of investigation either had failed or were unlikely to produce results, in part because the subjects deliberately avoided government surveillance.'"
This discussion has been archived. No new comments can be posted.

FBI Taps Cell Phone Microphones in Mafia Case

Comments Filter:
  • by Yokaze (70883) on Saturday December 02, 2006 @07:46AM (#17079386)
    The poster of the story seems to be under the false impression that the FBI activated the mobile phone's integrated microphone. This would have been quite alarming. However, if he (or the original author) had read the affidavit correctly (as you probably did), he'd notice that they just bugged him. (Point 3: "[...] through a listening device placed in the cellular phone [...]").
  • by Anonymous Coward on Saturday December 02, 2006 @07:52AM (#17079414)
    Um, actually, i think thats exactly what they did. TFA says "a cellular telephone can be turned into a microphone and transmitter for the purpose of listening to conversations in the vicinity of the phone."..."remotely install a piece of software on to any handset, without the owner's knowledge, which will activate the microphone even when its owner is not making a call."

    they don't steal the phone and put in a microphone and the software to run it. They send the phone software over the cell net that activates the built-in microphone discretely.

    Maybe there should be a cellphone version of Little Snitch to guard against this kind of thing.

  • by Anonymous Coward on Saturday December 02, 2006 @07:55AM (#17079426)
    Due to the design of cell phones, it's actually very easy to modify a phone so that it gives a clear visual indication of whether it is transmitting or not.

    If, for whatever reason, your phone starts transmitting (be it on a call, or because the FBI have remotely activated it), then some LEDs can be configured to light or flash - providing clear visual feedback. This could be a bit more convenient than removing the battery except when needed.

    In fact, you can get the modification kits ready for use, for less than $5 - and installation, can take less than 30 seconds.

    These kits are more usually sold as novelties for 'ricing' phones, but they can also be used for serious purposes:
    Example kit []
  • My Opinion (Score:3, Informative)

    by iamdrscience (541136) <michaelmtripp@gmai[ ]om ['l.c' in gap]> on Saturday December 02, 2006 @08:01AM (#17079444) Homepage
    As someone who has on several occasions had to listen to my brother's phone pick up in his pocket without him realizing, I don't think this is much of a problem. If the FBI wants to listen to my pocket lint, more power to them.
  • by Anonymous Coward on Saturday December 02, 2006 @08:32AM (#17079564)
    there are actuially a few secret goodies available to the feds in many modern cell phones.

    First... Sat based GPS is NOT required in most cells phones to silently get perecise location, as per FCC device regulations and as per millions of dollars in levied and honored fines to lagging noncompliant cell providers.

    also part of underwraps subsections of ETSI LI spec framework for LI (Lawful Interception) hint at leveraging the E911 feature that makes a cell not be able to disconenct if a 911 operator toggles a cell phone into "stay online no matter what" mode. Heck, ive played with that mode once... had to rip out the battery! (no way to hang up). Technology was added to prevent poor signal drops during a 911 call, but then used to keep line open while victim is delirious or expiring. For docs, Just look for havesting all spec docs starting with S3LI03 prefix on the net. Or hang around Cryptome or usual places.

    Regarding the gocv tracking your movements in real time (if battery not removed from your non-GPS cell : 1996 the FCC defined a fancier "E911 Phase 2" for more precise ALI information to PSAPs using latitude and longitude information, and to identify a mobile caller's location within 125 meters (410 feet) 67% of the time to the PSAP. A PSAP is one of over 6,000 Public Safety Answering
    Points (PSAP), some route , some deal directly with initial public calls. FCC 97-402 CC Docket No. 94-102 rules (i.e., by October 1, 1996). besides the 34-bit Mobile Identification Number (MIN), being sent in Phase I of E911, the 34 bit MIN accepted a "call back' even without a valid phone number, as the 1996 regulation also stipulates that CELL PHONES WITH NO CONTRACT OR DORMANT DEVICES MUST HAVE FREE ACCESS TO 911 service, no matter what. The tracking protocol is indepentdant of billing accept/reject.

    To allow the cell to be detected within 410 feet WITHOUT GPS, cell phone towers use triangulation methods automated with cellular geolocation systems involving time difference of arrival (TDOA) and angle of arrival (AOA)

    As for REMOB mode of cell phone (remote observation) the details seem to be partially vender unique, but it is supected that the table is trivially assined via Mobile Identification Number (MIN) table lookup in REMOB snitch mode.

    PLEASE NOTE that the court documents allowing the voice tapping of the MAFIA suspect stated "OR OTHER MEANS". the "OR OTHER MEANS" is the non modified NON_ALTERRED original cell phone being merely set in a VOX mode for packet burst with simple threshold to sleep unless steady VOX activation, controlled partly by other terminal point. Otherwise battery of a modern cell will last only a few hours.

    I cannot believe all the fools in this thread that actually believe the FBI has ability to add devices INSIDE a modified cell phone. Yeah... like theres lots of empty space!!! The judges papers said OR OTHER MEANS and this other means is the REMOB mode. Similar to onstar silent snithc mode in cadillacs.

    If you really want to panic... the FBI buys the RFID scans of all the points on NY turnpike taht record car tire RFID that the TREAD act mandates to allow gov to uniquely track movements of all cars by untamperable chips in the tires... even at 90 miles and hour adn 12 feet away (though instaed of overpasses for RFID car tires as in parts of I-75, reading coils UNDER the pavement are used, as with the RFID tire impressions collected at canadian border customs booths.

    sorry for all the lazy typos. I am very tired. an i know that factual anon posts stay +0 until the FBI shills squelch them to -1 rapidly with there grooming accounts they use here to stifle agitatant insider posts like this one.

  • Re:In Soviet Russia (Score:3, Informative)

    by GnuDiff (705847) on Saturday December 02, 2006 @08:47AM (#17079614) Journal
    In fact, it did.

    As far as I remember, just after the collapse of the USSR, there were published some information about how KGB was able to activate the mics of "normal" old phones by activating the line from substation; so that the phone didn't ring, but the mic was getting enough current flowing through it to work.
  • by The Master Control P (655590) <`ejkeever' `at' `'> on Saturday December 02, 2006 @09:03AM (#17079676)
    All aboard the clue train, last stop is A.C.:

    FBI: "Judge, these guys are mafia and they're not falling for the typical eavesdropping routines."
    Judge: "Ok, try planting bugs in their cell phones." /signs warrant

    Not everyone trying to preserve their privacy is doing so for good reasons. The purpose of a warrant is to isolate the shitbags who are hiding something illegal before invading their personal lives. It's the 4th amendment: Reasonable suspicion that you're covering something up voids your right to privacy.
  • Not so new (Score:2, Informative)

    by oki900 (60161) on Saturday December 02, 2006 @09:17AM (#17079744)
    In the cell phreak/hack community this has been suspected for quite some time. It's also suspect that the GPS can be activated regardless of whether you have it set for 911 only or not. If you need total anonymity with a cell around the best thing is to remove the battery completely and if you are still paranoid place a 1k ohm resistor across the positive and negative terminals of the phone (not the battery) to drain the capacitors that may still hold a charge. Further you can remove the antenna which will greatly reduce or eliminate the transmission range of the phone.

  • by muellerr1 (868578) on Saturday December 02, 2006 @10:45AM (#17080096) Homepage
    Just because the Bush administration ignored the Constitution and broke the law does not change the fact that it IS the job of the courts to issue warrants for wiretaps. Just because wiretapping is so easy that the President authorizes it without a warrant does not make that authorization legal.

    Your argument that physical access and high cost made tapping phone lines legal is just weird. Just because the costs are lower and there's new technology shouldn't change the principle behind the wiretapping laws. With probable cause the FBI can get a warrant to take your computer, too. They can get a warrant to bug your office, and even hide a bug on you as in this cell phone case. Keeping the process transparent to the courts is critical to avoiding abuses, which is why Bush kept his illegal wiretapping secret. You're right about one thing: people will abuse power if they can get away with it. But again, just because they get away with it does not make it less illegal.

    I appreciate that some laws may be interpreted and are not always black and white, but in this case it's just the technology that has changed, and not the law. But good laws SHOULD be black and white because what good are legal grey areas? That's why the courts interpret the laws, to make them less grey.
  • Re:In Soviet Russia (Score:2, Informative)

    by CBob (722532) <crzybob_in_nj@yahoo. c o m> on Saturday December 02, 2006 @11:19AM (#17080262)
    Both sides have had that ability for quite some time now. Google "infinity transmitter", they used to be avail in kit form in the old Popular Electronics or Radio Electronics circa 1980-ish
  • Re:In Soviet Russia (Score:5, Informative)

    by Dun Malg (230075) on Saturday December 02, 2006 @11:27AM (#17080302) Homepage

    That also happened to some people I knew in the UK, the police monitored their house via their POTS phone. .

    I don't really see how that's possible. When the handset is on-hook, the microphone is disconnected. This is a requirement for BABT compliance.
    You are correct. The analog POTS system fully disconnects the microphone and speaker when on hook, as per design standards going back to the 1870's. It's not possible to listen in on-hook without modifying the phone. OP is either engaging in "urban legendry", or the incident took place before 1982, when BT still owned the entire phone system (including the sets themselves) and could believably send a technician 'round to "fix the phone".
  • Re:In Soviet Russia (Score:1, Informative)

    by Anonymous Coward on Saturday December 02, 2006 @12:22PM (#17080770)
    I think it worked by sending an RF carrier down the line that would be capacitively coupled accross the open switch contacts and modulated by the microphone.
  • by rickb928 (945187) on Saturday December 02, 2006 @12:53PM (#17081034) Homepage Journal
    Sorry, AC, but your post is mostly BS.

    - The T.R.E.A.D. act focuses on tire safety, identifying problems as soon as possible, and making manufacturers specifically responsible for safety and manufacture. It also specifies some research and standards for child safety seats. Go figure.

    - The T.R.E.A.D. act doesn't specify RFID tags. It does allow for rulemaking that might.

    - RFID tags in tires were probably first implemented by Michelin, to simplify inventory. They may have devised the embedded antenna to solve the problem of embedded tags failing to activate at distances greater than 3 inches. The antenna increases the range to about 24 inches.

    - Wal-mart may require RDIF tags on all merchandise, but I'm not sure the program is fully implemented yet.

    - The most important reason a tire shop wants your vehicle VIN number is for warranty info and to curb warranty abuse. It's that -duh- simple.

    I can't find any definitive info that AIAG B.11 is fully implemented. I can, however, find that B.11 is NOT fully implemented as late as 2004, where AIAG states that it is not fully adopted.

    Sorry, but the conspiracy isn't there yet. Nice try.

    ps- the post is pretty much verbatim from a 2000 blog. Sounds like more BS to me.
  • Re:In Soviet Russia (Score:2, Informative)

    by ei4anb (625481) on Sunday December 03, 2006 @01:25PM (#17090350)
    "The analog POTS system fully disconnects the microphone and speaker when on hook" at frequencies that the POTS system was designed to use, DC to 3000Hz. However if you use a HF signal, say > 2MHz, then the hook switch is an air gap capacitor and it is possible to monitor audio from the room. The HF signal must be injected directly onto the subscriber loop as close to the house as possible.
  • Re:In Soviet Russia (Score:3, Informative)

    by Gordonjcp (186804) on Monday December 04, 2006 @07:45AM (#17097546) Homepage
    Nope, that *still* doesn't work. The high frequency signal is shunted to ground by the sidetone choke - if you look there's a funny little transformer with three windings to make sure that you can hear yourself in the earpiece, but not too loud. Furthermore, even with the diodes on the regulator board (which *might* rectify the 2MHz AC), you still don't get much of a voltage across the microphone, and certainly not enough to prod it into life. Most BT "round dial" phones used carbon microphones, although latterly these started to be replaced by electronic ones with an electret mike and a small preamp. These actually needed around 6v to work properly, rather more than the carbon mikes!

Arithmetic is being able to count up to twenty without taking off your shoes. -- Mickey Mouse