Forgot your password?
typodupeerror
Cellphones Government Privacy The Courts United States

Surveillance Case May Reveal FBI Cellphone Tracking Techniques 57

Posted by timothy
from the public-records-act dept.
glittermage writes "The WSJ reports on an ongoing case about alleged 'Hacker' Daniel David Rigmaiden, regarding the government's tools used to track mobile devices with or without a warrant. The judge may allow Daniel to defend himself against the government's claims by putting the technology into the light. Sounds good to me."
This discussion has been archived. No new comments can be posted.

Surveillance Case May Reveal FBI Cellphone Tracking Techniques

Comments Filter:
  • by IamTheRealMike (537420) <mike@plan99.net> on Thursday September 22, 2011 @05:04PM (#37484618) Homepage

    Hrmm. There are several parts of the FBIs story here that aren't internally consistent.

    It's pretty well known by now thanks to Hollywood and TV shows that police can track mobile phones by triangulating signal strengths at different cell towers. Heck, phones do it themselves these days. The fixes can be fairly accurate in urban areas. There's no need for the phone to be making a call in order to be traced this way, because as the article points out, towers can talk to the phone any time they want.

    Presumably, phone companies require a warrant of some kind before performing this type of trace. This leads me to wonder if fake base stations like the Stingray devices have any use at all beyond avoiding phone companies legal processes. I could buy the explanation that a fake base station lets you get slightly more accurate fixes on the phones location, except that apparently even with these devices the best they were able to get was to a particular apartment block and they had to do old fashioned detective work to get closer. "Nearest block" is about as good as modern smartphones can do by themselves.

    There are a few other puzzlers in there. The government claim they can't reveal the devices capabilities without compromising future investigations, and then go on to state quite clearly that the devices can't intercept calls or data and that's why they don't feel they need a proper search warrant. This makes sense. Some kind of roving fake base station in an FBI van wouldn't be able to route calls successfully. And the GPRS/3G protocols don't terminate data encryption at the base station, but rather further back in the core network. But that implies the person being traced would be able to notice - if the data connection stops working, or calls fails to place, it could be a sign you're being traced. Time to switch the phone off. That could even be automated by a smartphone app. Is that trivial workaround what they're afraid of?

    Another puzzler. The 3G/UMTS protocols have the handset authenticate the network exactly to protect against fake base station attacks. How does the StingRay device handle this? Presumably, the major networks have all been required to hand over their root keys/certs so the FBI can emulate them. It makes you wonder how secure these keys can really be, if there are cops running around with the keys inside a box. If one of these devices got lost or was somehow sold to the wrong people, how hard would a key rotation be? Presumably you'd have to replace the SIMs? Again, this seems like a lot of problems that could easily be avoided by tracing the target device with the direct co-operation of the phone companies.

    I'd like to think there's a purely technical reason for the use of these things, but given the FBIs prevarication over exactly what kind of warrants they are getting, I'd be worried it's more a legal dodge.

  • Re:LEO Only? (Score:5, Insightful)

    by Khopesh (112447) on Thursday September 22, 2011 @05:06PM (#37484634) Homepage Journal

    From TFA:

    According to a Harris document, its devices are sold only to law-enforcement and government agencies.

    Harris isn't the only one building these (other brands look a lot less like 1960's era gear) and we don't have assurances from these other manufacturers that they aren't being sold to private individuals or investigative firms.

    We also don't have assurances that this can't be built by enterprising criminals. In another few years, home-brewed equivalent devices will likely be easy to make, thus empowering criminals, overprotective parents, and wannabe stalkers. If a warrant is not required, doesn't this mean that this technology fair game for anybody to use?

    Better to have the technology exposed and patch the security hole, then consider a warrant-requiring backdoor for law enforcement (i.e. use the existing providers' antennae rather than shelling out the money for taxpayer-funded stalkers in vans).

  • by Dunbal (464142) * on Thursday September 22, 2011 @05:09PM (#37484672)
    Owned by News Corporation, talks about hacking. Pot, kettle, black.
  • by hairyfeet (841228) <bassbeast1968@gma i l . com> on Thursday September 22, 2011 @08:03PM (#37486384) Journal

    I'm sorry but didn't you get the memo? The government has been just as nasty as any other bad guy for a number of years now, and hadn't paid attention to that little piece of paper called the constitution since Hoover and COINTELPRO [wikipedia.org]. I mean when they went so far as to drug and execute an American on American soil [wikipedia.org] because he advocated views the government didn't like? I'd say all bets are off after that comrade.

    And I'd be worried about that whole "catch a pedo" remark too, as that is how they ramrod new nasty laws into effect, by saying its to "save the children/protect us from terrorists" For example just look at the guy now in jail for writing the "pro pedo' book, no children touched, no pictures, just his thoughts on a page. Seems I remember someone writing about a time when people will be arrested for thoughts somewhere, or for one the feds pull how about how they set up "pedo honeypots" but then didn't bother capturing the fricking referrer so that if some troll rickrolled you with a link to that site you could be in jail right now! Hell if I remember correctly the judge even ruled that it didn't matter that there was no actual CP anywhere on their honeypot because simply accessing the site was proof of intent!

    So I'm sorry friend, but the government has been evil and/or batshit insane for quite awhile now. Presidents and politicians come and go, but the three letter guys? They are always there, with too damned little oversight (if there is any at all) and too damned much power. I wish I was a tinfoil hatter, but anyone who has watched the moves this country has been doing for the past couple of decades and which accelerated like mad after 9/11 knows they are drunk on power and rules don't seem to matter much anymore.

Entropy requires no maintenance. -- Markoff Chaney

Working...