FBI's Smartphone Surveillance Tool Explained In Court Battle 168
concealment writes with news that a court battle has brought to light details on how the FBI's "stingray" surveillance tool works, and how they used it with Verizon's help to collect evidence about an alleged identity thief. Quoting:
"Air cards are devices that plug into a computer and use the wireless cellular networks of phone providers to connect the computer to the internet. The devices are not phones and therefore don’t have the ability to receive incoming calls, but in this case Rigmaiden asserts that Verizon reconfigured his air card to respond to surreptitious voice calls from a landline controlled by the FBI. The FBI calls, which contacted the air card silently in the background, operated as pings to force the air card into revealing its location. In order to do this, Verizon reprogrammed the device so that when an incoming voice call arrived, the card would disconnect from any legitimate cell tower to which it was already connected, and send real-time cell-site location data to Verizon, which forwarded the data to the FBI. This allowed the FBI to position its stingray in the neighborhood where Rigmaiden resided. The stingray then "broadcast a very strong signal" to force the air card into connecting to it, instead of reconnecting to a legitimate cell tower, so that agents could then triangulate signals coming from the air card and zoom-in on Rigmaiden’s location. To make sure the air card connected to the FBI’s simulator, Rigmaiden says that Verizon altered his air card’s Preferred Roaming List so that it would accept the FBI’s stingray as a legitimate cell site and not a rogue site, and also changed a data table on the air card designating the priority of cell sites so that the FBI’s fake site was at the top of the list."
Ok..So verizon has shown they cant be trusted.. (Score:5, Insightful)
Issuing a custom radio firmware for a data only device, so that it responds to a telephone network signal demonstrates that verizon is willing to place nonstandard firmware on devices on their network, for the express purposes of aiding investigations that lack proper warrants.
This is a very bad thing Verizon. A Very Bad Thing.
Don't underestimate the impact that losing public confidence can have on your business. Being so self-conceited as to feel that you don't have to worry because you have cornered the market would only add fuel to the fire.
Plan you PR damage control messages carefully. Smile, you're on candid camera.
Re:Ok..So verizon has shown they cant be trusted.. (Score:4, Insightful)
While I really agree with what you are saying... The market has not demonstrated that it cares about this type of behavior. Joe Six Pack continues to pile on more and more devices onto the Verizon network without a second thought to privacy. If you think I'm wrong look at the 6-strike rule in their Internet business... This hasn't hurt them one bit.
The average person simply doesn't understand the behinds the scenes technology well enough to care.
technology vs law (Score:3, Insightful)
Ok, so this is a guy who does identity fraud.
I'm not crying for him
He's lucky to even have access to due process as far as I'm concerned However, that your very own devices can be used against you in such ways, which means that the trust you have in your provider is broken, seems unethical.
If the FBI and/or other agencies require such abilities, perhaps then, companies such as Verizon should place this in their contracts something like "authorities can use your devices to track you and/or use your data for any of their investigations as they see fit".
Transparency would be nice.
All I know is that, I've got nothing to hide, so I don't care, but, for those who do, they may have to switch to another provider....
Re:technology vs law (Score:2, Insightful)
Then you, sir, deserve to be dragged off in the night and charged without due process.
Everybody deserves due process, or you cease to be a free society. And the "you have nothing to fear if you have nothing to hide" is the lament of cowards and fascists.
Fuck you you worthless sack of shit. You're part of the problem of tacitly accepting it as okay when your government breaks the laws.
Re:Ok..So verizon has shown they cant be trusted.. (Score:5, Insightful)
"The trouble with fighting for human freedom is that one spends most of one's time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all."
H. L. Mencken
Re:Ok..So verizon has shown they cant be trusted.. (Score:1, Insightful)
Now if you'd like to argue that a warrant should never have been issued...
(I am aware of the other posters that have pointed out that no warrant was actually issued. However, since you made no mention of that, one must read your post as you arguing against the actions of the FBI despite them having a warrant.)
Re:Supply Chain Attack (Score:3, Insightful)
So you're saying we should all run FSF approved operating systems?
Even then, unless you intend to audit several billion lines of code of a variety of packages, and understand it well enough to discover flaws that give a 3rd party control over you or your information, you're still trusting someone else that it's safe.
Re:Holy crap ... (Score:5, Insightful)
It's a little more complicated than that.
It seems Verizon pushed an update to his specific wireless card. This update allowed it to receive phone calls, thus allowing them to "ping" him in particular. It also set the preferred tower list so that the stingray would always be connected to first.
The fun thing is that by modifying his wireless card, the FBI has "planted" a tracker on him. That requires a warrant. If this guy was such a big deal, then it shouldn't have been hard to get the warrant. The problem is the FBI didn't want anyone, even the judges, to know what cards they held. So even when they got there court order, it wasn't a warrant, and they misled the judge who issued the order. That's a big no no.
Re:Ok..So verizon has shown they cant be trusted.. (Score:4, Insightful)
But the perp in question was an identity thief who had activated the device in the victim's name. In this case, the victim technically 'owns' the service/device, right? How can you claim that the FBI/Verizon violated the thief's 'private property' when it was fraudulently bought/activated in the victim's name?
If the victim gives permission for the FBI/VZW to track the device that's in his/her name, that's good enough for me. If someone stole my identity to activate service, I'd be begging for them to track the fucker down. After all, I'm the legal account holder, whether I like it or not.
You say that 'Verizon does not own the aircard' but neither does the identity thief, dammit! The victim does!