Surveillance Case May Reveal FBI Cellphone Tracking Techniques 57
glittermage writes "The WSJ reports on an ongoing case about alleged 'Hacker' Daniel David Rigmaiden, regarding the government's tools used to track mobile devices with or without a warrant. The judge may allow Daniel to defend himself against the government's claims by putting the technology into the light. Sounds good to me."
Or not (Score:4, Interesting)
The judge could just as easily deny him an opportunity to defend himself based on unspecified "national security" fears.
Re: (Score:2)
From a technical point of view what can be done is to trace cell-towers and cells that his phone has accessed and do a rough estimation of his location.
However if you are indoors in rural areas you can get rather weird results in location-handling since your phone isn't omni-directional but only sees towers in certain directions, which can make it appear that you are 10 miles off from where you actually are.
And it's fairly easy to detect this on some devices - it's just a question of sending some "AT" comma
Re: (Score:1)
from TFA:
A stingray works by mimicking a cellphone tower, getting a phone to connect to it and measuring signals from the phone. It lets the stingray operator "ping," or send a signal to, a phone and locate it as long as it is powered on, according to documents reviewed by the Journal. The device has various uses, including helping police locate suspects and aiding search-and-rescue teams in finding people lost in remote areas or buried in rubble after an accident.
Re:Or not (Score:4, Interesting)
Civics homework: Defend your position on how the 4th amendment [wikipedia.org] protects/allows cell phone tracking of suspected criminals.
Re: (Score:2)
Is there a reasonable expectation of privacy as it relates to what towers your phone connects to (and if it will connect to a spoofed tower?).
I.e. Postcard vs. Letter.
Is connecting to the cell tower analogous to sending a postcard? The voice call equivalent to a letter in an envelope?
-nB
Re: (Score:2)
Is there a reasonable expectation of privacy as it relates to what towers your phone connects to (and if it will connect to a spoofed tower?).
I.e. Postcard vs. Letter.
Is connecting to the cell tower analogous to sending a postcard? The voice call equivalent to a letter in an envelope? -nB
The difference is that someone would have to happen upon a Postcard (unless they were specifically looking through the person's mail), which happens to have their name and address. Doing the same on a cell tower with lots of data requires a bit of cross checking to come up with the individual in question. Determining where they are based on multiple cell towers is even more involved.
Re: (Score:2)
It's not like a postcard. This is actually more like entrapment. They didn't simply monitor his cell device, they actively asked it to betray him.
On its face it sounds similar to the police sending you a letter saying "Congratulations, Mr. networkBoy! You have won a cash prize of at least $10 from the 'Get What's Coming To You!' lottery! Show up at 123 Main St at noon on Friday the 13th to claim your prize, and be prepared to show a photo ID", paying you $10 for arriving and presenting your ID, bringing y
Re: (Score:2)
Do you have an expectation of privacy when broadcasting signals? No. Of course not. And that's why, despite the USA's stupid laws, we encrypt our radio communications.
But it should be reasonable to expect the company selling you an encrypted phone not sell you out without a warrant.
Without the phone company identifying your phone for the snoopers you wouldn't stand out from the other anonymous devices. And because they refuse to use DOS-resistant protocols (ie, the phone only answering location queries from
Re: (Score:1)
Re: (Score:2)
Re: (Score:3)
LEO Only? (Score:3)
From TFA:
According to a Harris document, its devices are sold only to law-enforcement and government agencies.
Harris isn't the only one building these (other brands look a lot less like 1960's era gear) and we don't have assurances from these other manufacturers that they aren't being sold to private individuals or investigative firms.
Re: (Score:2)
Without a warrant it's all illegal wiretapping IMO.
Re: (Score:2)
Well the FBI say not. From TFA:
A spokeswoman with the Bureau of Criminal Apprehension in Minnesota says officers don't need to seek search warrants in that state to use a mobile tracking device because it "does not intercept communication, so no wiretap laws would apply."
The big question is: if the device works as advertised by faking a basestation, pinging the phone and measuring the returned signal level, but does not intercept voice or data traffic, is that a wiretap?
Re: (Score:2)
That depends. If they use it to track a citizen, then naturally, it is not. If a citizen uses it to track law enforcement personnel, then naturally it is a wiretap and probably a dirty bomb while we're at it.
Re:LEO Only? (Score:5, Insightful)
From TFA:
According to a Harris document, its devices are sold only to law-enforcement and government agencies.
Harris isn't the only one building these (other brands look a lot less like 1960's era gear) and we don't have assurances from these other manufacturers that they aren't being sold to private individuals or investigative firms.
We also don't have assurances that this can't be built by enterprising criminals. In another few years, home-brewed equivalent devices will likely be easy to make, thus empowering criminals, overprotective parents, and wannabe stalkers. If a warrant is not required, doesn't this mean that this technology fair game for anybody to use?
Better to have the technology exposed and patch the security hole, then consider a warrant-requiring backdoor for law enforcement (i.e. use the existing providers' antennae rather than shelling out the money for taxpayer-funded stalkers in vans).
Re: (Score:3)
Re: (Score:2)
Flying drone can crack wifi networks and snoop on cell phones [forbes.com]
They would be handy if there is a power outage, then you could fly a whole squadron of them over a city and create a new cellphone network.
They could always just use this - LEGALLY (Score:1)
http://www.spyanycellphone.com/ [spyanycellphone.com]
I'm not a shill. Just had a great laugh over this advertised website at the bottom of TFA. The kind of thing you must share with the rest of the cubefarm residents.
Re: (Score:2)
For example:
Easy-Cell-Phone-Spy
Is Compatible with
Macron Overlord
Re: (Score:3, Funny)
Re: (Score:2)
Same with British Intelligence & Wiretaps (Score:2)
You can be bugged very easily. A sound bug can be no bigger than a pin, but it is not necessary to plant one. Directional microphones are very effective, and can be used from several hundred metres away if necessary, but it is much easier to use the telephone. Either a home landline or a mobile can be remotely activated to serve as a microphone, bugging the room even though the handset is down, or the mobile switched off. The resulting sound can be cleaned up to surprising quality."
The FBI apparently uses similar technology that they call a "roving bug" [cnet.com]. Apparently this is the big secret that they don't
Re: (Score:2)
Either a home landline or a mobile can be remotely activated to serve as a microphone, bugging the room even though the handset is down
Certainly not POTS? I wasn't aware they could remotely close your circuit to make you appear off the hook.
Re: (Score:2)
Re: (Score:2)
They can on some phones.
Not sure about all, or newer ones. In the former USSR this was commonplace. I have some Bell rotary phones (setup a basic three phone partyline as an intercom with them) that relied on this ability to work properly.
(Kids love the partyline BTW).
-nB
Re: (Score:1)
In the former USSR this was commonplace.
In the former USSR it was believed to be commonplace, however it was technically impossible.
The 30V loudspeakers connected to the local radio, on the other hand, were perfectly usable as microphones, and I would guess, some lucky KGB agents found such speakers in a mode suitable for listening. But everyone over the age of 15 knew that it's possible -- those speakers were commonly used as microphone replacement in home recording.
Turned off? (Score:2)
Re: (Score:2)
Interesting end run (Score:5, Insightful)
Hrmm. There are several parts of the FBIs story here that aren't internally consistent.
It's pretty well known by now thanks to Hollywood and TV shows that police can track mobile phones by triangulating signal strengths at different cell towers. Heck, phones do it themselves these days. The fixes can be fairly accurate in urban areas. There's no need for the phone to be making a call in order to be traced this way, because as the article points out, towers can talk to the phone any time they want.
Presumably, phone companies require a warrant of some kind before performing this type of trace. This leads me to wonder if fake base stations like the Stingray devices have any use at all beyond avoiding phone companies legal processes. I could buy the explanation that a fake base station lets you get slightly more accurate fixes on the phones location, except that apparently even with these devices the best they were able to get was to a particular apartment block and they had to do old fashioned detective work to get closer. "Nearest block" is about as good as modern smartphones can do by themselves.
There are a few other puzzlers in there. The government claim they can't reveal the devices capabilities without compromising future investigations, and then go on to state quite clearly that the devices can't intercept calls or data and that's why they don't feel they need a proper search warrant. This makes sense. Some kind of roving fake base station in an FBI van wouldn't be able to route calls successfully. And the GPRS/3G protocols don't terminate data encryption at the base station, but rather further back in the core network. But that implies the person being traced would be able to notice - if the data connection stops working, or calls fails to place, it could be a sign you're being traced. Time to switch the phone off. That could even be automated by a smartphone app. Is that trivial workaround what they're afraid of?
Another puzzler. The 3G/UMTS protocols have the handset authenticate the network exactly to protect against fake base station attacks. How does the StingRay device handle this? Presumably, the major networks have all been required to hand over their root keys/certs so the FBI can emulate them. It makes you wonder how secure these keys can really be, if there are cops running around with the keys inside a box. If one of these devices got lost or was somehow sold to the wrong people, how hard would a key rotation be? Presumably you'd have to replace the SIMs? Again, this seems like a lot of problems that could easily be avoided by tracing the target device with the direct co-operation of the phone companies.
I'd like to think there's a purely technical reason for the use of these things, but given the FBIs prevarication over exactly what kind of warrants they are getting, I'd be worried it's more a legal dodge.
Re: (Score:3)
If the thing tricks phones into thinking it's a tower, how many 911 calls fail (with fatal results) while the FBI hunts for a tax cheat?
Re: (Score:3)
Another puzzler. The 3G/UMTS protocols have the handset authenticate the network exactly to protect against fake base station attacks. How does the StingRay device handle this? Presumably, the major networks have all been required to hand over their root keys/certs so the FBI can emulate them.
Not necessary. It goes something like this:
Cellphone found.
Re: (Score:1)
The 3G/UMTS protocols have the handset authenticate the network exactly to protect against fake base station attacks.
For GSM, this is not the case -- handsets do not authenticate the towers they're connecting to. It's trivial to become the loudest tower and get the phone to switch over to you... but there are technical hurdles around connecting back to the wireless carriers and getting calls / SMS to work correctly in both directions.
Re: (Score:1)
Presumably, phone companies require a warrant of some kind before performing this type of trace
That's a pretty big assumption there. The government will do everything it has the capability to do unless it is explicitly prohibited from doing it. That's partially because when you really get down to it on a personal level, some guy just wants to do his job, and isn't really thinking of the overall implications.
However, the majority of the blame lies on people who erroneously believe and accept as justificati
Re: (Score:2)
I would guess, the device is actually very primitive -- it either:
1. Acts as RF man in the middle between the phone and tower. Since it can't get identifying information, someone has to make a very short phone call that will be dropped immediately after they noticed that connection is established (and that is a BIG SECRET they are trying to protect).
2. Forces fallback into an unencrypted or weakly encrypted mode (and then BIG SECRET is that the device is actually perfectly capable of intercepting conversati
The Wall Street Journal (Score:5, Insightful)
Messing w/ a hacker (Score:1)
Well, what did they expect?
They aren't trying to catch a pedo here, but somebody w/ the knowledge to break into computer systems. Of course he will challenge the law in every single manner he can think of to win his freedom. You can call it an attempt to get off the hook, except what the FBI is doing is in violation of the 4th by not obtaining legal permission to use their technology and furthermore it's unethical, these people are paid to protect us, not spy on us, if I need protection that only the FBI
Comment removed (Score:4, Insightful)
If you dont want anyone to know about it... (Score:1)
don't build it.
Charlie Savage's NYT article today is similar (Score:3)
Charlie Savage reports for the New York Times on intelligence gathering. He has an article today [nytimes.com] that dovetails nicely into this Wall Street Journal article. Savage reports that two senators are concerned that the government is using secret means to surveil US citizens based on a ruling from the FISA court -- rulings that are secret. This is tantamount to having a secret law; something that is anathema to the Constitution.