Unredacted User Manuals Of Stingray Device Show How Accessible Surveillance Is (theintercept.com) 95
The Intercept has today published 200-page documents revealing details about Harris Corp's Stingray surveillance device, which has been one of the closely guarded secrets in law enforcement for more than 15 years. The firm, in collaboration with police clients across the U.S. have "fought" to keep information about the mobile phone-monitoring boxes from the public against which they are used. The publication reports that the surveillance equipment carries a price tag in the "low six figures." From the report:The San Bernardino Sheriff's Department alone has snooped via Stingray, sans warrant, over 300 times. Richard Tynan, a technologist with Privacy International, told The Intercept that the "manuals released today offer the most up-to-date view on the operation of" Stingrays and similar cellular surveillance devices, with powerful capabilities that threaten civil liberties, communications infrastructure, and potentially national security. He noted that the documents show the "Stingray II" device can impersonate four cellular communications towers at once, monitoring up to four cellular provider networks simultaneously, and with an add-on can operate on so-called 2G, 3G, and 4G networks simultaneously.
Re:Slippery Slope (Score:5, Insightful)
How about unreasonable search and seizure? How about due process? How about manufactured evidence? Is using the spectrum like this even legal? Aren't they violating the licensing laws of the spectrum?
If they went to get a warrant, and asked the cell companies to give them the data, that would be legal. We can't allow them to trample on our freedoms and liberties because its inconvenient for them to go through the process the american people have approved. There is no consent of the governed here.
Re: (Score:2)
First and foremost: I completely agree.
Now devils advocate:
How about unreasonable search and seizure?
Your choice to broadcast your signal gives implicit rights for them to read the signal, much like your choice to place your garbage into the county provided can on the curb.
How about due process?
See above, there is not a due process violation if all they are doing is processing through the signal you sent.
How about manufactured evidence?
There is a chain of custody to be followed, manufactured evidence would require breaking a seal on the device, much like a radar gun.
Is using the spectrum like this even legal? Aren't they violating the licensing laws of the spectrum?
One would hope they got a licence
Re:Slippery Slope (Score:4)
First and foremost: I completely agree. Now devils advocate:
How about unreasonable search and seizure?
Your choice to broadcast your signal gives implicit rights for them to read the signal, much like your choice to place your garbage into the county provided can on the curb.
No. There is a reasonable expectation of privacy. What about the privacy of the company who has licensed or purchased the spectrum? The signal is in their possession, and the government just trampled it like a heard of bison running over a bunny. Fuck no. Thats what warrants are for.
How about due process?
See above, there is not a due process violation if all they are doing is processing through the signal you sent.
Again, no. In court, if I can't inspect the device that grabbed what they *THOUGHT* was my signal, how could I defend myself? These law enforcement toys are secret, beyond discovery from defense attorneys. So how can you question the charges, or face your accuser, which you are allowed to do. Imagine for a moment that there is a bug in the logging software, and it reports your phone as the one trying to hook up with the 13 year old middle schooler. Just, fuck no. Again. Due Process.
How about manufactured evidence?
There is a chain of custody to be followed, manufactured evidence would require breaking a seal on the device, much like a radar gun.
Not what I was saying. What about "we can't let them know about how we learned about this, so lets say he logged into a bogus website, and generate some logs.
Is using the spectrum like this even legal? Aren't they violating the licensing laws of the spectrum?
One would hope they got a licence from the FCC. *snort* (sorry, couldn't keep a straight face on that one)
Seriously though, the same argument that has been set forth about using open WiFi APs and even breaking WEP/WPA to use APs that are broadcasting past a property line apply here with your phone and any cleartext that is sent / cyphertext that is broken.
I'm happily in a state where a warrant is required to use one of these... not that I think they are used anyway, but at least if there is no warrant the evidence is inadmissible and via poisoned fruit any evidence looked for because of one of these also becomes inadmissible (i think).
-nb
This is not that. In those scenarios, your listening. These devices talk and impersonate cell towers. They are broadcasting in that spectrum which a company has purchased outright. They do so against those licenses. Now wipe that smirk off your face, and get off my lawn!
Re: (Score:2)
Re: (Score:2)
The manual is ... (Score:1, Flamebait)
Re: (Score:2)
Re: The manual is ... (Score:1)
Project name vs Public name.
Everyone should be forced to obey the law. (Score:5, Insightful)
It is the beginning of the end for society as a whole if no one cares if the police obey the law. The Sheriff of San Bernadino should face charges for unlawful surveillance.
Re:Everyone should be forced to obey the law. (Score:4, Interesting)
(I think the answer the the last one is parallel construction, which itself is legally bankrupt)
Re: Everyone should be forced to obey the law. (Score:3)
A search warrant would not empower a cop to violate federal comms law.
Re: (Score:2)
Re: (Score:2)
"A search warrant would not empower a cop to violate federal comms law."
The 4th amendment allows the police to perform "searches and seizures" with a "Warrants" which otherwise would be considered "unreasonable"
Re: (Score:2)
But, the warrant doesn't get them around illegal use of cellular spectrum that is only authorized to certain companies by the FCC. There is no loophole in the law for police misuse.
I would love to meet the product developers... (Score:4, Interesting)
...and ask them whether they regard themselves as activists against the principles of their country's Constitution, or whether they believe they're only following orders, i.e. that the known way in which their product will be put to use is "not my dept.".
Re: (Score:2, Insightful)
Re: (Score:3)
Re: (Score:1)
If you can get a job developing Stingray software/hardware, you can get a job for less money doing something less ethically abhorrent.
Class warfare rhetoric used to be used to encourage people to strike in the face of unacceptable labor practices. Now it's turned into a hopeless lament: "Well, we gotta do what we're told or we'll be out on the street."
Re: (Score:2)
If you can get a job developing Stingray software/hardware, you can get a job for less money doing something less ethically abhorrent.
I must ask, is the problem with the devices or how they are used? If used only after a warrant has been obtained would people still be outraged over these devices?
Also, these Stingray devices are made of a bunch of parts, everyone with a different use. Are the people that make the capacitors in these things somehow responsible? Even the software in these things were likely derived from code used in legitimate cell phone towers. I find it real hard to draw a bright line that separates the ethical and une
Re: (Score:3)
I must ask, is the problem with the devices or how they are used? If used only after a warrant has been obtained would people still be outraged over these devices?
To me, the root of the problem is the devices. The way the Stingray works is by tricking all cell phones within range to connect to the Stingray instead of the legitimate cell tower. The very nature of this design means innocent peoples' phones, people who are not the subject of any warrant, are going to have their communications illegally intercepted. You might have a warrant to tap Bob's phone, but when you park your nondescript van in Bob's neighborhood and turn on your Stingray, his neighbors' phones ar
Re: (Score:2)
Re: (Score:2)
Re: I would love to meet the product developers... (Score:1)
That's like asking a professional hitman what his motivation is.
Surprised face on (Score:4, Informative)
It's a software defined radio. See Range Networks for similar, MUCH cheaper equipment (also not a dumbed down). Also GNU radio.
Re: (Score:3)
Also OpenBTS
Re: (Score:3)
These manuals should give very good guidance on how to build an anti-Stingray device. Or pro-privacy device. Call it what you want.
Re: (Score:2)
How would that possibly help when the Stingray can monitor all calls in an area, regardless of imei? They don't identify by imei. These are used for snooping, rarely for actual legal policework. In fact, it's thrown out of court more than it's used in court.
Re:Surprised face on (Score:4, Insightful)
Or how about our OWN stingray type devices?
Imagine the chaos if you're tracking an IMSI and it's passing through several stingray devices - yours, and half a dozen others. Since each is pretending to the uplink of the next, the actual location of the phone in question can be quite a distance away. And if you're monitoring the location of the signal, you're just getting the next stingray in line.
Re: Surprised face on (Score:2)
Alternatively, run an anti-stingray device that scrambles everyone's IMEI and IMSI upstream. The towers will know to reject it, but the stingray device won't.
It might be possible to detect the stingray and only activate when it's in use.
Hey, that's not nice! (Score:1)
I'm a dirty florist in a Transit van.
Re: Which planet? (Score:1)
Trump will release his tax returns when the voluntary action buys him more than giving up his privacy loses.
Nobody has a right to his tax returns but the IRS, so there is no real reason for him to release them. The same goes for Hillary and her health records. The difference between the two is that Hillary's health is visibly bad, and Trump's finances are visibly good.
Re: (Score:2)
Trump's finances are visibly good.
Which is why we need to see how he got to this position. It would be extremely naive to assume wealth is an indicator of honesty.
iManual (Score:3)
Harris declined to comment. In a 2014 letter to the Federal Communications Commission, the company argued that if the owner’s manuals were released under the Freedom of Information Act, this would “harm Harris’s competitive interests” and “criminals and terrorist[s] would have access to information that would allow them to build countermeasures.”
Well then just print a manual and give it to us, then burn your copy. We'll keep our copy safe, so no terrorists will ever be able to read the manual. At least that's what Apple was asked to do.
Comment removed (Score:5, Insightful)
Re:Handy guide for law enforcement. (Score:4, Insightful)
And it's almost always wire fraud. Committed by the police.
Re: (Score:1)
Shouldn't that be "wireless fraud"?
Thanks folks, I'll be here till Thursday. Try the veal!
It must be obsolete. (Score:1)
If we are seeing this, then the product is no longer in use and is obsolete. "Law enforcement" has something better now.
We need international standards of law enforcement with accreditation and continual audit by civilian authority.
As long as "law enforcement" remains unaccountable to the people, then our democracies mean nothing and are completely irrelevant.
Re: (Score:2)
Mapping and voice, later connected PC or device ready malware pushdown, voice prints its all ready for any local aspirational police force to rent and upgrade into
Re: It must be obsolete. (Score:2)
It is. At least, the iDEN part is. That was the Motorola/Nextel proprietary trunked radio protocol.
And it's fine because they're cops (Score:5, Interesting)
For anyone else using this sort of device it would be an illegal wiretap, an FCC violation for unauthorized use of spectrum, interfering with a public utility, copyright violation, DMCA violation, vandalism, reckless endangerment (hey, 911 doesn't work when this is on y'know), interfering with emergency services, intent to commit identity fraud, computer misuse and a unauthorized use of computer equipment violation. Possibly even terrorism...sure, let's throw terrorism in there for good measure. Total sentence: 5x Infinity years, served consecutively. No chance of parole. Leave your human rights at the door.
For the cops?...they switch this on before breakfast each morning. Assuming they didn't forget to switch it off the night before.
Technical Controls (Score:5, Insightful)
If police can do it, so can "the bad guys". Why aren't there better technical barriers in place to prevent this sort of thing? If this snooping is illegal, that's a great first step, but why are these devices even able to work? Are the mobile carriers working with law enforcement to enable these devices, or just indifferent to it?
When it came to light that law enforcement was abusing their power by indiscriminately snooping on internet traffic, we started to see more websites use encryption (birth of Let's Encrypt). When it came to light that law enforcement was abusing their power regarding accessing information stored on a phone, we started to see widespread use of device encryption (Android and iOS now encrypt by default). Is StringRay abuse the precursor to the next iteration of mobile security?
Re: (Score:1)
Currently, all phones must authenticate themselves to the tower, all we need is for towers to also authenticate back to the phone.
Re: (Score:2)
Come now.... Deep breaths little one, it'll be OK....
New standard, one of the revisions of LTE or 5G perhaps?
In a fault situation, what do you think happens?
With the overlap of cell towers, that cell would either automatically shut down for adjacent cells to pick up the load, or it would be shut down by the NOC.
The larger question is, how do you authenticate a tower? PKI? Does the SIM contain the cell network's root cert as well as it's cert from the HLR?
Home Location Register, in GSM terms, there's a cert
Re: (Score:2)
Same as in the 1980's handover from tower to tower as quickly and cheaply as possible from any telco perspective.
But with this the device is static or on the move and any cell phone thinks its time to hand over to the new device thats a bit stronger than the last cell tower.
Re: Technical Controls (Score:2)
Right now? The phone generally complains about the lack of encryption. Same thing that happens when you go to a site with an invalid SSL certificate.
Grandma may still click "Continue", despite the warnings, but the people who care will have the info they need to make an informed decision.
Re: (Score:1)
The snooping is designed into the standards. Seriously. I don't mean just the lawful interception interfaces. The standards themselves are breakable on purpose.
Re: (Score:2)
I believe LTE does prevent a lot of the snooping. Part of the problem is that things evolved from really old-ass standards and so security was not always the consideration it should be. I mean remember that the original cell network:
1) Was all unencrypted analogue, the only thing preventing people from listening in was not having a radio that could tune the frequencies.
2) Had all kinds of odd shit related to compatibility with the old PSTN.
It was not even remotely secure. However, it was what we could do wi
Re: (Score:2)
If you want to be a telco you have to ensure your network is wiretap friendly in the gov fine print.
A network that keeps the users, the press out but allows the NSA, GCHQ, state, city police to collect it all is the telco set standard.
The equipment between nations could also support encryption but its all kept in plain text so the security services can collect it all.
City police forces to the NSA
Re: (Score:2)
Re: (Score:2)
If police can do it, so can "the bad guys".
Aren't they the same thing?
liberties etc.... (Score:2)
For 15 years.... (Score:1)
Anyone would think something significant happened 15 years ago :(
Will no one think of the children / terrorist threat...
Re: (Score:1)
If we cared we would have isolated Saudi Arabia, Yemen, and Pakistan. Or glassed them over.
It's obvious we don't care.
add-on? (Score:2)
and with an add-on can operate on so-called 2G, 3G, and 4G networks simultaneously
I do like the fact that it is expandable.
Security through obscurity (Score:2)
It's radio. Anybody in the vicinity can listen in all they like. Back in the bad old days this was Industry Canada's position, that cellphones were not private and there was nothing anybody could do about it.
Unlike AMPS, the communications are digital. So what. If you are sufficiently determined you can decode the data you have captured.
...laura
Re: (Score:2)
Looks like cool stuff (Score:1)
Re: (Score:2)
We just hired a (bright) guy that used to work for Harris. Shite company from what I gather.
-nb
But Windows 10 Evilz! (Score:2)
All the people who think Windows 10 is the source of all their privacy concerns really have no idea how far lost privacy really is...
Open source stingray detector (Score:2)
I've shared this on previous posts about stingray - there is an open source Android app [github.io] to detect if you're connecting to a fraudulent base station, and take action by instantly disconnecting if desired. I don't know if it works or how well, since I'm in India, but people can use it to see if there are any stingrays deployed nearby.