dslreports logo
site
spacer

spacer
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


view:
topics flat nest 
Comments on news posted 2013-04-01 09:18:19: The ACLU recently uncovered heavy government use of devices known as "stingrays," which allow law enforcement to trick a user's cell phone to connect to a spoofed device instead of a tower for the purposes of data collection. ..



S_engineer
Premium
join:2007-05-16
Chicago, IL

Geez...

Verizon should use this in one of their ads......
"Can you bust me now?"

Crookshanks

join:2008-02-04
Binghamton, NY

Mr. Rigmaiden needs better expert witnesses....

quote:
Rigmaiden maintains that in order for the stingray to be able to collect location data from his air card, Verizon Wireless had to write data to the air card consisting of “identifying information for the FBI’s emulated cell sites” as well as make configuration changes that would cause the air card to recognize the FBI’s emulated cell tower as an authorized tower for providing service and cause the air card to attempt connections to the emulated tower prior to attempting connections with actual Verizon Wireless towers.
Verizon's cooperation would not be required in this instance. So long as the "stingray" is broadcasting the appropriate SID any nearby Verizon Wireless device is going to prefer it over more distant cell sites with weaker signal.

quote:
“The FBI technical agents needed Verizon Wireless to write data to the aircard in this manner because the aircard’s properly configured Preferred Roaming List prevented it from accessing rogue, unauthorized cell sites
Not if the "unauthorized" cell site is masquerading as a legitimate one. The PRL doesn't list towers, it lists system/network IDs, and priority frequencies to scan for service when the phone is cold booted. The "stingray" likely behaves just as a femtocell does, broadcasting on the exact same frequencies as the macro cellular network. No PRL modification would be necessary. Hell, a system that depended on PRL modifications would be useless for 3G devices, since the user controlled (via *228) when they would pull such an update, and most aren't proactive enough to bother.


PhoneBoy
Google "No Agenda"

join:2002-01-02
Gig Harbor, WA

Please tell me this is an April Foolks joke

Sad thing is, I know it isn't. It's just par for the course.


n2jtx

join:2001-01-13
Glen Head, NY

Data Plan

I guess if you do not have a data plan or do not use it (I don't use my Sprint data plan) then this particular option does not work. In that case, they need to set up spoofed public WiFi hotpots.
--
I support the right to keep and arm bears.


IowaCowboy
Iowa native
Premium
join:2010-10-16
Springfield, MA
kudos:1
Reviews:
·Verizon Broadban..
·Comcast

Prepaid phones

A lot of prepaid phones can be activated anonymously without providing a name or SSN.

I'm sure the drug dealers are using prepaid phones to transact their dirty work. Back in the old days they used pagers and the police departments asked the phone company to switch the pay phones in high crime neighborhoods to pulse tone dialing so the pager systems would not recognize the touch tones.

The only way this form of spying is going to work is to pass a law requiring telecom companies to record and verify the identities of individuals who open a line of service like banks do when you open an account.

The only ones who are going to get scrutinized are law abiding citizens like myself as I have a contract plan with VZW which requires me handing over my personal information to VZW.

The drug dealers are going to use prepaid phones that don't require handing over personal information to activate service.

I know all this stuff because I like to watch Cops. I also know a few active and retired law enforcement officers.

--
I've experienced ImOn (when they were McLeod USA), Mediacom, Comcast, and Time Warner and I currently have DirecTV. They are much better than broadcast TV.

I have not and will not cut the cord.


jjoshua
Premium
join:2001-06-01
Scotch Plains, NJ
kudos:3
Reviews:
·Verizon FiOS

Unauthorized spectrum use

Is anyone saying that it's ok for the government to use licensed spectrum without authorization?

Otherwise, Verizon would have to give authorization in any case and this would demonstrate their willingness to bend over backwards to help the government.


seamore
Premium
join:2009-11-02

nothing

Like i said before, there's absolutely nothing that we can do about things like this. NOTHING!

Network Guy
Premium
join:2000-08-25
New York
kudos:2
Reviews:
·Future Nine Corp..
·T-Mobile US

Coming to a cell site near you

MPAA & RIAA spoofing cell sites to track pirates downloading content via prepaid cell phones with a data-enabled plan.

That would be funny to see them attempt prosecuting... Mike Larry downloaded 25 Justin Bieber songs.... Yeah... Mike Larry... That detective from Bad Boys

MaynardKrebs
Heave Steve, for the good of the country
Premium
join:2009-06-17
kudos:4
reply to seamore

Re: nothing

www.silentcircle.com

Wilsdom

join:2009-08-06
reply to IowaCowboy

Re: Prepaid phones

Tower spoofing will grab the prepaid users' conversations too. Many countries do require prepaid phones to be registered, so the US will eventually follow their example since they are "more civilized" than us, but really we're at the point where signal tracking and voice identification can provide total surveillance.


marigolds
Gainfully employed, finally
Premium,MVM
join:2002-05-13
Saint Louis, MO
kudos:2

Warrents

One thing I think is not clear in this article or the Wired article...

Warrants were obtained for this deployment. The contention is that such a device should not be used even with a warrant because uninvolved third parties can connect to the sting ray. (Of course, that prompts the question of why the third parties can connect if the FBI is not rewriting configurations on those devices too.)


morbo
Complete Your Transaction

join:2002-01-22
00000
Reviews:
·Charter
reply to MaynardKrebs

Re: nothing

Interesting, but how is this any different from other companies that are required to build in back doors for easy government agency access? Just like the other companies, they cannot say that they have this back doors to the data, yet all the backdoors exist and the encrypted calls are all routed through Verizon and AT&T's backbone connection to the NSA.

Privacy is an illusion.


FFH5
Premium
join:2002-03-03
Tavistock NJ
kudos:5
reply to seamore
said by seamore:

Like i said before, there's absolutely nothing that we can do about things like this. NOTHING!

Especially when judges are more than willing to give official approval thru warrants issued to police.


cableties
Premium
join:2005-01-27

lastweeks news...

I read about this lastweek.

Maybe Obama will just turn a blind eye (like he gave Monsata carte blanc on the GMO non-liability...like Chaney and CleanWater Act to fracking fluid non-liability to Haliburton).

"do you think the feds would allow ANY communication that can't be intercepted or monitored in the name of protecting the republic?" I reference Iridium.
--
Splat


koolman2
Premium
join:2002-10-01
Anchorage, AK
reply to marigolds

Re: Warrents

Maybe that's why they required Verizon to modify the device. They probably set it up as an access point that any unmodified device would not connect to, so only this one guy would.


marigolds
Gainfully employed, finally
Premium,MVM
join:2002-05-13
Saint Louis, MO
kudos:2
That would seem to make sense. If that is the case, though, then the privacy argument is much weaker. That would mean the device only collected the information that was expressly allowed by the warrant.

Kearnstd
Space Elf
Premium
join:2002-01-22
Mullica Hill, NJ
kudos:1
reply to morbo

Re: nothing

seems like the reason other nation's governments are looking to migrate completely to Linux. They know the US government wants back doors and will not take that risk with their own government computers and MS Windows.
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports

rradina

join:2000-08-08
Chesterfield, MO
reply to IowaCowboy

Re: Prepaid phones

Switching pay phones to pulse dialing -- did that actually work? The pager system will respond to the tones if you can generate them -- regardless of whether or not pay phone can generate them.

rradina

join:2000-08-08
Chesterfield, MO

How Can This Be Stopped?

Even if we pass air tight laws governing the use of the cell tower honey pots, how can this cannot be enforced? Even if all the equipment has an black box that records when and where it was used and the data that is collected, the tech is already "out there". This would be as fruitless as banning guns.

Regarding the info they collect, they might not be able to use the initial information they gather as evidence but once they smell something interesting, then they'll follow the rules and eventually legally obtain evidence.

CXM_Splicer
Looking at the bigger picture
Premium
join:2011-08-11
NYC
kudos:2

1 edit
reply to Crookshanks

Re: Mr. Rigmaiden needs better expert witnesses....

This is true but would would have ALL Verizon cellphones in range connecting to the Stingray. Obviously a warrant wouldn't allow that. The PRL modification would set the target's phone to look for the Stingray (on a separate network) first and a Verizon network second. That would prevent any other Verizon user in the area of the Stingray from connecting to it. What you talk about is possible though and is done by hackers every now and again

The biggest problem with a MITM attack on cellphones is when the target phone is connected to the rogue cell site, they cannot get any incoming calls. Outgoing calls can be routed through an alternate path but, unless Verizon gives you a connection to their switch, incoming voice, email, text will not be intercepted.

EDIT:Rogue not Rouge! Sometimes even with spell check these things happen.


badtrip
I heart the East Bay
Premium
join:2004-03-20
Albany, CA

What's Verizon's angle?

I just don't get Verizon's angle in this; there's not enough information given. What value is there in so blindly and recklessly complying with these requests to install snooping hardware and facilitate monitoring?

Does the US gov pay Verizon cash incentives? It can't be preferential regulatory treatment because if so there would be lawsuits flying this second by competitors that did not comply with govt requests (if there are any).

If it is a cash incentive, then I'd like to see how much is being paid and what portion of Verizon's profit these payment comprise.

Crookshanks

join:2008-02-04
Binghamton, NY
reply to CXM_Splicer

Re: Mr. Rigmaiden needs better expert witnesses....

said by CXM_Splicer:

This is true but would would have ALL Verizon cellphones in range connecting to the Stingray. Obviously a warrant wouldn't allow that.

And? As long as they are just passing the traffic there really isn't an issue here. Internet wiretaps are going to "see" every packet passing the wire, they just use filters to limit the ones they actually capture. No difference here.


OSUGoose

join:2007-12-27
Columbus, OH
reply to Wilsdom

Re: Prepaid phones

Funny the AT&T GoPhone and Boost Mobile I've bought BOTH required the same info as if a contract phone.


OSUGoose

join:2007-12-27
Columbus, OH
reply to badtrip

Re: What's Verizon's angle?

GSA Contracts to be a provider to Fed Agencies.


FifthE1ement
Tech Nut

join:2005-03-16
Fort Lauderdale, FL
reply to n2jtx

Re: Data Plan

said by n2jtx:

I guess if you do not have a data plan or do not use it (I don't use my Sprint data plan) then this particular option does not work. In that case, they need to set up spoofed public WiFi hotpots.

Who cares why how they are doing it, the real question is why? And spoofing WiFi hotspots is even easier than the cellphones. I can create (spoof) a McDonald's, etc WiFi with my phone easily. And then all the data going through can be spied on. It shouldn't be but can and that is the whole point.

5th
--
"The relationship between what we see and what we know is never settled..."


FifthE1ement
Tech Nut

join:2005-03-16
Fort Lauderdale, FL
reply to Wilsdom

Re: Prepaid phones

said by Wilsdom:

Tower spoofing will grab the prepaid users' conversations too. Many countries do require prepaid phones to be registered, so the US will eventually follow their example since they are "more civilized" than us, but really we're at the point where signal tracking and voice identification can provide total surveillance.

You said that to start a flame war, no? More civilized? Is rioting in the street and destroying property daily civilized (Greece), is taking 75% of a person's hard earned wage civilized (France), I can go on and on and on and on and on and on... ETC! There is a reason most of those "civilized" you call them would sell their first born to come to the United States! Maybe you could pack up and make room for them! Sound good?

5th
--
"The relationship between what we see and what we know is never settled..."

CXM_Splicer
Looking at the bigger picture
Premium
join:2011-08-11
NYC
kudos:2
reply to Crookshanks

Re: Mr. Rigmaiden needs better expert witnesses....

Well the analogy is actually more like spoofing the Internet, it is not a traditional MITM attack or a simple eavesdropping; the traffic is only one way. I highly doubt (technical impossibility aside) that the FBI would spoof the Internet for a 1-2 block radius so that everyone in that radius is actually sending data to the FBI instead of the Internet. It is much easier to redirect only the target's DNS address to the FBI so that they are spoofed but no one else is.

I honestly don't know how they are operating and I wouldn't say they are beyond what your are describing but the way the article is describing it is more 'efficient' and less intrusive. If they have Verizon's cooperation in reprogramming the phone i don't see why it wouldn't happen that way.

Crookshanks

join:2008-02-04
Binghamton, NY
To the best of my knowledge a PRL update can't be forced with a 3G phone. It can only be requested by the phone itself during initial provisioning and/or PRL updating (via *228 on VZW, other codes on different carriers). 4G devices work differently of course.

Anyway, they aren't using this for wiretapping, they could just as easily do that using the lawful intercept technology built into the telco switch. They're using this to triangulate the location of a mobile device faster than they otherwise could. It's not really a MITM attack as they are classically understood and aren't any real any privacy concerns if an "innocent" phone connects to their base station.

Also, they don't "spoof" the internet to wiretap someones internet connection, but they do monitor at the network edge, and by definition that means innocent packets will also be passing through the dragnet. So long as they don't monitor/record those packets there isn't a problem


Anonymous_
Anonymous
Premium
join:2004-06-21
127.0.0.1
kudos:2
Reviews:
·Time Warner Cable
reply to Kearnstd

Re: nothing

said by Kearnstd:

seems like the reason other nation's governments are looking to migrate completely to Linux. They know the US government wants back doors and will not take that risk with their own government computers and MS Windows.

just like how much MS patches one hole they open another one?
--
Well, does your car at least turn into something else? Sometimes I turn it into a trashcan. Hmm...