Surveillance Case May Reveal FBI Cellphone Tracking Techniques

glittermage writes "The WSJ reports on an ongoing case about alleged 'Hacker' Daniel David Rigmaiden, regarding the government's tools used to track mobile devices with or without a warrant. The judge may allow Daniel to defend himself against the government's claims by putting the technology into the light. Sounds good to me."

Or not

[Hatta]

The judge could just as easily deny him an opportunity to defend himself based on unspecified "national security" fears.

Re:Or not

[AngryNick]

Interesting timing. The Supreme Court is hearing oral arguments on the question of GPS tracking without a warrant on November 8th. I suspect the ruling could be applied to this kind of technology. Granted, one is "passive" tracking (the person owns the tracked device) and the other "active" (the government attaches the device to the person), but I see similarities in how the use of tracking technology in general impacts society's expectation of privacy.

Civics homework: Defend your position on how the 4th amendment protects/allows cell phone tracking of suspected criminals.

Re:Or not

[uvajed_ekil]

...or suddenly drop the charges without explanation. You know, the same tact the MAFIAA take in civil cases - go for it big-time, until it looks like you are not going to get the result you want, then give up, act like nothing happened, and move on to the next poor sap.

LEO Only?

[PPH]

From TFA:

According to a Harris document, its devices are sold only to law-enforcement and government agencies.

Harris isn't the only one building these (other brands look a lot less like 1960's era gear) and we don't have assurances from these other manufacturers that they aren't being sold to private individuals or investigative firms.

Re:LEO Only?

[Khopesh]

From TFA:

According to a Harris document, its devices are sold only to law-enforcement and government agencies.

Harris isn't the only one building these (other brands look a lot less like 1960's era gear) and we don't have assurances from these other manufacturers that they aren't being sold to private individuals or investigative firms.

We also don't have assurances that this can't be built by enterprising criminals. In another few years, home-brewed equivalent devices will likely be easy to make, thus empowering criminals, overprotective parents, and wannabe stalkers. If a warrant is not required, doesn't this mean that this technology fair game for anybody to use?

Better to have the technology exposed and patch the security hole, then consider a warrant-requiring backdoor for law enforcement (i.e. use the existing providers' antennae rather than shelling out the money for taxpayer-funded stalkers in vans).

Re:LEO Only?

[Dravik]

Private people have been building these for DEFCON for a couple of years. This technology is out in the open for anyone who wants to look up the presentations.

Interesting end run

[IamTheRealMike]

Hrmm. There are several parts of the FBIs story here that aren't internally consistent.

It's pretty well known by now thanks to Hollywood and TV shows that police can track mobile phones by triangulating signal strengths at different cell towers. Heck, phones do it themselves these days. The fixes can be fairly accurate in urban areas. There's no need for the phone to be making a call in order to be traced this way, because as the article points out, towers can talk to the phone any time they want.

Presumably, phone companies require a warrant of some kind before performing this type of trace. This leads me to wonder if fake base stations like the Stingray devices have any use at all beyond avoiding phone companies legal processes. I could buy the explanation that a fake base station lets you get slightly more accurate fixes on the phones location, except that apparently even with these devices the best they were able to get was to a particular apartment block and they had to do old fashioned detective work to get closer. "Nearest block" is about as good as modern smartphones can do by themselves.

There are a few other puzzlers in there. The government claim they can't reveal the devices capabilities without compromising future investigations, and then go on to state quite clearly that the devices can't intercept calls or data and that's why they don't feel they need a proper search warrant. This makes sense. Some kind of roving fake base station in an FBI van wouldn't be able to route calls successfully. And the GPRS/3G protocols don't terminate data encryption at the base station, but rather further back in the core network. But that implies the person being traced would be able to notice - if the data connection stops working, or calls fails to place, it could be a sign you're being traced. Time to switch the phone off. That could even be automated by a smartphone app. Is that trivial workaround what they're afraid of?

Another puzzler. The 3G/UMTS protocols have the handset authenticate the network exactly to protect against fake base station attacks. How does the StingRay device handle this? Presumably, the major networks have all been required to hand over their root keys/certs so the FBI can emulate them. It makes you wonder how secure these keys can really be, if there are cops running around with the keys inside a box. If one of these devices got lost or was somehow sold to the wrong people, how hard would a key rotation be? Presumably you'd have to replace the SIMs? Again, this seems like a lot of problems that could easily be avoided by tracing the target device with the direct co-operation of the phone companies.

I'd like to think there's a purely technical reason for the use of these things, but given the FBIs prevarication over exactly what kind of warrants they are getting, I'd be worried it's more a legal dodge.

Re:Interesting end run

[sjames]

If the thing tricks phones into thinking it's a tower, how many 911 calls fail (with fatal results) while the FBI hunts for a tax cheat?

Re:Interesting end run

[Anaerin]

Another puzzler. The 3G/UMTS protocols have the handset authenticate the network exactly to protect against fake base station attacks. How does the StingRay device handle this? Presumably, the major networks have all been required to hand over their root keys/certs so the FBI can emulate them.

Not necessary. It goes something like this:

• StingRay sends out "I am a cell tower" message
• Cellphone responds asking "Really? I am xxxx, who are you?"
• StingRay uses diversity antennae to triangulate position as it receives, then sends out "Oh, nobody important"

Cellphone found.

Re:Interesting end run

[Alex+Belits]

I would guess, the device is actually very primitive -- it either:

1. Acts as RF man in the middle between the phone and tower. Since it can't get identifying information, someone has to make a very short phone call that will be dropped immediately after they noticed that connection is established (and that is a BIG SECRET they are trying to protect).
2. Forces fallback into an unencrypted or weakly encrypted mode (and then BIG SECRET is that the device is actually perfectly capable of intercepting conversations).

All the high-tech-looking stuff is likely for analog measurements and antenna pattern control that allows easier and more precise procedure to determine the location of the phone.

Re:They could always just use this - LEGALLY

[simtel]

What are you talking about, this looks totally legit: http://imageshack.us/f/163/easyspycomp.jpg/

The Wall Street Journal

[Dunbal]

Owned by News Corporation, talks about hacking. Pot, kettle, black.

Re:Messing w/ a hacker

[hairyfeet]

I'm sorry but didn't you get the memo? The government has been just as nasty as any other bad guy for a number of years now, and hadn't paid attention to that little piece of paper called the constitution since Hoover and COINTELPRO. I mean when they went so far as to drug and execute an American on American soil because he advocated views the government didn't like? I'd say all bets are off after that comrade.

And I'd be worried about that whole "catch a pedo" remark too, as that is how they ramrod new nasty laws into effect, by saying its to "save the children/protect us from terrorists" For example just look at the guy now in jail for writing the "pro pedo' book, no children touched, no pictures, just his thoughts on a page. Seems I remember someone writing about a time when people will be arrested for thoughts somewhere, or for one the feds pull how about how they set up "pedo honeypots" but then didn't bother capturing the fricking referrer so that if some troll rickrolled you with a link to that site you could be in jail right now! Hell if I remember correctly the judge even ruled that it didn't matter that there was no actual CP anywhere on their honeypot because simply accessing the site was proof of intent!

So I'm sorry friend, but the government has been evil and/or batshit insane for quite awhile now. Presidents and politicians come and go, but the three letter guys? They are always there, with too damned little oversight (if there is any at all) and too damned much power. I wish I was a tinfoil hatter, but anyone who has watched the moves this country has been doing for the past couple of decades and which accelerated like mad after 9/11 knows they are drunk on power and rules don't seem to matter much anymore.

Charlie Savage's NYT article today is similar

[Thagg]

Charlie Savage reports for the New York Times on intelligence gathering. He has an article today that dovetails nicely into this Wall Street Journal article. Savage reports that two senators are concerned that the government is using secret means to surveil US citizens based on a ruling from the FISA court -- rulings that are secret. This is tantamount to having a secret law; something that is anathema to the Constitution.