Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Police Buy Covert Cellphone Surveillance System

Posted by samzenpus on from the getting-a-better-net dept.

digitig writes "UK Metropolitan Police have purchased a 'covert surveillance technology that can masquerade as a mobile phone network, transmitting a signal that allows authorities to shut off phones remotely, intercept communications and gather data about thousands of users in a targeted area.' Other customers apparently include 'the U.S. Secret Service, the Ministry of Defence and regimes in the Middle East.'"

26 of 103 comments (clear)

  1. Question: by muckracer · · Score: 3, Interesting

    Will a phone in flight mode release its IMSI and IMEI identity codes?

    1. Re:Question: by Anonymous Coward · · Score: 3, Interesting

      There are always to ends of a stick. That scheme relies on devices' intelligent behavior. Phones could be hacked to ignore "the best signal cell-tower" or to emit false IMSI and IMEI at first, to test network sanity. If it accepts BS or takes too long to authenticate (it's a giveaway of Man in the Middle attack), ignore it!

    2. Re:Question: by EdZ · · Score: 2

      What use is a phone in flight mode though? It might still be a mini-computer

      There's your answer. My current phone is more powerful than all but one of the laptops that I've ever owned.

      From the description of the system (spoofs cellphone masts by being more powerful and thus preferred), you can simply set your phone not to roam outside your chosen network for voice calls as well as data.

    3. Re:Question: by Anonymous Coward · · Score: 3, Informative

      But as a communication device it's worthless. No phone network, no wifi.

      No. "Flight Mode" is just a shortcut which can be used instead of manually disabling cell communication, cell data, GPS, and wifi. You can shut down everything except wifi capability, for example.
      From what I read in the article this system generates a signal which spoofs the cell tower networks, and asks the devices to respond with unique phone info, etc. So as long as you have just the cellular portion of your phone shut down, it won't release anything but still remain useful via wifi.

      Assuming Android here, I'm not sure if iPhone or Windows phones have the same capability or not.

    4. Re:Question: by nahdude812 · · Score: 5, Interesting

      There's an app for Android phones, called Antennas. It shows you the location and status of nearby towers, and can be configured to run and collect the status of nearby towers in the background.

      If a modified version of this app was used to crowd-source information about towers, false towers such as this could be identified. These mobile false towers will be physically located close to the interception victim, and will be a lot less powerful and have a lot less range than a typical tower. They'll also have less capacity than a normal tower, and maybe be physically located in an unusual spot (eg, on the street). These details should be able to be aggregated and the information used to warn about a new tower or a tower which has moved, or a tower whose signal strength is not on par with typical towers. Anyone curious about the status of a suspicious tower can drive out to its location and have a look to see if there's a real tower there, or instead it's a "news van" at that spot.

      It seems like on a rooted phone, you ought to be able to blacklist certain towers, maybe give the device a whitelist of verified towers to use in a certain area. Maybe even make that black/whitelisting selective - only disable suspicious towers when making / receiving a call (since it seems likely the purpose is not location awareness, but call interception).

      --
      Slay a dragon... over lunch!
  2. 1984 is a guidebook, not a warning by captainpanic · · Score: 4, Insightful

    Pity really that some idiots actually feel safer when they are constantly monitored.

    1. Re:1984 is a guidebook, not a warning by captainpanic · · Score: 2

      You're safer indeed, if the governments would be able to safely store all that data, and if they could guarantee that it would be used only for the protection of the citizens and not for any oppression. But those are two big ifs.

      It has been shown again and again that the governments will eventually be hacked. Or some guy just loses a usb/laptop.
      And because we actually have functioning democracies in the Western world, you never know what kind of idiots will be in the governments tomorrow.

    2. Re:1984 is a guidebook, not a warning by Chrisq · · Score: 2

      You're safer indeed, if the governments would be able to safely store all that data, and if they could guarantee that it would be used only for the protection of the citizens and not for any oppression. But those are two big ifs.

      It has been shown again and again that the governments will eventually be hacked. Or some guy just loses a usb/laptop. And because we actually have functioning democracies in the Western world, you never know what kind of idiots will be in the governments tomorrow.

      ... and if they will act in your interest. I'm sure that people have been mugged while under police surveillance but the police just let it happen so they don't reveal their monitoring.

    3. Re:1984 is a guidebook, not a warning by Runaway1956 · · Score: 2

      You make one of the biggest ASSumptions possible. You ASSume that the government actually cares about the welfare of it's people. In this day, when most western governments are owned by the corporations, the government views you as an ASSet - nothing more, and nothing less. If/when they begin to view you as a liability, all that surveillance will get you killed.

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    4. Re:1984 is a guidebook, not a warning by AmiMoJo · · Score: 5, Interesting

      I wrote to my last MP (free to do online via The Work For You) to complain about the ever increasing internet surveillance. In the letter I pointed out that saving a single life, or even many lives, is not justification for the loss of privacy and rights. If saving a life came before all other considerations we would ban cars and shut down the road network. Given that I asked why she voted for the new laws.

      Her response was along the lines of "it saved the life of a woman who was said she was going to commit suicide on Facebook because the police were able to backtrace her IP address".

      She lost her seat at the last election (I won't say which because it would reveal where I live and I value my privacy). Good riddance.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    5. Re:1984 is a guidebook, not a warning by morgaen · · Score: 2

      I'm a tits man myself.

    6. Re:1984 is a guidebook, not a warning by mr1911 · · Score: 2

      I think it could be argued that you may actually be safer while being constantly monitored.

      No, it is the government that is safer while you are being constantly monitored.

      --
      This post comes with a double-your-money-back guarantee!
      Any offense taken to this post is at your sole discretion.
  3. Re:Just Wrong by 1s44c · · Score: 2

    So because there may be one bad guy in the area thousands of innocent people get their privacy invaded, and no doubt checked just too make sure they are doing nothing wrong.. I'm sickened by what the UK is becoming.

    Not even one bad guy, one suspected bad guy. This trend is disturbing for sure.

  4. The big question: oversight by tucuxi · · Score: 3, Informative

    This seems like a law-enforcement version of the WASP drone featured at last summer's Black Hat / Defcon

    The big question is, since the technology has been available for a while, and is obviously useful for its stated purpose, that of oversight. Privacy-invading technologies will always exist, will always be useful for law-enforcement, and are due to increase the more we mesh our lives with technology. How will authorities deal with data filtering, retention, probable cause, and the opportunity for discovering wrongdoers vs. the invasion of people's privacy? That is the big question.

    A somewhat-rosy scenario is detailed in Charlie Stross' Halting State series. The ugly scenario looks like 1984. Which one we choose depends on an educated public steering their politicians, instead of letting their politicians be steered by ??? and profit.

    1. Re:The big question: oversight by Rich0 · · Score: 3, Interesting

      Yup, listen in on conversation illegally and find out that the suspect will have incriminating evidence in their car on Tuesday at 10AM. Then at 10AM on Tuesday a cop happens to notice that they didn't signal 300 yards before changing lanes and pulls them over. Then they notice something unusual and search the car, and boom, you have a legal search finding evidence that can be used. The phone tap that led to it all would simply not be mentioned in court.

      Everybody violates the law 50 times a day, so if the cops need a reason to search you at any time chances are that you'll give them a legally valid one.

  5. Why? by Sqr(twg) · · Score: 5, Insightful

    Why would the police need to "masquerade" as a phone network. They can just get it from the *real* phone network. All phone companies comply with police requests, as long as they are legal. Oh, I see...

    1. Re:Why? by Gonoff · · Score: 2, Insightful

      No. The large international corporations, particularly the financial ones, are the thieves. The government is simply an obedient servant.
      I wouldn't call them a slave though. They are family and they do get benefits out of their obedience.

      --
      I'll see your Constitution and raise you a Queen.
    2. Re:Why? by Rich0 · · Score: 4, Insightful

      Doing stuff like this allows you to put EVERYBODY in a huge dragnet and see who is worth looking into more closely. You don't have to actually use any of the data you collect as evidence. You simply need to figure out who to target with legal methods.

      Suppose I sniff thousands of phone calls and find out that you are doing something I don't like - such as making drugs, or copying movies, or saying bad things about your school on Facebook, or whatever. I can't use that as evidence, but I know who you are now. Then I just walk down your street and notice that your grass is taller than the local ordinance allows, or claim that I heard a shout for help that seemed to be coming from your house and knock on the door. You open up the door and I happen to see something inside that is suspicious, or whatever. Now I have probable cause and can get a warrant, and I can carve another notch in my baton or whatever.

      Legally searching houses is expensive, and it ticks people off when you search the wrong ones. On the other hand, mass interception of phone/internet/etc is cheap and tells you who to target with legal techniques.

  6. Re:what is the difference by WrongSizeGlass · · Score: 2

    between the customers?

    :

    UK Metropolitan Police, U.S. Secret Service, the Ministry of Defence and regimes in the Middle East

    Their methods of suppressing rebellion and their forthrightness while doing so?

  7. Re:Just Wrong by Anonymous Coward · · Score: 5, Insightful

    This technology is not about "one guy". These are large-scale devices designed to track and suppress communication among protesters. Governments know that shit will hit the fan on a large scale eventually. They're just too corrupt and rotten to continue as they are doing right know without resistance. So they prepare.

    For example, in Germany, police already occasionally logs and tracks protesters (yes, peaceful ones). Sure, it was illegal, but who cares? There are no consequences for violating laws if the government does it.

  8. Re:The problem with prohibiting secure phone lines by Chrisq · · Score: 2

    The real problem with prohibiting secure phoning is that criminals can also wiretap conversations.

    Indeed now that SMS messages are used for two-factor authentication for many banks this is becoming a more common area of attack

  9. so who are Datong ? by Anonymous Coward · · Score: 2, Informative

    Paul Lever
            Mr. Paul R.S. Lever serves as Non-Executive Chairman of the Board of Datong plc., since September 2005. He also acts as Chairman in a number of other organisations. He was formerly the Chairman of the National Criminal Intelligence Service (âoeNCISâ) and the National Crime Squad (âoeNCSâ), non-executive Chairman of BSM Group plc and Oxford Aviation Holdings Ltd and Chief Executive of Tube Investments â" small appliance operations, Crown Paints, Crown Berger and Lionheart plc. His early career included time in both the regular Army and in the Territorial Army, where he served in Defence Intelligence.
    Brian Smith
            Mr. Brian Mcqueen Smith serves as Interim Chief Executive Officer, Non-Executive Director of Datong Plc. He joined the company in November1998 as Sales Director, became Chief Executive in July 2000, became Deputy Chairman in July 2009 and was appointed as a Non-executive Director in June 2010. He previously spent 30 years with AGEMA Infrared Systems AB, the Swedish manufacturer of Forward Looking Infra-Red equipment, of which 15 years were spent as the Managing Director of their UK operations.
    Stephen Ayres
            Mr. Stephen Ayres serves as Executive Director - Finance, Company Secretary, Director of Datong Plc. He serves as Finance Director and Company Secretary in October 2006. Previously he held positions as Managing Director for the UK division of the international healthcare group Attendo AB and a number of senior financial and corporate finance roles within Rolls Royce plc. He qualified as a Chartered Accountant with KPMG in 1993.
    John Kirtland
            Mr. John Philip Kirtland is the Group Sales Director, Director of Datong PLC. He joined joined Datong as Group Sales Director in January 2010 from Quadrant Security Group, the security systems integrator and has a experience in sales and marketing leadership as well as relevant industry experience. His Previous directorships within the past five years include: Security Design Associates (1979) Ltd, SDA Protec (2001) Ltd, SDA Protec Ltd, Protec PLC.
    Grant Ashley
            Mr. Grant Ashley is the Non-Executive Director of Datong Plc in June 2006. He is the Vice President of Global Security and Crisis Management at Merck & Co Inc. He previously held a variety of roles within the United Stated Federal Bureau of Investigation (âoeFBIâ) culminating in his appointment in May 2004 as Executive Assistant Director for Law Enforcement Services until his retirement in January 2006. He is a qualified Certified Public Accountant and currently serves as a council member of the American Institute of Certified Public Accountants.
    Richard Brearley
            Mr. Richard Brearley serves as Non-Executive Director of Datong Plc., since September 2009. He is responsible for legal and compliance at Investec Bank. Prior to this he was responsible for the Listing Review project at the FSA and was a corporate partner at the law firm Nabarro LLP.

    -----------------

    lets hope nobody tracks them down egh ?

  10. Wireless Privacy??? by morgauxo · · Score: 2

    Ordinarily I would agree that any form of tapping which gets people not specifically mentioned in a court order is a case of a government intruding too far but...

    If you are talking on a cellphone.. or any other wireless device... broadcasting your conversation through the air... and you think your privacy is guaranteed you are a moron. Whatever you say you deserve to have heard and posted for all to see. Of course... given the way things have gone in the last 10 years I wouldn't really expect privacy on a landline either.

    I think people have way too much of a 'magic black box' mentality when it comes to technology. By not thinking about how the devices they depend on work they don't see their cellphones as a radio transmitter. Then even without a fake tower to connect to they broadcast their conversations for miles in all directions and expect privacy??? Sure cellular data is encrypted but there are people out there who can decode it. And then of course one just automatically assumes that their phone company plus all other phone companies along the path will play nice with the data...

    Maybe secrets are best told in person.

    1. Re:Wireless Privacy??? by Isao · · Score: 2

      Another facet of this is that the devices can be tracked, whether or not the user is using it or making a call. As long as it is on and available to receive a call (communicating with the base) it can be identified and a coarse location determined. If it were me in the law-enforcement role, the way I would use this is to identify devices in an area of interest (the protest locations) and record the identifiers over a series of days/nights. Eliminating devices which did not appear during a majority of the observed days lets you focus on the core group of people present at the events. (This will include media, people who live/work in the area, police and civil support themselves, etc.) Some careful trimming of the data by time of day will help reduce the "noise". Then you have a subset to focus investigations on. If I were on the other side, I'd make good use of WiFi (fixed and hotspots), VoIP, and "burners" (prepaid phones bought with cash and no ID - don't know if that's possible in all countries). Those are easy protections. Defense can get more technical and fiddle with the device IDs, but that likely crosses a line - and I'd want to be pure as the driven snow if I was at high risk of being arrested at some point.

    2. Re:Wireless Privacy??? by petermgreen · · Score: 2

      Sure cellular data is encrypted but there are people out there who can decode it.

      And there are people who can climb a phone pole and attatch a recorder to your phone line.

      I don't see any reason to treat cellphone calls different from landline calls just because the methods of gaining illicit access are different.

      --
      note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
    3. Re:Wireless Privacy??? by Aryden · · Score: 2

      Or maybe since it's illegal for an individual to decode your encrypted transmissions, it should also be as well for your government to do so without probable cause and a warrant. There is no reason that any cop should be allowed to listen in on your dirty talk with your lady while in the privacy of your own flat. In order for them to setup surveillance across the street and listen to you with bubs, microphones etc, they are supposed to have a warrant, what's the difference here?