Slashdot Mirror

← Back to Stories (view on slashdot.org)

DOJ Often Used Cell Tower Impersonating Devices Without Explicit Warrants

Posted by Unknown on from the bending-the-rules dept.

Via the EFF comes news that, during a case involving the use of a Stingray device, the DOJ revealed that it was standard practice to use the devices without explicitly requesting permission in warrants. "When Rigmaiden filed a motion to suppress the Stingray evidence as a warrantless search in violation of the Fourth Amendment, the government responded that this order was a search warrant that authorized the government to use the Stingray. Together with the ACLU of Northern California and the ACLU, we filed an amicus brief in support of Rigmaiden, noting that this 'order' wasn't a search warrant because it was directed towards Verizon, made no mention of an IMSI catcher or Stingray and didn't authorize the government — rather than Verizon — to do anything. Plus to the extent it captured loads of information from other people not suspected of criminal activity it was a 'general warrant,' the precise evil the Fourth Amendment was designed to prevent. ... The emails make clear that U.S. Attorneys in the Northern California were using Stingrays but not informing magistrates of what exactly they were doing. And once the judges got wind of what was actually going on, they were none too pleased:"

31 of 146 comments (clear)

  1. Hosts file corollary by Anonymous Coward · · Score: 5, Interesting

    Wouldn't it be nice if the user had some visibility and control over what tower their own phone connects to. A sort of "hosts file" white-list except not for IP addresses.

    1. Re:Hosts file corollary by tqk · · Score: 4, Insightful

      Wouldn't it be nice if the user had some visibility and control over what tower their own phone connects to.

      Wouldn't it be nice if the system had some security built into it to exert control over what tower their subscribers' phone connects to.

      It's not like this is a brand new problem that's just popped up in the age of cell-phone connectivity. Those who refuse to learn from history ...

      --
      "Tongue tied and twisted, just an Earth bound misfit ..." -- Pink Floyd.
    2. Re:Hosts file corollary by femtobyte · · Score: 4, Interesting

      The $10,000 question, though, is whether the cell companies would simply hand over the full cryptographic keys to the government snoops, so the fake towers would be indistinguishable from the true. When your phone resolves 4 towers simultaneously with the same 1 identity, how does it choose the true one?

    3. Re:Hosts file corollary by citizenr · · Score: 5, Interesting

      GSM has no network authentication (only user authenticates to the network, network doesnt authenticate to the user).
      3G/UMTS has authentication both ways and is mitm secure (in theory = if your phone is not broken)

      Just force phone to only talk 3G and you will be secure.

      --
      Who logs in to gdm? Not I, said the duck.
  2. OMG lazers and sharks wasn't enough by future+assassin · · Score: 5, Funny

    now they are using Stingrays with cell phone towers attached to them?

    --
    by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
  3. Re:stingray phone tracking device by cyrano.mac · · Score: 4, Informative

    There are no limits to what a DIY-er kan buy in China. And with SDR (software defined radio) and open source GSM software, it takes relatively little effort to build one yourself. There's even a small GSM router (20-30 euros on evilbay) that's very popular for that sort of projects. It holds the GSM modem and Wifi, so you can easily control it from a laptop.

  4. MITM attack: impersonates a cellular tower by girlinatrainingbra · · Score: 5, Informative
    Harris makes them. The devices are supposedly only sold to law-enforcement agencies and government agencies. Disambiguate "stingray" to find a little info: 1 - http://en.wikipedia.org/wiki/Stingray_phone_tracker
    2 - Wall Street Journal article "'Stingray' Phone Tracker Fuels Constitutional Clash"
    3 - another WSJ article about "Judge Questions Tools That Grab Cellphone Data on Innocent People"

    Essentially, the "Stingray" sends out a signal pretending to be a cell-phone tower. Your cellphone thinks it's found a great super-strong tower nearby, detaches from the real cell-phone towers and bonds to the Stingray and attempts to communicate through it. Now, the DOJ (or whomever) has performed a Man in the Middle (a href=http://en.wikipedia.org/wiki/Man-in-the-middle_attack MITM ) attack on your cell phone's communication with it's cellular service company. It impersonates a cellular tower.
    .
    Here's an interesting point from the WSJ article:

    ... Stingray equipment can be carried by hand or mounted on vehicles or even drones.
    ... The best known stingray maker is Florida-based defense contractor Harris Corp. A spokesman for Harris declined to comment.
    ... Harris holds trademarks registered between 2002 and 2008 on several devices, including the StingRay, StingRay II, AmberJack, KingFish, TriggerFish and LoggerHead. Similar devices are available from other manufacturers. According to a Harris document, its devices are sold only to law-enforcement and government agencies.
    1. Re:MITM attack: impersonates a cellular tower by Anonymous Coward · · Score: 2, Interesting

      "law-enforcement and government agencies" -- this is a common phrase in American English, but is it a legal term with precise meaning? IE, are there "law-enforcement" agents that are not "government"; like does it include bounty hunters for instance? renta-cops? school security guards? Seems far too broad.

    2. Re:MITM attack: impersonates a cellular tower by morcego · · Score: 4, Insightful

      The devices are supposedly only sold to law-enforcement agencies and government agencies.

      Gosh, I feel so much safer now :(

      Can't these guys get that this kind of stuff, in the hands of the government, is EXACTLY the problem?

      --
      morcego
    3. Re:MITM attack: impersonates a cellular tower by Anonymous Coward · · Score: 2, Interesting

      The real enemy is the TV set. People don't feel safe, but they don't realize why. People are constantly screaming at each other, stuff is blowing up. If you watch the nightly news in any city you will think that everyone is a potential threat. If you switch stations after it is over, you will probably find a movie where the hero saved everyone by shooting people and/or blowing shit up.

      Conclusion? They rapin errybody! You better get a gun and start making things right.

    4. Re:MITM attack: impersonates a cellular tower by Thruen · · Score: 3, Interesting

      So, correct me if I'm wrong, but it seems like this device doesn't work on just one phone, it'll intercept every phone in the area. Is there anything stopping everyone who was around it at the time from trying to take legal action for the illegal search of all of their phones? I am asking without even knowing if there's anything to do about illegal searches in any other case. A quick google has turned up plenty on what constitutes a legal search, nothing on what to do if you're searched illegally aside from getting the evidence thrown out. Any lawyers around?

    5. Re:MITM attack: impersonates a cellular tower by Anonymous Coward · · Score: 2, Informative

      It has no legal bearing. It just means the company won't sell one to you. You can't get one without contacts.

    6. Re:MITM attack: impersonates a cellular tower by BLKMGK · · Score: 4, Interesting

      You can place a filter on the IME but you have to know it first, in theory they would. chris Paget did a talk on this that was VERY informative that I found while researching SDR -> http://www.youtube.com/watch?v=DU8hg4FTm0g

      What he did was actually legal but if he had wanted to he could've intercepted FAR more and his comments about jamming were also pretty interesting. It's not just voice you can grab either but text and data. Very interesting to see how it works but scary that it's apparently not as secure as it could be...

      --
      Build it, Drive it, Improve it! Hybridz.org
    7. Re:MITM attack: impersonates a cellular tower by davester666 · · Score: 3, Insightful

      Yeah, and it feels like crime is worse now more than ever, because somebody, somewhere around the world is doing some atrocity to somebody else. And that's what leads. The news you get on TV has slowly expanded from local to international 'news'. So the frequency of these reported 'incidents' have slowly gone up, but it doesn't really register that primary reason for the increase is that the area being covered has increased even faster.

      That's why I've stopped watching the 'news'. It's too much of "here's the worst 5 thing's that happened to somebody around the world".

      --
      Sleep your way to a whiter smile...date a dentist!
  5. Glad to know the judges are pissed by raymorris · · Score: 3, Interesting

    I'm assuming "our office has been working closely with the magistrate judges in an effort to address their collective concerns" as a PC way of saying "a bunch of judges are PISSED!". That's good to know. I know that the two judges I know personally would be pissed if DOJ tried something like this with them, but it's good to know these judges are as well, and action is being taken.

    1. Re:Glad to know the judges are pissed by fafalone · · Score: 2

      By 'action is being taken' I presume you mean something along the lines of "Please don't do this again, or else... or else we'll send you an even more harshly worded letter!"

  6. Re:Tools by hawguy · · Score: 5, Informative

    From the EFF article:

    The Court therefore ORDERS, pursuant to Federal Rule of Criminal Procedure 41(b); Title 18, United States Code, Sections 2703 and 3117; and Title 28, United States Code, Section 1651, that Verizon Wireless, within ten (10) days of the signing of this Order and for a period not to exceed 30 days, unless extended by the Court, shall provide to agents of the FBI data and information obtained from the monitoring of transmissions related to the location of the Target Broadband Access Card/Cellular Telephone...

    What part of that do you think authorizes the DoJ to intercept everyone's calls while looking for the target device? It might be argued that the authorities were working as agents of Verizon, but it also might be argued that Pink Unicorns did the interceptions, and I don't think the court is going to accept either one.

  7. Re:Tools by TubeSteak · · Score: 4, Informative

    It might be argued that the authorities were working as an agent for Verison to gather the information.

    If the police have a warrant for Verizon, it tells Verizon what to do.
    Otherwise, the police need a specific warrant for everything else they intend to do.

    In other words, a warrant allows for [company] to act as an agent for the State.
    It never(?) works the other way around.

    --
    [Fuck Beta]
    o0t!
  8. The dates are incorrect by Vinegar+Joe · · Score: 5, Funny

    The emails are dated "2011".........impossible. Bush left office in January 2009. Please backdate the emails to 2007.

    Thank you

    --
    "The average reporter we talk to is 27 years old......They literally know nothing." - Ben Rhodes
    1. Re:The dates are incorrect by rahvin112 · · Score: 2, Insightful

      This expansion of federal authority started under the Bush administration and has continued under the Obama administration. Like all Federal power expansions no future administration will argue they don't need the power as this is an issue that is without party bounds. Both parties seek expansion of federal powers and any argument that one party doesn't is window dressing to convince rubes.

      Democrat or Republican, it matters not as both parties want more power and more control over the populace. Too many people spend far too much time in either parties echo chamber to understand that.

    2. Re:The dates are incorrect by Vinegar+Joe · · Score: 2

      Too many people spend far too much time in either parties echo chamber to understand that.

      The Republicans didn't promise unicorns were going to come dancing out my ass.

      --
      "The average reporter we talk to is 27 years old......They literally know nothing." - Ben Rhodes
  9. Harris Corp CEO by Vinegar+Joe · · Score: 4, Interesting

    My, my, my........

    "Harris Corp. President and CEO William M. Brown was appointed to President Barack Obama's National Security Telecommunications Advisory Committee on Tuesday, Florida Today reports."

    http://www.bizjournals.com/orlando/morning_call/2012/11/harris-corp-ceo-appointed-to-obama.html

    --
    "The average reporter we talk to is 27 years old......They literally know nothing." - Ben Rhodes
    1. Re:Harris Corp CEO by Anonymous Coward · · Score: 2

      So with Republicans, we get to be irradiated every time we fly for the illusion of safety while companies get rich thanks to Chertoff going off and starting a company.

      With Democrats, we get to have the government listen to all our calls while companies get rich and the CEO gets into the government.

      We could call this the Reverse Chertoff Maneuver. As a sexual move, it'd be down somewhere around the dirty sanchez and sucking up Santorum.

    2. Re:Harris Corp CEO by BLKMGK · · Score: 2

      I don't understand the issue here. Harris makes this tool just like Stanley makes screwdrivers. If some asshat stabs someone with a screwdriver we're not pissed at Stanley so why is someone from Harris, a company that obviously understands how this shit works, not a good choice? Maybe they will actually help them make things better?

      --
      Build it, Drive it, Improve it! Hybridz.org
    3. Re:Harris Corp CEO by anagama · · Score: 2

      Screwdrivers have tons of legitimate uses and a few "off label" illegitimate ones, like stabbing somebody. Stingray type devices have one purpose only, and that is to enable someone to perform a man in the middle attack and enable spying.

      Obama's appointment of this guy to a committee clearly dealing with domestic surveillance makes sense -- evil CEO for an evil Federal program. In that light, it is a big deal because it highlights one of the small details in the many that foreshadow our future, one where the Feds are essentially concerned only with the well being of a certain subset of the business world (usually the largest corps and banks, but lets not leave out those who make their weapons and equipment), extreme pride in the military and the glorification of those who participate in military action, is repressive toward common people in general, and absolutely brutal to any who would challenge it.

      You can see these things playing out: more people in prison than any other nation (per capita and absolute basis), militarization of the police force, rampant domestic surveillance, due process free detention, due process free execution, harsh sentences for the minor crimes of some, ridiculously light treatment for the serious crimes of others (*), privatizing profits and socializing losses (bailouts), and so forth. It is pretty obvious that the greatest threat we face to the liberties our country was founded on, comes from the US Federal Government as controlled by Republicans and Democrats with the aid of enabling creeps like Brown. And rather than suffer the rightful indignation their actions deserve, Brown(nosers) get promoted to presidential committees -- but of course they do, considering what the Feds are.

      (*) http://www.rollingstone.com/politics/blogs/taibblog/outrageous-hsbc-settlement-proves-the-drug-war-is-a-joke-20121213
      Wow. So the executives who spent a decade laundering billions of dollars [for terrorists and drug kingpins] will have to partially defer their bonuses during the five-year deferred prosecution agreement? Are you fucking kidding me? That's the punishment? The government's negotiators couldn't hold firm on forcing HSBC officials to completely wait to receive their ill-gotten bonuses? They had to settle on making them "partially" wait? ... What was the Justice Department's opening offer -- asking executives to restrict their Caribbean vacation time to nine weeks a year?

      --
      What changed under Obama? Nothing Good
  10. Realtime voice encryption apps? by Anonymous Coward · · Score: 3, Interesting

    Smartphones are relatively powerful these days. So why aren't there any good realtime voice encryption apps? And if there are, why aren't more people using them?

    A voice encryption app would make the kind of privacy invasion described in the original article a lot more difficult.

  11. Exactly, they overreached the what and the where by raymorris · · Score: 4, Insightful

    Search warrants stipulate what the authorities are looking for and where they can look;

    In this case the "what they are looking for" is information about the suspect's phone and the "where" is in Verizon's records. They instead peeked at other people's communications, by eavesdropping in the neighborhood. So they didn't stick to either the WHAT or the WHERE.

    Additionally, they didn't get a search warrant as they should have, but rather a lower order telling Verizon to be cooperative insofar as technical assistance. They didn't even get an supeona for Verizon to turn over records, only an order to provide tech support.

    It may be that they a request for a search warrant would have been granted, but that's for the judge to decide. The Texas judge mentioned clearly would not have signed a warrant without first adding specific limitations to reduce or eliminate having other people's phones intercepted. That seems to be the case fairly often - a judge will restrict a warrant to a very specific place, time etc., or ask for further evidence, rather than completely denying or approving the request as first presented.

  12. Enemy of the State by citizenr · · Score: 2

    We need some geeks with USRP to sloppily intercept few members of appropriation committee phones "Enemy of the State" style.
    That will get the ball rolling on those DOJ scumbags.

    --
    Who logs in to gdm? Not I, said the duck.
  13. Re:stingray phone tracking device by BLKMGK · · Score: 4, Interesting

    Here you go!

    http://www.youtube.com/watch?v=DU8hg4FTm0g

    Thanks Chris - damned interesting talk :-) This also shows you how many phones may be attracted by such devices if there's no filter on the IME...

    --
    Build it, Drive it, Improve it! Hybridz.org
  14. Re:Tools by BLKMGK · · Score: 2

    Umm no, an IME catcher emulates a cell tower and becomes a MITM for the phone's communications.

    --
    Build it, Drive it, Improve it! Hybridz.org
  15. Re:Where is the FCC in all of this? by BLKMGK · · Score: 2

    25+ over? Yeah actually you can get thrown in jail for that. Reckless driving, reckless endangerment, they can dream up all sorts of things to tack on...

    --
    Build it, Drive it, Improve it! Hybridz.org