Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI's Smartphone Surveillance Tool Explained In Court Battle

Posted by Soulskill on from the spying-made-simple dept.

concealment writes with news that a court battle has brought to light details on how the FBI's "stingray" surveillance tool works, and how they used it with Verizon's help to collect evidence about an alleged identity thief. Quoting: "Air cards are devices that plug into a computer and use the wireless cellular networks of phone providers to connect the computer to the internet. The devices are not phones and therefore don’t have the ability to receive incoming calls, but in this case Rigmaiden asserts that Verizon reconfigured his air card to respond to surreptitious voice calls from a landline controlled by the FBI. The FBI calls, which contacted the air card silently in the background, operated as pings to force the air card into revealing its location. In order to do this, Verizon reprogrammed the device so that when an incoming voice call arrived, the card would disconnect from any legitimate cell tower to which it was already connected, and send real-time cell-site location data to Verizon, which forwarded the data to the FBI. This allowed the FBI to position its stingray in the neighborhood where Rigmaiden resided. The stingray then "broadcast a very strong signal" to force the air card into connecting to it, instead of reconnecting to a legitimate cell tower, so that agents could then triangulate signals coming from the air card and zoom-in on Rigmaiden’s location. To make sure the air card connected to the FBI’s simulator, Rigmaiden says that Verizon altered his air card’s Preferred Roaming List so that it would accept the FBI’s stingray as a legitimate cell site and not a rogue site, and also changed a data table on the air card designating the priority of cell sites so that the FBI’s fake site was at the top of the list."

118 of 168 comments (clear)

  1. Weak hack. by plover · · Score: 4, Interesting

    Chris Paget was able to demo similar behavior at DEFCON 18, and he sure didn't need Verizon's help to do so.

    Pretty sure the FCC wanted to bust him on stage, actually.

    --
    John
    1. Re:Weak hack. by SpectreBlofeld · · Score: 4, Informative

      That's because he spoofed a GSM tower. You'll find that doing the same with CDMA is impossible without Verizon's help - see the bit about reprogramming the phone's roaming list in order to make the phone accept the spoofed tower.

    2. Re:Weak hack. by girlintraining · · Score: 1

      Chris Paget was able to demo similar behavior at DEFCON 18, and he sure didn't need Verizon's help to do so.

      That's a horse-shit comparison. Chris Paget isn't a career investigator who's knowledge of computers is limited to right-clicking, double-clicking, and e-mails. You can't judge a fish based on its ability to ride a bicycle. Of course the FBI wants Verizon's help! For two reasons: One, Verizon already has the expertise, and two, it's their shit. How would it look if Gumshoe Freddy tried to hack a cell phone tower and crapped an entire communities' access? 911 calls that go nowhere, customer service lines jammed, people stranded because their GPS glitched out... it would be criminally irresponsible for the FBI to have anyone but Verizon do the work.

      Pretty sure the FCC wanted to bust him on stage, actually.

      For what? I can walk into a cell phone store and get a cell phone "mini cell" to put in my house to help with reception. FCC approved. I don't need a license to do that. Unless he's causing harmful interference to a licensed broadcaster and the broadcaster reports it, the FCC isn't going to do anything. The FCC is an administrative government entity. It is not really law enforcement in any meaningful sense. There is no CSI: Wireless to be had here.

      --
      #fuckbeta #iamslashdot #dicemustdie
    3. Re:Weak hack. by Obfuscant · · Score: 3, Informative

      How would it look if Gumshoe Freddy tried to hack a cell phone tower and crapped an entire communities' access? 911 calls that go nowhere, customer service lines jammed, people stranded because their GPS glitched out...

      If Gumshoe Freddy was able to hack a cellphone tower and cause somone's GPS to "glitch out", I'd say Gumshoe Freddy was a remarkably skilled hacker. GPS and cellphones use entirely different sets of frequencies, and I doubt that you could coerce a cellphone tower into transmitting on a GPS frequency no matter how good you are at it. Maybe those cell transmitters have a DDS system that can go where the GPS lives, but I doubt the amps or combiners would pass the signal. They kinda have to be selective enough so that the transmitted signal doesn't block the received one, so transmitting out of band is not going to be highly efficient if possible at all.

      For what? I can walk into a cell phone store and get a cell phone "mini cell" to put in my house to help with reception. FCC approved. I don't need a license to do that. Unless he's causing harmful interference to a licensed broadcaster and the broadcaster reports it, the FCC isn't going to do anything.

      You can buy a type certificated cell phone mini cell because the cell phone companies have agreed to allow it and the FCC has created a specification for what they can do and manufacturers have to meet that spec. They aren't just deciding on their own say so that they can do this.

      You don't have to be causing interference to a licensed broadcaster before the FCC cares, all you have to be doing is causing interference. True, most cases come to the attention of the FCC because the licensee complains, but the FCC can act without a complaint. You don't think Verizon or any of the other cell phone companies would complain about someone creating interference publicly?

      The FCC is an administrative government entity. It is not really law enforcement in any meaningful sense.

      That would be news to the FCC Enforcement Bureau, and the people to whom they've issued notices of apparent liability and levied fines.

    4. Re:Weak hack. by SpectreBlofeld · · Score: 2

      More answers than you probably want:

      http://www.scribd.com/doc/22599374/Security-Encryption-in-GSM-GPRS-CDMA

      And note that no traffic was intercepted in the FBI's operation... all they attained, with the carrier's help*, was an identification of the target's device on the network, which they then pinged in order to triangulate its location. Chris Paget's cell site spoofing blows GSM wide open; nothing remotely similar has happened in the CDMA world.

      *(which also required that the carrier remotely reprogram the phone so this could even take place.)

        This has nothing in common with Paget's spoofing. If you have a mobile phone/aircard in your own name, and the Feds go to the carriers with a warrant, they WILL ping your location. If you're paranoid, go prepaid with a 'stage name' and no SSN attached, or establish service in the name of a company or trust that won't be traced back to you. And better hope they don't already know your phone number.

    5. Re:Weak hack. by SpectreBlofeld · · Score: 2

      >GPS and cellphones use entirely different sets of frequencies, and I doubt that you could coerce a cellphone tower into transmitting on a GPS frequency

        To be fair, there is aGPS (assisted GPS) which uses timing signals sent from cell towers for triangulation instead of/in addition to GPS satellites.

    6. Re:Weak hack. by Thor+Ablestar · · Score: 2

      It's a misunderstanding. Nominally, aGPS is the use of ALMANAC and EPHEMERIS data obtained from the network, and not from the navigation signal itself. It speeds the acquisition - and nothing more. At least, U-blox dox say so. Unfortunately, I heard that some GPS chipsets have aGPS ONLY and have NO GPS data channel. The test is simple: Ensure that your smartphone can show your position while the network is absent.

      Full disclosure: I am NOT a GPS specialist (GPS specialists sit in a neighboring lab).

      And BTW: The original post does not talk about GPS - only about intrusion to the phone and conversion of it to the beacon.

  2. Supply Chain Attack by dunkindave · · Score: 5, Informative

    This is basically a supply chain attack. People worry about others breaking into their devices, but the user has to trust the device supplier not to tamper with it before they receive it. This situation is analogous to your PC phoning home to Microsoft for updates, then having a special version sent to your machine at the request of the FBI. No matter how careful you are about what software you run or what security software you employ, Microsoft can compromise your machine.

    1. Re:Supply Chain Attack by SuperTechnoNerd · · Score: 2, Interesting

      Unless of course you block all of Microsoft in your firewall.....

    2. Re:Supply Chain Attack by Lazere · · Score: 1

      So you're saying we should all run FSF approved operating systems?

    3. Re:Supply Chain Attack by fredklein · · Score: 5, Interesting

      Screw PCs- how many people have a Microsoft XBox Kinect in their living rooms, complete with camera? You mean to tell me that Microsoft, at the perfectly legal (ie: rubber-stamped) request of the government, couldn't push an update that allows them to turn the Kinect cameras on at will??

    4. Re:Supply Chain Attack by Anonymous Coward · · Score: 3, Insightful

      So you're saying we should all run FSF approved operating systems?

      Even then, unless you intend to audit several billion lines of code of a variety of packages, and understand it well enough to discover flaws that give a 3rd party control over you or your information, you're still trusting someone else that it's safe.

    5. Re:Supply Chain Attack by Anonymous Coward · · Score: 1

      Screw PCs- how many people have a Microsoft XBox Kinect in their living rooms, complete with camera? You mean to tell me that Microsoft, at the perfectly legal (ie: rubber-stamped) request of the government, couldn't push an update that allows them to turn the Kinect cameras on at will??

      Will is a pretty sexy dude, so I'm sure he's already turning all the cameras on.

    6. Re:Supply Chain Attack by gl4ss · · Score: 1

      Screw PCs- how many people have a Microsoft XBox Kinect in their living rooms, complete with camera? You mean to tell me that Microsoft, at the perfectly legal (ie: rubber-stamped) request of the government, couldn't push an update that allows them to turn the Kinect cameras on at will??

      that's not really a problem of ms being bad - it's a problem of having auto updates combined with a government that just doesn't care for rules, like this case. what's the use of arguing they shouldn't have been doing it when they're in other cases putting pipebomb looking devices to random dudes cars to follow them??

      now why did they spend such a large effort to triangulate this person, who they knew where he lived seemingly etc? fbi suddenly cares about identity theft now?(I guess the alleged 4 million tax fraud got their attention.. but still, why the fuck the need for this overly complicated method?)

      though, couldn't FCC could smack both verizon and fbi because of this? that is, if they cared.

      --
      world was created 5 seconds before this post as it is.
    7. Re:Supply Chain Attack by StrangeBrew · · Score: 4, Funny

      I always face my webcams and Kinect towards the wall when not in use, so I guess I subscribe to your particular brand of paranoia. I suppose they can still watch me when the Kinect is in use, but if they really find me playing Angry Birds in the buff that exciting who am I to deprive them of their entertainment?

    8. Re:Supply Chain Attack by Anonymous Coward · · Score: 1

      Operation Scorpion Stare...

    9. Re:Supply Chain Attack by gmuslera · · Score: 1

      What if Canonical or Red Hat Inc, or even a package maintainer is forced to include a patched package by the FBI/government without disclosing it? In those companies probably won't go so far, not enough people in those ecosystems are tied with NDAs to avoid leaking in a way or another that it happened pretty soon.

      What about the kernel or drivers, specially the dark parts like binary blobs or closed drivers? Some are just dissapearing (nvidia is releasing some of the drivers with open source, and the nouveau ones are good alternatives) and others must pass some good inspection. And if i suggest that Linus himself could be forced by law to let some nasty things in probably will get into hot water.

      And of couse, there is the point of collaborating with poisoned code to commonly used open source programs, that if well goes thru some scrutiny, some could get in, there are enough not intentional vulnerabilities that pass to let some door opened for intentional vulnerabilities.

      So, not because is open source, FSF approved operating system, can't have any of those things. But odds are far lower and will be more complex to happen than if is done by an american corporation in a closed source operating system.

    10. Re:Supply Chain Attack by Skapare · · Score: 1

      Or ... you are trusting that at least someone in the community that spends their free time reading through arbitrary open source code will find any exploits and notify the world before your PC or phone is owned by someone else.

      --
      now we need to go OSS in diesel cars
    11. Re:Supply Chain Attack by SternisheFan · · Score: 1

      I always face my webcams and Kinect towards the wall when not in use, so I guess I subscribe to your particular brand of paranoia. I suppose they can still watch me when the Kinect is in use, but if they really find me playing Angry Birds in the buff that exciting who am I to deprive them of their entertainment?

      What about the microphone in the Kinect?

      1) Double up a piece of black electrical tape (so it's not 'sticky') then scotch tape it over the lens (scotch tape being less 'sticky) so you can remove/apply it as needed. Same for the mike hole. If you are still unsure, unplug the internet completely. I do this mainly to keep the camera lens on my phones/ devices unscratched, still, a 'little' paranoia is okay too.

      2) Live as clean a life as possible.

    12. Re:Supply Chain Attack by suutar · · Score: 2

      unplug the kinect from the back of the xbox when not in use?

    13. Re:Supply Chain Attack by sjames · · Score: 1

      Perhaps it should face a printout of goatse.cx. If they're going to break the law, let them suffer the consequences.

    14. Re:Supply Chain Attack by fox171171 · · Score: 1

      Microsoft can compromise your machine.

      Usually they do this (a lot) by accident.

      And of course they can do it on purpose if someone asks.

    15. Re:Supply Chain Attack by sixsixtysix · · Score: 1

      the same reason david koresh wasn't arrested during his regular jogging outside the compound?

      --
      ...
    16. Re:Supply Chain Attack by Flere+Imsaho · · Score: 1

      ...but if they really find me playing Angry Birds in the buff that exciting who am I to deprive them of their entertainment?

      Your ideas are intriguing to me and I wish to subscribe to your webcam.

      --
      It gripped her hand gently. 'Regret is for humans,' it said.
    17. Re:Supply Chain Attack by peawormsworth · · Score: 1

      it. This situation is analogous to your PC phoning home to Microsoft for updates, then having a special version sent to your machine at the request of the FBI. No matter how careful you are about what software you run or what security software you employ, Microsoft can compromise your machine.

      And the EULA you signed means you agree that Microsoft can do this and that Microsoft will not be held responsible for the consequences

  3. Ok..So verizon has shown they cant be trusted.. by wierd_w · · Score: 4, Insightful

    Issuing a custom radio firmware for a data only device, so that it responds to a telephone network signal demonstrates that verizon is willing to place nonstandard firmware on devices on their network, for the express purposes of aiding investigations that lack proper warrants.

    This is a very bad thing Verizon. A Very Bad Thing.

    Don't underestimate the impact that losing public confidence can have on your business. Being so self-conceited as to feel that you don't have to worry because you have cornered the market would only add fuel to the fire.

    Plan you PR damage control messages carefully. Smile, you're on candid camera.

    1. Re:Ok..So verizon has shown they cant be trusted.. by ttucker · · Score: 1

      Issuing a custom radio firmware for a data only device, so that it responds to a telephone network signal demonstrates that verizon is willing to place nonstandard firmware on devices on their network, for the express purposes of aiding investigations that lack proper warrants.

      This is a very bad thing Verizon. A Very Bad Thing.

      Don't underestimate the impact that losing public confidence can have on your business. Being so self-conceited as to feel that you don't have to worry because you have cornered the market would only add fuel to the fire.

      Plan you PR damage control messages carefully. Smile, you're on candid camera.

      This case will not affect my continued usage of Verizon in any way.

    2. Re:Ok..So verizon has shown they cant be trusted.. by jbolden · · Score: 4, Interesting

      I don't think Verizon is going to be too upset that publicity that they helped the FBI catch an identify thief in an apartment under one of the assumed names he was identity stealing....

      Besides Verizon works with the military and has most of the government contracts. They've been pretty clear they are going to extra cooperative with the government for many years.

    3. Re:Ok..So verizon has shown they cant be trusted.. by alen · · Score: 4, Informative

      FBI got a warrant and verizon helped catch a suspected scumbag
      what's the problem here?

    4. Re:Ok..So verizon has shown they cant be trusted.. by jchawk · · Score: 3, Insightful

      While I really agree with what you are saying... The market has not demonstrated that it cares about this type of behavior. Joe Six Pack continues to pile on more and more devices onto the Verizon network without a second thought to privacy. If you think I'm wrong look at the 6-strike rule in their Internet business... This hasn't hurt them one bit.

      The average person simply doesn't understand the behinds the scenes technology well enough to care.

    5. Re:Ok..So verizon has shown they cant be trusted.. by semi-extrinsic · · Score: 5, Insightful

      I saw a good quote on this topic yesterday here on /. :
      "The trouble with fighting for human freedom is that one spends most of one's time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all."
      H. L. Mencken

      --
      for i in `facebook friends "=bday" 2>/dev/null | cut -d " " -f 3-`; do facebook wallpost $i "Happy birthday!"; done
    6. Re:Ok..So verizon has shown they cant be trusted.. by Hatta · · Score: 4, Informative

      A court order is not a warrant, and the judge who issued that court order may not have been fully informed. FTFA:

      The government has conceded, however, that it needed a warrant in his case alone â" because the stingray reached into his apartment remotely to locate the air card â" and that the activities performed by Verizon and the FBI to locate Rigmaiden were all authorized by a court order signed by a magistrate.

      The Electronic Frontier Foundation and the American Civil Liberties Union of Northern California, who have filed an amicus brief in support of Rigmaidenâ(TM)s motion, maintain that the order does not qualify as a warrant and that the government withheld crucial information from the magistrate â" such as identifying that the tracking device they planned to use was a stingray and that its use involved intrusive measures â" thus preventing the court from properly fulfilling its oversight function.

      âoeIt shows you just how crazy the technology is, and [supports] all the more the need to explain to the court what they are doing,â says EFF Staff Attorney Hanni Fakhoury. âoeThis is more than just [saying to Verizon] give us some records that you have sitting on your server. This is reconfiguring and changing the characteristics of the [suspect's] property, without informing the judge whatâ(TM)s going on.â

      --
      Give me Classic Slashdot or give me death!
    7. Re:Ok..So verizon has shown they cant be trusted.. by wierd_w · · Score: 2

      I was under the impression that verizon complied with the FBI request in "rubber stamp" fashion, and not due to a warrant. (Which was why their use of the stingray had caused judges to get stingy when discovered.)

      Pushing firmware to devices without permission/authorization from the downstream user can count as vandalism, if the device is not subsidized by verizon, and is the user's personal property. I don't use verizon, so this does not really impact me except as being a chilling effect, as other providers will be compelled to comply by govt agencies as well.

      The above 3 posts fail to take into account that all persons of interest are innocent until proven guilty in a court of law, so all tapping and tracing activities need to be seen as if they were performed on people who have done absolutely nothing wrong. Approaching it from the "we helped them catch a dirtbag" angle is not justifiable, unless you operate under the "guilty until proven innocent" model instead.

      A warrant has to be issued, it has to be specific in what is to be taken, and specific in the place, time, and person of interest investigated.

      Your "la dee dah" blithe response to this kind of thing is exactly why the USA is turning more and more into a police state every day. Keep that in mind.

    8. Re:Ok..So verizon has shown they cant be trusted.. by alen · · Score: 1

      the paragraph before that one said they got a warrant

    9. Re:Ok..So verizon has shown they cant be trusted.. by wierd_w · · Score: 3, Informative

      Reading comprehension fail.

      The FBI agreed that it *needed* a warranted (eg, that what they were doing with the stingray needed one), but said that what verizon did for them was authorized by a court order, and did not need one.

      This does not say that they in fact obtained such warrant, which they did not.

    10. Re:Ok..So verizon has shown they cant be trusted.. by Anonymous Coward · · Score: 1, Insightful

      Which is a wonderful quote in response to government overstepping its boundaries. But getting a warrant first is kind of the opposite of overstepping their boundaries.

      Now if you'd like to argue that a warrant should never have been issued...

      (I am aware of the other posters that have pointed out that no warrant was actually issued. However, since you made no mention of that, one must read your post as you arguing against the actions of the FBI despite them having a warrant.)

    11. Re:Ok..So verizon has shown they cant be trusted.. by sl4shd0rk · · Score: 1

      what's the problem here?

      Alleged 4th amendment viloation

      --
      Join the Slashcott! Feb 10 thru Feb 17!
    12. Re:Ok..So verizon has shown they cant be trusted.. by plover · · Score: 1

      A warrant has to be issued, it has to be specific in what is to be taken, and specific in the place, time, and person of interest investigated.

      That's the interesting thing about this case. It's not just a thing to be taken, but they performed active malicious operation of the suspect's own data card. And it's hard to exactly name an identity thief, when his true identity was one of the facts they were trying to ascertain.

      I suspect the ruling will be narrowly focused on some detail of this specific case and won't answer the broad question of whether or not all Stingray use needs a warrant.

      --
      John
    13. Re:Ok..So verizon has shown they cant be trusted.. by alen · · Score: 2

      go read the linked articles

      the FBI had multiple court orders and warrants. the perp is saying that the wording of their warrant did not allow the use of a stingray device

      rule #1 of criminal law. if you can't fight the evidence then fight to have it excluded from the case. they already had lots of other evidence that he was a scumbag and were only trying to figure out who he was and where he lived

    14. Re:Ok..So verizon has shown they cant be trusted.. by IndustrialComplex · · Score: 1

      The average person simply doesn't understand the behinds the scenes technology well enough to care.

      The average person doesn't need to understand the technology to care. The problem is that very often the average person doesn't understand why they should care.

      The second problem is that even when you do care, what does the average person have in the way of alternatives?

      --
      Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
    15. Re:Ok..So verizon has shown they cant be trusted.. by wierd_w · · Score: 1

      And it would appear that many other organizations, and even this court judge are either in agreement with that position, or are willing to consider that position's legitimacy, which is why this case has not been dismissed.

      Like all things, the devil's in the details.

    16. Re:Ok..So verizon has shown they cant be trusted.. by Lumpy · · Score: 2

      Who was also making the #1 mistake, Cracking from home.

      --
      Do not look at laser with remaining good eye.
    17. Re:Ok..So verizon has shown they cant be trusted.. by poetmatt · · Score: 1

      lazy troll is lazy.

      warrant was not legitimate, search was violation of 4th amendment.

      when/how is that ever not a problem?

    18. Re:Ok..So verizon has shown they cant be trusted.. by the+eric+conspiracy · · Score: 1

      They didn't get a warrant. They got a court order, which isn't something that requires demonstration of probable cause.

    19. Re:Ok..So verizon has shown they cant be trusted.. by the+eric+conspiracy · · Score: 1

      Warrants have to be specific as to the place to be searched. If they didn't have a warrant to do this, oh well.

    20. Re:Ok..So verizon has shown they cant be trusted.. by ShanghaiBill · · Score: 2

      "The trouble with fighting for human freedom is that one spends most of one's time defending scoundrels."

      Lenny Bruce was a scoundrel. Larry Flynt was scoundrel. They deserved to be defended. This guy is just a common thief. As long as the FBI has a warrant (it isn't clear that they did), then I don't see the issue here. He deserves a fair trial, but stealing from other people is not a "human freedom", and none of his actions are defensible.

    21. Re:Ok..So verizon has shown they cant be trusted.. by fustakrakich · · Score: 1

      ...Verizon works with the military and has most of the government contracts.

      Another reason a silly boycott won't ever work... You know... In case somebody brings it up.

      The government continues to operate with the full consent of its subjects. Accept it

      --
      “He’s not deformed, he’s just drunk!”
    22. Re:Ok..So verizon has shown they cant be trusted.. by alen · · Score: 1

      technically, they weren't searching his home or vehicle, they were simply trying to triangulate his location to make an arrest based on other evidence already collected

    23. Re:Ok..So verizon has shown they cant be trusted.. by Khyber · · Score: 1

      "A court order is not a warrant,"

      In fact, a warrant is a court order signed and issued by a judge via the District Attorney's office.

      Try again. This isn't the '50s.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    24. Re:Ok..So verizon has shown they cant be trusted.. by Leafheart · · Score: 1

      lazy troll is lazy.

      warrant was not legitimate, search was violation of 4th amendment.

      when/how is that ever not a problem?

      Got any proof of that?

      --
      --- "When you gotta do something wrong. You gotta do it right. (Fighter)"
    25. Re:Ok..So verizon has shown they cant be trusted.. by Farmer+Pete · · Score: 1

      Most likely thing is that even if you got people to be pissed at Verizon and ready to jump ships, no one would pay their ETF to leave. By the time people's contracts ran up, they'll probably have forgotten they were angry at Verizon in the first place.

    26. Re:Ok..So verizon has shown they cant be trusted.. by SternisheFan · · Score: 1

      Whether it's Verizon, or any company that markets any device in the U.S., I imagine part of the vetting process before it can be sold here is that govt. agencies have their backdoors already in them. If it's a device with any type of antenna you have to figure it's sold pre-compromised. Welcome to our brave new world.

    27. Re:Ok..So verizon has shown they cant be trusted.. by suutar · · Score: 1

      A warrant is a form of court order, yes. But not all court orders are warrants.

    28. Re:Ok..So verizon has shown they cant be trusted.. by j00r0m4nc3r · · Score: 1

      This isn't the '50s.

      Not for another 37 years...

    29. Re:Ok..So verizon has shown they cant be trusted.. by sjames · · Score: 1

      A warrant is a court order, but a court order is not necessarily a warrant. Somewhere, your elementary school math teacher is facepalming.

    30. Re:Ok..So verizon has shown they cant be trusted.. by WizADSL · · Score: 1

      Just an observation, in your post you mention "if the device is not subsidized by verizon, and is the user's personal property". Assuming that ownership of the device makes a difference, I think you could argue that he owns it either way. If I buy a phone that's worth $500 for $200 in exchange for a 2 year contract then there will be a penalty that will more than pay for the phone if I cancel. If that penalty is part of my agreement then I don't see how the phone wouldn't be considered "mine" since I've agreed to either honor my contract or reimburse them if I don't; assuming I do either of those that phone is mine.

    31. Re:Ok..So verizon has shown they cant be trusted.. by Khyber · · Score: 1

      "The above 3 posts fail to take into account that all persons of interest are innocent until proven guilty in a court of law"

      You must not have been paying attention to the system for the last decade+.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    32. Re:Ok..So verizon has shown they cant be trusted.. by Khyber · · Score: 1

      Most court orders aren't issued without some probable cause.

      Example: The court order for me to report for a felony trial (aka a warrant for my arrest) was issued because my IP tied directly to the IP which sent out an e-mail, with my headers and info.

      There's plenty of means to find probable cause. Your definition might differ from others with higher or lower logical skills.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    33. Re:Ok..So verizon has shown they cant be trusted.. by mabhatter654 · · Score: 2

      But the flip side is that their network is secure enough VERIZON has to have their engineers actually write a patch for police to use. So while they have low standards for cooperating, it seems like it is a lot of work for Verison to do... EXPENSIVE work police won't want to use too often.

    34. Re:Ok..So verizon has shown they cant be trusted.. by poetmatt · · Score: 1

      did you read a single claim in the case? This is literally the argument made by both the EFF and the defendant. RTFA.

    35. Re:Ok..So verizon has shown they cant be trusted.. by mabhatter654 · · Score: 1

      Depending on how the warrant was written... It sounds like it was an "order" to assist the FBI in finding the offender with a specific device they identified as used for criminal activity.

      As VERIZON OWNS the towers and the FIRMWARE they modified. It need to be a "warrant" because they were not "following the whereabouts" around town, but trying to pick out where he was staying.

      A WARRANT requires that they KNOW who you are and can identify a place to search. In this case they had no PLACE. This is like tracking somebody fleeing a scene (like you see on TV) which doesn't require a warrant at all. Verizon changed the subscribers phone so the FBI could FIND them, not retrieve information FROM the phone. The FBI was tracking a "stolen" or "fraudulently registered" device, not the "owner" of the device.. You only need WARRANTS to collect information about people.

    36. Re:Ok..So verizon has shown they cant be trusted.. by mabhatter654 · · Score: 1

      An example of the same thing would be YOU activating "Find my iPhone" remotely after somebody took your stuff... But you didn't know WHO. YOU would be activating a big that is not normally active but on YOUR PROPERTY. The AirCard was fraudulently purchased, therefore "Verizon" was the grieved party acting as the owner of the network the card was illegally operating on.

    37. Re:Ok..So verizon has shown they cant be trusted.. by wierd_w · · Score: 1

      This does not follow. Drop in replacement time:

      We have a crook with an "illegally activated" laptop. Maybe he registered the serial number under a false name, whatever. The physical device is owned by the person of interest, and not the ISP, nor the OS maker.

      The FBI tasks the ISP of the PoI to install a network worm that alter's the laptop's normal operation, so that they can track its access, and thus locate it.

      They do so.

      In doing so, they have vandalized that person's private property (the laptop) by illegally installing software on a platform they do not hold legal rights to. This is functionally no different from the FBI telling microsoft to spy on people using their kinects, or any other forced, serrutpitious update that damages something that the person of interest purchased.

      Here's a hint, just because verizon holds a monopolistic deathgrip on CDMA doesn't mean that the aircard in question *must* be used on their service. As such, verizon does not have defacto authority to chage the device's firmware without notification. They can say "update, or we won't service", but that is not the same thing.

      Verizon owns the service. The person of interest owns the phone. Verizon says the device was illegally activated on their network. Their authority ends on their end; they blacklist the IMEI, and the device no longer gets services. The devie is unaltered.

      Here, they pushed an OTA firmware to the device without informing the user or getting consent. They vandalized his property to conduct this operation. Verizon does not own the aircard.

      Please stop drinking the industry koolaid.

    38. Re:Ok..So verizon has shown they cant be trusted.. by SpectreBlofeld · · Score: 3, Insightful

      But the perp in question was an identity thief who had activated the device in the victim's name. In this case, the victim technically 'owns' the service/device, right? How can you claim that the FBI/Verizon violated the thief's 'private property' when it was fraudulently bought/activated in the victim's name?

      If the victim gives permission for the FBI/VZW to track the device that's in his/her name, that's good enough for me. If someone stole my identity to activate service, I'd be begging for them to track the fucker down. After all, I'm the legal account holder, whether I like it or not.

      You say that 'Verizon does not own the aircard' but neither does the identity thief, dammit! The victim does!

    39. Re:Ok..So verizon has shown they cant be trusted.. by whoever57 · · Score: 1

      Verizon changed the subscribers phone so the FBI could FIND them, not retrieve information FROM the phone.

      How is this any different from the use of a GPS tracking device attached to someone's car. The Supremes decided that GPS tracking devices need warrants. They even suggested in that ruling that warrants would be required to tracka smartphone.

      --
      The real "Libtards" are the Libertarians!
    40. Re:Ok..So verizon has shown they cant be trusted.. by mbkennel · · Score: 1

      Attaching a GPS device to person's owned car requires a warrant.

      Does attaching a GPS device to a stolen car require a warrant? What if the legitimate owner of the car agrees to the tracker.
      That's more the situation here. Suppose the legitimate owner activated a GPS on his own car and reported it to the authorities.

      Is there a right for a person to be secure in somebody else's houses, papers and effects?

    41. Re:Ok..So verizon has shown they cant be trusted.. by wierd_w · · Score: 1

      Repeat after me:

      Activation does not make me the owner.

      Providing service to another does not make me the owner.

      PAYING MONEY IN EXCHANGE FOR A PRODUCT MAKES ME AN OWNER.

      What does this mean?

      "Somebody activated a cellphone with my identity! Nevermind they paid cash for the phone, and have a reciept! The are using my identity and good name/credit to get service they would otherwise be denied!"

      Does this person own *THE PHONE* being serviced?

      NO! THEY DON'T! The identity thief paid cash! The theif owns the phone legally, but is getting service illegally.

      Does the phone company own the phone in question?

      NO! They Don't! The thief paid for it up front, and owns it.

      Can either party claim physical rights to that device?

      NO! They Can't! The most either can do is demand that service be terminated, and or terminate service.

      Did Verizon outstep their authority by serruptitiousy installing malicious firmware on a device that they may not have owned? If the device was not subsidized, then YES. (It can be argued that if the device was not paid for up front, then the identity theft victim owns the handset, having had money exchanged for it. In which case, Verizon should have asked the victim if they wanted to keep the device after being collected [arresting the perp], or if they just want reimbursement. If the victim says the want to keep it, then Verizon needs to ask the legal owner of the device if they can install the firmware. If they say they want reimbursement, then Verizon can do whatever they want with their device.) The issue here is treating the device as Verizon's property by default, which as far as I know, has not been substantiated, and is not a good direction to head down.

      So, again:

      Things that do NOT make me the owner:

      Supplying service to someone to use with the device. (Activating a handsate on the network, providing internet access, etc.)

      Being the sole distributor of such devices. (Once the money changes hands, you STOP being the owner. The person who gave you money becomes the owner instead. You lose the right to in any way meddle with that property once the sale completes.)

      Things that DO make you the owner:

      Exchanging currency for the purchase of the item.

      As a general rule, vandalism constitutes the damage or defacement of another person's property without their consent. If the FBI decided that I was a person of interest, and that I needed to be located and arrested, I would be livid, and WOULD sue if they forced a OTA firmware onto the device I legally own outright, having paid cash for it outright. If my telecom company did this per the FBI's request, I would sue them as well for illegal access to a private computer system.

      Simply because this guy is "a crook" does NOT mean he does not have rights. Your unwillingness to accept that he does disturbs the hell out of me. The law, and protection of due process is for the guilty and the innocent alike. Until the Judge finds guilt, *ALL* persons of interest are innocent, by definition. That means that any process you would not subject a clearly innocent man to, you should not subject a "crook" to either.

      Failure t respect and champion for this is the #1 reason why we are racing headfirst into being a police state.

      If you ascribe guilt before process, then you have no place to complain when the system you allow comes to eat you too.

      Stop undermining *MY* right to ownership of *MY* devices, by turning a blind eye in cases like these. Letting these fucks get away with it without even questioning is howproperty rights are eroded, and vanish. Asserting "this is only for guilty people!" Is a nonsequitor; our system investigates INNOCENT people, to DETERMINE guilt. Only the judge and jury determine guilt. Preemptive condemnation like you are employing leaves innocent people guilty until proven innocent, and the practices you are supporting are ONLY used that way. As far as the police are concerned, *all* people are guilty. Especially the innocent.

      That Verizon would do this without even batting an eye worries the hell out of me, and should worry you too.

    42. Re:Ok..So verizon has shown they cant be trusted.. by SpectreBlofeld · · Score: 1

      (It can be argued that if the device was not paid for up front, then the identity theft victim owns the handset, having had money exchanged for it. In which case, Verizon should have asked the victim if they wanted to keep the device after being collected [arresting the perp], or if they just want reimbursement. If the victim says the want to keep it, then Verizon needs to ask the legal owner of the device if they can install the firmware. If they say they want reimbursement, then Verizon can do whatever they want with their device.)

        How do you know that's not exactly what happened?

    43. Re:Ok..So verizon has shown they cant be trusted.. by SpectreBlofeld · · Score: 1

      I steal your identity.

      I walk into a car dealership, and use your credit rating to walk way with a fancy new car. I pay a down payment in cash, and the rest is billed... to you.

      You'd be furious that I stole your identity to buy a car. You'd call the cops. Let's say it turns out that the car has OnStar built in, and that the cops can give a simple court order to OnStar and then OnStar will pass along the vehicle's location.

      Wow, this would be an easy and great way to catch a fucking thief!

      Too bad... by your standards, this would be some grandiose violation of the thief's 'rights', because as you said in giant bold letters, 'PAYING MONEY IN EXCHANGE FOR A PRODUCT MAKES ME AN OWNER'.

      Only, surprise, asshole, it's doesn't, because you were a fraudster. The ID thief putting a fake down payment on a car not financed in his name 'owns' that car no more than the guy buying a Verizon aircard using a stolen ID. I'm sure you're a smart guy most of the time, but you're being a dumbass about this, and you're doing it loudly, with lots of capital letters and bold fonts.

      Even if you had some sort of legal framework in which you could argue that this guy owned the aircard/service because he paid for it and therefore wasn't subject to surveillance for some reason... he'd have to prove that fact, somehow. And in proving that he paid for the aircard/service - which has been demonstrated to have been fraudulently activated under a stolen ID - the perp would have to therefore confess to identity fraud.

      And Verizon didn't install 'malicious software'. You're arguing about a topic that you don't understand. You don't even understand the terminology... you're using words and phrases incorrectly. I'm sorry, but you simply don't have a grasp of what's going on here or what the implications are.

    44. Re:Ok..So verizon has shown they cant be trusted.. by mabhatter654 · · Score: 1

      Except ACCESSING Verizon's network requires agreeing to a TOS that among other things GRANTS THEM PERMISSION to install whatever baseband updates are necessary to work with their network. The suspect was accessing their network via payments from stolen credit cards.. So Verizion had no obligation to even turn the device on. If Verizon wishes to track a stolen device that has "clicked thru" to access THEIR PROPERY they have no legal problems doing so.

      Even the whole "transmitting from the location" argument doesn't follow because the suspect was using ILLEGALLY obtained means to pay, and was ACTIVELY USING Verizon's network to continue to commit crimes.

      Verizion knew that the ACCOUNT was fraudulently obtained, and they knew the DEVICE registered. To use a car analogy, the police used normal survailance to follow a stolen car, not knowing who stole it. They FOLLOWED the car and observed it driving into a private garage.. Police don't need a warrant to "continue presuit" of criminal activity they are actively observing. Police don't need a warrant to open the garage when they OBSERVED the stolen property entering. It's the same thing here.

    45. Re:Ok..So verizon has shown they cant be trusted.. by jbolden · · Score: 1

      Not really. Governments can and should rely on the cooperation of the their community for law enforcement. Verizon's cooperation is part of the broader notion of community support for the laws we are governed by. Having individuals, or in the case corporate persons, stand up and assist the police in enforcing the laws is a very good thing. The opposite where the laws were so broadly disliked that the community didn't support them and wouldn't help the police I'd consider much more dangerous and damaging. So no I'm not disgusted at all nor even troubled.

    46. Re:Ok..So verizon has shown they cant be trusted.. by jbolden · · Score: 1

      The government continues to operate with the full consent of its subjects. Accept it

      Exactly. And in this particular case, the laws against identity theft, I'm sure the level of support is incredibly high.

    47. Re:Ok..So verizon has shown they cant be trusted.. by mabhatter654 · · Score: 1

      There was no NEED for a warrant because the police were tracking a DEVICE and not a person. It's offensive that the court didn't recognize this. The police had no GROUNDS to ask for a warrant because they did not have a suspect name nor location. They DID ask for a court order for Verizon to do the work tracking the DEVICE, so that is good enough.

      You don't need a warrant in a CHASE. In this case they are crying because the stolen property was tattling from inside their house... It only connected when they were illegally accessing Verizon's network... That's not "spying" by a long shot. That is the risk of using a stolen device.

  4. technology vs law by houbou · · Score: 2, Insightful

    Clearly our technological advances are ahead of the law and it's time for those 2 to sync up in a realistic way.

    Ok, so this is a guy who does identity fraud.
    I'm not crying for him
    He's lucky to even have access to due process as far as I'm concerned However, that your very own devices can be used against you in such ways, which means that the trust you have in your provider is broken, seems unethical.
    If the FBI and/or other agencies require such abilities, perhaps then, companies such as Verizon should place this in their contracts something like "authorities can use your devices to track you and/or use your data for any of their investigations as they see fit".
    Transparency would be nice.
    All I know is that, I've got nothing to hide, so I don't care, but, for those who do, they may have to switch to another provider....

    1. Re:technology vs law by Anonymous Coward · · Score: 2, Insightful

      He's lucky to even have access to due process as far as I'm concerned ... All I know is that, I've got nothing to hide, so I don't care

      Then you, sir, deserve to be dragged off in the night and charged without due process.

      Everybody deserves due process, or you cease to be a free society. And the "you have nothing to fear if you have nothing to hide" is the lament of cowards and fascists.

      Fuck you you worthless sack of shit. You're part of the problem of tacitly accepting it as okay when your government breaks the laws.

    2. Re:technology vs law by japhering · · Score: 1

      All I know is that, I've got nothing to hide, so I don't care, but, for those who do, they may have to switch to another provider....

      And what happens when it becomes a felony to possess $100 bill, or to take 4 pain killers when the bottle says 2, .. speeding over 5 mph
      not taking reusable bags to the grocery store ..

      In this day and age .. no telling what will be the next big federal crime... streaming copyrighted video from a site not owned by the copyright holder comes to mind.

    3. Re:technology vs law by KingMotley · · Score: 1

      If the FBI and/or other agencies require such abilities, perhaps then, companies such as Verizon should place this in their contracts something like "authorities can use your devices to track you and/or use your data for any of their investigations as they see fit".

      I'm going to go out on a limb here and say you haven't read your agreement.

    4. Re:technology vs law by the+eric+conspiracy · · Score: 1

      What happens is simple. It's all about consent of the governed and common sense.

    5. Re:technology vs law by moeinvt · · Score: 1

      I'd like to see transparency too, but it doesn't really matter. The FISA Revisions Act of 2007 basically shredded any privacy agreements we might have with the telecom companies and absolved them of any legal responsibility for protecting their customers' information.

      The feds didn't want any details of their blatantly illegal and unConstitutional warrantless surveillance program leaking out.
      Therefore, they came along and granted all the telecom providers complete immunity from civil suits or any criminal investigations and prosecutions.A civil suit or state level criminal prosecution had the potential for revealing their crimes, so the telecoms get complete immunity. Your privacy agreement with them doesn't matter one bit.

    6. Re:technology vs law by Farmer+Pete · · Score: 1

      Your list of potential crimes is insanely stupid and completely unrealistic. What next? Are you going to outlaw all sodas sold in cups 17 oz or larger? That will be the day.

    7. Re:technology vs law by japhering · · Score: 1

      Your list of potential crimes is insanely stupid and completely unrealistic. What next? Are you going to outlaw all sodas sold in cups 17 oz or larger? That will be the day.

      That was the point .. the vastly increasing number of laws, rules, regulations and policies for which the American public is willing to surrender their constitutional rights. Yes, some sanity prevailed in the NYC case, but not common sense. The NYC ban was struck down because the judge decided it was unfair to say certain merchants couldn't sell 17+ oz sodas, but someone next door could because they were classified differently.

      It all boils down to the rapidly disappearing concept of common sense. Everyone should know that consuming 2000 calories a day in sugary drinks is bad for you .. but people still do it.

    8. Re:technology vs law by Farmer+Pete · · Score: 1

      In a world where manufacturers have to "warn" us not to iron clothes while wearing them, I wholeheartedly agree. I don't have a problem with people doing things that only injure themselves. Having said that, I really want to implement food stamp reform. I REALLY don't like paying taxes so that people can get handouts that I myself, a frugal man, will not spend my own money on. Why buy $1 worth of soda when I can buy the same amount of water for half a cent. For the price of that 2-litre, I could drink 100 gallons of tap water. Now, if someone is paying for their own food, I don't give a rats ass if they spend $1000 on Twizzlers and beef jerky. It's their money, and they can use it as they see fit. But if I'm paying for it, you better get some damn nutrition.

    9. Re:technology vs law by SpectreBlofeld · · Score: 1

      > companies such as Verizon should place this in their contracts something like "authorities can use your devices to track you and/or use your data for any of their investigations as they see fit".

        It's not that simple. Many posters here are missing the point that this guy stole someone else's identity to establish his Verizon account.

      -They probably first contacted the person who was the 'real' accountholder (the identity theft victim).
      -That victim says, 'Some stole my ID? Track the fucker!' to both the FBI and Verizon.
      -FBI says, 'Sweet, will do'
      -Verizon's own LEO compliance policy says 'only cooperate if an official court order is presented'
      -FBI got the court order, the rest is history.

        Conversation with FBI and judge goes like this:

      FBI: "Hay judge, this nasty ID thief guy totally stole this guy's ID and got a cell phone thingie. The victim and VZW give permission to track the perp, we just need to make it official. Howsabout a court order bro?"

      Judge: "LOL cool here's a court order man"

      ID thief's lawyers: "NOT COOL BRO YOU NEED A REAL WARRANT NOT JUST A COURT ORDER even-though-the-victim-consented-to-locating-what-is-technically-his-property"

      The defense doesn't have a leg to stand on, and this whole event is overblown. People are up in arms about this because they think the message is that every time someone is suspected of committing a crime, the FBI will just make the carriers roll over and track down their mobiles. But this case isn't that straightforward. The guy used someone else's ID to establish the service, so he's not even the owner of the property that was being searched and, IMO, not eligible for fourth amendment protections, because it wasn't HIS 'person and papers' being sniffed by law enforcement.

      This is like someone stealing your car, and law enforcement uses OnStar to track it down along with the thieves. You wouldn't make the claim that the police couldn't use OnStar from the stolen car to track the perp because it violated their rights, would you?

  5. Re:Holy crap ... by Pliny · · Score: 1

    If anybody other than Verizon had done this to somebody, they'd be in jail.

    --
    What does this button d$#%* NO CARRIER
  6. Re:Holy crap ... by plover · · Score: 3, Informative

    That's one of the issues in this case. A Stingray is not discriminating and could impact other cellular devices. The FBI also claims they "throw away" all data that is not pertinent to their investigation, meaning there is no way to determine what they did or did not see regarding other people's communications. (Kind of a damned if you do, damned if you don't situation.)

    There is also the difference between wiretaps and pen trace registers. Wiretaps require a warrant, but pen traces don't. The Stingray doesn't record the call or data contents, so it could be claimed to be more like a pen trace. But a Stingray is actively pinging the target's machine to generate data to be used against the owner, which is a completely different use (abuse?) of the technology.

    Anything like this would be perfectly legal with a warrant. The real question is if this is legal without one.

    --
    John
  7. Re:Holy crap ... by plover · · Score: 1

    Clarification: in this case they had a "court order signed by a magistrate". I don't know how that differs from a "warrant", but it does sound like an appropriate level of judicial oversight, and that this was not just a rogue agent fishing for tax evaders.

    --
    John
  8. Slip down your law and order slope, citizen by ThatsNotPudding · · Score: 5, Funny

    FBI got a warrant and verizon helped catch a suspected scumbag what's the problem here?

    "When they came for the scumbags, I did not speak out, for I was not a scumbag..."

  9. Re:Holy crap ... by PRMan · · Score: 1

    It does look like they configured it in such a way that ONLY the suspect's card attached to the Stingray. That narrow focus may win the day in this case.

    --
    Peter predicted that you would "deliberately forget" creation 2000 years ago...
  10. Re:Holy crap ... by EmperorArthur · · Score: 4, Insightful

    It's a little more complicated than that.

    It seems Verizon pushed an update to his specific wireless card. This update allowed it to receive phone calls, thus allowing them to "ping" him in particular. It also set the preferred tower list so that the stingray would always be connected to first.

    The fun thing is that by modifying his wireless card, the FBI has "planted" a tracker on him. That requires a warrant. If this guy was such a big deal, then it shouldn't have been hard to get the warrant. The problem is the FBI didn't want anyone, even the judges, to know what cards they held. So even when they got there court order, it wasn't a warrant, and they misled the judge who issued the order. That's a big no no.

    --
    So lets pretend that we've just completed writing this code, as opposed to having just completed sabotaging it -Altera
  11. FTFY by Overzeetop · · Score: 1

    If the FBI's looking for you and gets the proper documentation, then it is legal. full stop

    Whether things are fine, or whether you do or don't have something you would like to hide, it becomes irrelevant to the discussion.

    --
    Is it just my observation, or are there way too many stupid people in the world?
    1. Re:FTFY by IndustrialComplex · · Score: 1

      If the FBI's looking for you and gets the proper documentation, then it is legal. full stop

      For sufficient levels of proper documentation. I'm not convinced that today's warrants are given a sufficient amount of scrutiny. Without oversight, all human processes have a tendency to degrade.

      If someone were given a task to perform, and there are no consequences if the task is not performed, it won't be long before the task sits uncompleted.

      If the penalties for underperforming are less severe than the additional cost of full performance, expect underperformance.

      --
      Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
    2. Re:FTFY by moeinvt · · Score: 1

      Exactly. Government employees are never held responsible for their under-performance or even their criminal activities. Warrantless wiretapping was a clear violation of the FISA law with both civil and criminal penalties, but nobody is held responsible. ATF smuggles guns to the Mexican cartels, they do an internal investigation and nothing happens. The OTS, SEC and FDIC have clearly defined obligations (the agency SHALL ....) to regulate banks, but they ignore those obligations. Their failures result in financial turmoil, but there are no consequences for the so-called "regulators".

      Expect non-performance.

  12. You Can Too! by Anonymous Coward · · Score: 1

    All you need is openBTS and a USRP. Total investment could be under $500.

    HOWEVER... Since you would be operating an unlicensed radio on a licensed spectrum, as well as intercepting/hijacking other people's cell calls you will be breaking many laws including operating without a license, illegal intercept, wire fraud...

    You, unlike the FBI, will not have a get out of jail free card. You will rot in jail! But, the tools are readily available to the public and te barrier to entry is surprisingly low.

  13. Re:Holy crap ... by gstoddart · · Score: 1

    Clarification: in this case they had a "court order signed by a magistrate". I don't know how that differs from a "warrant"

    Well, except that:

    The government has conceded, however, that it needed a warrant in his case alone â" because the stingray reached into his apartment remotely to locate the air card â" and that the activities performed by Verizon and the FBI to locate Rigmaiden were all authorized by a court order signed by a magistrate

    They didn't have the appropriate level of oversight, they had some oversight, but not to the standard they required.

    I have no reason to believe this was a 'rogue' agent, I fear it's become SOP at the FBI, and the entire agency is skirting the law when it's convenient.

    --
    Lost at C:>. Found at C.
  14. Re:Holy crap ... by Bobfrankly1 · · Score: 1

    That's one of the issues in this case. A Stingray is not discriminating and could impact other cellular devices. The FBI also claims they "throw away" all data that is not pertinent to their investigation, meaning there is no way to determine what they did or did not see regarding other people's communications. (Kind of a damned if you do, damned if you don't situation.)

    From what I've read on the issue, the stringray only works if the targeted phone's PRL has been modified to accept the stingray as a "friendly" tower. On or off, unmodified phones aren't going to connect to the stingray, seeing it as a rogue device.

    I'm not saying there isn't anything to be concerned about here, just saying that you're focusing on the wrong (and incorrect from what I'm reading) issue. In these circumstances, the stingray appears useless without the service provider's complicity in both tracing location of the target, and uploading modified firmware to the target's phone.

  15. Re:Sounds Technically Accurate by plover · · Score: 1

    Nobody is disputing the facts of the case. The questions are if the legal protections were adequate in this case, or if the FBI should have done something more.

    And the card wasn't "reprogrammed", at least not in the sense of sending an actual new program to it. An artificial list of cell tower IDs was sent to it, prominently featuring the fake tower ID as top priority. This duped his card into always trying to connect to the FBI's Stingray.

    It was "reprogrammed" in the same sense that your grandmother equates "data entry" with "programming".

    --
    John
  16. Re:Holy crap ... by plover · · Score: 2

    Got it, thanks. I missed equating the change to his card as "planting a tracking device", which makes total sense, at least to me. So now, it's up to the court to decide if the law sees those as equivalent activities, requiring equivalent oversight.

    Oh well. Better to let 100 scoundrels roam free than to wrongly imprison one man.

    --
    John
  17. Re:Holy crap ... by LVSlushdat · · Score: 1

    You have to realize that we are now living in an era when the law is WHATEVER the FBI/TSA and all of the other multitude of three-letter-acronymed agencies SAY it is.. I've given up hope that sanity and Consitutional freedom will return to America anytime soon.. I'm thankful I'm not a kid anymore having to live in what is quickly becoming what the old soviet union was..

    --
    THANK YOU, Edward Snowden!! Americans owe you a debt of gratitude (whether they know it or not..)
  18. Felonies even if the FBI did'em by redelm · · Score: 1

    ... 'scuse me, but I see "unauthorized access to a computing system" and "theft of service" all over here. A badge should not be a free pass to commit crimes.

    The fibbies might well have a warrent that would allow searching the machine, and a different one that would allow monitoring electronic conversations. But that is not the same as planting malware that creates transmissions. Not that the FBI transgressions are likely to be presented to a Grand Jury.

    The interesting thing is this is a criminal trial where illegally obtained evidence and all results thereof can be excluded "fruit of the poisoned vine". So watch the admissibility rulings ...

    1. Re:Felonies even if the FBI did'em by AK+Marc · · Score: 1

      ... 'scuse me, but I see "unauthorized access to a computing system" and "theft of service" all over here. A badge should not be a free pass to commit crimes.

      So the police can't come on to your property to arrest you, because that would be trespass. Go out, kill, rob, maim, and race home. If they don't restrain you before you reach your property, you are safe indefinitely.

      No, that's not how it works.

      --
      Learn to love Alaska
    2. Re:Felonies even if the FBI did'em by redelm · · Score: 1
      Sure it is -- arrest warrents allow trespass, breaking & entering, and armed kidnap. Sometimes "danger to others" or "exigent circumstances" are acceptable reasons. Would be for civilians too.

      Do not kid yourselves, the police skate close to felonies. The more conscious amongst them are well aware of this and appropriately cautious.

    3. Re:Felonies even if the FBI did'em by AK+Marc · · Score: 1

      I've seen conflicting statements here regarding what the FBI did have "official" permission (warrant, court orders, etc.) to do. You are indicating that if they did have a warrant, then they did not commit a felony, contradicting your previous statement.

      --
      Learn to love Alaska
    4. Re:Felonies even if the FBI did'em by sdw · · Score: 1

      Based on the statements related above about the judge insisting that the order did not authorize this, this does seem like Verizon and the FBI committed offenses here, probably felony unauthorized access to a computing system and others. Regardless of the outcome of this case, if it were me I would file civil and criminal charges.

      --
      Stephen D. Williams
    5. Re:Felonies even if the FBI did'em by SpectreBlofeld · · Score: 1

      Look, the guy had activated the aircard under a stolen ID.

      Let's say someone steals your ID and uses it to buy a new Escalade at the dealership (and then skip out on the payments, leaving you with the credit hit).

      Let's now assume that the Escalade came with OnStar built in.

      Now let's say that in search of this criminal - almost certainly with the ID theft victim's consent, not that it matters really, as there are two victims of the stolen property here, the dealership AND the ID victim - LEO gets a court order sent to OnStar, asking them to track the vehicle's location. They do. They find the perp and arrest him.

      If this were the case, would you be complaining about 'unauthorized access to a computing system' and 'theft of service', here? Hell, the THIEF is the one who has 'unauthorized service' and 'theft of service' under his belt, not the Feds.

      There is really zero difference between these scenarios. I'm probably more cynical about Big Government than most, but this 'controversy' is just the defense lawyer's weak attempt to get evidence dismissed. He doesn't have a case. You can't claim that law enforcement illegally accessed his property when it WASN'T HIS FUCKING PROPERTY. That fact almost certainly HELPED law enforcement track him down, as it removed the sort of 4th amendment barriers they'd normally have to be concerned about!

    6. Re:Felonies even if the FBI did'em by redelm · · Score: 1

      Please read less carelessly: warrants allow police to do things that would otherwise be felonies. Arrest and search can be allowed. Planting viruses and forcing transmissions do not have protection by warrants. "No warrants shall issue but ..." is very closed-ended.

    7. Re:Felonies even if the FBI did'em by AK+Marc · · Score: 1

      The FBI didn't plant the virus, did they? The wording indicated the FBI [asked/ordered] Verizon to do it, not that they did it themselves. Despite attempts, the government still has a bit of leeway in hiring(asking/ordering) someone to do something illegal for them to do themselves and acting as a direct agent.

      And if you are going to pretend-quote something, why not actually quote it? " Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." They got a warrant for the person to be seized, and like breaking down a door is allowed to seize a person, they are claiming triangulation is allowed as well. The plan was in place to be able to outline the methods to be used in the warrant. So I still don't see the complaint.

      --
      Learn to love Alaska
    8. Re:Felonies even if the FBI did'em by redelm · · Score: 1
      Yes, indirection via contractors/others will get around some Rules or Executive Orders. But it will not get around criminal culpability, where the concept of "accessory" is well established.

      Their triangulation was specifically disallowed later by the issuing judge. It might be handy and convenient, but there is no legal permission or precedent for allowing such illegal intrusion (system takeover).

    9. Re:Felonies even if the FBI did'em by redelm · · Score: 1
      Skip the car analogies, I understand them much worse than computers.

      If the computer were stolen property, then the rightful owner of course could consent to tracking software to recover it and whomever might be in the vicinity.

      But if only a service ID had been stolen, that is a different matter. The easiest way to reduce loss in that case would be to deactivate the ID. Failing that, the user/thief might have had an expectation of privacy! Not easy to argue.

  19. Joke's on them. I have AT&T. by Anonymous Coward · · Score: 1

    It never connects to the strongest signal.

  20. Re:Holy crap ... by plover · · Score: 1

    That was the beauty of Paget's hack. He used one of the non-domestic cell frequency bands to attack quad-band cell phones (using the ISM band at 900MHz.) Because the phone decided it was roaming, and didn't care about the network ID being set to zero, the phone believed whatever the fake tower told it. The other thing he needed was to send a tower signal that claimed it was getting perfect reception from the subscriber device, so the phone would prefer it above the real towers. No PRL change needed. He also told the phones that the network did not support encryption, so the traffic was sent in the clear, and not only could he intercept it, he could retransmit it over VOIP, acting as a man in the middle.

    That was an amazing hack.

    --
    John
  21. One has to wonder if Verizon's routers and STBs by Burz · · Score: 1

    ...aren't also targets for reprogramming and surveillance.

  22. Sounds about right... by Tim12s · · Score: 1

    Thats one way to do it.

  23. Re:Holy crap ... by Farmer+Pete · · Score: 1

    No wonder that guy on the Verizon commercials had such good coverage...He had an FBI van with a femtocell following him around.

  24. Re:Holy crap ... by EmperorArthur · · Score: 1

    I'm not so sure about some of that.

    I watched the video: https://www.youtube.com/watch?feature=player_detailpage&v=DU8hg4FTm0g#t=1314s and didn't see anything on preventing rogue base stations for GSM. Of course, Verizon uses a CDMA network, so they may have extra precautions.

    The part about using the 900MHz band didn't have anything to do with roaming. It had to do with legality. The frequency he's using is a ham radio frequency, and he's complying with FCC regs. https://www.youtube.com/watch?feature=player_detailpage&v=DU8hg4FTm0g#t=507s

    --
    So lets pretend that we've just completed writing this code, as opposed to having just completed sabotaging it -Altera
  25. Re:Sounds Technically Accurate by gstoddart · · Score: 1

    Well, then go with "reconfigured" instead of getting mired in the definition of "programmed".

    The end result was they broadcast something which caused his card to report his whereabouts, and gets into the realm of things that the FBI + Verizon may or may not be able to do without some proper authorization.

    The Electronic Frontier Foundation and the American Civil Liberties Union of Northern California, who have filed an amicus brief in support of Rigmaiden's motion, maintain that the order does not qualify as a warrant and that the government withheld crucial information from the magistrate -- such as identifying that the tracking device they planned to use was a stingray and that its use involved intrusive measures -- thus preventing the court from properly fulfilling its oversight function.

    So did an error of omission lead to an error of commission?

    It's TFA which says "In order to do this, Verizon reprogrammed the device so that when an incoming voice call arrived, the card would disconnect from any legitimate cell tower to which it was already connected, and send real-time cell-site location data to Verizon, which forwarded the data to the FBI"

    --
    Lost at C:>. Found at C.
  26. Um all sorts of AirCards, USB 3G dongles, etc by DiSKiLLeR · · Score: 2

    Um all sorts of AirCards, USB 3G dongles, etc can be made to make and recieve calls.

    All the Huwaei 3G usb modems that are sold by telco's here in Aus/NZ i've managed to get to make and recieve calls. (Yeah you need to use a USB headset or something, but you already do for skype and voip.)

    Is there any point to it? I don't know, but you can.

    Just like most tablets can be made to make/receive phone calls even though they aren't considered phones by the law.

    --
    You can tell how powerful someone is by the magnitude of the crime they can commit and be able to get away with.
    1. Re:Um all sorts of AirCards, USB 3G dongles, etc by SpectreBlofeld · · Score: 1

      I had an old Sierra Wireless aircard (PCMCIA form factor) some years ago that actually had a headphone jack on the aircard itself, and you used the 'dialer' software to initiate a call.

  27. Nobody read last week? The judge is PISSED by raymorris · · Score: 1

    Did nobody in this thread read about this when it was posted on Slashdot a week or two ago? Everybody is wondering about whether or not they got a warrant, etc. and that was all thoroughly covered last time. The FBI claimed this was covered under an order telling Verizon to provide technical assistance locating the card. The judge who signed that order is pissed, saying it did NOT authorize the FBI to do ANYTHING, and especially it did not authorize them to use a Stingray. The judge's colleagues agree, and are pissed that the FBI was pulling this crap.

    So no need for Slashdotters to wonder whether or not the order allowed the Stingray - the very judge who issued the order says it certainly does not. The FBI has since sent a memo to their agents saying the same thing, that a Stingray requires an order that specifically mentions a Stingray, not a "technical assistance" order.