Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI's Smartphone Surveillance Tool Explained In Court Battle

Posted by Soulskill on from the spying-made-simple dept.

concealment writes with news that a court battle has brought to light details on how the FBI's "stingray" surveillance tool works, and how they used it with Verizon's help to collect evidence about an alleged identity thief. Quoting: "Air cards are devices that plug into a computer and use the wireless cellular networks of phone providers to connect the computer to the internet. The devices are not phones and therefore don’t have the ability to receive incoming calls, but in this case Rigmaiden asserts that Verizon reconfigured his air card to respond to surreptitious voice calls from a landline controlled by the FBI. The FBI calls, which contacted the air card silently in the background, operated as pings to force the air card into revealing its location. In order to do this, Verizon reprogrammed the device so that when an incoming voice call arrived, the card would disconnect from any legitimate cell tower to which it was already connected, and send real-time cell-site location data to Verizon, which forwarded the data to the FBI. This allowed the FBI to position its stingray in the neighborhood where Rigmaiden resided. The stingray then "broadcast a very strong signal" to force the air card into connecting to it, instead of reconnecting to a legitimate cell tower, so that agents could then triangulate signals coming from the air card and zoom-in on Rigmaiden’s location. To make sure the air card connected to the FBI’s simulator, Rigmaiden says that Verizon altered his air card’s Preferred Roaming List so that it would accept the FBI’s stingray as a legitimate cell site and not a rogue site, and also changed a data table on the air card designating the priority of cell sites so that the FBI’s fake site was at the top of the list."

18 of 168 comments (clear)

  1. Weak hack. by plover · · Score: 4, Interesting

    Chris Paget was able to demo similar behavior at DEFCON 18, and he sure didn't need Verizon's help to do so.

    Pretty sure the FCC wanted to bust him on stage, actually.

    --
    John
    1. Re:Weak hack. by SpectreBlofeld · · Score: 4, Informative

      That's because he spoofed a GSM tower. You'll find that doing the same with CDMA is impossible without Verizon's help - see the bit about reprogramming the phone's roaming list in order to make the phone accept the spoofed tower.

    2. Re:Weak hack. by Obfuscant · · Score: 3, Informative

      How would it look if Gumshoe Freddy tried to hack a cell phone tower and crapped an entire communities' access? 911 calls that go nowhere, customer service lines jammed, people stranded because their GPS glitched out...

      If Gumshoe Freddy was able to hack a cellphone tower and cause somone's GPS to "glitch out", I'd say Gumshoe Freddy was a remarkably skilled hacker. GPS and cellphones use entirely different sets of frequencies, and I doubt that you could coerce a cellphone tower into transmitting on a GPS frequency no matter how good you are at it. Maybe those cell transmitters have a DDS system that can go where the GPS lives, but I doubt the amps or combiners would pass the signal. They kinda have to be selective enough so that the transmitted signal doesn't block the received one, so transmitting out of band is not going to be highly efficient if possible at all.

      For what? I can walk into a cell phone store and get a cell phone "mini cell" to put in my house to help with reception. FCC approved. I don't need a license to do that. Unless he's causing harmful interference to a licensed broadcaster and the broadcaster reports it, the FCC isn't going to do anything.

      You can buy a type certificated cell phone mini cell because the cell phone companies have agreed to allow it and the FCC has created a specification for what they can do and manufacturers have to meet that spec. They aren't just deciding on their own say so that they can do this.

      You don't have to be causing interference to a licensed broadcaster before the FCC cares, all you have to be doing is causing interference. True, most cases come to the attention of the FCC because the licensee complains, but the FCC can act without a complaint. You don't think Verizon or any of the other cell phone companies would complain about someone creating interference publicly?

      The FCC is an administrative government entity. It is not really law enforcement in any meaningful sense.

      That would be news to the FCC Enforcement Bureau, and the people to whom they've issued notices of apparent liability and levied fines.

  2. Supply Chain Attack by dunkindave · · Score: 5, Informative

    This is basically a supply chain attack. People worry about others breaking into their devices, but the user has to trust the device supplier not to tamper with it before they receive it. This situation is analogous to your PC phoning home to Microsoft for updates, then having a special version sent to your machine at the request of the FBI. No matter how careful you are about what software you run or what security software you employ, Microsoft can compromise your machine.

    1. Re:Supply Chain Attack by fredklein · · Score: 5, Interesting

      Screw PCs- how many people have a Microsoft XBox Kinect in their living rooms, complete with camera? You mean to tell me that Microsoft, at the perfectly legal (ie: rubber-stamped) request of the government, couldn't push an update that allows them to turn the Kinect cameras on at will??

    2. Re:Supply Chain Attack by Anonymous Coward · · Score: 3, Insightful

      So you're saying we should all run FSF approved operating systems?

      Even then, unless you intend to audit several billion lines of code of a variety of packages, and understand it well enough to discover flaws that give a 3rd party control over you or your information, you're still trusting someone else that it's safe.

    3. Re:Supply Chain Attack by StrangeBrew · · Score: 4, Funny

      I always face my webcams and Kinect towards the wall when not in use, so I guess I subscribe to your particular brand of paranoia. I suppose they can still watch me when the Kinect is in use, but if they really find me playing Angry Birds in the buff that exciting who am I to deprive them of their entertainment?

  3. Ok..So verizon has shown they cant be trusted.. by wierd_w · · Score: 4, Insightful

    Issuing a custom radio firmware for a data only device, so that it responds to a telephone network signal demonstrates that verizon is willing to place nonstandard firmware on devices on their network, for the express purposes of aiding investigations that lack proper warrants.

    This is a very bad thing Verizon. A Very Bad Thing.

    Don't underestimate the impact that losing public confidence can have on your business. Being so self-conceited as to feel that you don't have to worry because you have cornered the market would only add fuel to the fire.

    Plan you PR damage control messages carefully. Smile, you're on candid camera.

    1. Re:Ok..So verizon has shown they cant be trusted.. by jbolden · · Score: 4, Interesting

      I don't think Verizon is going to be too upset that publicity that they helped the FBI catch an identify thief in an apartment under one of the assumed names he was identity stealing....

      Besides Verizon works with the military and has most of the government contracts. They've been pretty clear they are going to extra cooperative with the government for many years.

    2. Re:Ok..So verizon has shown they cant be trusted.. by alen · · Score: 4, Informative

      FBI got a warrant and verizon helped catch a suspected scumbag
      what's the problem here?

    3. Re:Ok..So verizon has shown they cant be trusted.. by jchawk · · Score: 3, Insightful

      While I really agree with what you are saying... The market has not demonstrated that it cares about this type of behavior. Joe Six Pack continues to pile on more and more devices onto the Verizon network without a second thought to privacy. If you think I'm wrong look at the 6-strike rule in their Internet business... This hasn't hurt them one bit.

      The average person simply doesn't understand the behinds the scenes technology well enough to care.

    4. Re:Ok..So verizon has shown they cant be trusted.. by semi-extrinsic · · Score: 5, Insightful

      I saw a good quote on this topic yesterday here on /. :
      "The trouble with fighting for human freedom is that one spends most of one's time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all."
      H. L. Mencken

      --
      for i in `facebook friends "=bday" 2>/dev/null | cut -d " " -f 3-`; do facebook wallpost $i "Happy birthday!"; done
    5. Re:Ok..So verizon has shown they cant be trusted.. by Hatta · · Score: 4, Informative

      A court order is not a warrant, and the judge who issued that court order may not have been fully informed. FTFA:

      The government has conceded, however, that it needed a warrant in his case alone â" because the stingray reached into his apartment remotely to locate the air card â" and that the activities performed by Verizon and the FBI to locate Rigmaiden were all authorized by a court order signed by a magistrate.

      The Electronic Frontier Foundation and the American Civil Liberties Union of Northern California, who have filed an amicus brief in support of Rigmaidenâ(TM)s motion, maintain that the order does not qualify as a warrant and that the government withheld crucial information from the magistrate â" such as identifying that the tracking device they planned to use was a stingray and that its use involved intrusive measures â" thus preventing the court from properly fulfilling its oversight function.

      âoeIt shows you just how crazy the technology is, and [supports] all the more the need to explain to the court what they are doing,â says EFF Staff Attorney Hanni Fakhoury. âoeThis is more than just [saying to Verizon] give us some records that you have sitting on your server. This is reconfiguring and changing the characteristics of the [suspect's] property, without informing the judge whatâ(TM)s going on.â

      --
      Give me Classic Slashdot or give me death!
    6. Re:Ok..So verizon has shown they cant be trusted.. by wierd_w · · Score: 3, Informative

      Reading comprehension fail.

      The FBI agreed that it *needed* a warranted (eg, that what they were doing with the stingray needed one), but said that what verizon did for them was authorized by a court order, and did not need one.

      This does not say that they in fact obtained such warrant, which they did not.

    7. Re:Ok..So verizon has shown they cant be trusted.. by SpectreBlofeld · · Score: 3, Insightful

      But the perp in question was an identity thief who had activated the device in the victim's name. In this case, the victim technically 'owns' the service/device, right? How can you claim that the FBI/Verizon violated the thief's 'private property' when it was fraudulently bought/activated in the victim's name?

      If the victim gives permission for the FBI/VZW to track the device that's in his/her name, that's good enough for me. If someone stole my identity to activate service, I'd be begging for them to track the fucker down. After all, I'm the legal account holder, whether I like it or not.

      You say that 'Verizon does not own the aircard' but neither does the identity thief, dammit! The victim does!

  4. Re:Holy crap ... by plover · · Score: 3, Informative

    That's one of the issues in this case. A Stingray is not discriminating and could impact other cellular devices. The FBI also claims they "throw away" all data that is not pertinent to their investigation, meaning there is no way to determine what they did or did not see regarding other people's communications. (Kind of a damned if you do, damned if you don't situation.)

    There is also the difference between wiretaps and pen trace registers. Wiretaps require a warrant, but pen traces don't. The Stingray doesn't record the call or data contents, so it could be claimed to be more like a pen trace. But a Stingray is actively pinging the target's machine to generate data to be used against the owner, which is a completely different use (abuse?) of the technology.

    Anything like this would be perfectly legal with a warrant. The real question is if this is legal without one.

    --
    John
  5. Slip down your law and order slope, citizen by ThatsNotPudding · · Score: 5, Funny

    FBI got a warrant and verizon helped catch a suspected scumbag what's the problem here?

    "When they came for the scumbags, I did not speak out, for I was not a scumbag..."

  6. Re:Holy crap ... by EmperorArthur · · Score: 4, Insightful

    It's a little more complicated than that.

    It seems Verizon pushed an update to his specific wireless card. This update allowed it to receive phone calls, thus allowing them to "ping" him in particular. It also set the preferred tower list so that the stingray would always be connected to first.

    The fun thing is that by modifying his wireless card, the FBI has "planted" a tracker on him. That requires a warrant. If this guy was such a big deal, then it shouldn't have been hard to get the warrant. The problem is the FBI didn't want anyone, even the judges, to know what cards they held. So even when they got there court order, it wasn't a warrant, and they misled the judge who issued the order. That's a big no no.

    --
    So lets pretend that we've just completed writing this code, as opposed to having just completed sabotaging it -Altera