Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI's Smartphone Surveillance Tool Explained In Court Battle

Posted by Soulskill on from the spying-made-simple dept.

concealment writes with news that a court battle has brought to light details on how the FBI's "stingray" surveillance tool works, and how they used it with Verizon's help to collect evidence about an alleged identity thief. Quoting: "Air cards are devices that plug into a computer and use the wireless cellular networks of phone providers to connect the computer to the internet. The devices are not phones and therefore don’t have the ability to receive incoming calls, but in this case Rigmaiden asserts that Verizon reconfigured his air card to respond to surreptitious voice calls from a landline controlled by the FBI. The FBI calls, which contacted the air card silently in the background, operated as pings to force the air card into revealing its location. In order to do this, Verizon reprogrammed the device so that when an incoming voice call arrived, the card would disconnect from any legitimate cell tower to which it was already connected, and send real-time cell-site location data to Verizon, which forwarded the data to the FBI. This allowed the FBI to position its stingray in the neighborhood where Rigmaiden resided. The stingray then "broadcast a very strong signal" to force the air card into connecting to it, instead of reconnecting to a legitimate cell tower, so that agents could then triangulate signals coming from the air card and zoom-in on Rigmaiden’s location. To make sure the air card connected to the FBI’s simulator, Rigmaiden says that Verizon altered his air card’s Preferred Roaming List so that it would accept the FBI’s stingray as a legitimate cell site and not a rogue site, and also changed a data table on the air card designating the priority of cell sites so that the FBI’s fake site was at the top of the list."

12 of 168 comments (clear)

  1. Weak hack. by plover · · Score: 4, Interesting

    Chris Paget was able to demo similar behavior at DEFCON 18, and he sure didn't need Verizon's help to do so.

    Pretty sure the FCC wanted to bust him on stage, actually.

    --
    John
    1. Re:Weak hack. by SpectreBlofeld · · Score: 4, Informative

      That's because he spoofed a GSM tower. You'll find that doing the same with CDMA is impossible without Verizon's help - see the bit about reprogramming the phone's roaming list in order to make the phone accept the spoofed tower.

  2. Supply Chain Attack by dunkindave · · Score: 5, Informative

    This is basically a supply chain attack. People worry about others breaking into their devices, but the user has to trust the device supplier not to tamper with it before they receive it. This situation is analogous to your PC phoning home to Microsoft for updates, then having a special version sent to your machine at the request of the FBI. No matter how careful you are about what software you run or what security software you employ, Microsoft can compromise your machine.

    1. Re:Supply Chain Attack by fredklein · · Score: 5, Interesting

      Screw PCs- how many people have a Microsoft XBox Kinect in their living rooms, complete with camera? You mean to tell me that Microsoft, at the perfectly legal (ie: rubber-stamped) request of the government, couldn't push an update that allows them to turn the Kinect cameras on at will??

    2. Re:Supply Chain Attack by StrangeBrew · · Score: 4, Funny

      I always face my webcams and Kinect towards the wall when not in use, so I guess I subscribe to your particular brand of paranoia. I suppose they can still watch me when the Kinect is in use, but if they really find me playing Angry Birds in the buff that exciting who am I to deprive them of their entertainment?

  3. Ok..So verizon has shown they cant be trusted.. by wierd_w · · Score: 4, Insightful

    Issuing a custom radio firmware for a data only device, so that it responds to a telephone network signal demonstrates that verizon is willing to place nonstandard firmware on devices on their network, for the express purposes of aiding investigations that lack proper warrants.

    This is a very bad thing Verizon. A Very Bad Thing.

    Don't underestimate the impact that losing public confidence can have on your business. Being so self-conceited as to feel that you don't have to worry because you have cornered the market would only add fuel to the fire.

    Plan you PR damage control messages carefully. Smile, you're on candid camera.

    1. Re:Ok..So verizon has shown they cant be trusted.. by jbolden · · Score: 4, Interesting

      I don't think Verizon is going to be too upset that publicity that they helped the FBI catch an identify thief in an apartment under one of the assumed names he was identity stealing....

      Besides Verizon works with the military and has most of the government contracts. They've been pretty clear they are going to extra cooperative with the government for many years.

    2. Re:Ok..So verizon has shown they cant be trusted.. by alen · · Score: 4, Informative

      FBI got a warrant and verizon helped catch a suspected scumbag
      what's the problem here?

    3. Re:Ok..So verizon has shown they cant be trusted.. by semi-extrinsic · · Score: 5, Insightful

      I saw a good quote on this topic yesterday here on /. :
      "The trouble with fighting for human freedom is that one spends most of one's time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all."
      H. L. Mencken

      --
      for i in `facebook friends "=bday" 2>/dev/null | cut -d " " -f 3-`; do facebook wallpost $i "Happy birthday!"; done
    4. Re:Ok..So verizon has shown they cant be trusted.. by Hatta · · Score: 4, Informative

      A court order is not a warrant, and the judge who issued that court order may not have been fully informed. FTFA:

      The government has conceded, however, that it needed a warrant in his case alone â" because the stingray reached into his apartment remotely to locate the air card â" and that the activities performed by Verizon and the FBI to locate Rigmaiden were all authorized by a court order signed by a magistrate.

      The Electronic Frontier Foundation and the American Civil Liberties Union of Northern California, who have filed an amicus brief in support of Rigmaidenâ(TM)s motion, maintain that the order does not qualify as a warrant and that the government withheld crucial information from the magistrate â" such as identifying that the tracking device they planned to use was a stingray and that its use involved intrusive measures â" thus preventing the court from properly fulfilling its oversight function.

      âoeIt shows you just how crazy the technology is, and [supports] all the more the need to explain to the court what they are doing,â says EFF Staff Attorney Hanni Fakhoury. âoeThis is more than just [saying to Verizon] give us some records that you have sitting on your server. This is reconfiguring and changing the characteristics of the [suspect's] property, without informing the judge whatâ(TM)s going on.â

      --
      Give me Classic Slashdot or give me death!
  4. Slip down your law and order slope, citizen by ThatsNotPudding · · Score: 5, Funny

    FBI got a warrant and verizon helped catch a suspected scumbag what's the problem here?

    "When they came for the scumbags, I did not speak out, for I was not a scumbag..."

  5. Re:Holy crap ... by EmperorArthur · · Score: 4, Insightful

    It's a little more complicated than that.

    It seems Verizon pushed an update to his specific wireless card. This update allowed it to receive phone calls, thus allowing them to "ping" him in particular. It also set the preferred tower list so that the stingray would always be connected to first.

    The fun thing is that by modifying his wireless card, the FBI has "planted" a tracker on him. That requires a warrant. If this guy was such a big deal, then it shouldn't have been hard to get the warrant. The problem is the FBI didn't want anyone, even the judges, to know what cards they held. So even when they got there court order, it wasn't a warrant, and they misled the judge who issued the order. That's a big no no.

    --
    So lets pretend that we've just completed writing this code, as opposed to having just completed sabotaging it -Altera