Slashdot Mirror

← Back to Stories (view on slashdot.org)

NYPD Says Talking About Its IMSI Catchers Would Make Them Vulnerable To Hacking (vice.com)

Posted by BeauHD on from the breach-of-security dept.

An anonymous reader quotes a report from Motherboard: Typically, cops don't like talking about IMSI catchers, the powerful surveillance technology used to monitor mobile phones en masse. In a recent case, the New York Police Department (NYPD) introduced a novel argument for keeping mum on the subject: Asked about the tools it uses, it argued that revealing the different models of IMSI catchers the force owned would make the devices more vulnerable to hacking. The New York Civil Liberties Union (NYCLU), an affiliate of the ACLU, has been trying to get access to information about the NYPD's IMSI catchers under the Freedom of Information Law. These devices are also commonly referred to as "stingrays," after a particularly popular model from Harris Corporation. Indeed, the NYCLU wants to know which models of IMSI catchers made by Harris the police department has. "Public disclosure of this information, and the amount of taxpayer funds spent to buy the devices, directly advances the Freedom of Information Law's purpose of informing a robust public debate about government actions," the NYCLU writes in a court filing. The group has requested documents that show how much money has been spent on the technology. After the NYPD withheld the records, the FOI request was escalated to a lawsuit, which is where the NYPD's strange argument comes in (among others). "Public disclosure of the specifications of the CSS [cell site simulator] technologies in NYPD's possession from the Withheld Records would make the software vulnerable to hacking and would jeopardize NYPD's ability to keep the technologies secure," an affidavit from NYPD Inspector Gregory Antonsen, dated August 17, reads. Antonsen then imagines a scenario where a "highly sophisticated hacker" could use their knowledge of the NYPD's Stingrays to lure officers into a trap and ambush them.

53 comments

  1. Butt fuckers! by Anonymous Coward · · Score: 0

    There's my contribution for today

  2. because it hurts the feelings by turkeydance · · Score: 1

    of the elephant in the room if you talk about it

  3. The manual is on the Intercept by Anonymous Coward · · Score: 0

    The manual is on the Intercept. Fascinating gadget, 4th amendment nightmare.

    1. Re:The manual is on the Intercept by Anonymous Coward · · Score: 0

      4th amendment

      That was recently discontinued due to low demand

  4. We used to say this about wiretaps too by WillAffleckUW · · Score: 3, Insightful

    That was unconstitutional and illegal as well.

    Admit the crime and stop covering it up.

    --
    -- Tigger warning: This post may contain tiggers! --
    1. Re:We used to say this about wiretaps too by Anonymous Coward · · Score: 0

      Admit the crime and arrest yourself, after all they only enforce the law they don't make it, or so they tell us.

  5. Can't be that great a tool by Opportunist · · Score: 4, Informative

    If your security is dependent on you not talking about the technology altogether, it is a pretty insecure and unreliable system altogether and should not be used, especially not in a situation where gathering evidence is critical. How easily could said evidence be thrown out if the tool you use to gather it is so insecure, unreliable and in a generally sorry state that you cannot even TALK about it lest it breaks?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:Can't be that great a tool by somenickname · · Score: 4, Interesting

      My thoughts as well. How can this be admissible in court if you can't publicly defend how/what/why you did what you did. If the technology is so vulnerable to hacking, that seems like it has "reasonable doubt" written all over it.

    2. Re:Can't be that great a tool by fred911 · · Score: 2

      Because the law enforcement advises it's agents to use parallel construction when they've got tainted evidence as the basis for a prosecution.

      https://en.wikipedia.org/wiki/...

      --
      09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
    3. Re:Can't be that great a tool by somenickname · · Score: 2

      Sure, I understand that. And, presumably, what law enforcement is worried about is IMSI catcher catchers. Basically, a device that can detect when a spoofed cell phone tower is in play. If such a device were reliable enough that it could be presented as evidence, it could potentially stop stingray based parallel construction in its tracks.

    4. Re:Can't be that great a tool by Fjandr · · Score: 2

      A distributed app collecting signal strength and cell site hardware data could rapidly expose any portable IMSI device. Just needs to be built and publicized by someone with the time, interest, and skill.

    5. Re: Can't be that great a tool by Anonymous Coward · · Score: 0

      IMSI catchers lie about their signal strength to coax phones into connecting to them. Check that and refuse to connect?

    6. Re:Can't be that great a tool by wbr1 · · Score: 1
      It may not be admissible in court. But you can bet the parallel construction story given to defense during discovery and at trial is.

      I solemnly testify that I Officer Green saw the defendant driving with a failed indicator lamp. That i when I discovered 20 kilograms of cocaine.

      --
      Silence is a state of mime.
    7. Re:Can't be that great a tool by meerling · · Score: 1

      What they said is BS, they've been watching too many hollywood movies and tv shows, and are hoping the judge is too stupid to understand the difference between that and reality.

    8. Re:Can't be that great a tool by AmiMoJo · · Score: 1

      It's only used for parallel construction. No need to test it in court.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    9. Re:Can't be that great a tool by BlueStrat · · Score: 3, Insightful

      A distributed app collecting signal strength and cell site hardware data could rapidly expose any portable IMSI device. Just needs to be built and publicized by someone with the time, interest, and skill.

      I'm an R.F. engineering tech. I even worked for Harris (the manufacturer) back in the early '80s.

      I'll bet just comparing phase to obtain directional data and comparing locational data to actual cell site locations should be enough to alert to shenanigans.

      With a bit more sophistication the location could be narrowed to within ~10-15ft. Program a consumer hobby drone with the location, attach about a pound of HE to that drone, and IMSI goes bye-bye.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    10. Re:Can't be that great a tool by Anonymous Coward · · Score: 0

      Sure, I understand that. And, presumably, what law enforcement is worried about is IMSI catcher catchers. Basically, a device that can detect when a spoofed cell phone tower is in play. If such a device were reliable enough that it could be presented as evidence, it could potentially stop stingray based parallel construction in its tracks.

      There is an alpha version of an app I came across on FDroid. Can't remember exact name but it supposedly can detect Stingrays.

  6. Novel excuse by JustNiz · · Score: 1

    Hacking? Wow thats a new one. They normally find a way to justify whatever removal of freedoms they are currently inflicting with the good old standby of somehow making it about child porn or child abuse.

    1. Re:Novel excuse by Anonymous Coward · · Score: 0

      If you don't eat all your dinner, Billy, the HACKERS will get you!

  7. Now how would they know that... by Anonymous Coward · · Score: 0

    well when they just need you phone number to redirect voice and data so they can keep records of calls texts and also Man in the middle a data connection so they can inject exploits like say stagefright into a video your phone downloads off of a website. Then they can gain full access to the phone. So of course they don't want any information about that out there and to do this you would have to have someone that is skilled enough to preform the attack and then they would know that the stingrays are vulnerable because of how they work.

  8. First rule of IMSI club by rsilvergun · · Score: 3, Funny

    Do not talk about IMSI club. Second rule: it this is your first night you have to violate someone's rights.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
    1. Re:First rule of IMSI club by Anonymous Coward · · Score: 0

      Mod Parent Up; I swear this is the funniest thing that I've read in the last month.

    2. Re:First rule of IMSI club by Anonymous Coward · · Score: 0

      Do not talk about IMSI club. Second rule: it this is your first night you have to violate someone's rights.

      Criminals Say Talking About Crimes Would Make Them Vulnerable To Arrest.

  9. I don't think author knows what "novel" means by Anonymous Coward · · Score: 0

    I'm pretty sure every law enforcement agency that has ever used wiretapping or surreptitious monitoring systems of any kind has said they can't reveal information about them because it would make them more vulnerable.

  10. Translation by Anonymous Coward · · Score: 0

    "We use Stingrays, we use them without warrants, we capture far more conversations and people with Stingray use than the occasional warrant we get specifies, and we are afraid that talking about our cool toys too much will eventually result in those toys getting taken away from us."

  11. Not to mention by fred911 · · Score: 4, Informative

    The acknowledgement would also at a minimum be an admission of multiple violations of section 301 of the Communications Act.

    https://www.law.cornell.edu/us...

    --
    09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
  12. New legal defense? by Anonymous Coward · · Score: 0

    Does that mean a defendant can request that stingray evidence against them be thrown out on the grounds that the admittedly-by-police vulnerable technology used to acquire it was probably already hacked and the evidence was planted?

    I mean yes, if they made the technology publicly known, more hackers would attack it too... but it's not like all hackers are waiting for people to announce the tech they use in order to attack it. Hackers just go fishing. If stingrays were really as vulnerable as they say, odds are somebody has done the legwork to figure out how to distinguish a connection to a stingray from the real cell tower it's impersonating, and probably found a way to mask or spoof signals of their own.

    Police are simultaneously expecting the courts to trust the data they collect when they don't even trust the sanctity of the devices and have to keep it super secret to hold onto hope that it stays tamper-free. Which is it?

    1. Re: New legal defense? by Anonymous Coward · · Score: 0

      Except they never present the Stingray evidence in court. They just use it for parallel construction.

    2. Re:New legal defense? by meerling · · Score: 1

      I have some pretty good ideas on a few ways to figure that out, and I'm not even a phreak!

    3. Re: New legal defense? by meerling · · Score: 1

      Actually they have, but when it's provenance has been questioned, they've withdrawn it so they don't have to admit they used a stingray to get the info in an illegal and unconstitutional invasion of privacy.

    4. Re: New legal defense? by sir-gold · · Score: 2

      Or they just drop the charges entirely and walk away.

      http://arstechnica.com/tech-po...

    5. Re: New legal defense? by Anonymous Coward · · Score: 0

      If they can't get a good court case, they can at least blackmail the crook into some nice bribes. As in:

      1. Cops uses a stingray, gets news of a big coke deal. Or whatever.
      2. Parallell construction is attempted. "We got an anonymous tip on this big coke deal". Lets ambush it. They can always 'thank' one gang member and let him go - marking him as a rat. The drug cartel will likely murder him later too.
      3. Criminals all escape because they used a phone code where "place A" really means "place B" and "saturday" means "thursday"
      4. Cop realize this failed. Calls up criminal, who cannot know they didn't have a warrant for this wiretap. Plays the recording. Tell them to pay up and the "evidence" will evaporate through procedure/equipment errors. Profit!

  13. RDF by Anonymous Coward · · Score: 0

    There's nothing too sophisticated about radio direction finding. Takes maybe $40 of hardware.

    1. Re:RDF by plover · · Score: 1

      Only as long as you know which transmitter to measure. In a cell system, the subscribers aren't transmitting the phone's IMEI or the SIM card's IMSI, nor are they sending out the owner's name and number. They just send a temporary mobile ID, which is a randomly generated number that changes frequently. So which signal do you lock on to? Since 90+% of the population is carrying a cell phone, your $40 directional finder would point at everyone. Even a $40,000 direction finder would point at everyone if it can't tel them apart.

      No, you need to know exactly which signal belongs to the subscriber you're tracking. How? The StingRay works by transmitting like a cell tower so it can trick the suspect's phone into giving up its true identity. Once you can identify a response as coming from the subscriber you're following, those responses can then be measured using a traditional DF. (The StingRay says "ping", and the subscriber's phone replies "pong".) Harris sells the 'AmberJack' DF antenna accessory for use with the StingRay line. It pings the phone for a while, as it rotates the DF antenna. It then shows the average bearing to the strongest received signal, and the approximate distance in meters.

      --
      John
  14. I can also imagine scenarios... by caladine · · Score: 3, Insightful

    ... where the police having this technology use it on a whim, without a warrant, and with absolutely no oversight.
    Oh, wait. That's already happening and doesn't require a "sophisticated hacker".

  15. Clearly an admission that they are vulnerable by Anonymous Coward · · Score: 0

    They either are or they aren't. I'm guessing the former.

  16. Comprehensive defense testing by Fjandr · · Score: 2

    Taking a page from the State actors comprehensively exposing the defensive capabilities of the Internet core, there needs to be a distributed network setup to calculate and correlate all physical cell site information. When shared between a large number of users, it would be trivial to map all permanent physical infrastructure such that any IMSI catcher would light up like a bullseye the second it was turned on. Then that hardware could be targeted for comprehensive testing and exploitation. It wouldn't surprise me to see a future cellular botnet set up to do something just like that if it's not done for more above-board accountability reasons first.

    1. Re:Comprehensive defense testing by Xochil · · Score: 3, Informative

      AIMSICD has been working well for me in this regard.

      https://github.com/CellularPri...

    2. Re:Comprehensive defense testing by AHuxley · · Score: 1

      The next gen will not drop the telco generation or need to swamp an area with different power settings to be the new cell tower.
      Its getting hard to map out. Unless all telco towers are visible/distant and a van/truck/car is also a very powerful new telco tower.
      Gov and mil sites usually mask it with their very own "real" big normal looking cell tower or some very normal looking telco extender or standard contractor decorative private sector cell network.
      The Greek wiretapping case https://en.wikipedia.org/wiki/...–05 showed at the mil and gov level its all done via any telco network :)
      also (Sep. 29 2015) https://theintercept.com/2015/...
      SISMI-Telecom scandal https://en.wikipedia.org/wiki/...
      From the UK (09 June 2015) http://news.sky.com/story/fake...

      --
      Domestic spying is now "Benign Information Gathering"
  17. DEFCON 18 by Anonymous Coward · · Score: 0

    Someone makes a talk about IMSI catchers, then all the cops have IMSI catchers. Everything you need to know has been public since before the police had them. Don't ask the cops, go to the source.

  18. How about you audit and secure your code? by sandbagger · · Score: 2

    I'm very sorry you did not take security into account to the degree that you should have, and probably did no QA, but the facts are you have to in order to establish the credibility of your system and its data. Everyone else has to.

    --
    ---- The above post was generated by the Turing Institute. Maybe.
  19. Astoundingly stupid... by laird · · Score: 2

    Revealing which models of devices they bought doesn't reduce their security, unless they're using units with widely known security flaws that they leave open.

    Either they're really, really stupid or they think we are. Perhaps both?

    --
    Enable 3D printed prosthetics!
    1. Re:Astoundingly stupid... by currently_awake · · Score: 1

      Tapping phones requires a judicial warrant. If we know the model of IMSI catcher then we'd know if they have the ability to tap our phones without a warrant. Providing that information to a judge might result in a judicial order requiring a judges warrant to use it.

  20. A completely neophyte non-hacker... by KitFox · · Score: 1

    ...could also get their completely non-hacked, normal phone implicated in a crime, knowing that stingrays will be deployed to track it, and then lead them into an ambush.

    --

    @Whee

    1. Re:A completely neophyte non-hacker... by sir-gold · · Score: 2

      Its easier than that.

      Just grab a phone out of one of those recycling bins they have at some electrics stores, and call 911 (all phones can call 911, even if not activated). You don't even have to talk, just make muffled sounds, and the police will eventually show up.

      The police don't even need to have a stingray, they already know where the phone is though e-911

  21. Obscurity by Anonymous Coward · · Score: 0

    Through police security.

    What could possibly go wrong?

  22. Security through obscurity by Anonymous Coward · · Score: 0

    Nice to see it's alive and well in the minds of retards everywhere.

    1. Re:Security through obscurity by Anonymous Coward · · Score: 0

      Retards is redundant, we're talking about cops here.

  23. Yeah, right. by Anonymous Coward · · Score: 0

    NYPD Says Talking About Its IMSI Catchers Would Make Them Vulnerable To Hacking

    Criminals Say Talking About Crimes Would Make Them Vulnerable To Arrest.

  24. translation by Tom · · Score: 2

    revealing the different models of IMSI catchers the force owned would make the devices more vulnerable to hacking.

    In other words: There is at least one audit report giving them very bad marks on security and they don't have the time, budget or expertise to fix the problem. Basically, they should be treated as if they are already hacked by an unknown party or two.

    You are not afraid of disclosing basic information unless you cover up known vulnerabilities.

    --
    Assorted stuff I do sometimes: Lemuria.org
  25. Vintage Leather Travel Bags by richardjhonson123 · · Score: 0

    Vintage Leather Bags Vintage Leather Bag | Vintage Leather Bags | Vintage Leather Bags for women | Vintage Leather Bags for men | Handmade Vintage Leather Messenger Bags , Vintage Leather Laptop Bags , Vintage Leather Luggage Bags , Vintage Leather Backpack Bags , Vintage Leather Travel Bags, Vintage Leather bags, Vintage leather backpack Bags, Vintage Leather satchel bags,Vintage leather duffle Bags, Vintage Leather Tote bags