Slashdot Mirror

← Back to Stories (view on slashdot.org)

NYPD Says Talking About Its IMSI Catchers Would Make Them Vulnerable To Hacking (vice.com)

Posted by BeauHD on from the breach-of-security dept.

An anonymous reader quotes a report from Motherboard: Typically, cops don't like talking about IMSI catchers, the powerful surveillance technology used to monitor mobile phones en masse. In a recent case, the New York Police Department (NYPD) introduced a novel argument for keeping mum on the subject: Asked about the tools it uses, it argued that revealing the different models of IMSI catchers the force owned would make the devices more vulnerable to hacking. The New York Civil Liberties Union (NYCLU), an affiliate of the ACLU, has been trying to get access to information about the NYPD's IMSI catchers under the Freedom of Information Law. These devices are also commonly referred to as "stingrays," after a particularly popular model from Harris Corporation. Indeed, the NYCLU wants to know which models of IMSI catchers made by Harris the police department has. "Public disclosure of this information, and the amount of taxpayer funds spent to buy the devices, directly advances the Freedom of Information Law's purpose of informing a robust public debate about government actions," the NYCLU writes in a court filing. The group has requested documents that show how much money has been spent on the technology. After the NYPD withheld the records, the FOI request was escalated to a lawsuit, which is where the NYPD's strange argument comes in (among others). "Public disclosure of the specifications of the CSS [cell site simulator] technologies in NYPD's possession from the Withheld Records would make the software vulnerable to hacking and would jeopardize NYPD's ability to keep the technologies secure," an affidavit from NYPD Inspector Gregory Antonsen, dated August 17, reads. Antonsen then imagines a scenario where a "highly sophisticated hacker" could use their knowledge of the NYPD's Stingrays to lure officers into a trap and ambush them.

3 of 53 comments (clear)

  1. We used to say this about wiretaps too by WillAffleckUW · · Score: 3, Insightful

    That was unconstitutional and illegal as well.

    Admit the crime and stop covering it up.

    --
    -- Tigger warning: This post may contain tiggers! --
  2. I can also imagine scenarios... by caladine · · Score: 3, Insightful

    ... where the police having this technology use it on a whim, without a warrant, and with absolutely no oversight.
    Oh, wait. That's already happening and doesn't require a "sophisticated hacker".

  3. Re:Can't be that great a tool by BlueStrat · · Score: 3, Insightful

    A distributed app collecting signal strength and cell site hardware data could rapidly expose any portable IMSI device. Just needs to be built and publicized by someone with the time, interest, and skill.

    I'm an R.F. engineering tech. I even worked for Harris (the manufacturer) back in the early '80s.

    I'll bet just comparing phase to obtain directional data and comparing locational data to actual cell site locations should be enough to alert to shenanigans.

    With a bit more sophistication the location could be narrowed to within ~10-15ft. Program a consumer hobby drone with the location, attach about a pound of HE to that drone, and IMSI goes bye-bye.

    Strat

    --
    Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.