It does make your table 'o handy precomputed hashes unhelpful; but on such a computationally trivial keyspace that barely matters.
I wonder if the choice of hashing, rather than substituting a UUID, was based on not thinking through the weakness of a hash under the circumstances, or based on the extra difficulty of making sure that the same UUID is substituted for the same hack and medallion number in all instances? It's not a whole lot of additional difficulty; but the tipping point has to live somewhere...
In this case, it sounds like whoever got handed the job just couldn't, didn't care to, or was overruled about, thinking like an attacker.
There are probably subtler methods of de-anonymizing the data that would require nontrivial skill to think of and counter; but it's a bit surprising to see somebody who knows enough about manipulating data to pull 20GB of records and hash a single field in each one without hurting himself or munging the result; but doesn't think "Medallion numbers are written on cabs. Somebody could grab dozens of them while waiting by the curb at the airport and just MD5 them in milliseconds", much less "Medallion numbers are quite short, someone could traverse the whole damn keyspace in a few days at most".
Either their person thinks that MD5 is magic, or his thought process marched in a nice straight line from request to solution, without ever thinking about attack: "We need all medallion numbers replaced with internally consistent but unrelated UIDs." "Umm, OK. Hey, a hash function is deterministic and non-reversible, it's perfect!"
Post Netburst, AMD is the one having TDP issues, and their current enthusiast-gamer-nutjob CPU is specced at 220 watts. Intel has their numbers down from the Prescott Pentium D days, though the use of 'TDP' rather than peak, and thermal throttling that actually works, makes it a little tricky to pin a precise ceiling value on some of them without actually getting out the test equipment.
Most are, of course, much lower, given the popularity of laptops and desktops that don't need water cooling, and so on.
My intended point, which I should have clarified better, is that 150-200watt CPUs, while the market generally doesn't like them, can, are, and have been, sold for use by relatively unskilled users running cheaply mass constructed computers under minimally controlled 'room temperature' conditions, so it is only reasonable to assume that, were a part with a moderately alarming power draw to have some virtue for server use that compensated for that, it could be made to work with relatively little fuss. It'd probably be really noisy once they got it down to 1-2U, and the hot aisle would be even less pleasant than usual; but if people wanted them no major engineering problems would have to be overcome to deliver.
It's just goodies all around: according to unspecified intelligence, as examined to an unknown standard of proof, by unidentified parties, in secret, he was the alleged operational leader "taking on a continuous command function", which means he isn't entitled to the protections of a civilian under the Geneva convention, even though he is unaffiliated with any national armed force, and not directly engaged in any hostility at the time and place of his death.
Apparently, this is because the global war on terror is a 'non-international armed conflict', albeit one where the Congressional Authorization for the Use of Military Force is geographically (and temporally, enjoy kids!) unbounded.
What is not clear (at least from my reading) is where the boundary is between 'an armed and dangerous criminal justice problem' and a 'non-international armed conflict' between the United States and a non-state group. Al Qaeda is apparently in (aided by; but not strictly because of, the AUMF), so killing or imprisoning people we believe to be members, on or off a battlefield, in countries with any level of active conflict, is A-OK. Who else would qualify for this rather unenviable status?
Could we be at war with the Sinola Cartel if we wanted to? The Crips?
Actually, given the etymology, it looks like English pulled the two meanings straight from Latin, where their association made slightly more sense. Had we not fallen into 1500-ish years of pounding latinate monotheism, this sense of 'secular' might actually have been the more prominent...
They decided to make a virtue of necessity and classify the NSA's copy of your data as the 'offsite backup', thus freeing up enough space to expand their offering.
A higher high/low voltage swing (with a reasonable amount of other stuff being equal) will be more of a thermal nuisance; but if the perks make up for it, that's hardly a dealbreaker. The toasty end of boring desktop CPUs is somewhere north of 200watts already, with a little shoving that they typically survive, so if somebody really wants 36 cache-coherent cores on-die, they'll suck it up and make it work.
For applications that don't specifically demand that, I'd be interested to know how the costs and benefits of 'dealing with the cooling demands of a smaller number of denser parts' compare with 'dealing with the cooling demands of more, cooler, parts, closer to whatever the performance per watt sweet spot is; but with more cabling, PSUs, switches, and similar interconnect and support stuff to buy and power'...
I suspect that their implementation wasn't robust enough to resist 'one skilled in the art'; but the researchers did arrange it so that, to get paid, the participant had to download the executable, allow it to run for 60 minutes (the cover story was that it was some sort of distributed computing client software), at which time it would give them a code that they could redeem for the amount of money the Turk job specified.
The software did chat over the network (they were interested to see if people would blithely click through firewall warnings); but I didn't see any specific mention of whether the code could be inferred purely by attacking the binary, or if some of the network traffic included data vital to constructing the code.
Rambling aside: they did take measures to prevent mere downloads as being counted as 'runs'; but I wouldn't bet all that much money that they could distinguish a real run from a 'download, fire up IDA Pro, make it talk, spoof a bit of traffic to the researcher's host'. On the other hand, given that the highest-paid group received $1, I hope the guy who did that really enjoys disassembling things...
At least one of the smaller islands was removed; but it's pretty inefficient (see also "Project Plowshare, quiet abandonment of").
In the case of hack-together artificial islands, though, you can often just remove a few of the structural bits that are protecting the sand from erosion and then let the ocean eat it over the next few years. Less dramatic, certainly; but unless they really went no-expense-spared on building the island in the first place, they probably cheaped out by using as much 'failed island' as they could dredge up nearby, tacked together with just enough sea wall to keep it from returning to its native habitat.
Ah, yes. Fresh from somehow cratering the US economy through their iron grip on a modest number of mostly small mortgages for low value properties, the darkie industrial complex is now behind the spiralling cost of US college educations...
It's the same all-purpose paranoia you get with "If there's a problem, it's caused by wily Jew-financiers from the International Money Cartel!", except that the explanation for exactly how the alleged puppetmasters actually have access to enough strings to get a piece of the action, much less control it, is markedly less plausible.
This is quite true; it's also analogous to what I find so baffling about the behavior of some bitcoin-holders.
If you had USD, you'd be nuts to deposit them in First Bank of Basra (without some very compelling reason); and you'd be an idiot if you thought that the good reputation of USD somehow made your account there safer.
If you have bitcoins, putting them in an 'exchange' or 'cloud wallet' is a fairly risky behavior(even if the operation is 100% on the level and based somewhere with rule of law that might be available to you when needed, you've still put the security of those private keys entirely in the hands of a class of entity that gets the door blown off its vault quite frequently, and will have ~0 assets thereafter; and if the operators are shady and/or beyond your legal reach, you are extra screwed); yet people still do it under the impression that bitcoin's structural properties will somehow help them once they've done so.
You have limited options if you are looking to get into, or out of, bitcoin holdings and to or from some currency; but anyone who doesn't treat that operation rather like using PayPal (sometimes you need to; but you put in no more than you must, and get out, everything you can, as fast as you can, before they freeze your account for some spurious reason), baffles me.
The 'meh, it's just homos and drug addicts' theory of epidemiology often leads to some...fascinating...discoveries concerning unexpected transmission paths between the filthy expendables and the good, decent, people who we assumed were safe.
As a social experiment, it's actually pretty interesting. not so much with the 'advisable'; but interesting.
The trouble with 'emerging' markets is that they aren't a strong position, even if you are the strongest player in them.
If they do manage to be 'emerging' in the sense of actually getting wealthier over time, you'd better have a compelling reason why they should continue buying from you, rather than starting to buy the toys that they couldn't previously afford, which (barring some significant cultural variable) is a very real possibility in Blackberry's case since those toys have already demonstrated the ability to burn them out of the developed world pretty dramatically.
If they are 'emerging' only in the euphemistic sense that they aren't actively decaying and do have more disposable income than subsistence mud farmers, you are in the less than enviable position of competing on price for customers who don't have much money. Best case, you remain king of a relatively small pie. Worst case, some anonymous android ODM's lowest-spec device undercuts you and your customers have very limited ability to pay a premium for your products, even if they actually like you.
It's better than some of their prospects; but I wouldn't be wildly optimistic.
Neither iDevices nor androids have the FIPS-certified seriousness of the classic blackberries; but both have been receiving their share of attention from vendors interested in (either at the level of a single app that speaks EAS and refuses to talk to system-wide storage of contacts and other information that would normally bleed the first time somebody downloaded the SpamSocial app of the day, or on the level of 'MDM' stuff that puts the entire phone under IT's benevolent administration) making them more amenable to the needs of business customers.
At the same time, Blackberry hasn't shown any particularly clever strategy for maintaining privacy and security once they try to add those features that helped the other smartphones murder them in the first place. BIS, for anyone not looking to run a BES in house, possessed essentially no virtues whatsoever, security or otherwise, and the only thing that kept the 'App world' from being the same roiling shit sandwich of advertising surveillance, applications that are little more than upload utilities to ill-secured 3rd party services, and so on, was the fact that it is effectively empty.
The main difference is that the "Five Eyes" 'intelligence cooperation' between the US and its Freedom Friends in Canada, the UK, Australia, and New Zealand wasn't really news (though the extent of its activities, the fact that it wasn't only for spying on wicked commies, and the fact that what had previously been ECHELON conspiracy kook stuff was now stuffy official newspaper material was); but Germany made a big show of being Shocked, Shocked, and horribly wounded by the revelations that the NSA had been spying on them. Amazingly, this outrage appears to have been less that totally sincere.
Yes in that putting something in a bank turns it into a promise from the bank, whatever it is, assuming the bank will take it.
No in two main senses:
One, purely pragmatically, most countries that issue fiat currencies recognize that banks are de-facto extensions of ordinary currency circulation and regulate accordingly. This is probably all kinds of moral hazard; but it does mean that the IOU you get from a bank deposit has almost exactly the same backing as cash, up to whatever the FDIC's account threshold is. A bitcoin exchange, or any other generic commercial debt is in a distinctly different regulatory category, usually one that involves getting less of your money out when things go south.
The other, architectural, is that bitcoins derive much of their charm (for many, not all, users) from possessing certain interesting inherent properties: no central issuer, known supply, no double-spending or transaction reversal, etc. All enforced either by the protocol or by the cryptography. Very nice, invariant across jurisdictions, apparently well regarded in terms of design. Someone's IOU, whatever it's denominated in, has none of those properties. The fact that they tend to be downright dodgy as well is just a bonus.
I'd hazard a guess that there are plenty of unhappy Mt. Gox accountholders who would have looked at me like I was crazy if I'd asked "Would you like to make a non-diversified, unsecured, investment in a speculative-grade Japanese security?"; but blithly did exactly that, because bitcoins, missing the minor detail that all the bitcoiny goodness disappeared the moment they handed them over.
Oh, I don't disagree that it's a terrible idea (were I so motivated, I'd take advantage of the fact that cheap silicon sensors almost always have terrible IR filters and ample IR sensitivity, and there's absolutely nothing illegal about pretty much any IR level that doesn't cause permanent sensor damage or retinal harm), merely wished to point out that identifying cellular devices, down to a fairly precise level of detail(unlike, say, MACs which give the vendor and not much else barring specific knowledge of a given vendor's assignment practices) is not the hard part.
Basically any RF-based tampering is going to be illegal, and may be challenging depending on how elegant you want it to be.
Don't be so mean. The world has enough of a donor-organ shortage as it is, without you going and discouraging nice, healthy, young specimens from doing things that not infrequently result in massive cranial trauma that leaves much of the rest of the body so usefully intact...
They don't do noise like ICEs do; but electric vehicles do tend to combine a battery pack that could (possibly literally, in the larger models) melt a crowbar with a motor that looks only slightly different than a dead short at zero RPM.
If they can't make that combination, through some combination of vibration and sheer acceleration, inject the sentiment "Plenitudo potestatis. fuck yeah" directly into the operator's brain, they are doing something wrong.
If they can do it without the noise, they are doing something right.
Mere impersonation would definitely not go over well; but it wouldn't exactly surprise me if the (unpublished) going rate to become an authentic, official, deputyized-and-whatnot officer of the law in some shithole backwater town (that is, nevertheless, sufficiently established as an entity to have a police force, at least on paper) is pretty low.
Knowing how, and who, to inquire with would be a little tricky, as it is with all matters of corruption; but I doubt that a civic-minded benefactor to the community and donor to the correct worthy causes would be denied the chance to experience a little of the excitement of law enforcement for himself, especially so long as he didn't cause any stir while doing so...
Jammers usually go for 'cheap and loud' because that's a lot easier than anything more sophisticated; but unless your glasshole has been doing some serious tinkering, the TAC portion of his IMEI (which goes out in the clear) should make him readily identifiable. At that point you could go loud and dumb; but on a narrowly directional antenna, or try a more sophisticated stingray-style tower impersonation.
I don't think that anybody actually bothers, since they usually just want to jam (except law enforcement customers, they apparently just can't get enough of stingrays); but identifying phones by model type is not the hard part.
Slashdot Mirror
It does make your table 'o handy precomputed hashes unhelpful; but on such a computationally trivial keyspace that barely matters.
I wonder if the choice of hashing, rather than substituting a UUID, was based on not thinking through the weakness of a hash under the circumstances, or based on the extra difficulty of making sure that the same UUID is substituted for the same hack and medallion number in all instances? It's not a whole lot of additional difficulty; but the tipping point has to live somewhere...
In this case, it sounds like whoever got handed the job just couldn't, didn't care to, or was overruled about, thinking like an attacker.
There are probably subtler methods of de-anonymizing the data that would require nontrivial skill to think of and counter; but it's a bit surprising to see somebody who knows enough about manipulating data to pull 20GB of records and hash a single field in each one without hurting himself or munging the result; but doesn't think "Medallion numbers are written on cabs. Somebody could grab dozens of them while waiting by the curb at the airport and just MD5 them in milliseconds", much less "Medallion numbers are quite short, someone could traverse the whole damn keyspace in a few days at most".
Either their person thinks that MD5 is magic, or his thought process marched in a nice straight line from request to solution, without ever thinking about attack: "We need all medallion numbers replaced with internally consistent but unrelated UIDs." "Umm, OK. Hey, a hash function is deterministic and non-reversible, it's perfect!"
Post Netburst, AMD is the one having TDP issues, and their current enthusiast-gamer-nutjob CPU is specced at 220 watts. Intel has their numbers down from the Prescott Pentium D days, though the use of 'TDP' rather than peak, and thermal throttling that actually works, makes it a little tricky to pin a precise ceiling value on some of them without actually getting out the test equipment.
Most are, of course, much lower, given the popularity of laptops and desktops that don't need water cooling, and so on.
My intended point, which I should have clarified better, is that 150-200watt CPUs, while the market generally doesn't like them, can, are, and have been, sold for use by relatively unskilled users running cheaply mass constructed computers under minimally controlled 'room temperature' conditions, so it is only reasonable to assume that, were a part with a moderately alarming power draw to have some virtue for server use that compensated for that, it could be made to work with relatively little fuss. It'd probably be really noisy once they got it down to 1-2U, and the hot aisle would be even less pleasant than usual; but if people wanted them no major engineering problems would have to be overcome to deliver.
It's just goodies all around: according to unspecified intelligence, as examined to an unknown standard of proof, by unidentified parties, in secret, he was the alleged operational leader "taking on a continuous command function", which means he isn't entitled to the protections of a civilian under the Geneva convention, even though he is unaffiliated with any national armed force, and not directly engaged in any hostility at the time and place of his death.
Apparently, this is because the global war on terror is a 'non-international armed conflict', albeit one where the Congressional Authorization for the Use of Military Force is geographically (and temporally, enjoy kids!) unbounded.
What is not clear (at least from my reading) is where the boundary is between 'an armed and dangerous criminal justice problem' and a 'non-international armed conflict' between the United States and a non-state group. Al Qaeda is apparently in (aided by; but not strictly because of, the AUMF), so killing or imprisoning people we believe to be members, on or off a battlefield, in countries with any level of active conflict, is A-OK. Who else would qualify for this rather unenviable status?
Could we be at war with the Sinola Cartel if we wanted to? The Crips?
Actually, given the etymology, it looks like English pulled the two meanings straight from Latin, where their association made slightly more sense. Had we not fallen into 1500-ish years of pounding latinate monotheism, this sense of 'secular' might actually have been the more prominent...
FTP? Clearly your 'cloud' provider doesn't love you enough to use a proprietary set of protocols.
They decided to make a virtue of necessity and classify the NSA's copy of your data as the 'offsite backup', thus freeing up enough space to expand their offering.
A higher high/low voltage swing (with a reasonable amount of other stuff being equal) will be more of a thermal nuisance; but if the perks make up for it, that's hardly a dealbreaker. The toasty end of boring desktop CPUs is somewhere north of 200watts already, with a little shoving that they typically survive, so if somebody really wants 36 cache-coherent cores on-die, they'll suck it up and make it work.
For applications that don't specifically demand that, I'd be interested to know how the costs and benefits of 'dealing with the cooling demands of a smaller number of denser parts' compare with 'dealing with the cooling demands of more, cooler, parts, closer to whatever the performance per watt sweet spot is; but with more cabling, PSUs, switches, and similar interconnect and support stuff to buy and power'...
I suspect that their implementation wasn't robust enough to resist 'one skilled in the art'; but the researchers did arrange it so that, to get paid, the participant had to download the executable, allow it to run for 60 minutes (the cover story was that it was some sort of distributed computing client software), at which time it would give them a code that they could redeem for the amount of money the Turk job specified.
The software did chat over the network (they were interested to see if people would blithely click through firewall warnings); but I didn't see any specific mention of whether the code could be inferred purely by attacking the binary, or if some of the network traffic included data vital to constructing the code.
Rambling aside: they did take measures to prevent mere downloads as being counted as 'runs'; but I wouldn't bet all that much money that they could distinguish a real run from a 'download, fire up IDA Pro, make it talk, spoof a bit of traffic to the researcher's host'. On the other hand, given that the highest-paid group received $1, I hope the guy who did that really enjoys disassembling things...
At least one of the smaller islands was removed; but it's pretty inefficient (see also "Project Plowshare, quiet abandonment of").
In the case of hack-together artificial islands, though, you can often just remove a few of the structural bits that are protecting the sand from erosion and then let the ocean eat it over the next few years. Less dramatic, certainly; but unless they really went no-expense-spared on building the island in the first place, they probably cheaped out by using as much 'failed island' as they could dredge up nearby, tacked together with just enough sea wall to keep it from returning to its native habitat.
Allowing a 'middle class' to exist would be permitting a bunch of entitled looters to expropriate the wealth creators!
Ah, yes. Fresh from somehow cratering the US economy through their iron grip on a modest number of mostly small mortgages for low value properties, the darkie industrial complex is now behind the spiralling cost of US college educations... It's the same all-purpose paranoia you get with "If there's a problem, it's caused by wily Jew-financiers from the International Money Cartel!", except that the explanation for exactly how the alleged puppetmasters actually have access to enough strings to get a piece of the action, much less control it, is markedly less plausible.
This is quite true; it's also analogous to what I find so baffling about the behavior of some bitcoin-holders.
If you had USD, you'd be nuts to deposit them in First Bank of Basra (without some very compelling reason); and you'd be an idiot if you thought that the good reputation of USD somehow made your account there safer.
If you have bitcoins, putting them in an 'exchange' or 'cloud wallet' is a fairly risky behavior(even if the operation is 100% on the level and based somewhere with rule of law that might be available to you when needed, you've still put the security of those private keys entirely in the hands of a class of entity that gets the door blown off its vault quite frequently, and will have ~0 assets thereafter; and if the operators are shady and/or beyond your legal reach, you are extra screwed); yet people still do it under the impression that bitcoin's structural properties will somehow help them once they've done so.
You have limited options if you are looking to get into, or out of, bitcoin holdings and to or from some currency; but anyone who doesn't treat that operation rather like using PayPal (sometimes you need to; but you put in no more than you must, and get out, everything you can, as fast as you can, before they freeze your account for some spurious reason), baffles me.
The 'meh, it's just homos and drug addicts' theory of epidemiology often leads to some...fascinating...discoveries concerning unexpected transmission paths between the filthy expendables and the good, decent, people who we assumed were safe.
As a social experiment, it's actually pretty interesting. not so much with the 'advisable'; but interesting.
Is computational biology really looking to compute a lot of SHA hashes?
That could really go for a lot of the people in what we still politely refer to as 'silicon valley' rather than 'social valley'.
The trouble with 'emerging' markets is that they aren't a strong position, even if you are the strongest player in them.
If they do manage to be 'emerging' in the sense of actually getting wealthier over time, you'd better have a compelling reason why they should continue buying from you, rather than starting to buy the toys that they couldn't previously afford, which (barring some significant cultural variable) is a very real possibility in Blackberry's case since those toys have already demonstrated the ability to burn them out of the developed world pretty dramatically.
If they are 'emerging' only in the euphemistic sense that they aren't actively decaying and do have more disposable income than subsistence mud farmers, you are in the less than enviable position of competing on price for customers who don't have much money. Best case, you remain king of a relatively small pie. Worst case, some anonymous android ODM's lowest-spec device undercuts you and your customers have very limited ability to pay a premium for your products, even if they actually like you.
It's better than some of their prospects; but I wouldn't be wildly optimistic.
Neither iDevices nor androids have the FIPS-certified seriousness of the classic blackberries; but both have been receiving their share of attention from vendors interested in (either at the level of a single app that speaks EAS and refuses to talk to system-wide storage of contacts and other information that would normally bleed the first time somebody downloaded the SpamSocial app of the day, or on the level of 'MDM' stuff that puts the entire phone under IT's benevolent administration) making them more amenable to the needs of business customers.
At the same time, Blackberry hasn't shown any particularly clever strategy for maintaining privacy and security once they try to add those features that helped the other smartphones murder them in the first place. BIS, for anyone not looking to run a BES in house, possessed essentially no virtues whatsoever, security or otherwise, and the only thing that kept the 'App world' from being the same roiling shit sandwich of advertising surveillance, applications that are little more than upload utilities to ill-secured 3rd party services, and so on, was the fact that it is effectively empty.
The main difference is that the "Five Eyes" 'intelligence cooperation' between the US and its Freedom Friends in Canada, the UK, Australia, and New Zealand wasn't really news (though the extent of its activities, the fact that it wasn't only for spying on wicked commies, and the fact that what had previously been ECHELON conspiracy kook stuff was now stuffy official newspaper material was); but Germany made a big show of being Shocked, Shocked, and horribly wounded by the revelations that the NSA had been spying on them. Amazingly, this outrage appears to have been less that totally sincere.
Yes and no.
Yes in that putting something in a bank turns it into a promise from the bank, whatever it is, assuming the bank will take it.
No in two main senses:
One, purely pragmatically, most countries that issue fiat currencies recognize that banks are de-facto extensions of ordinary currency circulation and regulate accordingly. This is probably all kinds of moral hazard; but it does mean that the IOU you get from a bank deposit has almost exactly the same backing as cash, up to whatever the FDIC's account threshold is. A bitcoin exchange, or any other generic commercial debt is in a distinctly different regulatory category, usually one that involves getting less of your money out when things go south.
The other, architectural, is that bitcoins derive much of their charm (for many, not all, users) from possessing certain interesting inherent properties: no central issuer, known supply, no double-spending or transaction reversal, etc. All enforced either by the protocol or by the cryptography. Very nice, invariant across jurisdictions, apparently well regarded in terms of design. Someone's IOU, whatever it's denominated in, has none of those properties. The fact that they tend to be downright dodgy as well is just a bonus.
I'd hazard a guess that there are plenty of unhappy Mt. Gox accountholders who would have looked at me like I was crazy if I'd asked "Would you like to make a non-diversified, unsecured, investment in a speculative-grade Japanese security?"; but blithly did exactly that, because bitcoins, missing the minor detail that all the bitcoiny goodness disappeared the moment they handed them over.
Oh, I don't disagree that it's a terrible idea (were I so motivated, I'd take advantage of the fact that cheap silicon sensors almost always have terrible IR filters and ample IR sensitivity, and there's absolutely nothing illegal about pretty much any IR level that doesn't cause permanent sensor damage or retinal harm), merely wished to point out that identifying cellular devices, down to a fairly precise level of detail(unlike, say, MACs which give the vendor and not much else barring specific knowledge of a given vendor's assignment practices) is not the hard part.
Basically any RF-based tampering is going to be illegal, and may be challenging depending on how elegant you want it to be.
People are the problem.
In particular, the people that ride bikes.
Don't be so mean. The world has enough of a donor-organ shortage as it is, without you going and discouraging nice, healthy, young specimens from doing things that not infrequently result in massive cranial trauma that leaves much of the rest of the body so usefully intact...
They don't do noise like ICEs do; but electric vehicles do tend to combine a battery pack that could (possibly literally, in the larger models) melt a crowbar with a motor that looks only slightly different than a dead short at zero RPM.
If they can't make that combination, through some combination of vibration and sheer acceleration, inject the sentiment "Plenitudo potestatis. fuck yeah" directly into the operator's brain, they are doing something wrong.
If they can do it without the noise, they are doing something right.
Mere impersonation would definitely not go over well; but it wouldn't exactly surprise me if the (unpublished) going rate to become an authentic, official, deputyized-and-whatnot officer of the law in some shithole backwater town (that is, nevertheless, sufficiently established as an entity to have a police force, at least on paper) is pretty low.
Knowing how, and who, to inquire with would be a little tricky, as it is with all matters of corruption; but I doubt that a civic-minded benefactor to the community and donor to the correct worthy causes would be denied the chance to experience a little of the excitement of law enforcement for himself, especially so long as he didn't cause any stir while doing so...
Jammers usually go for 'cheap and loud' because that's a lot easier than anything more sophisticated; but unless your glasshole has been doing some serious tinkering, the TAC portion of his IMEI (which goes out in the clear) should make him readily identifiable. At that point you could go loud and dumb; but on a narrowly directional antenna, or try a more sophisticated stingray-style tower impersonation.
I don't think that anybody actually bothers, since they usually just want to jam (except law enforcement customers, they apparently just can't get enough of stingrays); but identifying phones by model type is not the hard part.