Wardriving for Stingrays with rideshare cars

Well, there's a second-decade-of-the-21st-century headline for you!

Researchers at the University of Washington wanted to pierce the veil of secrecy around IMSI catchers (also called "Stingrays" and "DRTboxes"), which are devices that pretend to be cellular towers in order to trick the phone in your pocket into revealing your identity and spilling your secrets.

It's hard to overstate just how opaque the use of IMSI catchers is. The companies that make them require cops to sign nondisclosure agreements that result in them lying to judges; when there's a danger that a cop might have to discuss Stingray use in open court, feds raid the police station and steal their records. And forget about public records requests: ask the FBI for information about Stingrays and they'll send you 5,000 blank sheets of paper. We wouldn't even know they existed if it wasn't for an obsessive jailhouse lawyer. Supposedly, all this secrecy is needed because Stingrays are only used to catch the worst-of-the-worst, but last month, Feds used one to catch a waiter who didn't have a work-visa.

The Washington researchers built a Stingray detector box, and paid rideshare drivers to keep them in their trunks as they tootled around Seattle and Milwaukee (they didn't get much data from Milwaukee). A year later — long enough for any criminal investigations to have concluded — they've gone public with their results, which disclose two likely Seattle Stingrays, one at the local US Customs and Immigration Service offices, the other at SEA-TAC airport.

In the absence of publicly available stingray information, the University of Washington researchers tried a new technique to find out more. Starting in March of 2016, they paid $25 a week to 15 rideshare-service drivers to carry a suitcase-sized device they called SeaGlass. That sensor box contained about $500 worth of gear the team had assembled, including a GPS module, a GSM cellular modem, a Raspberry Pi minicomputer to assemble the data about which cell towers the modem connects to, a cellular hotspot to upload the resulting data to the group's server, and an Android phone running an older program called SnoopSnitch, designed by German researchers to serve as another source of cell-tower data collection. The sensor boxes drew their power from the cigarette lighter electric sockets in the cars' dashboards, and were designed to boot up and start collecting data as soon as the car started.

For the next two months, the researchers collected detailed data about every radio transmitter that connected to SeaGlass modems and Android phones as they moved through the two cities. They identified and mapped out roughly 1,400 cell towers in Seattle, and 700 in Milwaukee. They then combed that data for anomalies, like cell towers that seemed to change location, appeared and disappeared, sent localized weaker signals, appeared to impersonate other towers nearby, or broadcast on a wider range of radio frequencies than the typical cellular tower.

Researchers Use Ridesharing Cars to Sniff Out a Secret Spying Tool [Andy Greenberg/Wired]

(Image: University of Washington)