An NBC investigative journalism team and a security researcher went wardriving around the DC area with a cell-site-simulator detector that would tell them whenever they came in range of a fake cellphone tower that tried to trick their phones into connecting to it in order to covertly track their locations (some cell site simulators can also hack phones to spy on SMS, calls and data). Read the rest
Oakland, California -- a city across the bay from San Francisco whose large African-American population has struggled with gentrification and police violence for decades -- has a long reputation for police corruption and surveillance. Read the rest
The use of fake cellphone towers, known as Stingrays or IMSI catchers, plays well with the nation's spy agencies and in some police jurisdictions. The authorities just can't get enough of being able to locate or listen in on private phone calls! But when it comes to members of the government being surveilled, well that's a different story.
According to Ars Technica, the Feds are are pretty, pretty sure that their mobile phone calls are being monitored by Stingray hardware set up by bad dudes, but they have no idea of who those bad dudes might be, or how to stop them. In a letter brought to light by the Associated Press on Tuesday, the Department of Homeland Security's National Protection and Programs Directorate hasn't got a clue of who's responsible for setting up the elicit Stingray hardware and hasn't got any ideas of how they might shut them down:
"NPPD is aware of anomalous activity outside the [National Capital Region] that appears to be consistent with IMSI catchers," Krebs also wrote. "NPPD has not validated or attributed this activity to specific entities or devices. However, NPPD has shared this information with Federal partners."
Maybe they should ask moose and squirrel a lead. I dunno.
Normally, I'd be worried about a foreign or domestic agency spying on the doings of one of the most powerful governments in the world. But the feeling that comes from hearing about the Feds getting a taste of their own medicine makes it really hard to focus on that. Read the rest
Connecting voting machines to the internet is a terrible idea: the machines are already notoriously insecure, and once they're online, anyone, anywhere in the world becomes a potential attacker. Read the rest
In 2016, Motherboard used public records requests to receive 3,000 pages of documents from the Royal Canadian Mounted Police detailing the federal police agency's longstanding secret use of IMSI Catchers (AKA "Stingrays" -- the fake cellular towers that silently capture data on every cellphone user in range). Read the rest
This just in. Read the rest
A group of researchers from Oxford and TU Berlin will present their paper, White-Stingray: Evaluating IMSI Catchers Detection Applications at the Usenix Workshop on Offensive Technologies, demonstrating countermeasures that Stingray vendors could use to beat Stingrays and other "cell-site simulators" (AKA IMSI catchers). Read the rest
Well, there's a second-decade-of-the-21st-century headline for you! Read the rest
Rudy Carcamo-Carranza was an undocumented restaurant worker in Michigan wanted for a DUI and a hit-and-run; the FBI and ICE used IMSI catchers -- powerful, secretive cellphone tracking tools that the agencies bill as a kind of superweapon in the war on terror -- to catch him and put him up for deportation. Read the rest
Companies in the EU and China have been caught offering to commit fraud to launder sales of mass surveillance weapons to Al Jazeera reporters posing as representatives of autocratic regimes under sanction for gross human rights abuses; these weapons would allow their users to target and round up political dissidents for arbitrary detention, torture and murder. Read the rest
Police who rely on vulnerabilities in crooks' devices are terminally compromised; the best way to protect crime-victims is to publicize and repair defects in systems, but every time a hole is patched, the cops lose a tool they rely on the attack their own adversaries. Read the rest
Privacy International interviewed 57 sources for their report on the link between surveillance and torture and murder in Kenya, including 32 law enforcement, military or intelligence officers with direct firsthand knowledge of the programs. Read the rest
During the Standing Rock confrontations, the Electronic Frontier Foundation got reports of police use of IMSI Catchers -- secretive surveillance devices used to gather data from nearby cellphones, often called Stingrays or Dirtboxes -- so it dispatched lawyers and technologists to monitor the situation, and filed 20 public records requests with law enforcement agencies. Read the rest
Muckrock has been sending Freedom of Information requests to state police forces to find out how they're using "cell-site simulators" (AKA IMSI catchers/Stingrays), and they hit the motherlode with the Virginia State Police. Read the rest
Julian Oliver is a playful and media-savvy security researcher; previously, he documented hidden cell-phone towers in bad disguises and produced a hand-grenade shaped "transparency device" that spied on everything going on in the room. Read the rest
Since 2009, the Chicago Police Department has seized $72M worth of property from people who were not convicted of any crime, through the discredited civil forfeiture process, keeping $48M worth of the gains (the rest went to the Cook County prosecutor's office and the Illinois State Police) in an off-the-books, unreported slush fund that it used to buy secret surveillance gear. Read the rest
An outstanding post on the EFF's Deeplinks blog by my colleague Ernesto Falcon explains the negligent chain of events that led us into the Stingray disaster, where whole cities are being blanketed in continuous location surveillance, without warrants, public consultation, or due process, thanks to the prevalence of "IMSI catchers" ("Stingrays," "Dirtboxes," "cell-site simulators," etc) that spy indiscriminately on anyone carrying a cellular phone -- something the FCC had a duty to prevent. Read the rest
