Every year, security researchers, hardware hackers and other deep geeks from around the world converge on an English nature reserve for Electromagnetic Field, a hacker campout where participants show off and discuss their research and creations.
Read the rest
Cops use Stingrays—fake cellular towers that fool cellphones into connecting to them instead of the real thing—to track people and hack into their devices. Sen. Ron Wyden, in a publicized letter to the U.S. Department of Jusice, exposes the fact that these devices disrupt and disable attempts to call emergency services.
Senior officials from the Harris Corporation—the manufacturer of the cell-site simulators used most frequently by U.S. law enforcement agencies—have confirmed to my office that Harris’ cell-site simulators completely disrupt the communications of targeted phones for as long as the surveillance is ongoing. According to Harris, targeted phones cannot make or receive calls, send or receive text messages, or send or receive any data over the Internet. Moreover, while the company claims its cell-site simulators include a feature that detects and permits the delivery of emergency calls to 9-1-1, its officials admitted to my office that this feature has not been independently tested as part of the Federal Communication Commission’s certification process, nor were they able to confirm this feature is capable of detecting and passing-through 9-1-1 emergency communications made by people who are deaf, hard of hearing, or speech disabled using Real-Time Text technology.
It is striking, but unfortunately not surprising, that law enforcement has been allowed to use these technologies and has continued to use them despite the significant and undisclosed risk to public safety posed by disabling 911 service, not to mention the myriad privacy concerns related to CSS use.
It's a cliché, but it's true: the cops are out of control. Read the rest
A scuba diver in shallow water was surprised to see what looked like a "ghostly apparition" coming toward her. It turned out to be a rare albino stingray. Read the rest
An NBC investigative journalism team and a security researcher went wardriving around the DC area with a cell-site-simulator detector that would tell them whenever they came in range of a fake cellphone tower that tried to trick their phones into connecting to it in order to covertly track their locations (some cell site simulators can also hack phones to spy on SMS, calls and data).
Read the rest
Oakland, California -- a city across the bay from San Francisco whose large African-American population has struggled with gentrification and police violence for decades -- has a long reputation for police corruption and surveillance.
Read the rest
The use of fake cellphone towers, known as Stingrays or IMSI catchers, plays well with the nation's spy agencies and in some police jurisdictions. The authorities just can't get enough of being able to locate or listen in on private phone calls! But when it comes to members of the government being surveilled, well that's a different story.
According to Ars Technica, the Feds are are pretty, pretty sure that their mobile phone calls are being monitored by Stingray hardware set up by bad dudes, but they have no idea of who those bad dudes might be, or how to stop them. In a letter brought to light by the Associated Press on Tuesday, the Department of Homeland Security's National Protection and Programs Directorate hasn't got a clue of who's responsible for setting up the elicit Stingray hardware and hasn't got any ideas of how they might shut them down:
"NPPD is aware of anomalous activity outside the [National Capital Region] that appears to be consistent with IMSI catchers," Krebs also wrote. "NPPD has not validated or attributed this activity to specific entities or devices. However, NPPD has shared this information with Federal partners."
Maybe they should ask moose and squirrel a lead. I dunno.
Normally, I'd be worried about a foreign or domestic agency spying on the doings of one of the most powerful governments in the world. But the feeling that comes from hearing about the Feds getting a taste of their own medicine makes it really hard to focus on that. Read the rest
Connecting voting machines to the internet is a terrible idea: the machines are already notoriously insecure, and once they're online, anyone, anywhere in the world becomes a potential attacker.
Read the rest
In 2016, Motherboard used public records requests to receive 3,000 pages of documents from the Royal Canadian Mounted Police detailing the federal police agency's longstanding secret use of IMSI Catchers (AKA "Stingrays" -- the fake cellular towers that silently capture data on every cellphone user in range). Read the rest
This just in. Read the rest
A group of researchers from Oxford and TU Berlin will present their paper, White-Stingray: Evaluating IMSI Catchers Detection Applications at the Usenix Workshop on Offensive Technologies, demonstrating countermeasures that Stingray vendors could use to beat Stingrays and other "cell-site simulators" (AKA IMSI catchers). Read the rest
Well, there's a second-decade-of-the-21st-century headline for you! Read the rest
Rudy Carcamo-Carranza was an undocumented restaurant worker in Michigan wanted for a DUI and a hit-and-run; the FBI and ICE used IMSI catchers -- powerful, secretive cellphone tracking tools that the agencies bill as a kind of superweapon in the war on terror -- to catch him and put him up for deportation. Read the rest
Companies in the EU and China have been caught offering to commit fraud to launder sales of mass surveillance weapons to Al Jazeera reporters posing as representatives of autocratic regimes under sanction for gross human rights abuses; these weapons would allow their users to target and round up political dissidents for arbitrary detention, torture and murder. Read the rest
Police who rely on vulnerabilities in crooks' devices are terminally compromised; the best way to protect crime-victims is to publicize and repair defects in systems, but every time a hole is patched, the cops lose a tool they rely on the attack their own adversaries. Read the rest
Privacy International interviewed 57 sources for their report on the link between surveillance and torture and murder in Kenya, including 32 law enforcement, military or intelligence officers with direct firsthand knowledge of the programs. Read the rest
During the Standing Rock confrontations, the Electronic Frontier Foundation got reports of police use of IMSI Catchers -- secretive surveillance devices used to gather data from nearby cellphones, often called Stingrays or Dirtboxes -- so it dispatched lawyers and technologists to monitor the situation, and filed 20 public records requests with law enforcement agencies. Read the rest
Muckrock has been sending Freedom of Information requests to state police forces to find out how they're using "cell-site simulators" (AKA IMSI catchers/Stingrays), and they hit the motherlode with the Virginia State Police. Read the rest