+ Reply to Thread
Results 1 to 3 of 3

Thread: Phone Tapping

  1. #1

    Phone Tapping

    Jip, ek's glad nie verbaas nie. Nog minder as ons agter kom dat dit self hier ook gebeur. Ek het al twee maal 'n swart H1 met donker vensters en baie "aerials" sien staan oorkant my plek, maar wanneer ek nader stap dan ry die ding weg. Wonder ek nou maar of iemand in die omgewing dalkies iets het om te "deel".

    Bron van die storie.

    For years, in almost complete secrecy, cops and feds in the United States—and elsewhere—have been using powerful devices called Stingrays, cell site simulators, or IMSI catchers to track and spy on cell phones.
    Over the last few years, and only after long legal fights and several public documents requests, we've learned a little bit more about IMSI catchers, including some of the agencies that use them. Yet we've rarely seen them. Some official pictures have been published online, mostly mined from patent applications, but we've practically never seen them in the wild until now.


    Here's a picture of a stack of IMSI catchers, which trick phones into connecting to them by pretending to be a cell tower, sitting on what is likely the seat of a police car or van.
    "That's consistent with what we know about how these devices are typically used," Nate Wessler, a staff attorney at the American Civil Liberties Union (ACLU), told Motherboard after seeing the leaked picture. "They're put inside a police vehicle and to anyone on the outside there would be no indication that the police are driving around with a powerful surveillance device."
    Read more: British Companies Are Selling Advanced Spy Tech to Authoritarian Regimes
    Critics argue that IMSI catchers are very invasive, since they force every cell phone in their vicinity, not just the targeted one, to connect to the tracking devices.
    The picture, unfortunately, is low resolution, but you can clearly see that at least three of the four stacked devices are the Harpoon model made by Harris Corp.. The only other picture of an Harpoon was published in 2013 by Ars Technica.

    https://motherboard-images.vice.com/...g?resize=600:* 2x" data-srcset="https://motherboard-images.vice.com/content-images/contentimage/39660/1479422388510793.jpg?resize=400:*, https://motherboard-images.vice.com/...g?resize=600:* 2x" style="box-sizing: inherit;">A close-up of an Harris Harpoon.

    The Harpoon, according to a brochure from 2008 published by Ars Technica in 2013, is an amplifier that "maximizes" the capability of the Stingray II and "significantly improves the performance of the single-channel Stingray and KingFish systems," which are other Harris surveillance products.
    Another leaked picture shows what appears to be the back of the device, along with its identification number issued by the Federal Communications Commission (FCC), and a barcode that says the device is property of the Florida Department of Law Enforcement.


    A spokesperson for the agency declined to comment as the "FDLE does not discuss investigative techniques." Harris also declined several requests for comment.

    https://motherboard-images.vice.com/...G?resize=600:* 2x" data-srcset="https://motherboard-images.vice.com/content-images/contentimage/39660/147974440106966.JPG?resize=400:*, https://motherboard-images.vice.com/...G?resize=600:* 2x" style="box-sizing: inherit;">The back of one of the Harris IMSI catchers owned by the Florida Department of Law Enforcement.

    A former Harris employee, who spoke on condition of anonymity, said that the pictures look real, and told Motherboard that each Harpoon device in it is likely used as a different module for different functionalities, such as intercepting different bands. But it's all one and the same system, according to the source.
    According to a manual leaked along with the picture of the Harpoon, and first published by The Intercept in September, the Harpoon can be used along other Harris products.

  2. #2
    Bron van die storie

    The U.S. government has acknowledged the existence in Washington D.C. of what appear to be devices that could be used by foreign spies and criminals to track individual cellphones and intercept calls and messages, the Associated Press reported Tuesday.
    In a March 26 letter to Sen. Ron Wyden, D-Ore., the Department of Homeland Security admitted that it "has observed anomalous activity in the [Washington D.C. area] that appears to be consistent with International Mobile Subscriber Identity (IMSI) catchers." DHS added that it had not determined the type of devices in use or who might have been operating them, nor did it say how many it detected or where.
    However, a DHS official who spoke on condition of anonymity because the agency's reply to Wyden has not been publicly released told AP that the devices were detected in a 90-day trial that began in January 2017 with equipment from a Las Vegas-based DHS contractor, ESD America. The CEO of ESD America, Les Goldsmith, said his company has a relationship with DHS but would not comment further.
    The use of what are known as cellphone-site simulators by foreign powers has long been a concern, but American intelligence and law enforcement agencies — which use such eavesdropping equipment themselves — have been silent on the issue until now.
    The agency's response, obtained by the AP from Wyden's office, suggests little has been done about such equipment, known popularly as Stingrays after a brand common among U.S. police departments. The Federal Communications Commission, which regulates the nation's airwaves, formed a task force on the subject four years ago, but it never produced a report and no longer meets regularly.
    The devices work by tricking mobile devices into locking onto them instead of legitimate cell towers, revealing the exact location of a particular cellphone. More sophisticated versions can eavesdrop on calls by forcing phones to step down to older, unencrypted 2G wireless technology. Some attempt to plant malware.
    They can cost anywhere from $1,000 to about $200,000. They are commonly the size of a briefcase; some are as small as a cellphone. They can be placed in a car next to a government building. The most powerful can be deployed in low-flying aircraft.
    Thousands of members of the military, the NSA, the CIA, the FBI and the rest of the national-security apparatus live and work in the Washington area. The surveillance-savvy among them encrypt their phone and data communications and employ electronic countermeasures. But unsuspecting citizens could fall prey.
    Wyden wrote DHS in November requesting information about unauthorized use of the cell-site simulators.
    Christopher Krebs, the top official in the department's National Protection and Programs Directorate, noted in the letter that DHS lacks the equipment and funding to detect Stingrays even though their use by foreign governments "may threaten U.S. national and economic security." The department did report its findings to "federal partners" Krebs did not name. That presumably includes the FBI.
    Legislators have been raising alarms about the use of Stingrays in the capital since at least 2014, when Goldsmith and other security-company researchers conducted public sweeps that located suspected unauthorized devices near the White House, the Supreme Court, the Commerce Department and the Pentagon, among other locations.
    The executive branch, however, has shied away from even discussing the subject.
    Aaron Turner, president of the mobile security consultancy Integricell, was among the experts who conducted the 2014 sweeps, in part to try to drum up business. Little has changed since, he said.
    Like other major world capitals, he said, Washington is awash in unauthorized interception devices. Foreign embassies have free rein because they are on sovereign soil.
    Every embassy "worth their salt" has a cell tower simulator installed, Turner said. They use them "to track interesting people that come toward their embassies." The Russians' equipment is so powerful it can track targets a mile away, he said.
    Shutting down rogue Stingrays is an expensive proposition that would require wireless network upgrades the industry has been loath to pay for, security experts say. It could also lead to conflict with U.S. intelligence and law enforcement.
    In addition to federal agencies, police departments use them in at least 25 states and the District of Columbia, according to the American Civil Liberties Union.
    Wyden said in a statement Tuesday that "leaving security to the phone companies has proven to be disastrous." He added that the FCC has refused to hold the industry accountable "despite repeated warnings and clear evidence that our phone networks are being exploited by foreign governments and hackers."
    After the 2014 news reports about Stingrays in Washington, Rep. Alan Grayson, D-Fla, wrote the FCC in alarm. In a reply, then-FCC chairman Tom Wheeler said the agency had created a task force to combat illicit and unauthorized use of the devices. In that letter, the FCC did not say it had identified such use itself, but cited media reports of the security sweeps.
    That task force appears to have accomplished little. A former adviser to Wheeler, Gigi Sohn, said there was no political will to tackle the issue against opposition from the intelligence community and local police forces that were using the devices "willy-nilly."
    "To the extent that there is a major problem here, it's largely due to the FCC not doing its job," said Laura Moy of the Center on Privacy and Technology at Georgetown University. The agency, she said, should be requiring wireless carriers to protect their networks from such security threats and "ensuring that anyone transmitting over licensed spectrum actually has a license to do it."
    FCC spokesman Neil Grace, however, said the agency's only role is "certifying" such devices to ensure they don't interfere with other wireless communications, much the way it does with phones and Wi-Fi routers.

  3. #3
    Bron van die storie

    HARRIS CORP.’S STINGRAY
    surveillance device has been one of the most closely guarded secrets in law enforcement for more than 15 years. The company and its police clients across the United States have fought to keep information about the mobile phone-monitoring boxes from the public against which they are used. The Intercept has obtained several Harris instruction manuals spanning roughly 200 pages and meticulously detailing how to create a cellular surveillance dragnet.

    Harris has fought to keep its surveillance equipment, which carries price tags in the low six figures, hidden from both privacy activists and the general public, arguing that information about the gear could help criminals. Accordingly, an older Stingray manual released under the Freedom of Information Act to news website TheBlot.com last year was almost completely redacted. So too have law enforcement agencies at every level, across the country, evaded almost all attempts to learn how and why these extremely powerful tools are being used — though court battles have made it clear Stingrays are often deployed without any warrant. The San Bernardino Sheriff’s Department alone has snooped via Stingray, sans warrant, over 300 times.
    Richard Tynan, a technologist with Privacy International, told The Intercept that the “manuals released today offer the most up-to-date view on the operation of” Stingrays and similar cellular surveillance devices, with powerful capabilities that threaten civil liberties, communications infrastructure, and potentially national security. He noted that the documents show the “Stingray II” device can impersonate four cellular communications towers at once, monitoring up to four cellular provider networks simultaneously, and with an add-on can operate on so-called 2G, 3G, and 4G networks simultaneously.
    “There really isn’t any place for innocent people to hide from a device such as this,” Tynan wrote in an email.
    “As more of our infrastructure, homes, environment, and transportation are connected wirelessly to the internet, such technologies really do pose a massive risk to public safety and security.”


    Gemini-3-3-Quick-Start-Guide54 pages



    iDEN-2-4-Operator-Manual156 pages

    And the Harris software isn’t just extremely powerful, Tynan added, but relatively simple, providing any law enforcement agent with a modicum of computer literacy the ability to spy on large groups of people:
    The ease with which the StingRay II can be used is quite striking and there do not seem to be any technical safeguards against misuse. … It also allows the operator to configure virtually every aspect of the operation of the fake cell tower. … The Gemini platform also allows for the logging and analysis of data to and from the network and “Once a message to/from any active subscriber in the Subscriber list is detected, Gemini will notify the user.” How many innocent communications of the public are analyzed during this process?
    Tynan also raised questions about the extent to which Stingrays may be disrupting the communications infrastructure, including existing cellular towers.
    Harris declined to comment. In a 2014 letter to the Federal Communications Commission, the company argued that if the owner’s manuals were released under the Freedom of Information Act, this would “harm Harris’s competitive interests” and “criminals and terrorist[s] would have access to information that would allow them to build countermeasures.” But Stingrays are known for spying on low-level marijuana dealers and other domestic targets, not al Qaeda; as the Electronic Frontier Foundation’s Jennifer Lynch said in December, “I am not aware of any case in which a police agency has used a cell-site simulator to find a terrorist.” Meanwhile, it is already publicly known that the NSA uses Stingray-like devices to locate suspected terrorists as part of a system known as Gilgamesh. Nathan Wessler, an attorney with the American Civil Liberties Union, told The Intercept that “when the most likely ‘countermeasure’ is someone turning their phone off or leaving it at home, it is hard to understand how public release of a manual like this could cause harm.” And furthermore, said Wessler, “It is in the public interest to understand the general capabilities of this technology, so that lawmakers and judges can exercise appropriate oversight and protect people’s privacy rights.”
    The documents described and linked below, instruction manuals for the software used by Stingray operators, were provided to The Intercept as part of a larger cache believed to have originated with the Florida Department of Law Enforcement. Two of them contain a “distribution warning” saying they contain “Proprietary Information and the release of this document and the information contained herein is prohibited to the fullest extent allowable by law.”
    Although “Stingray” has become a catch-all name for devices of its kind, often referred to as “IMSI catchers,” the manuals include instructions for a range of other Harris surveillance boxes, including the Hailstorm, ArrowHead, AmberJack, and KingFish. They make clear the capability of those devices and the Stingray II to spy on cellphones by, at minimum, tracking their connection to the simulated tower, information about their location, and certain “over the air” electronic messages sent to and from them. Wessler added that parts of the manuals make specific reference to permanently storing this data, something that American law enforcement has denied doing in the past.

    One piece of Windows software used to control Harris’s spy boxes, software that appears to be sold under the name “Gemini,” allows police to track phones across 2G, 3G, and LTE networks. Another Harris app, “iDen Controller,” provides a litany of fine-grained options for tracking phones. A law enforcement agent using these pieces of software along with Harris hardware could not only track a large number of phones as they moved throughout a city but could also apply nicknames to certain phones to keep track of them in the future. The manual describing how to operate iDEN, the lengthiest document of the four at 156 pages, uses an example of a target (called a “subscriber”) tagged alternately as Green Boy and Green Ben:

    The documents also make clear just how easy it is to execute a bulk surveillance regime from the trunk of a car: A Gemini “Quick Start Guide,” which runs to 54 pages, contains an entire chapter on logging, which “enables the user to listen and log over the air messages that are being transmitted between the Base Transceiver Station (BTS) and the Mobile Subscriber (MS).” It’s not clear exactly what sort of metadata or content would be captured in such logging. The “user” here, of course, is a police officer.

    In order to maintain an uninterrupted connection to a target’s phone, the Harris software also offers the option of intentionally degrading (or “redirecting”) someone’s phone onto an inferior network, for example, knocking a connection from LTE to 2G:
    A video of the Gemini software installed on a personal computer, obtained by The Intercept and embedded below, provides not only an extensive demonstration of the app but also underlines how accessible the mass surveillance code can be: Installing a complete warrantless surveillance suite is no more complicated than installing Skype. Indeed, software such as Photoshop or Microsoft Office, which require a registration key or some other proof of ownership, are more strictly controlled by their makers than software designed for cellular interception.
    “While this device is being discussed in the context of U.S. law enforcement,” said Tynan, “this could be used by foreign agents against the U.S. public and administration. It is no longer acceptable for our phones and mobile networks to be exploited in such an invasive and indiscriminate way.”
    Documents published with this article:




    We depend on the support of readers like you to help keep our nonprofit newsroom strong and independent. Join Us


+ Reply to Thread

Posting Permissions

  • You may post new threads
  • You may post replies
  • You may post attachments
  • You may not edit your posts
  •