ImsiCatcher
Latest
The connected person’s guide to surviving an alt-right protest
On Wednesday, alt-right group Patriot Prayer got its permit for a weekend rally on federal land inside San Francisco. It was issued despite strong opposition from Mayor Ed Lee and city officials, state lawmakers and House Democratic leader Nancy Pelosi. This hate group circumvented the city and state because it chose a location on federal land -- a situation of concern to every community that doesn't want a Charlottesville on its doorstep. And because we don't have a choice, we're getting ready. That doesn't just mean counterprotests, but our entire police force will be on guard -- and because we're a city of technophiles and hackers, citizens will be paying particular attention to our phones and networks.
Set up your own Stingray cell dragnet with these leaked docs
The Stingray has been a controversial tool that police departments and government agencies have used to track mobile phone locations and monitor the metadata they send to cell towers. Its maker Harris Corporation has repeatedly denied requests to explain its inner workings, citing terrorist and criminal security concerns despite their frequent use without warrants. But The Intercept has acquired over 200 pages of documentation detailing several communication-intercepting setups of the company's hardware and software.
Colombia is conducting widescale illegal surveillance
Want to know why it's important to have checks on mass surveillance programs? Colombia should serve as a good example. Privacy International reports that the country not only collects bulk internet and phone data on a grand scale, but violates the law in the process -- it's supposed to require judicial approval for any surveillance, but regularly ignores that oversight. Colombian agencies have also relied on controversial tools like IMSI catchers (which scoop up nearby cellphone data) and Hacking Team's spyware, and they've sought to expand their powers rather than rein things in.
Government wants to know if phone surveilance tech is being abused
This boxy, unassuming thing you see above is what's called an IMSI catcher. In essence, they pose as miniature cell towers that mobile devices connect to and route things through. All of that information - phone numbers, call recipient, caller location - are fair game to whomever controls that box. Concerning, no? Using one of these things is usually the purview of law enforcement agencies, but the FCC is getting a little concerned that they're being used by some unsavory types - specifically, gangs and foreign governments. To that end (and after some prompting from Florida congressman Alan Grayson), the Commission has put together a task force to get a better sense of just who's using these things and stop "llicit and unauthorized use" of such hardware. If we're being honest, Congressman Grayson is just a little late to the game: the EFF has been railing against these things for years, calling the widespread searches they're capable of conducting "unconstitutional, all you can eat data buffets". Ah well, better late than never - we'll just have to see what the FCC unearths in the weeks and months to come.
Hacker intercepts phone calls with homebuilt $1,500 IMSI catcher, claims GSM is beyond repair
In 2009, Chris Paget showed the world the vulnerabilities of RFID by downloading the contents of US passports from the safety of his automobile. This year, he's doing the same for mobile phones. Demonstrating at DefCon 2010, the white hat hacker fooled 17 nearby GSM phones into believing his $1,500 kit (including a laptop and two RF antennas) was a legitimate cell phone base station, and proceeded to intercept and record audience calls. "As far as your cell phones are concerned, I'm now indistinguishable from AT&T," he told the crowd. The purpose of the demonstration was highlight a major flaw in the 2G GSM system, which directs phones to connect to the tower with the strongest signal regardless of origin -- in this case, Paget's phony tower. The hacker did caveat that his system could only intercept outbound calls, and that caller ID could tip off the owner of a handset to what's what, but he says professional IMSI catchers used by law enforcement don't suffer from such flaws and amateur parity would only be a matter of time. "GSM is broken," Paget said, "The primary solution is to turn it off altogether." That's a tall order for a world still very dependent on the technology for mobile connectivity, but we suppose AT&T and T-Mobile could show the way. Then again, we imagine much of that same world is still using WEP and WPA1 to "secure" their WiFi.
