Quartz Obsession
StingRays: The smartphone surveillance boxes that cops and spies love
It may not have the same dismal reputation as Facebook, but the StingRay—also known as a cell-site simulator or IMSI catcher—is a pervasive surveillance technology that might be even scarier.
These portable devices masquerade as cellular towers, snaring all mobile phones in a given area. Popularized by Florida-based Harris Corporation, the StingRay has become a catch-all for IMSI catchers, like “Xerox” or “Kleenex.” The devices are used by law enforcement agencies—and, it’s increasingly clear, other less scrupulous entities—to locate and even eavesdrop on private phone calls and data traffic.
“With proper court authorization, utilization of StingRay-type devices have proven to be an extremely effective tool in assisting in and resolving kidnapping, extortion, fugitive, drug trafficking, and other investigations,” retired FBI Supervisory Special Agent Dennis Franks told Quartz.
But while the StingRay can be used for good by law enforcement, advocacy groups like the Electronic Frontier Foundation say police using IMSI catchers cast too wide a net, scooping up data indiscriminately from innocent people. And earlier this month, the US Department of Homeland Security admitted that it has detected rogue StingRays in Washington, DC, presumably in use by foreign intelligence services. “Every embassy ‘worth their salt’ has a cell tower simulator installed,” one security expert told the AP.
Here’s what you need to know about the devices that until recently were so secret, they didn’t officially exist.
🐦 Tweet this
🌐 View this email on the web
Quartz ObsessionStingRaysApril 20, 2018
Once stung, twice shy
It may not have the same dismal reputation as Facebook, but the StingRay—also known as a cell-site simulator or IMSI catcher—is a pervasive surveillance technology that might be even scarier.
These portable devices masquerade as cellular towers, snaring all mobile phones in a given area. Popularized by Florida-based Harris Corporation, the StingRay has become a catch-all for IMSI catchers, like “Xerox” or “Kleenex.” The devices are used by law enforcement agencies—and, it’s increasingly clear, other less scrupulous entities—to locate and even eavesdrop on private phone calls and data traffic.
“With proper court authorization, utilization of StingRay-type devices have proven to be an extremely effective tool in assisting in and resolving kidnapping, extortion, fugitive, drug trafficking, and other investigations,” retired FBI Supervisory Special Agent Dennis Franks told Quartz.
But while the StingRay can be used for good by law enforcement, advocacy groups like the Electronic Frontier Foundation say police using IMSI catchers cast too wide a net, scooping up data indiscriminately from innocent people. And earlier this month, the US Department of Homeland Security admitted that it has detected rogue StingRays in Washington, DC, presumably in use by foreign intelligence services. “Every embassy ‘worth their salt’ has a cell tower simulator installed,” one security expert told the AP.
Here’s what you need to know about the devices that until recently were so secret, they didn’t officially exist.
🐦 Tweet this
🌐 View this email on the web
QUOTABLE
“There really isn’t any place for innocent people to hide from a device such as this.”
— Richard Tynan, Privacy International
AP Photo/Nati Harnik
Million-dollar question
How do they work?
Mobile phones are designed to stay connected to a network at all times. This function is handled by a phone’s “baseband,” which communicates with nearby cell towers. When you move from cell to cell, the baseband switches you over to the next tower, always seeking the strongest signal.
When your phone connects to a cell tower, it authenticates its identity using an IMSI, which stands for International Mobile Subscriber Identity—a unique number linked to a user’s billing account. IMSI catchers subvert this system by blasting out a stronger-than-usual signal and pretending to be a regular cell tower.
Once connected to a StingRay—known as a “man-in-the-middle” attack—a smartphone’s data can be exploited in various ways, such as forcing devices to use unencrypted 2G networks in order to intercept calls, messages, and other data. StingRays can also track a person’s movements by having their device check in more frequently than normal, essentially turning it into a location beacon, even if they don’t make any calls. IMSIs have even been used to identify targets for drone assassinations.
BY THE DIGITS
$1.3 billion: Projected revenues for the “lawful interception” market by 2019
70: Number of US police agencies that owned StingRays in 2017, up from 42 in 2014.
$68,479: Cost of the original StingRay
$157,000: Cost of the StingRay “KingFish” package
$7: Cost to make your own primitive IMSI catcher
$93,065: price of a fully-loaded 2019 Chevrolet Corvette Stingray
$5.9 billion: Revenue generated by Harris Corp. in 2017
17,000: Number of people employed by Harris
20: Rank of Harris among the top 100 federal contractors
77: Percentage of Americans with smartphones (2018)
Giphy
Fun fact!
Stingrays in the animal kingdom have one or more barbed stingers, fed by venom glands. Their stings are not usually fatal to humans, with the death of Australian nature host Steve Irwin as a rare exception.
DIY
How to buy an IMSI
There are strict rules governing the purchase of IMSI catchers. But it’s not hard to find someone willing to break them.
The Chinese e-commerce site Alibaba is full of IMSI catchers. A seller in Taiwan offers the German-made PKI 1640, which will “catch all active UMTS [Universal Mobile Telecommunications System, or, 3G] mobile phones in your proximity,” for $1,800.
In 2015, two South Africans, a businessman and a bank employee, used a $2 million Israeli-made “Grabber” IMSI catcher to “manipulate and blackmail people in powerful positions and sway multibillion-rand state tenders.” And in the United States, “Interceptor use…is much higher than people had anticipated,” one defense tech insider told Popular Science.
“One of our customers took a road trip from Florida to North Carolina and he found eight different interceptors on that trip. We even found one at South Point Casino in Las Vegas. What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases. Whose interceptor is it? Who are they, that’s listening to calls around military bases? The point is: we don’t really know whose they are.”
Department of jargon
IMSI catchers are also known as “dirtboxes,” a nickname for Boeing subsidiary Digital Receiver Technology’s “DRT” devices.
AP Photo/Richard Drew
Pop QUIZ
When was the first known instance of a StingRay being used by ICE in an immigration enforcement operation?
2008200120172004
Correct.
Incorrect.
If your inbox doesn’t support this quiz, find the solution at bottom of email.
Reuters/Stefan Wermuth
Brief history
1895: Harris Corporation is founded by Alfred S. Harris, to develop printing presses.
1963: Harris builds the secure hotline connecting Moscow and Washington during the Cold War.
1995: The FBI begins using StingRay-type technology, referred to in declassified documents as a “Cellular Telephone Digital Analyzer.”
2001: Trademark registration is filed for the “StingRay” name.
2005: Royal Canadian Mounted Police acquire their first “Mobile Device Identifier.”
2010: Hacker Kristin Paget demonstrates an IMSI catcher made at home for about $1,500 at the DEF CON Hacking Conference.
2013: An FBI manual called “cell tracking for dummies” is made public.
2015: Wired magazine names Harris Corporation as one of the world’s biggest threats to privacy.
2016: The IRS reveals the use of IMSI catchers in criminal investigations.
2017: Associated Press finds evidence that cell site simulators are being used to send threatening text messages to Ukrainian soldiers fighting pro-Russian separatists.
in the news
Spy games in DC
On March 26, the US Department of Homeland Security reported unauthorized StingRays operating in Washington, DC “resulting in safety, economic, and privacy risks.” DHS concluded that “the use of IMSI catchers by foreign governments may threaten US national and economic security.”
Experts have long known some dodgy business was going on, especially in a city like DC with hundreds of foreign embassies. In 2014, vendors of equipment that can detect StingRays found dozens of suspected devices near sensitive US government offices in DC:
Every embassy “worth their salt” has a cell tower simulator installed, Aaron Turner, president of the mobile security consultancy Integricell, told the AP. They are used “to track interesting people that come toward their embassies.”
Florida man surveilled
In Florida, police have used StingRays to investigate crimes as small as 9-1-1 hang-ups. In court documents, they obfuscated use of the devices by citing information from a “confidential informant.”
Here’s a map compiled by the ACLU showing known use of IMSI catchers by police. Blue is for local cops, orange is for state cops, and grey is unknown.
Take me down this 🐰 hole
The whistleblower
For a long time, the mere existence of StingRays was a closely guarded secret. Harris and other companies required police departments to sign non-disclosure agreements; if compelled, police would often drop their cases rather than reveal the source of their information.
That all changed when a hacker named Daniel Rigmaiden was busted for wire fraud, despite being exceedingly careful to leave no digital trace of his crimes. While in prison, he dug through a stash of declassified FBI records, he found the first mention of the StingRay.
Since then, awareness of the devices has been growing among defense lawyers, who have argued successfully that the warrantless use of StingRays violates the US Constitution’s provision against unreasonable searches.
In 2014, Harris Corp. wrote a letter to the FCC in response to a Freedom of Information Act request, arguing that if the company’s owner’s manuals were released publicly, “criminals and terrorist[s] would have access to information that would allow them to build countermeasures.”
Two years later, a confidential source slipped The Intercept unredacted instruction manuals used by StingRay operators “as part of a larger cache believed to have originated with the Florida Department of Law Enforcement.” Two of them were marked with “distribution warnings” that the information was proprietary and “the release of this document and the information contained herein is prohibited to the fullest extent allowable by law.”
AP Photo/Nam Y. Huh
POLL
Do you feel comfortable with the deployment of StingRay-type devices?
Click here to vote
Yes, public safety is more important than personal privacyNo, nothing overrides the Fourth Amendment
The fine print
Today’s email was written by Justin Rohrlich, edited by Adam Pasick, and produced by Luiz Romero.
sound off
✏️ What did you think of today’s email?
💡 What should we obsess over next?
🤔 What are you obsessed with this week?
📬 Forward this email to a friend
The correct answer to the quiz is 2017.
Enjoying the Quartz Obsession? Send this link to a friend!
If you click a link to an e-commerce site and make a purchase, we may receive a small cut of the revenue, which helps support our ambitious journalism. See here for more information.
Not enjoying it? No worries. Click here to unsubscribe.
Quartz | 675 Avenue of the Americas, 4th Fl | New York, NY 10011 | United States
Share this email
Quick Reply
To: hi@qz.com
Include quoted text with reply
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment