back to article Cops, Feds spaff $100m on Stingray cellphone snooping gear – and there's sod all oversight

American crimefighters spend huge amounts of cash on Stingray-like devices that impersonate cellphone towers to snoop on people – and with little or no oversight. That's the findings of an 18-month US congressional study, which revealed the Department of Justice (DoJ) has spent $71m on 310 cellphone-tracking units between 2010 …

  1. Anonymous Coward
    Anonymous Coward

    Were this a strategy game ...

    an anti-Stingray card could be played. But in the real world, maybe leave your phone at home when you go for a demonstration (removing the SIM card or Airplane mode for the less-than-totally-paranoid). Also, burners and stolen phones. Were this a movie, there would be a buffer overrun exploit where the heroic rebel could control the fascist authorities' evil snooping device, leading them to arrest a rival agency's cop, working undercover.

    1. Truckle The Uncivil

      Re: Were this a strategy game ...

      Actually, this has a really easy solution. If it cannot be managed in app then a small portable device ought to be able to detect the use of a stingray and report it. It should be quite interesting if you were in a crowd of protesters and you could show a stingray active and maybe its location. Engineering or software should be trivial

      1. Anonymous Coward
        Anonymous Coward

        Re: Were this a strategy game ...

        How would you tell it's a stingray? They don't broadcast as "Hey I'm a stingray"

        It's really an issue in GSM connecting to the first tower it sees.

        1. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        Re: Were this a strategy game ...

        "If it cannot be managed in app then a small portable device ought to be able to detect the use of a stingray and report it."

        What does that mean? Either you're talking out your ass or provide some substance to this statement.

        I don't understand a bit about GSM, but couldn't you detect the amount of towers and the probability of their distances. What's the odds of 2 towers within 1000ft.?

        1. Mark 85

          Re: Were this a strategy game ...

          What's the odds of 2 towers within 1000ft.?

          Not from the same telecom but different telecoms is a definite. Where I live all of AT&T's and Verizon's are close together because of the terrain.

          1. Robert Helpmann??
            Childcatcher

            Re: Were this a strategy game ...

            What's the odds of 2 towers within 1000ft.?

            Not from the same telecom but different telecoms is a definite. Where I live all of AT&T's and Verizon's are close together because of the terrain.

            It is more complicated than that. Carriers will bring in portable towers to handle excess traffic for large events. Law enforcement could easily set up shop in such an environment with none the wiser even with detection equipment. It probably would take someone on the inside of all of the providers in a given area to verify that there is not a wolf among the sheep and they might be bound by law not to give up the information.

            What I do not understand is how this is different from any other wire tap situation. Why is this not covered by existing law? I should have every expectation that my phone conversation is private by default and would think that tapping a cell phone call is not de facto different than tapping a land line. My guess is that the reason that cases have been dropped rather than give up info about this tech is law enforcement suspects that it would come up short against those laws and so avoids it being brought up in court rather than give up this (possibly, probably) illegal practice.

            1. John Brown (no body) Silver badge

              Re: Were this a strategy game ...

              "Why is this not covered by existing law? I should have every expectation that my phone conversation is private by default and would think that tapping a cell phone call is not de facto different than tapping a land line."

              Rather than looking at wire tapping laws, it might be better to look at radio broadcasting laws. I suspect they are quite different and probably the ones actually being used.

  2. JaitcH
    Happy

    Harris (Stingray) Doesn't Do MESH!

    There are Apps, at least for Android, which use the WiFi features for confidential communications called MESH radio.

    One Google Play App is called SERVAL.

    SERVAL is also the name used for the many projects developing this technology. Just Google 'SERVAL'.

    And the best part is neither GCHQ or the NSA can eavesdrop on traffic, just like Harris.

    1. Anonymous Coward
      Anonymous Coward

      Re: Harris (Stingray) Doesn't Do MESH!

      Great but flawed.

      How is turning on your wifi actually stop you being tracked, which is what the stingray is all about, unless all it's details constantly change, all the time.

  3. whoseyourdaddy

    Meanwhile, criminals and terrorists...

    1. Anonymous Coward
      Stop

      Eh, us tax-paying citizens are much easier to surveil than the criminals and terrorists, and no doubt the cops assigned have a quote on "How many people did you track today?"

      And this will probably get worse under Trump.

      1. Charles 9

        They'll just declare ANY search under perpetual existential threat (which they'll then prove) can be deemed reasonable. If the USA can be destroyed in an instant, nothing is taboo anymore.

        Not my personal thought, BTW.

      2. Trevor_Pott Gold badge

        Are you saying criminals and terrorists aren't tax-paying citizens? Because I have some news for you...

        1. Charles 9

          So do I, four words: Ink On A Page.

  4. Anonymous Coward
    Anonymous Coward

    I just have one question:

    What do they have to hide?

    The efforts they expend to prevent disclosure and transparency suggest known and knowing foul play. I think we ought to know.

    1. Anonymous Coward
      Anonymous Coward

      Re: I just have one question:

      No, they'll just reply they're hiding from the bad guys, who would switch tactics if they knew something was up. After all, that was supposedly why Churchill allowed Colchester to be bombed: so the Nazis wouldn't know their codes had been broken.

      1. Trevor_Pott Gold badge

        Re: I just have one question:

        The ones using the stingrays are the bad guys. Just take a look at their employers...

        1. Anonymous Coward
          Anonymous Coward

          Re: I just have one question:

          Protecting us from the WORSE guys, you have to realize...

  5. NotBob
    Devil

    "Universal and well-understood standard"

    We have a standard. The standard is that we'll do what we want and screw all of you if you don't like it!

  6. WinHatter
    Pint

    But does it work ?

    I guess it would work when there are a couple of targeted IMEIs.

    On a large scale ??? Meh. The laundry van with a series of hangers to hide the antennas next to the semi with a 300KVA generator running ... may be a bit of a giveaway.

    To actively follow a whole crowd that may require a few extra amps a car alternator may not have.

    At the start of a demonstration call your buddy next to you so the Stingray has to handle both ends of the conversation and leave the line open. Not sure the device will be able to handle that many duds.

  7. Mahhn

    ISMI Catcher apps

    At DEFCON, 2 years ago I looked over some ISMI Catcher apps. (you can find them on github)

    There were 4 fake towers running at the event during that one hour. It's not hard to detect them.

    There are other questions though. The people that use them/are near, catch a good deal of radiation. Back when police radar was new, some of them caused cancer to the patrolmen. I would expect to see complications for the users of such devices.

  8. Version 1.0 Silver badge

    $1,800 each on Alibaba - so Harris is making a nice profit.

  9. David Roberts

    Map of all cell towers?

    Planning should have details of where all the cell towers are.

    Apps could also crowd source cell tower locations.

    So using this database any new cell towers should stand out like a sore thumb.

    There are apps now which can locate your local cell towers.

    1. Charles 9

      Re: Map of all cell towers?

      Problem is, mobile cell towers are in use as well, and not all of them are Stingrays.

  10. adam 40 Silver badge

    Hunting Stingrays

    If you wanted to go out and hunt stingray-style IMSI catchers, there are a few techniques I can suggest:

    a) look at the broadcast data. GSM broadcast data is all "in the clear" for example global paging, neighbour cell lists and the like. A simulated basestation will stick out like a sore thumb especially if you probe the paging by calling an MS attached to the (real) network.

    b) suspect failure of TMSI hand-in to the cell - this is designed to fall back to IMSI procedures to reveal the handset's identity.

    c) challenge the network - get GPRS attached and make sure the network is authentic - it should firewall you in the same way as the real network. There are usually some subtle properties that are hard to get "just right".

    You'll probably want to do all this stuff on a secondhand mobile phone with a PAYG SIM bought with cash in a corner shop with no CCTV . A phone with an aerial socket will be handy - you can attach a yagi antenna for some direction-finding.

    Happy hunting!

    1. Charles 9

      Re: Hunting Stingrays

      "You'll probably want to do all this stuff on a secondhand mobile phone with a PAYG SIM bought with cash in a corner shop with no CCTV ."

      Good luck finding such a shop. A CCTV at the till is SOP for most shops (no matter how small, thanks to $200 DIY kits) to help with identifying hoodlums and robbers.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like