Pages

Sunday, January 4, 2015

Don't Get Speared by a 'Stingray'

An IMSI catcher, colloquial term "Stingray," is a set of truck-mounted communication equipment that simulates a cell phone base station ("tower"), for the specific purpose of covert eavesdropping on private communications or locating cellular phones ("handsets").

So, why do I care, Backwoods?

Because Federal, state, and local 'law enforcement' agencies are using them WITHOUT WARRANTS to eavesdrop on communications that are none of their business, for purposes that have nothing to do with catching criminals.  

And don't say, "Well, I have nothing to hide."  The history of totalitarian societies is replete with people who went along with the regime until they found there was no one left to defend them from its depredations.

If you know what Stingrays are, and the communication specialist in your group knows how to detect and defeat them, you might be able to communicate privately via the cell-phone network, for purposes of security, health and defense during a breakdown in the civil society, such as during these "Ferguson" style riots in the big cities.  Which will get worse in 2015.

Known to use Stingrays
Okay, who uses Stingrays? There are many federal, state, and local agencies that use Stingrays.  The ACLU page at the link has an interactive map (screenshot at right) of state and local LEOs that use Stingrays; the only one close to my AO known to use them is Gwinnet County, GA.  If they do, it's sure that other counties in Georgia do, as well.

Be aware: the Feds and locals are trying to hide their use of Stingrays, with paperwork chicanery and shell games.  They know their use without warrants is unconstitutional, and don't care.  So, we citizens fight back another way: detection and avoidance.

How does a Stingray work?  Well, it's rather technical, but I thought the snippet below of the WikiPedia Stingray explanation was quite cogent in giving us the basic facts that make it all work:
The GSM specification requires the handset to authenticate to the network, but does not require the network to authenticate to the handset.
This is very important; it means that ANY modern cellular handset trusts the cell network implicitly, assuming that any base station (tower) is trustworthy.  This is a very, very bad assumption, which allows not only law enforcement, but other groups the ability to eavesdrop on communications, and perhaps just as importantly, locate a handset.  Wikipedia continues:
This well-known security hole is exploited by an IMSI catcher [aka Stingray]. The IMSI catcher masquerades as a base station and logs the IMSI numbers of all the mobile stations in the area, as they attempt to attach to the IMSI-catcher. It allows forcing the mobile phone connected to it to use no call encryption (A5/0 mode) or to use easily breakable encryption (A5/1 or A5/2 mode), making the call data easy to intercept and convert to audio.
Since the handset trusts the network implicitly, it also allows the network to change the communication mode, turning off normally-encrypted voice communications and allowing the Feds or whomever to listen in to their evil hearts' content.

SnoopSnitch
How do we citizens counter this?  The open-source application SnoopSnitch can map the base stations in the area, and make one aware of possible Stingray operations.

From my observations, it requires some skill to operate and to interpret whether a Stingray is actually present.  This is a still best developed NOW by the communication specialist on your team, before you need it.

SnoopSnitch requires a rooted Android phone; buy one somewhere for cash. Because part of the checks for a Stingray involve making calls out, you will have to have a network account on the phone.  The SnoopSnitch authors recommend a pre-paid SIM card.

There's another open-source IMSI catcher detector for Android, but I don't know anything about it.

No comments:

Post a Comment