[Scan-DC] Stingrays in DC: WRC: Spying on Your Cell Phone in DC

Sun Jun 3 05:38:22 EDT 2018

Actually a wired phone is easier to trace in some ways, but I went through
a neighbor saying they could eavesdrop on my cordless which of course is a
radio transmitter and easier that pie to hear. cell phones run on encrypted
networks but as the article stated, even those can be spoofed, listened to
or monitored with the right equipment.

You just need to keep a lock on your mouth nowadays I guess :)

On Sat, Jun 2, 2018 at 9:17 PM, Alan Henney <alan at henney.com> wrote:

>
> https://www.nbcwashington.com/investigations/Potential-Spy-
> Devices-Which-Track-Cellphones-Intercept-Calls-Found-All-Over-DC-Md-Va-
> 482970231.html
>
> Zoomable map of Stingrays are included in web version of the story.
>
> The android app appears to be named "Baseband Firewall".
>
> I like the point about another good reason to have a home hard phone. I
> actually think a VOIP phone is slightly harder to intercept and easier to
> end-to-end encrypt.
>
> https://www.wired.com/2014/09/cryptophone-firewall-
> identifies-rogue-cell-towers/
>
> https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector
>
> https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector/blob/
> development/README.md
>
> https://github.com/CellularPrivacy/Android-IMSI-
> Catcher-Detector/issues/124
>
> https://cellularprivacy.github.io/Android-IMSI-Catcher-Detector/
>
>
> ÷=÷=÷=÷=÷=÷=÷
>
> https://www.nbcwashington.com/investigations/Potential-Spy-
> Devices-Which-Track-Cellphones-Intercept-Calls-Found-All-Over-DC-Md-Va-
> 482970231.html
>
>
> Potential Spy Devices Which Track Cellphones, Intercept Calls Found All
> Over D.C., Md., Va.
> By Jodie Fleischer, Rick Yarborough and Jeff Piper
>
> Published at 6:35 PM EDT on May 17, 2018 | Updated at 10:18 AM EDT on May
> 18, 2018
>
>
> The technology can be as small as a suitcase, placed anywhere at any time,
> and it's used to track cell phones and intercept calls.
>
> The News4 I-Team found dozens of potential spy devices while driving
> around Washington, D.C., Maryland and Northern Virginia.
>
> Congresswoman Requests Hearings After Spy Tech Found in DC
>
> "While you might not be a target yourself, you may live next to someone
> who is. You could still get caught up," said Aaron Turner, a leading mobile
> security expert.
>
> The device, sometimes referred to by the brand name StingRay, is designed
> to mimic a cell tower and can trick your phone into connecting to it
> instead.
>
> The News4 I-Team asked Turner to ride around the capital region with
> special software loaded onto three cell phones, with three different
> carriers, to detect the devices operating in various locations.
>
> "So when you see these red bars, those are very high-suspicion events,"
> said Turner.
>
> If you live in or near the District, your phone has probably been tracked
> at some point, he said.
>
> A recent report by the Department of Homeland Security called the spy
> devices a real and growing risk.
>
> And the I-Team found them in high-profile areas like outside the Trump
> International Hotel on Pennsylvania Avenue and while driving across the
> 14th Street bridge into Crystal City. The I-Team got picked up twice while
> driving along K Street — the corridor popular with lobbyists.
>
> "It looks like they don't consider us to be interesting, so they've
> dropped us," Turner remarked looking down at one of his phones.
>
> Every cellphone has a unique identifying number. The phone catcher
> technology can harness thousands of them at a time.
>
> DHS has warned rogue devices could prevent connected phones from making
> 911 calls, saying, "If this type of attack occurs during an emergency, it
> could prevent victims from receiving assistance."
>
> "Absolutely. That's a worry," said D.C. Councilwoman Mary Cheh, adding
> that the spy technology should be a concern for all who live and work in
> the District.
>
> The I-Team's test phones detected 40 potential locations where the spy
> devices could be operating, while driving around for just a few hours.
>
> "I suppose if you spent more time you'd find even more," said Cheh. "I
> have bad news for the public: Our privacy isn't what it once was."
>
> Especially in her ward, where many of the streets are lined with
> embassies.
>
> "They're doing the interrogation, or [checking] who we are, and then the
> white bar represents when they release us," Turner said as he demonstrated
> his technology.
>
> The phones appeared to remain connected to a fake tower the longest, right
> near the Russian Embassy.
>
> The I-Team got picked up twice off of International Drive, right near the
> Chinese and Israeli embassies, then got another two hits along
> Massachusetts Avenue near Romania and Turkey.
>
> All of those countries have the phone catcher technology, Turner said.
>
> "You know governments do this to each other all the time and
> laws-schmaws," said Cheh.
>
> Which is a problem.
>
> The spy technology poses a risk to national and economic security, but
> there's little our government can do to stop devices located on foreign
> soil.
>
> "A law that we had could not tell these embassies what they can and cannot
> do," said Cheh.
>
> The phone catchers can also be combined with other technology to listen-in
> or grab data from phones that are connected, Turner said.
>
> "Most people don't know about it," said Alan Butler, senior counsel for
> the Electronic Privacy Information Center.
>
> "There's no magic software or setting that protects you from these,"
> Butler said.
>
> Butler is also a D.C. resident.
>
> "There's a lot to be concerned about," he said.
>
> Particularly since DHS hasn't disclosed how many devices it found or
> where. The agency also said it did not determine who was operating them,
> which Butler finds unacceptable.
>
> "I think they should be taking the time and investing the resources to
> identify them and to flag them to the carriers and find ways to either have
> them taken down or have them blocked," he said.
>
> Turner said cell carriers can't completely secure our phones because they
> have to allow for law enforcement access. Plus, even the oldest phones must
> be able to reach 911, so low-tech vulnerabilities can't be closed.
>
> "I don't think there's a magic fix here," said Turner. "I don't think
> Congress can mandate anything to say, Hey, carriers do this right now."
>
> The good news is about half the devices the I-Team found were likely law
> enforcement investigating crimes or our government using the devices
> defensively to identify certain cellphone numbers as they approach
> important locations, Turner said.
>
> The I-Team test detected devices in operation near Langley, the Pentagon
> and Fort Myer, but also found them in residential areas like Bethesda's
> Kenwood neighborhood, near Palisades in DC and along Old Dominion Drive in
> McLean, which Turner said raised questions.
>
> "Maybe someone is involved in high-level negotiations on a business deal,
> or maybe it's a government employee involved in a regulatory ruling," he
> said, adding that he's heard of the devices being used in a corporate
> espionage situation, which is illegal under United States law.
>
> You can't control which tower your phone attaches to, Turner said, so you
> can't avoid being caught by a device.
>
> So if you've ever wondered why you just can't make a call from inside your
> home or office: "It could be why," said Turner. "[It's] a good reason to
> have a land line."
>
> But you can protect your calls and texts by downloading free calling and
> texting apps that use encryption instead of using the standard ones that
> come installed on your cellphone, he said.
>
> Reported by Jodie Fleischer, produced by Rick Yarborough, and shot and
> edited Jeff Piper.
> ______________________________________________________________
> Scan-DC mailing list
> Home: http://mailman.qth.net/mailman/listinfo/scan-dc
> Help: http://mailman.qth.net/mmfaq.htm
> Post: mailto:Scan-DC at mailman.qth.net
>
> This list hosted by: http://www.qsl.net
> Please help support this email list: http://www.qsl.net/donate.html