Friday, September 05, 2014

Texas site of four mysterious fake cell towers: Who's using them?

Grits has discussed police use of fake cell-phone towers (or "IMSI catchers," colloquially known by the brand name "Stingrays") by police, but it turns outs cops may not be the only ones using this technology. Seventeen different fake cell tower devices have been identified around the country - four of them in Texas - by a company specializing in making secure mobile phones. CBS News quoted:
Ross Rice, a former FBI agent, [who] said it’s likely [they are] being used illegally.

“I doubt that they are installed by law enforcement as they require a warrant to intercept conversations or data and since the cell providers are ordered by the court to cooperate with the intercept, there really would be no need for this,” Rice said.

“Most likely, they are installed and operated by hackers, trying to steal personal identification and passwords.”
I wouldn't be too sure about that: Some law enforcement do have Stingrays - Fort Worth PD definitely owns one and several people have told me Houston PD does too, though I've never confirmed it. Departments must sign non-disclosure agreements when they purchase Stingrays so it's impossible right now to know which agencies have them. And Texas law does not specifically regulate the devices.

Given that, IMO most IMSI catchers the company found are likely run by law enforcement or spooks (many of the devices are located near military bases, reported Computer World).  Perhaps it's just the NSA doing their thing. The feds have even used wearable Stingray devices to covertly monitor political demonstrations. Who knows?

Still, it's notable that, while criminals can't buy the necessary equipment pre-fabbed from the Harris Corporation (Stingray's manufacturer), the tech involved isn't particularly high end stuff and there's nothing to stop someone with nefarious motives from making their own if they have the technical chops.

The Federal Communications Commission recently established a task force to study whether these devices are being misused. But Grits agrees with this expert quoted by the Washington Post that the FCC shouldn't seek to regulate the devices (let courts and legislatures do that) but to eliminate the vulnerabilities that allow them to operate:
Stephanie K. Pell, a cyber-ethics fellow at the Army Cyber Institute at the U.S. Military Academy, said the FCC should investigate not only the illegal uses of IMSI catchers but the network vulnerabilities that allow them to work.

“I think it would be prudent to assume that the Chinese government and criminal gangs don’t care if IMSI catchers are illegal,” said Pell, who has written extensively about the technology. “Ultimately if we are going to get to the root of the problem, we will have to deal with this from a network vulnerability perspective.”
Law enforcement won't like that suggestion because it would eliminate one of their favorite new toys, but technology is value neutral. An IMSI catcher doesn't care if it's used to catch crooks or commit crimes. So if cops want to stop the bad guys from using them, the tradeoff will be that they must also remove this tool from their own toolbox.

Until a technical solution is in place, Grits will continue to support laws regulating the use of IMSI catchers by government. But the safer approach would be for the FCC to require companies to fix the vulnerability and, eventually, make the issue moot.


Phelps said...

Beyond not particularly high-end tech, it's tech that the hacker community came up with before we even knew about Stingrays. These sorts of things were demonstrated and operational at DefCon long before the government was seen using them (and Harris probably got the idea from there.)

Remember that these are used for White Hat purposes too, like providing cell coverage at far off festivals like Burning Man. A private cell tower is just that, a private cell tower. It can be for good or bad purposes.

JJ said...

Texas ≠ modern technology laws;

Gritsforbreakfast said...

@Phelps, don't you think there's a distinction between a temporary antenna put up at a festival and a covert device whose sole function is surveillance?

Here's the big difference to my mind: If they implemented the tech fix Ms. Pell described in the Post article, people could still put up temporary towers or antennae for festivals, etc.. But a third-party IMSI catcher couldn't hijack the signal, whether for nefarious or beneficial uses, without permission.

@JJ, you'd be surprised. Texas' new warrants for email law set the national standard. OTOH, our drone law is a piece of junk. Hughes' HB 1608 requiring warrants for cell-phone location data, which will be re-filed this session with a much lower bill number, IMHO will be one of the best state statutes out there if/when it passes. It has a lot of momentum.

Everybody's tech-meets-crimjust laws are for shit, to tell the truth, federal and state, and one of the tasks society must undertake in the coming decade, in Texas and elsewhere, is to a) update the laws to account for the new tech and/or b) update the tech, per Ms. Pell's approach, to make the laws moot. Where possible, the latter would be my preference. For the most part (with notable exceptions both directions), I trust the coders more than the politicians.

Phelps said...

@Phelps, don't you think there's a distinction between a temporary antenna put up at a festival and a covert device whose sole function is surveillance?

I absolutely do. The problem is, legislators are terrible at defining that difference.

I don't think that these sorts of things are legal under the constitutional ban against general warrants. I think that when they pose as traditional network towers, then there is fraud, and the FCC should shut them down.

Instead, what is likely to happen is that the lege will just "ban" them, and by banning them I mean taking away all the law abiding uses and just leaving them to the cops and the criminals (but I repeat myself.)

Gritsforbreakfast said...

Based on what I know about the relevant committees and their members, I think the farthest the Lege might go is require a warrant, which is better than the status quo. Anyway, the cell phone lobby won't let them restrain tower growth; for my part, I'll leave that fight to the big dogs and worry about the warrant requirement.

That said, don't forget, on Sept. 16 the Senate State Affairs will take public testimony on three interim charges on a vast array of electronic privacy issues. If you or anyone else have strong opinions on the subject, consider coming to Austin to testify (and talk about it to your senator and rep, or their staff, while you're there). Those interim charges cover a lot of ground and, if tackled comprehensively, could result in good public policy, in self-interested mischief, or most likely a little of both. But they're probably gonna do something. This time next year the opportunity for input may have passed.

JJ said...

Well, we know the gov coders aren't great because they can't keep them there long enough to finish projects. I've seen 4 million blown on a DPS project over a year with zero tangible results.

Gritsforbreakfast said...

JJ, I think what that means is government contract managers aren't great, not the coders. No way DPS is doing major coding projects in house, right?