
Mass snooping fake mobile towers 'uncovered in UK' - TranceMan
http://www.bbc.co.uk/news/business-33076527
======
tomtoise
The Mets stance on this to me seals any doubt about their involvement in
deploying these boxes. I've been watching developments in the surveillance
state in the UK with some concern, this just puts the final nail in the
coffin.

You can't defend such dragnet surveillance techniques as 'terrorist
prevention'. How can I make a difference?

I don't want my country to become America 2.0 (It's already starting to look
like that with water cannons on standby, internet filtering and now this).

~~~
sancha_
No offense, but I always thought the UK is surveillance state #1 in the world
and the US follows a close second. Why? There is no country in the world with
more public surveillance cameras, and they were always playing ball with the
US when it came to mass collection of citizens data.

~~~
cdent
Yeah, agreed.

Having spent half my life in one and half in the other it is very interesting
to compare the different ways in which attitudes to privacy and personal
integrity are violated.

In the UK it is normal for everything to be surveilled. CCTV on every corner
and every road etc. To someone with a "rugged individualist" US attitude this
is appalling. "What, what, you're going to give me a speeding ticket and you
didn't even have to catch me doing it? WTF, that's not cool."

Yet in the US it is rather normal for people in authority to kill someone when
the target is running away or convicted of a crime. To the UK attitude this is
barbarous.

How it feels to me is that the UK tends to co-opt a lot of modern US ideas
badly: without empathy or sympathy or respect for individual rights. In the US
it feels like there is at least some measure of collective guilt (or at least
shame) over surveillance whereas in the UK those doing it are either gleeful
or at least remorseless.

~~~
Dylan16807
> in the US it is rather normal for people in authority to kill someone when
> the target is running away or convicted of a crime

Oh shove off.

~~~
benjiweber
It seems to be quite a common perception of the US here in the UK. It's a
shock seeing police with guns in the US and there's lots of articles like

[http://www.theguardian.com/us-news/2015/jun/09/the-
counted-p...](http://www.theguardian.com/us-news/2015/jun/09/the-counted-
police-killings-us-vs-other-countries)

"England/Wales: 55 fatal police shootings in the last 24 years" "US: 59 fatal
police shootings in the first 24 days of 2015"

~~~
ecdavis
I've commented about this before[0] but figured I'd add: it's not the fact
that police carry guns, it's the way that they use them. To paraphrase my
other comment, Australian police also carry guns and yet the number of people
shot dead by police is 0.25/million people/year compared to 1.25/million
people/year in the USA.

Perhaps this is driven by the large amount of gun ownership and gun crime in
the US, but I suspect it also comes down to cultural differences between
police in the two countries.

[0]
[https://news.ycombinator.com/item?id=8890386](https://news.ycombinator.com/item?id=8890386)

------
rlpb
> Met Commissioner Bernard Hogan-Howe told Sky News: "We're not going to talk
> about it, because the only people who benefit are the other side, and I see
> no reason in giving away that sort of thing."

Apply the same logic to the justice system and courts would operate behind
closed doors.

The public needs to know because it is the public who is supposed to oversee
the authorities via the polling booth. The public should be able to assess
whether the supposed benefits of this practice are valid and decide whether
they want their privacy violated in order to get these benefits.

~~~
anon1385
>Apply the same logic to the justice system and courts would operate behind
closed doors.

That has already happened: [http://www.theguardian.com/law/2013/jun/14/what-
are-secret-c...](http://www.theguardian.com/law/2013/jun/14/what-are-secret-
courts)

~~~
madaxe_again
Yup. They quashed all powerful opposition to this pretty brutally. Ended a
close family friend's career as a high court judge and suicided his wife, as
he vehemently opposed this. You'll know him as a pedophilia apologist from the
press. Court transcripts tell a very different story.

Dark times.

~~~
pjc50
Most of the press play a big part in supporting this kind of nastiness, sadly.

~~~
madaxe_again
And it comes from the highest possible levels - or at least so it appears -
the BBC and many other outlets carried a video-bite of David Cameron
condemning the poor man.

------
teddyuk
Is this why mobile phone data access is so shit in london?

~~~
wumbernang
Upvote for funny.

Its pretty ok on O2 4G for me. Everything else seems congested.

~~~
Mikushi
Same experience, on 3G with Three it's shody at best, but with EE 4G I get 30
to 40Mbps

~~~
Silhouette
We have noticed a _very_ striking degradation in performance of all our 3G
connections (multiple work and personal ones, on multiple mobile networks) in
recent years, with a particularly obvious drop around the time 4G became a big
deal. It could just be coincidental of course, because obviously in terms of
radio signals they shouldn't interfere. However, our more cynical parts can't
help wondering whether resources previously used to support 3G networks are
being redirected over time towards the new and more profitable 4G services,
leaving those still using the same 3G at the same price with fewer stations to
connect with, less regular maintenance, etc.

~~~
benashford
I noticed something similar, but note OFCOM is allowing operators to use any
part of their allocations for 4G services. I'm wondering if they're reusing
some of their 2G and 3G bandwidth for 4G services.

~~~
Silhouette
The standard PR seems to be that network operators claim they aren't doing
this and continue to develop their 2G and 3G capacity in parallel, with any
degradations in performance being due to supporting increased loads and
therefore contention on those 2G and 3G networks.

Meanwhile, just about everybody who actually uses mobile networks seems to
tell roughly the same story that I did before, and there seem to have been
occasional more rigorous/scientific surveys that showed a definite, measurable
drop in service quality on 2G and 3G over the relevant time period.

------
snorrah
It's almost guaranteed that whenever something privacy-invading gets uncovered
in the US, it shortly is found in the UK too.

If I didn't know better, I'd think the UK government have an 'anything you can
do, we can do better' attitude about their orwellian antics.

~~~
wumbernang
Actually most of it is talk, then a hastily pushed through bill, then a
technological measure, then a pile of consultancy, then a pile of tendering,
then armies of consultants filing expenses for 5 years, then a royal fuck up
due to nothing been delivered, then some resignations and reassignments, then
a sudden declaration of success based on something purely coincidental that
looked like the first grand idea was the answer.

That is literally every government project here in the UK.

------
xedarius
How about I have something on my phone that verifies I'm connected to an
authentic provider tower, and not connect to anything else.

Another thing to think about, if it's happening in the UK, it's probably
happening in your own country too.

~~~
keithpeter
If the Stingray units are only $1000, and if the manufacturing company is
prepared to keep purchases confidential as suggested by the OA, I'd imagine
these units are being bought by a variety of agencies in many countries.

I'm wondering what they gather: I'm guessing that if I were to walk past one,
it would be able to log a unique identifier in my phone. Then I presume it
could log future visits to the area. Is this all it is? Same effect as having
a CID officer in an unmarked car with a flask and an empty 2.5 litre coke
bottle?

~~~
nitrogen
_Is this all it is? Same effect as having a CID officer in an unmarked car
with a flask and an empty 2.5 litre coke bottle?_

There is not much to be learned about pervasive, 24/7 dragnet surveillance
from comparing it to one officer in one location. They are completely
different concepts with different consequences. An officer can track a few
people for a short time. Stingrays and the like can build an ongoing narrative
about everyone who passes them, criminal or innocent.

~~~
keithpeter
Over time yes, I agree.

Factual question: What can Stingray collect? Is it 'device number NNN was in
my capture range at 095627 on June 11th 2015' and then the local police have
to analyse the data over time? Or can they get more precise location
information by triangulating with several Stingrays?

~~~
AnoniMoose
Factual Answer: Logging of IMSI (sim card ID) and IMEI (phone ID). Potentially
also logging pTMSI (temporary IMSI used over the air), MSISDN (phone number).

You should be able to get good idea of the handsets distance from the station
based on timing delay.

As it's acting as a full fake site it could potentially be used to deny
service, drain the battery, MiTM outgoing SMS & phone calls, possibly use the
E911 provision to request GPS location from the handset too...

~~~
keithpeter
Thanks - factual is fine

So My Friends in the Met could have a few of these things at sensitive points,
and sit there and collect data along the lines of name (via phone number),
time, date, location, device ID. Running this for some weeks would allow them
to build up a list of people traversing a certain route daily.

Phone/sms could they decrypt the phone calls with the device ID? Seems a lot
of data to collect given the number of people passing through many locations
in central London.

------
mhax
After the Snowden leaks, none of this should be surprising. Still makes me
cringe though, just to have it confirmed.

------
upofadown
Last I heard, the Harris Stingrays were licensed for "emergency use only" in
the US. So how are these things licensed in the UK?

~~~
themeek
Emergancy use in the US (I'm not sure if this has changed) has in practice
meant very liberal use and sometimes statewide blanket coverage (e.g.
Florida).

------
tomlongson
Are there any ways to ensure your phone is not interacting with a Stingray
device?

It was not long ago that the FBI was revealed to be using them from light
aircraft routinely:

[http://bgr.com/2015/06/03/fbi-dirtbox-stingray-spy-plane-
pro...](http://bgr.com/2015/06/03/fbi-dirtbox-stingray-spy-plane-program/)

------
darkhorn
Why they use such tools? In Turkey police can listen any phone from the police
station. Because all telecommunication companies are required to give access
to their network and even if you are the owner of the telecommunication
company you cannot know when is your custemers being listened.

~~~
schoen
Cell site simulators can be used for location tracking even when a device is
isn't actively communicating at the application layer. (However, the carriers
may already know _that_ information as well, and might be required to turn it
over to police too.)

Edit: also, you can use a cell site simulator without telling anyone who you
are, whom you're interested in, or what legal authority (if any) you claim to
have to monitor them.

~~~
darkhorn
Yes, cell towers log all connections (I don't mean phone calls or SMS). And we
see news like "the criminals telephone was in this area two months ago",
"these people were here according the cell towers". I'm talking about Turkey
again. Of course the police needs warrant to get these kind of logs. Even the
web sites need to log what IP was connected to them, which is pretty lame.

~~~
schoen
In the U.S. these things are kept incredibly secret (even through strenuous
efforts to keep the details out of court testimony) and it takes many years to
learn more about them.

------
JonnieCache
Don't miss the _" All the data captured by the investigation has been put in a
Google document"_ link that points to a 50mb file called "Complete BB firewall
logs.rtf," which I'm sure will be of interest.

~~~
indeed30
Have you had a look at it? There's no location information that I can see so
the usefulness is somewhat limited. There are 160 lines with "Suspicion: LOW"
or higher, but I'm really not sure what I'm looking at.

If someone with a bit more domain expertise could point out the smoking gun
here, it could be very interesting.

~~~
qrmn
IMSI catchers are _transceivers_. They are not hard to find, they are easily
triangulated: they literally broadcast their location. Honestly, denying their
usage is remarkably pointless.

If you want a location, then I suggest: grab a spectrum analyser; head to
Knightsbridge; tell me what happens when you get close to Hans Crescent; then
look on the corner and guess why.

And, don't take your phone. Obviously.

~~~
dogshoes
I'm curious, but not in London. All I could see on Google Street View, which
is likely old, is a standard cell site on the A4 in that area.

[https://www.google.com/maps/@51.499897,-0.163137,3a,49y,276....](https://www.google.com/maps/@51.499897,-0.163137,3a,49y,276.26h,126.63t/data=!3m4!1e1!3m2!1sF_Y8Dd9elLdFrCH-
eyALcg!2e0)

Would you happen to have a picture of the install they have in that area?

~~~
grkvlt
I believe he's referring to the Ecuadorian Embassy located on that street,
where Mr Assange is located presently. There are obvious reasons (WikiLeaks)
for keeping track surreptitiously of those visiting him.

------
flashman
How would I go about building an IMSI catcher? Preferably supporting LTE.

~~~
xyzzy123
I tested it out with OpenBTS and a USRP1; that configuration definitely works.
Also needed a high-precision clock board (ClockTamer). I ran with 2G only.

For 3G/4G/LTE there's network authentication, so "in theory" you can't do
it...

I've read a bunch of stuff which says you're supposed to be able to jam or
disrupt non-2G frequencies to force a fallback to 2G... however, I'd expect a
telco van to turn up if you tried this for more than a short period of time
(the ranges you'd want to jam are massive) and I didn't try it for obvious
reasons.

BUT - what I found in practice (2011, field testing on an island near Auckland
NZ) was that a surprising amount of stuff would just straight up camp to a 2G
base station, presumably because the signal was stronger. You don't need LTE
if the phone is happy to look for the best signal. I didn't analyse what
models of phone did this, it seemed like everything did at the time.

A more interesting approach which I haven't tried involves downloading a
several GB of rainbow tables and cracking TMSIs with kraken; no idea how well
that works in practice.

------
omginternets
Let's talk about the real travesty here: making the data available ... in RTF
format -__-

------
x5n1
i am shocked, shocked i tell you

