
Signs of Secret Phone Surveillance Across London - walterbell
https://news.vice.com/article/vice-news-investigation-finds-signs-of-secret-phone-surveillance-across-london
======
scott77
Interestingly enough, during last trip to London, my phone (Nexus 5 running
Cyanogenmod 12.1) was able to somehow detect _something_ fishy and warned me
several times "Network may be monitored by an unknown 3rd party". Among
others, I've seen this warning two times out of two when passing by
Cheapside/St Martin's corner - next to the St Paul's Cathedral.

At the time I just dismissed this as some tinfoil hat developer adding some
nonsensical warnings to the firmware, but in retrospect, after reading this
article - this matches perfectly, chances are - phone was indeed detecting
Stingrays. Still no idea how it managed to do it.

EDIT: I had no data/IP connection of any kind at and around the time of seeing
this, so this is clearly unrelated to TLS interception.

~~~
m_t
I'm not getting these warning on my Nexus 4 running the default Android build.
The only time I see them is when I use my own VPN connection.

Do you think it might get triggered on your phone by the presence of the anti-
porn filter that UK mobile provider have? For instance, when trying to access
"adult" website (I use quotes as sometimes, even non porno website gets
filtered out) you end up on your mobile provider page blocking you from the
actual website your looking for.

~~~
andyjohnson0
Some details regarding the message here:
[http://security.stackexchange.com/questions/61750/android-
ki...](http://security.stackexchange.com/questions/61750/android-kitkat-
reports-network-may-be-monitored-by-an-unknown-third-party-whe)

~~~
scott77
This is not the message I've seen. There was nothing about TLS, trusted CA
installation, emails, apps, or websites.

I wish I've taken a screenshot of it!

~~~
andyjohnson0
The message you quoted appears in the left-hand screenshot [1] showing
notifications, not the one on the right containing a dialog box.

[1] [http://i.stack.imgur.com/7nCMFm.png](http://i.stack.imgur.com/7nCMFm.png)

------
darkr
> A VICE News investigation has found evidence that sophisticated surveillance
> equipment that spies on people's phones is being used across London

That the Met (and other police forces) regularly use IMSI catchers is not new
information - here's a ~5 year old Guardian article on the subject:

[http://www.theguardian.com/uk/2011/oct/30/metropolitan-
polic...](http://www.theguardian.com/uk/2011/oct/30/metropolitan-police-
mobile-phone-surveillance)

------
madaxe_again
Watched the documentary last night.

Given that these things are cheap, would any fellow Brits be interested in
clubbing together and acquiring one and installing it in or around parliament?
I'm sure there would be plenty of buyers for the call records of MPS.

~~~
chippy
Isn't it illegal to have one and run one in the UK if not licensed?

~~~
madaxe_again
Well, as they're officially not used at all in the UK, there's been no need to
create any legislation around them, so while this could be an offence under
the communications act, you could argue (probably unsuccessfully) that you're
actually providing a service to customers by taking their data to protect them
from themselves, as they may be terrorists and not yet know it.

~~~
stevejones
It's almost certainly an offence under RIPA.

~~~
noir_lord
Most things are.

------
Thlom
Same thing found in Oslo about a year ago. Police Security Service denied they
existed though. If I remember correctly these were mostly located around
parliament and other government institutions as well as in the embassy area.

Report in english: [http://www.aftenposten.no/nyheter/iriks/New-report-Clear-
sig...](http://www.aftenposten.no/nyheter/iriks/New-report-Clear-signs-of-
mobile-surveillance-in-Oslo_-despite-denial-from-Police-Security-
Service-8071885.html)

~~~
kzrdude
Hopefully there will be some action on this in Norway. Unless they want to
ignore unconstitutional police and agency activity, just like in .. so many
other major countries.

~~~
vidarh
It took 40+ years of illegal surveillance of left-wing politicians before they
finally took the allegations seriously and investigated it, and the result of
extensive evidence of breaking the law was renaming the agency and some slaps
on the wrist, so I have no reason to believe they've improved.

------
jritchie
Do IMSI catchers have any way of verifying the intercepted IMSIs are
legitimate? If not, would it be possible to build a device to flood them with
fake/spoofed IMSIs?

~~~
desdiv
>If not, would it be possible to build a device to flood them with
fake/spoofed IMSIs?

Technical ability wise, yes.

Legally, no. The Mobile Telephones (Re-Programming) Act 2002 [0] makes
spoofing IMSI, even that of your own, illegal in the UK.

[0]
[https://www.staffordshire.police.uk/info_advice/crime_preven...](https://www.staffordshire.police.uk/info_advice/crime_prevention/immobilise/reprogramming/)

Disclaimer: I am not a lawyer.

~~~
thomasahle
I fail to see how re-programming is related to spoofing?

~~~
fweespeech
> (1) A person commits an offence if:

> he changes a unique device identifier,

~~~
dfox
Technically, IMSI is not a device identifier. MT has IMEI and SIM (or more
precisely ICC) has ICCID (which is normally never transmitted over the
network). And the legislation probably specifically targets spoofing the IMEI,
as spoofing IMSI does not gain you anything other than absence of service (on
normal GSM/3GPP network).

~~~
fweespeech
The fact the Government is using it as an identifier likely means they can
argue legally you are attempting to change the identifier.

Technically correct for technical discussions is not the same as contextually
correct in a court room.

~~~
vetinari
IMSI is not a mobile phone identifier, it literally means International
_Mobile Subscriber Identity_ and is provisioned in the SIM card.

You will change your IMSI by simply changing the SIM card.

~~~
dogma1138
No you won't, IMSI provisioning is mostly done today remotely. The SIM card
will have an empty IMSI partition and once you've "activate" it with the
parent network the network will provision an IMSI on that card. If you have an
account with a cell provider you'll carry the same IMSI number when you switch
devices and SIM cards.

If you use pre-paid sim cards then those usually have thin provisioning of
IMSI numbers they network buys a certain amount and activates them when the
SIM card is activated and deactivates them once the SIM card has been inactive
or not been topped off for a certain period of time (usually around 90 days).

When some one has your IMSI they can tie it directly to your personal details,
phone number and various other details if they have sufficient access to the
global cell system they can also get your location and what tower you are
connected to. Historical log data will give them any tower you've been
connected too from the first tower during the initial activation and
provisioning to the last tower you've been connected too. Depending on the
network and device most phones also send out nice diagnostic information about
other towers and networks they see all the time regardless of what tower they
are connected too at the time that with a given IMSI number will allow some
one to triangulate the position of the device to under 10M in most urban areas
if some one knows your IMSI they can pretty much pin point what room you are
in at your house (give your house have several rooms pointing at different
directions ;)).

------
pmlnr
Recommended app for phones not doing this by default:

[https://f-droid.org/repository/browse/?fdfilter=SnoopSnitch&...](https://f-droid.org/repository/browse/?fdfilter=SnoopSnitch&fdid=de.srlabs.snoopsnitch)

~~~
alexandrerond
also
[https://f-droid.org/repository/browse/?fdfilter=imsi&fdid=co...](https://f-droid.org/repository/browse/?fdfilter=imsi&fdid=com.SecUpwN.AIMSICD)

(does not need root)

~~~
akerro
and also does not detect anything. It's placebo.

------
simonvc
Richard from Privacy International pointed me at these:
[http://www.amazon.co.uk/dp/B00RRL4XLW](http://www.amazon.co.uk/dp/B00RRL4XLW)
It's a faraday cage for you phone. Pop it in and you disappear instantly.

~~~
sveiss
I'd have thought simply switching the phone off would be easier? Much better
on your battery life too, if the phone turns the transmit power up to try and
reach a base station.

~~~
alex_duf
I wouldn't feel safe until the battery is removed (which unfortunately isn't
possible on most phones anymore)

The baseband still has access to your battery when your phone is off.

~~~
raverbashing
> The baseband still has access to your battery when your phone is off.

Citation needed?

Because the definition of off, for most phones, is exactly that.

~~~
Spooky23
This capability has been known for many years. From 2006:

>"The FBI can access cell phones and modify them remotely without ever having
to physically handle them," James Atkinson, a counterintelligence security
consultant, told ABC News. "Any recently manufactured cell phone has a built-
in tracking device, which can allow eavesdroppers to pinpoint someone's
location to within just a few feet," he added.

Source:
[http://blogs.abcnews.com/theblotter/2006/12/can_you_hear_me....](http://blogs.abcnews.com/theblotter/2006/12/can_you_hear_me.html)

I believe (but cannot cite) that this capability became mainstream when E911 &
GPS was mandated.

This stuff is a big reason why BlackBerry was so critical to regulated
industries and public company execs. PIN messaging on legacy BlackBerry was
secure between devices on the same BES, and there wasn't a direct linkage to
the user's identity, which made it easy to lower the value of metadata
collection.

The fact that BlackBerry designed around this early on leads me to suspect (as
an outside observer with an imagination) that mass metadata collection was
known by folks in industry back in the 90s.

~~~
gherkin0
> The fact that BlackBerry designed around this early on leads me to suspect
> (as an outside observer with an imagination) that mass metadata collection
> was known by folks in industry back in the 90s.

Wouldn't a simpler explanation be that it was just over-designed for 90s-era
threats in a way that hardened it to some more recent threats?

~~~
Spooky23
It is definitely a simpler explanation.

Consider however that none of their US based competitors managed to do address
those threats in a meaningful way.

------
arca_vorago
I stayed in The City during the holidays and at one point walked close by the
Police hq. After continuing on I enabled gps for a moment and even though I
was half a mile a way my gps was showing me smack dab in the center of the
police hq for about 15 minutes... I realized then what was happening and that
I should have known better, but I had forgotten to ask a friend to take his
faraday cage laptop bag and phone bag... I knew better and am still kicking
myself for it.

The UK's level of surveillance is extremely unsetteling to me, and quite
frankly I think a lot of Americans have forgotten all the reasons why the UK
might not be as good of an ally as everyone thinks since the 47 USUK
agreement. Thr point being that I really hope our politicians dont start
adopting That level of surveillance just because they do it to.

It seems we have quietly been in a surveillance arms race, which isnt good for
the population at all.

~~~
vidarh
City is "special". While there are reasons to be concerned about surveillance
elsewhere in the UK too, City has its own police force, and surveillance
levels that makes even the rest of London seem like total anarchy.

In the rest of London there are certainly other buildings that are covered by
extensive government surveillance, but most of the surveillance in London -
and the rest of the UK - is privately owned, and rarely more than passively
recording. The level of street level monitoring in the UK is often vastly
exaggerated - police often can't be bothered even trying to check CCTV because
getting hold of footage is a lot of effort and rarely is of much help.

GCHQ surveillance of networks is another matter.

~~~
switch007
It's not clear if the OP meant the City of London police HQ (Wood Street), or
the Met HQ (Scotland Yard, not in the City)

------
alex_duf
It doesn't really comes as a surprise, but it's good to see the news coming
out. Now we need a legal framework to ensure this form of power isn't abused.

~~~
Chris2048
We the west, or America?

~~~
alex_duf
We humans?

edit: aside from that utopic reply, what I mean is "any country that has
cellphones and want to protect their citizen should implement a legal
framework to prevent abuse"

------
yenda
When you combine this news with this one it makes you think twice before
bringing your phone to a protest
[https://news.ycombinator.com/item?id=10905643](https://news.ycombinator.com/item?id=10905643)

------
chippy
I seem to recall a recent discussion where these devices are very hard to
identify compared to a number of legit mobile phone amplification devises that
many large buildings have for their employees in cities.

Is this the same technology?

------
rnhmjoj
Are prices so high in order to prevent private use or are they really that
expensive? What keeps anyone from building their own?

------
mikewilliams
I've read in the past that phone tapping produces an audible echo, is this the
case with imsi-catchers as well or has the technology advanced far enough it's
not possible to detect being tapped?

------
jcromartie
If a technology exists, and can feasibly be leveraged by a party to its
advantage, then you should assume that it is happening.

