

German authorities sent 440,783 SMS to track citizens w/o their knowledge - weinzierl
http://www.f-secure.com/weblog/archives/00002294.html

======
richardburton
_German law enforcement agencies have been "pinging" mobile phones ... [and]
they can be used to locate the cell towers through which the pings traveled.
And thus, can be used to track the mobile targeted._

That is just so scary. I am watching the video this blog-post was based on
here:
[http://www.youtube.com/watch?v=YWdHSJsEOck&feature=youtu...](http://www.youtube.com/watch?v=YWdHSJsEOck&feature=youtu.be)

------
CaveTech
More and more companies seem to be forced/coerced into implementing backdoors
into their chips, components, software.

While the government will obviously claim it is for the good of its citizens,
it would be nice if companies would be transparent about the matter. Maybe not
shown to the average consumer, but one should be able to get a report
detailing the hidden functionality that something has.

By using the device/whatever I would know that I could be monitored, but at
least it would be a conscious decision on my behalf. I wouldn't be at all
surprised if in 5 years everything I owned was reporting my actions back to
some government center.

------
richardburton
SMS is unbelievably insecure. I am a rank amateur but I have done things with
SMS that should not be possible. I have emailed all the networks to explain
the problem but none of them have responded.

~~~
caxap
Recently in Germany many banks introduced a new "security" feature that allows
you to receive your TANs per SMS in order to do online transactions. The TANs
are sent in plain text. All you need is a UMTS receiver and a way to analyze
the data, e.g., a software-defined radio implemented on an FPGA.

~~~
Maxious
Isn't this more secure than having nothing? There is a large additional cost
to the wrongdoers in that they have to get close to you (even if they know
your home address, how do they know you and your phone are home). Seems like a
deterrent when you could be running credit card phishing sites for less work
per victim. And you would still get the intercepted text, the ones I get from
my bank in Australia suggest if you didn't request the token to contact them
immediately.

~~~
aristidb
The old alternative in Germany was that you had a piece of paper with numbers
on them. So it absolutely may be a step backward.

~~~
stesch
I might add, that the numbers were indexed and the banking software was
requesting a random TAN. This was called iTAN.

~~~
darklajid
We had both (both the original TAN list where every number could be used just
once and invalidated all previous numbers on the list and the iTan system).

I prefer the token thingy my bank gave me. Insert your direct debit card,
enter two numbers from the screen (usually corresponding to your transaction
in some way, to confirm _again_ that you're really trying to send money to
account X) and generate the TAN. Done.

------
kristofferR
Is there any way to disable or at least make the silent SMSes show up in
Android or jailbroken iPhone?

------
yuhong
Also note that these silent SMSs can also help with cracking A5/1, the broken
GSM encryption algorithm. I think this attack was demonstrated at a previous
CCC.

------
r19
I'm surprised this police tactics are still now widely known outside of
Germany. But seeing the included GPS chips in smartphones & tablets makes me
believe that this is even easier & more precise these days for other
"institutions" and Online-Targeting companies without publishing this.

But maybe there is also hope with smartphones, you could start effective
"Gegenmaßnahmen" (counter-measures) by routing your calls via vpn,voip and
anonymous throw-away calling cards - to cover at least your location. But
don't forget to disable the "location based serives" and install an outbound
firewall then ;-)

------
tempire
This is hilarious, considering the hard time German government gives Google in
terms of privacy.

~~~
jbjohns
Why? Google is some outside entity from another country. Do you find it
hilarious that I discipline my kids but it would probably result in a physical
altercation if someone else whom I didn't place in authority (explicitly or
implicitly like the schools) did?

Granted, I wouldn't want to be live under a government that thought of me as
"belonging" to them [1] but their stance here isn't remotely hypocritical.

[1] The US government does as well though. The US is the only country in the
world where you if you sell everything you have in the US and move away to a
new life they still expect you to pay them taxes on what you earn _in the new
country_.

~~~
ugh
But it’s FUD. It’s a smokescreen.

Google is harmless compared to the power nation states have. It’s just wrong
to focus your effort on companies and not states. What politicians try to do
is make privacy all about companies and not the state and that is, honestly,
disgusting. All their gushing about Facebook and Google only serves to hide
their own failings.

~~~
jbjohns
I disagree. The bigger the company gets the more influence it is likely to
have on one _or more_ states. Both corporations _and_ governments are
dangerous and should not be trusted with privileged information.

~~~
ugh
Sure both. But nation states are far, far, far more dangerous.

------
ims
I'm very wary of this sort of tracking, and I do take it seriously... but I
just want to point out that this number _could_ make the tracking sound more
widespread than it actually is.

The article implies that certain targets are pinged continually in order to
establish their patterns. Pinging somebody once per minute for an entire day
would come out to 1,440 messages.

Not saying the number is or isn't inflated, just pointing out that they could
potentially have tracked a very small number of people for a while.

------
rokhayakebe
This is an honest question: why are people so concern about privacy when it
comes to their government? What is the issue with the gov listening to my
phone calls if I am not doing anything illegal?

Note: I was once followed by the FBI because they were following someone I was
spending a lot of time with. I ended being asked for a coffee by the agent. I
was not worried because I had nothing to hide.

~~~
seekely
What is the issue with the gov watching my girlfriend and I have sex if we're
not doing anything illegal?

In other words, where is the line to what is or is not the government's
business, and why does the government get to determine where this line is?

~~~
jQueryIsAwesome
You know why the goverment is called the goverment, right?

gov·ern : Conduct the policy, actions, and affairs of (a state, organization,
or people).

