
Cellphone Spy Tools Have Flooded Local Police Departments - rasmi
http://www.citylab.com/crime/2017/02/cellphone-spy-tools-have-flooded-local-police-departments/512543/
======
sh-run
I've lived in Fort Worth, TX for about a year. I was already aware of the
existence of these devices. I had no clue that my local PD was spending such
an insane amount of money on surveillance. It's also worth mentioning that our
population is _only_ 792K.

I've lived in Texas most of life and in general I think the people here are
great. However, Texans do have a tendency to blindly support anything the
Military and Police want to do, while at the same time complaining about big
government.

I guess I'd better start bringing this up in my circles. I don't think many
people are fully aware of what's going on.

~~~
sreenadh
>However, Texans do have a tendency to blindly support anything the Military
and Police want to do, while at the same time complaining about big
government.

I did observe that. Why is that so? Historically was the police or sheriffs
independent from the government?

~~~
nojvek
I never understand why America spends an obscene amount of money to make
technology to kill other people. Education is suffering, public transportation
and healthcare is ridiculously behind western nations but military still gets
an insane budget.

I would like Google and Apple to really up their game on security.

~~~
wwweston
It might be part and parcel with the American Dream. Believing that society is
a meritocracy -- that your success or failure is primarily a function of the
effort you put in (plus whatever sui generis "merit" you personally have) is
another version of a just world. And if you have a just world, well, surely if
you've commanded the attention of the police or ire of the military, you've
done something to deserve it, right?

------
troncheadle
So what is the move if you are caught with your pants down, and a LEO is
requesting access to your actual phone? Does a factory restore wipe all data,
or is in necessary to wipe, fill up with bunk data, wipe again?

I don't know about everyone else but my phone is has data including me talking
about controversial opinions, intimate photos, and various other data that I
would not want anyone else to have.

~~~
Tangurena2
In the US, use passwords to protect your phone. Passwords have been held by
courts to be testimony and thus protected by the 5th Amendment. Patterns,
swipes, facial recognition and fingerprints have been held by courts to be the
equivalent of "keys" and you can be required to turn them over upon being
ordered by a lawful authority (such as a police officer demanding them).
Passwords require a court order and if you have a competent attorney, they can
argue that revealing the password would result in self-incrimination (and this
can spend a lot of time in court before anything happens).

~~~
freedrock87
[https://arstechnica.com/tech-policy/2017/02/justice-naps-
man...](https://arstechnica.com/tech-policy/2017/02/justice-naps-man-
jailed-16-months-for-refusing-to-reveal-passwords/)

------
jakelarkin
'Cellebrite "Pro Series" purchases all appear to include the firm’s Cloud
Analyzer tool, which extracts “private-user cloud data” by "utilizing login
information extracted from the mobile device.'

Chilling that is can be done without a warrant e.g. arrested protesters or to
citizens crossing the US border.

~~~
shostack
Does this mean that as long as you use different strong passwords for
everything (via say, 1Password), and do NOT use a fingerprint unlock, Cloud
Analyzer wouldn't work?

Or is it extracting login info in some other manner that would still function?

~~~
josephg
Presumably it'd require passwords or cookies to be downloaded from people's
phones to work. With those credentials they could login to FB / Twitter /
GMail etc and snoop about, downloading whatever data they can find there too.

I doubt they could do that passively. It would probably require them
physically taking your (unlocked) phone and imaging it. (Which I suspect is
becoming standard practice when they arrest people, if they can get away with
it.)

If thats the case then 1Password would only keep your credentials safe while
you aren't actually logged in to the services in question on your phone.

------
arca_vorago
“Criminals tend to try and make tracking their data more difficult, so this
kind of mass collection of telephony data will more easily find our political
activists, our civil society leaders, and just regular people,” he says. “If
the courts—if the public—knew how powerful these tools were, they would move
to restrict their use.”

The mass surveillance system is about control, not security, and I think time
and time again that is being proven. On the constitutional post-warrant data
anlysis tools I have these issues:

1) This is local law enforcement wising up and playing a similar game to the
big three letters.

2) I have concerns about the privacy protections for those associated with
suspects, and see ripe abuse potential for guilt by association or even "using
data from a warrant to get the data on the person you really want but can't
get the warrant" type of situations.

3) I have concerns with the level of data sharing between the LEA's, and the
post shared protections of said data.

4) I have concerns with private companies providing these services because
private companies often have sub-par data security practices, and often have
strange third-party data selling loopholes so they often end up "scrubbing"
data and selling it, but most of us know it's not that hard these days to
"unscrub" that kind of data.

All of this is assuming we are just talking about constitutional methods too.
What I find even more insidious and dangerous is the unconstitutional tools
like imsicatchers and others being used for parallel construction.

Bottom line is this: the LEA's and LEO's need to remember that they swear an
oath:

"I, [name], do solemnly swear (or affirm) that I will support and defend the
Constitution of the United States against all enemies, foreign and domestic;
that I will bear true faith and allegiance to the same;"

The problem as I see it, is that I tracked down the law that punishes congress
for a few specific violations of oath of office (5 U.S. Code § 7311), but I
have yet to find any law for punishing people in the executive branch for
violation of oath of office. If anyone knows of such, please let me know.
IANAL, so perhaps 5 U.S. Code § 7311 could apply to the executive and I just
misunderstand it.

------
al2o3cr
Holy passive voice, Batman. Surely a better title would have been "Local
Police Departments Buying Loads of Cellphone Spy Tools", since it's not like
the damn things are mysteriously appearing unbidden...

------
dandare
I think the only thing that can prevent the US from spiraling into a
dictatorship is a successful Netflix show about US spiraling into a
dictatorship. Maybe it is too late for that too.

------
DyslexicAtheist
hackingteam breach has shown that law enforcement are among the biggest
customers of HackingTeam. They supply not just the tools but also a
subscription (to the constantly changing) payloads to breach a target. Kind of
a poor man's TAO for the "neighborhood" police-unit. These tools make planting
evidence just as easy so it is a massive change in the amount of trust put
into individuals working in LE. This is even more scary when you think of how
little the average cop knows about the tech they use from some questionable
outside private vendor.

[https://media.ccc.de/v/30C3_-_5439_-_en_-
_saal_1_-_201312292...](https://media.ccc.de/v/30C3_-_5439_-_en_-
_saal_1_-_201312292105_-_to_protect_and_infect_-_claudio_guarnieri_-
_morgan_marquis-boire)

[https://www.technologyreview.com/s/543991/the-growth-
industr...](https://www.technologyreview.com/s/543991/the-growth-industry-
helping-governments-hack-terrorists-criminals-and-political/)

------
theonespy
I think it's not just the Govt and Police who involves in spying on people's
data. Multiple spy apps i.e. TheOneSpy, PhoneSherif, FlxiSpy, and much more
are readily available in the online market to spy on anyone's data through
his/her smartphone. In my point of view first, we should ban these data and
privacy breach apps in our state then move on the other Governmental
monitorings and protect our privacies.

------
JustSomeNobody
Do the cell site simulators spoof existing towers? How hard would it be to
write an app to detect when you connect to another tower and shut the phone
down. Unless Google and Apple don't let you programmatically shut down the
phone.

~~~
2_listerine_pls
Stingray's inner workings are supposedly not disclosed but it is said to mimic
a nearby cell tower. I bet the device just echoes & amplifies the signal to
trick your phone to connect.

If that's how it works, then If you know what each tower relative strength
from that given position must be and you note a new surge in strength, that
will tell you. You could also use triangulation with cooperating devices.

~~~
notatoad
Note that cell providers will install perfectly legitimate temporary towers to
handle increased demand, so simply looking for a surge in signal strength over
"normal" levels doesn't necessarily indicate surveillance.

------
M_Grey
Huh. Is there a good, open, secure encryption messaging system you can get on
Android?

~~~
simplyluke
Signal by Open Whisper Systems is far and away the most popular right now.

~~~
hughw
Isn't WhatsApp more popular? I understood it to be more popular and accessible
while still using the Signal protocol.

~~~
SturgeonsLaw
More popular, but also closed source and owned by Facebook (make of that what
you will)

~~~
stevehawk
who has publicly stated that they're mining the metadata, and does not by
default notify you when one end's keys change (say if the phone were
compromised).

------
Jill_the_Pill
Analyzing this sort of data is why the NYPD is suddenly hiring 100
statisticians?

[https://www.linkedin.com/jobs/view/245927769](https://www.linkedin.com/jobs/view/245927769)
[http://www.nypdrecruit.com/statistician-
level-1/](http://www.nypdrecruit.com/statistician-level-1/)

------
a3n
So if the Washington D.C. police, or anyone who can afford it, are tracking
protesters, or merely tracking, near the White House, they may inadvertently
intercept calls from all those insecure, non-presidentially locked phones
carried by top White House aides, and by the President?

------
analogmemory
I have no idea how this works. Can someone explain the site simulators? When
the site simulators intercept the traffic, they can see all the data. If it's
encrypted, can they still read it or decrypt it somehow?

~~~
revelation
Site simulators aren't very new technology. Police departments have had these
devices for so long that they were even mentioned in The Wire (2002) with the
exact brand name (StingRay).

Handsets will always connect to the basestation with the strongest signal,
there is no authentication involved. They then "exploit" (it's really by
design) a feature of GSM where you can simply tell the handset not to use any
encryption, and since the interface between baseband chip and application
processor (the ARM that runs your Android or iOS) is more akin to a cold war
curtain than actual information exchange, your device won't ever notify you.
Even if they enable the old A55 encryption, that can be cracked in realtime
nowadays.

One popular use is to mount them on a drone, wait for it to detect a
particular IMSI and then bomb the general area. That is the reality of the so
called "precision strikes" in Afghanistan or Iraq.

~~~
iak8god
> One popular use is to mount them on a drone, wait for it to detect a
> particular IMSI and then bomb the general area. That is the reality of the
> so called "precision strikes" in Afghanistan or Iraq.

Holy crap. Do you have a good source for that? I've somehow never heard this
before.

~~~
zkms
AFAICT the codename for the SIM-card-finding operation on drones is
"GILGAMESH", here's a few things about it:

See [https://theintercept.com/2014/02/10/the-nsas-secret-
role/](https://theintercept.com/2014/02/10/the-nsas-secret-role/) and
[https://theintercept.com/surveillance-
catalogue/gilgamesh/](https://theintercept.com/surveillance-
catalogue/gilgamesh/)

------
lfender6445
Would wifi calling help in a situations like these?

~~~
ParadoxOryx
Yes, your calls would be traveling over an encrypted tunnel to the carrier
instead of the (simulated) cell tower, thus preventing the Stingray/site-
simulator from carrying and listening in on your call.

However, it would not stop someone from listening to the call at any point
over the rest of the path since the call itself is not encrypted, only the
transport between the carrier and your phone.

