And the antenna wouldn’t be anything like an antenna, just something that looks like a lawn-chair.
And I’d move it every day or two. And definitely not run it 24h!!!
Could still be found, but good luck.
So that then means a super-thick faraday cage around the actual device, and probably somewhat noteworthy power consumption (a battery certainly wouldn't be enough).
So after counter-side finds your camouflaged BTS, it is only disposable and relatively cheap part and doesn’t lead to whole operation uncover.
That probe part then would connect to starbucks wi-fi and interact with BTS software somewhere far from physical location, so you can’t quickly trace channel between probe and spy team.
Yeah, I'd gotten it in my head the BTS (TXCO) and the probe equipment needed to be super close together...
Some of the sites are mobile, but most of the ones I found were stationarity, and could be easily identified once you know what to look for. I'm pretty sure some of them are seriously degrading cell data/vocie quality.
I stopped once I realized there was nothing you could do once you found them. there are only a couple of options for who is deploying them none of which I want to screw with.
I am under no illusion that I can protect myself if targeted by a state based actor. Better to be lost in the crowd.
Best case scenario is it's a legitimate LEO operation.
Worse, it's a federal national security operation.
Worse still, it's a criminal, or foreign national security operation.
Only in the first scenario would the FCC even remotely have the chance to do anything. Even then it might be a legitimate operation, and they do nothing.
The FCC could have easily had their police exemption without also providing access to your average HAM, any reasonably competent hobbyist, and the security services of every other nation on the planet.
Security on cellular networks is even more of a joke than on consumer-grade wifi... it's basically a pinky promise not to look at stuff you're not supposed to look at. No fucking wonder there's a mountain of stingray clones in DC. Are they planning to fix this on 5g networks? Because there's no reason to be so concerned over backdoors in Chinese cellular modems as long as we're happily letting them in through the front door.
So in practice it would look like briefly, usually imperceptibly, losing cell service.
However, it is the responsibility of the FCC to not throw up their hands and say "Duh, we don't know how to find 'em." They have one job -- regulating the use of the RF spectrum -- and that's it.
Of course the funny part is, it’s designed so pirates can only send HDMI output to approved screens (=not recording devices), but for backwards comparibility, they has to allow HDMI-to-SVGA adapter with decoding, so the breach is wide open. But you get the intent: HDMI was supposed to bea fully-encrypted standard with only preapproved devices.
The point is that by going around the drm, even if it’s by doing something trivial, you are committing a crime.
Interesting. Where can I read more about this intent, and how it was compromised?
The standard is called HDCP
> SnoopSnitch offers tests to assess whether a device is exposed to attacks or surveillance from the mobile network. Here, the primary goal is to help mobile users detect network originated attacks, such as via SS7, SMS, or ISMI catchers. Our secondary goal is to provide a fact-based incentive to Mobile Network Operators to better improve the security of their networks.
GSM ratings: https://gsmmap.org/#!/about
> GSM Security Map compares the protection capabilities of mobile networks. Networks are rated in their protection capabilities relative to a reference network that implements all protection measures that have been seen “in the wild”. The reference is regularly updated to reflect new protection ideas becoming commercially available. Networks, therefore, have to improve continuously to maintain their score, just as hackers are continuously improving their capabilities.
The Stingrays found on K Street (far from Embassy Row) and some bridges were more likely US government operations.
So the question comes back to are there non-embassy, non-US government Stingrays deployed and how to find them.
However, in practice diplomacy is impossible without affording Ambassadors, their staff, the places where they live and work and so on, broad immunity to normal civil law enforcement. Eventually this was formalised as the Vienna Convention, and the current iteration of that convention is the state of the art as far as relations between most countries are concerned.
As a result Convention signatories do NOT on the whole search embassies of other signatories in their country. But it's not because the embassy in any sense isn't in their country.
For example the US government absolutely could tell the Russian mission to all shove off back home, they would be entitled to a "reasonable" amount of time to leave, and then the Ambassador (if he has foolishly remained) is just a Russian citizen in the US without immigration papers, the same for all staff and families. The embassy, the homes, and other facilities are all just ordinary buildings able to be searched by police, parcels sent to the embassy become just ordinary parcels which may be opened, examined, redirected or destroyed as appropriate by the USPS. The Americans would never choose to do this, because diplomatic contact with Russia remains essential, in anything short of total war, but legally they absolutely could.
Why is that?
Diplomacy requires representing your country, which sometimes requires advocating against the preferred policies of your negotiating partners. In some places, if you were subject to their laws, that would get you killed.
To expand on that, some examples:
If a new device shows up and is always present, particularly if it always has about the same signal strength or doesn't appear to move, that indicates a connected IoT device of some sort, and if you're concerned about espionage you may want to take steps to identify it.
If a particular device shows up for 8-12 hour shifts at varying times, but there are no businesses, etc. that would have that kind of attendance pattern, who's carrying that device? An investigator on-site who's also brought a personal device along?
Heck, if you're in an OnStar-equipped vehicle even if you don't have service, your vehicle may show up as always on, or at least may ping regularly.
I'm sure appropriate data mining techniques could pull a surprising amount of information out of the kind of info gathered from these devices.
If an embassy started blaring very loud music (or a siren), can the US do anything about it?
Likewise, if they started emitting strong microwaves at people, can the US do anything about it?
It seems like there must be some limitation to what you can do from the embassy to people outside of it.
The strong microwaves would be treated as an act of war: an attack on Americans, on American soil, by a foreign power. If it didn't immediately stop, the US would invade that foreign soil and do whatever it decided was required.
But that's a drastic action that won't happen before many other options have been tried.
There has been zero evidence presented so far that it is in fact foreign governments doing any of this. More likely it's the vast cabal of Federal agencies in the greater DC area all disregarding the law because nobody in the US Congress has the will to rein them in. And of course for all we know, the espionage may be entirely legal courtesy of some clandestine national security FISA sign-off.
The US Government system is made up of dozens of extremely powerful agencies, and they are at war with each other at all times for power, information and budget. Sometimes that war is cold, sometimes it's warm.
Simply put, they're all spying on each other and all aspects of the system that is meant to control them (while they attempt to control the system instead).
If there was a single city in the US that foreign agencies would target, it would undoubtedly be DC. The abundance of embassies in the city make it a very easy target.
The key sentence in the article. The reason there isn’t a fix is that our (U.S.) government prefers spying on its citizens over being protected from other powers’ spying.
Can someone explain why older protocols like 2g with inadequate encryption can't be phased out? Or why there isn't even an effort or attempt or option to disable it?
Telcos do not care about technical means of security. As long as the average person can’t eavesdrop it’s good enough. When it comes to protecting their economic interest (preventing free calls) they use smart cards and strong encryption. 800MHz scanners have been illegal for decades.
Legacy support and reliability are very important (in the context of cellular service which still is inferior to fixed telecommunications). Customers will get angry if you tell them their phone is obsolete. Or encryption incompatibility causes failed calls. The FCC takes a dim view on 911 failures, so phones must have a fallback no enciphering mode to maximize 911 call success. Compatibility with roaming host networks must be maintained.
AT&T shut down their GSM network Jan 1 2017 but UMTS has plenty of vulnerabilities too. The SS7 protocol underpinning the PSTN lacks authentication.
To avoid getting folks too worried about it being a widespread issue, this occurred for specifically targeted MENA-based cellular carriers, as I recall.
Any foreign embassy running one, has no right to radiate beyond the border of the embassy, where it is US soil and not foreign.
Is there a more high value city for a foreign government to spy in? Seems foolish to assume occams razor here, at least for all of the devices
HTTPS is secured using SSL/ TLS. SSLv1 is so bad it didn't survive the laugh test when it was explained to actual cryptographers, I can't find any records of what it did. SSLv2 is also pretty bad. SSLv3 is at last good enough that actual cryptographers spent time finding holes in it and today it's considered so broken as to be useless.
TLSv1.0 went to the IETF. More eyeballs will fix it right? Note if they're all engineers. Finally in TLSv1.2 the cryptographers were called in, but only after it was finished. "Hey, is this finished thing secure? Yes or No answers only"
Only in TLS 1.3 which is finished but yet to be official, did they _start_ with cryptographers and do the engineering problems later after the cryptographers had baked in the security.
At work, after a system being in use for several years, I was told we couldn't put more key-value pairs into the session information, it was "full". So I went to see how this could possibly be true. All the session information is turned into a JSON blob, which is turned into a few hundred bytes, and then those bytes are encrypted with RSA with the results stored in a Cookie. RSA is only designed to encrypt small quantities of data, which isn't a problem because it's supposed to be used to move a symmetric key. But far, far more importantly - even if this particular _method_ of doing so is crazy why are we encrypting all this data and hiding it in a Cookie at all? That's crazy.
Also the examples you cite it's not clear of those standards bodies were infiltrated by the same agencies implicated above. They very much do run private cover operations and "plant" people or acquire companies that allow them to weaken these protocols or standards.