Hacker News new | past | comments | ask | show | jobs | submit login

Stingrays were being used as early as the 1990s by federal law enforcement. They were used to help locate Kevin Mitnick in North Carolina.

Edit - I recall reading that years ago in Tsutomu Shimomura's book 'Takedown' (published in 1996). Outside of this, I have no other reference. It's a good read BTW. https://www.amazon.com/Takedown-Pursuit-Capture-Americas-Com...

Your assertion re early 1990s is backed up here: https://www.wired.com/2014/03/stingray/

"Use of stingray technology goes back at least 20 years [ <= 1994]. In a 2009 Utah case, an FBI agent described using a cell site emulator more than 300 times over a decade.... "

I seem to have gotten rid of my copy of Takedown, but Jonathan Littman writes in The Fugitive Game, paraphrasing John Markoff:

"...Shimomura was sitting in the passenger seat of a Raleigh Sprint technician's car, holding a cellular-frequency direction-finding antenna, and watching a 'signal-strength meter display its reading on a laptop computer screen.'"

This sounds, perhaps, functionally equivalent to a modern stingray, but I suspect it was not operating as a cell-site simulator. The hardware/software required at the time to "man in the middle" Mitnick's cellular calls would not have fit comfortably with Shimomura in the passenger seat of a car and would not have run smoothly on a mid-90's era laptop. Also, the bandwidth required to forward the connections would have only been achievable over directional microwave or landline which seems unsuitable for use in a moving vehicle. However, this was the dawn of digital cellular networks. The calls would not have been encrypted in any way at the time so tracking the source of specific emissions using triangulation would have been fairly trivial, especially with the assistance of a Sprint technician with access to the CDMA code Mitnick's handset was using at any given time.

Actually, I just checked and it seems Sprint didn't launch its PCS network until later that year[0] so it's possible the network in question was analog(?), making simply "listening in" even easier, without having to simulate anything.


Actually, the software to do this kind of thing was actually what Mitnick was after!

It would be laughably easy by today’s standards. Cloning AMPs phones (with ESN/MIN from “trashing” and bootleg Motorola service software) was within the reach of bored teenagers, but the elusive “vampire phone” required decoding the control channel. This was “hard” at the time.

It could be done with the right service equipment or say, suitably hacked firmware for something like an OKI 900...

No stingray required, you could indeed do everything passively. Very different times. Today you could probably do it all by dragging a few blocks around in gnu radio’s grc tool.

They even use one in an episode of the wire (circa 2003).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact