US Suspects Listening Devices in Washington (apnews.com) 137
For the first time, the U.S. government has publicly acknowledged the existence in Washington of what appear to be rogue devices that foreign spies and criminal could be using to track individual cellphones and intercept calls and messages. From a report: The use of what are known as cellphone-site simulators by foreign powers has long been a concern, but American intelligence and law enforcement agencies -- which use such eavesdropping equipment themselves -- have been silent on the issue until now. In a March 26 letter to Oregon Sen. Ron Wyden, the Department of Homeland Security acknowledged that last year it identified suspected unauthorized cell-site simulators in the nation's capital. The agency said it had not determined the type of devices in use or who might have been operating them. Nor did it say how many it detected or where.
The agency's response, obtained by The Associated Press from Wyden's office, suggests little has been done about such equipment, known popularly as Stingrays after a brand common among U.S. police departments. The Federal Communications Commission, which regulates the nation's airwaves, formed a task force on the subject four years ago, but it never produced a report and no longer meets regularly. The devices work by tricking mobile devices into locking onto them instead of legitimate cell towers, revealing the exact location of a particular cellphone. More sophisticated versions can eavesdrop on calls by forcing phones to step down to older, unencrypted 2G wireless technology. Some attempt to plant malware.
The agency's response, obtained by The Associated Press from Wyden's office, suggests little has been done about such equipment, known popularly as Stingrays after a brand common among U.S. police departments. The Federal Communications Commission, which regulates the nation's airwaves, formed a task force on the subject four years ago, but it never produced a report and no longer meets regularly. The devices work by tricking mobile devices into locking onto them instead of legitimate cell towers, revealing the exact location of a particular cellphone. More sophisticated versions can eavesdrop on calls by forcing phones to step down to older, unencrypted 2G wireless technology. Some attempt to plant malware.
Re: (Score:2, Interesting)
With the disconnects between various agencies and departments within agencies, I wouldn't be surprised if it was some agency of the US government spying on us. It isn't like they haven't been caught already spying on Americans. But we don't talk about it because THAT would be RACIST!!!!!
Re: (Score:2)
Get someone to tag these items, if on pole, and allow the populace to use them for target practice!!
Two birds, One stone...
Re: (Score:1)
Best: Monetize. Create a mobile app and let people place bets on which country / agency the item belongs to.
Re: (Score:1)
But we don't talk about it because THAT would be RACIST!!!!!
Nobody's talking about race but you. Neither TFA nor the current topic are remotely related to race. Stop trying to drag race into a situation where it's entirely irrelevant.
In other words, STFU Trump-lover.
Re: (Score:2)
It is racist, because it happened to a great extent on BHO administration. That makes it racist. It was a hidden dig. ;)
Re: (Score:1)
Right. Because condemning one of Obama's policies is the same as condemning all blacks. Perfect sense.
STFU racist Trump-lover.
Re: (Score:2)
I didn't vote for Trump. Try again.
Re: (Score:2)
Why yes. The human race sucks. I'll use you as a fine example of why.
Re: (Score:1, Insightful)
How much do the Russians pay you to spread lies? Or do you simply do it out of the goodness of your heart.
Step 1) Use gerrymandering to win the majority of congressional seats, despite most Americans not agreeing with your politics.
Step 2) Win the presidental election by a hare's tooth, despite the your opponent being the single most unlikable politician to ever win the nomination.
Step 3) Then, despite being the first time EVER when one party has a majority of Congress, SCOTUS, and holds the Presidency,
Re: (Score:1)
"All evidence"
Enjoy that echo chamber you live in.
Re: (Score:1)
Most people aren't laughing at Trump, but at CNN, etc.
You have a very inaccurate view of "most people". You and your circle-jerk buddies patting each other on the back at Trump's glowing success is a distorted view of Americans. Would you like to trade examples of Trump misrepresenting the truth for examples of CNN doing the same? I'll start:
* Biggest electoral college win since Reagan.
* Biggest inauguration crowd ever
* Obama tappped my phones
* Construction started on border wall
Your turn. I'm ready.
Re: (Score:2)
As a non-American I can tell you that we have laughed at several of your presidents in my lifetime.
Your Mr. Reagan was considered to be a particular fuckwit, but we had confidence you would see through him and elect someone capable of tying his own shoes in 1984, but then you gave him an even bigger mandate which was a bit hard to believe really.
The next couple of guys were sort of bog standard American style arseholes, but at least they seemed to know what they were
Re:Ahem (Score:5, Insightful)
I suppose it's too obvious to point out that in a democracy, where every constituent's interests differs to some degree from every other constituent's interests, that the government's "interests" are never going to align 100% with any given person's own interests?
Whenever a choice has to be made, someone is going to be disappointed. If they are disappointed enough, they can help vote in new representatives whose policies more closely align with their own views; but of course the people who supported the original decision are also free to support its continuation. That's just democracy, not a "deep state", or a "foreign power", despite what the anti-democratic populists would have people believe.
Re: (Score:1)
Foreign? Maybe ... (Score:5, Insightful)
Sure, it could be foreign agencies .. that's plausible.
It could also be that these groups found that every fucking law enforcement and government spy agency was doing so much of this shit they'd better just shut up about it and pretend it's all OK.
Face it, America ... you live in a surveillance state, and most of your Constitution is now optional.
Stop fucking claiming you still live in a free country, or don't live in an oligarchy which only really serves the interests of corporations and the wealthy -- because that hasn't been true in years.
Re:Foreign? Maybe ... (Score:5, Funny)
They were set up by Melania. She's trying to keep an eye on Donald.
Re: (Score:2)
Face it, America ... you live in a surveillance state, and most of your Constitution is now optional.
Comrade, we're doing a lot better than you. We still elect our leaders. Opposition figures aren't murdered by the ruling party. And we can speak out whenever we want without fear of ending up in a Siberian gulag.
Re: (Score:2)
Yes, Russia is worse. Somalia worse still. Congratulations, you win the Paralympic gold medal.
Now try running your comparison against able-bodied countries.
Re: (Score:2)
I hate to break it to you, but your current elected leader was brought in power with help from a country that includes Siberia and that does murder opposition figures.
Yes, mistakes were made.
Good thing you are posting as AC and not admitting what country you are from. Otherwise, I'd need to play a little game with you.
Re: (Score:3)
Who needs a Siberian gulag, if they can gather around enough expensive advocates to hit someone with endless trials, until he/she is completely out of money. Really - If you are out of money and living on the streets, you are just as effectively neutralized as when they put you in a gulag. Those with money and power can rip somebody's life to shreds, and it's just just as effective as murdering him/her.
That's weird. I'm speaking out against my highest elected official right now and I'm not subject to endless trials and I'm not living on the street.
Regardless, I don't even know what you are talking about. Opposition isn't destroyed though legal proceedings in the US. If anything it's the other way around: opposition can tie up the powers in place with legal proceedings.
Re: (Score:2)
About as good as the grocery shoppers in St. Petersburg last Christmas.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
It's almost inevitable that everyone is spying on everyone else with these things.
Re: (Score:2)
The collection systems have 3 stories.
Criminals looking to track police, informants and city workers. To build a vast database of everyone working with and for police.
Every face, licence plate and their cell phones. Everyone in and out of city and federal buildings in real time.
Mulitnational companies tried of city and state regulations. Track every city worker and police to map out city enforcement.
Wh
Re: Foreign? Maybe ... (Score:2)
Fuck off, Ivan.
CA (Score:1)
Why the fuck are there not certificates, authorities, etc., like SSL?
Re: (Score:2)
Why are there still trusted certificate authorities in reach of US laws? I understand where they are, just not why they're still trusted.
Each cert should be signed by two authorities. One in China, one in the USA...perhaps more than 2.
Re: (Score:1)
Each cert should be signed by one authority - the fucking host serving it up to clients.
Authorities are worse than useless. Self-signed certs are far, far more secure from a trust perspective.
You just need to do the legwork and get your clients to trust the cert. If you control your environment and your clients, that's simple. If you're running a bank, that's a bit more difficult, but not too hard. You just need a trusted channel to establish communication. Perhaps in person? You could even take the ti
Re: CA (Score:2)
NONONO! That won't work...
Seriously, because it's vulnerable to man-in-middle attacks isn't it? Not an SSL guru but I thought that's what the gubmint involvement was about?
Re:CA (Score:5, Interesting)
Because... All of the backdoors required to make surveillance of the masses possible..
Time for individual point to point encryption for just about everything..
Re: (Score:2, Insightful)
Because... All of the backdoors required to make surveillance of the masses possible..
Time for individual point to point encryption for just about everything..
Let's be a bit more specific. This is another typical NSA / NIST fuckup. When the cell phone systems originally started providing encryption, they looked at the systems. Instead of identifying problems and insisting they were fixed to improve the security of US civilian systems, they identified strengths such as the original stream cipher in GSM and insisted they were weakened. Now the backdoors / deliberately ignored faults they left in the systems are being used by foreign powers to monitor their own
Re: (Score:2)
Just enough to keep out the media. Weak enough to allow mil real time listening.
Police around the world like that standard and ensured all future cell phone products would be of that crypto quality.
A good level of encryption for everyday use but would not stop any police and mil from getting voice prints.
Um (Score:5, Funny)
acknowledged the existence in Washington of what appear to be rogue devices that foreign spies and criminal.
That sentence sure went off the rails.
Manipulative News.... (Score:1, Insightful)
This is totally manipulating the general public. Let's create more fear... rather than let the intelligence agencies do their job.
Of course there are listening devices in Washington. They exist in Moscow as well- and all other countries.
Here's how it works:
Make people dumb everything down. Then scare the crap out of everyone. Then hold an election.
Works almost always.
The Own Goal, if you will (Score:1)
So agencies actually communicate with DHS? (Score:5, Interesting)
This is the original statement on which conjectures are based on:
>Department of Homeland Security acknowledged that last year it identified suspected unauthorized cell-site simulators in the nation’s capital. The agency said it had not determined the type of devices in use or who might have been operating them. Nor did it say how many it detected or where.
This statement suggests that someone in DHS Washington actually checked with every single signals intelligence agency in the country to ensure that whatever they found isn't one of their own.
Considering the competition between various agencies within the state of US, I strongly suspect that what actually happened is that they couldn't get anyone domestic they asked to admit to having planted whatever they found, so they're working on assumption that it must be foreign by default. While it's most likely planted by one of the agencies, which may not even know it's theirs on the top of bureaucratic chain, must less be able and willing to pass this information on to DHS.
Re: (Score:2, Informative)
I was wondering that myself. Maybe the CIA placed them and the incompetent FBI found them and immediately thought Russia. I call them incompetent because you can give them names of school shooters and they don't even bother investigating.
Re: (Score:2)
Trust no one. I learned that from an FBI agent. He had a funny name too, "Fox". Who names their kid after an animal? He liked to ramble on about alien abductions. He must have been awesome at his job for the FBI to keep him around.
Re: (Score:2)
I call them incompetent because you can give them names of school shooters and they don't even bother investigating.
In 2016 the FBI received 1,300 tips per day.
Re: (Score:2)
The FBI claims 35,000 employees. Doesn't seem unreasonable. They might as well save cash and cancel the tip line if nobody bothers.
Re: (Score:3)
And it is reasonable to assume the FBI does not much more than answering phone tips. Or that you, ArchieBunker, avid slashdot poster, is in a situation to evaluate the efficiency of the FBI.
We're both humans, so I'm going to suggest you reconsider this paid internet troll career path. Perhaps in post-Soviet Russian there is no other respectable path. In the USA, we have work for you here. I work with quite a few excellent Russian engineers. You have options.
Re:So agencies actually communicate with DHS? (Score:4, Interesting)
There's an easy way to find out who owns them, especially as no US government agency claims ownership.
Simply start taking them down, doing "tear-down" videos on YouTube detailing the devices' internal technology, circuitry, software, etc, and sell them on Ebay.
If it's Russian or Chinese spy equipment, you won't hear anything.
If it's US TLA equipment and they try to prosecute you, simply point to the denials mentioned in TFA. We were told they were not US government property.
Strat
Re: (Score:2)
It would be weird if some of them didn't belong to foreign spy agencies, as well as private security companies hired to dig up dirt etc.
London and I imagine most capital cities are the same, full of fake cell towers.
Re: (Score:2)
...private security companies hired to dig up dirt etc.
This is a distinct possibility. Excellent point.
It would probably be advisable before putting up that ladder to contact the municipal/city agencies, departments, or commissions responsible for regulating utility poles and similar structures and check for permits issued, then track down any obscure entities turned up on the list(s).
If there's nothing listed for them even there as well as anywhere else well then, they officially don't exist, do they? :)
Strat
Re: So agencies actually communicate with DHS? (Score:2)
A) be a mad scramble to find, deactivate and investigate...
... and B) It'd already be a diplomatic incident so massive that it'd make the Russians' [supposed inability to competently assassinate] look like a joke.
Now fuck off.
Re: (Score:2)
No other government would be allowed to build up a database on the movements of all US gov and mil workers in any pert of the USA.
Collect it all is what the US gov is an expert at. No collection competition is allowed.
Re: (Score:3)
I'm pretty sure it's illegal to operate such devices (exception for law enforcement, etc.), so if no domestic agency says "Yep, that's ours," then go and disable/destroy it anyway.
Unless you're saying that DHS would risk leaving a foreign agency's device functional rather than risk disrupting a domestic agency's device, which I find highly believable. Another example where surveillance has made us less safe, from both our own government and others.
Re: (Score:2)
Sure, it's possible that there are some US devices that the agencies are reluctant to own up to. But it's not really believable to assume all the devices are domestic.
If I were Russia's SVR I'd have them all over the place in the US and EU. Wouldn't you?
Bah (Score:2)
I guess somebody detected an Alexa device from the owner of the Washington Post an got a paranoia seizure.
Reds out of bed (Score:2)
Re: B.S. detected (Score:2)
Femtocells are small though, usually deployed inside with short range.
Feds chasing each other. (Score:3)
Homeland security saw the NSA's fake towers. The NSA of course was spying on their natural enemy...the Defense Recon Agency...who were keeping an eye on the DEA, who were trying to intercept and 'tax' CIA's cocaine money (who were already paying a tax to the DRA).
Re: (Score:2)
I don't think the government should be too alarmed or surprised. They've been actively trying to surveil every single American. Someone should have informed those dipshits that category includes them as well.
Re: (Score:2)
It's gotta be fun when two fake towers start to steal each others traffic. Bet the newer one wins. Fake tower makers can make that work for them, I would.
IIRC there was an incident during the last election where a good chunk of DC's cell network experienced real measurable, FCC reportable issues. Like two or more networks of fake towers threw RF tantrums. One likely got a patch that day.
Re: (Score:2)
Someone then has to go back over each file and work out who is DEA, CIA, FBI, NSA, GCHQ, SAS, MI6 all over the USA.
No one agency gets a total look down over all US law enfacement and collection systems due to spies, people of faith and political problems in every other agency.
Re: (Score:2)
Mostly this, with one Russian, two Chinese, and a half dozen Israeli devices thrown in for a good mix.
Re: (Score:2)
Plus one D and one R and you've got it.
but we need backdoors (Score:2)
mmm yes without the lube for everyone
Sometimes they write themselves (Score:2)
Department of Homeland Security acknowledged that last year it identified suspected unauthorized cell-site simulators in the nation's capital.
Ha ha
(in my best Nelson Muntz voice).
Intelligence (Score:1)
Found in Canada too ... (Score:5, Interesting)
One year ago, to the day ...
With a map of where the devices where, and all the probable parties that would be using them ... domestic and foreign, friendly or otherwise ...
CBC investigation finds cell phone trackers at work near Parliament Hill and embassies [www.cbc.ca].
Re: (Score:2)
"Fake mobile phone towers discovered in London: Stingrays come to the UK"
https://arstechnica.com/tech-p... [arstechnica.com]
"More than 20 fake phone towers, which indiscriminately hoover up information from phones, were found"
https://www.independent.co.uk/... [independent.co.uk]
This is correct (Score:1)
What's surprising is how long it took you to figure it out.
Oh, and all your cloud storage and Bluetooth make it so easy.
Re: This is correct (Score:2)
You know, that's what I wonder about. We live in a surveillance state, we are told. They know it all, we are told. But at what point, when we see the sketchy activity that we don't report because it's obviously THEM, do threats start to go unreported?
Self Inflicted (Score:5, Interesting)
This would not stop the authorities from conducting legal, authorized surveillance, because they could simply get a court order and have the appropriate tower operator[s] grant them access to the traffic. Unless, of course, they were conducting illegal surveillance of people and didn't have a court order, but that's hardly our problem...
In a similar fashion, there was nothing stopping the makers of the so-called Stingray and other devices from having a configurable operator setup process in which, before "standing up" in operating mode, the device requires the operator to provide the number of numbers of a finite [but reasonably] number of handsets that the Stingray is to track. Say, for example, the a maximum of 100 cell phones]. Because the internal working of the Stingray could be designed to only "pair" with handsets on the list, the Stingray could only include data from legitimate targets, thus narrowing the scope for warrantless surveillance.
Both of these techniques are entirely within our capability, today. Both would require only software changes [although I'd concede that the first is more of a protocol change].
The fact that neither of these are even being discussed - that in fact there is no discussion concerning what might need to be done to ensure that surveillance remains proportionate, limited, controlled and of identified targets - should be ringing alarm bells - and not because of some simplistic, idealistic, libertarian dogma.
All the evidence we have suggests that our security services are suffering from "data overload" - that whilst there might be valuable intelligence gathered today, our ability to sift it out of the noise is simply lacking. So far from limiting the ability of security services to "find the bad guys", steps like these would actually enhance our ability to do so, by helping to "filter out the noise".
Re: Self Inflicted (Score:2)
In the old days of P2P experimentation, I followed a project of a guy doing just that w PGP. He disappeared for awhile, came back made a post telling everyone to delete the software, and he erased it all, totally freaked out. It was called something like cryptobox, logo was box with ones and zeros coming out in all directions. It reminded me of the puzzlebox from old horror movie Hellraiser, where chains shoot out and demons appear, but the demons where govt Intel. They do NOT want people doing that!!! Enc
Re: (Score:2)
For example, I have the Signal [signal.org] application from Whisper Systems installed and running on my cell phone. That provides me with secure end-to-end encryption that even Signal themselves can't crack [because at no time and in no way do they ever get access to the private keys that the app uses].
This suggests to me that one of perhaps three or four scenarios may be true:-
Re: (Score:2)
The NSA probably doesn't do mass survailance on Signal, but can do targeted surveillance easily enough by replaced the signal client binary with a malicious one, via golden keys of the app store, or baseband/carrier manipulation.
Re: (Score:2)
Well, you can't hide MSN, or IMEI. At best you can use pre-paid SIM's bought with cash and thrown away. The actual routing though would have to be though and onion route or common VPN. and you'd need to run false data though the encrypted side so your traffic pattern doesn't stick out like a sore thumb.
Police dude : who's this who keeps connecting to 178.245.38.59 with SSL and doesn't accept SMS or voice calls.
NSA dud: Oh that's just paranoid paul, we're pretty sure he's harmless after we did an evil mai
Re: (Score:2)
Perhaps my choice of phrase here was a bit poor... In this specific context I was referring to the fact that given what we know about the operational characteristics of a Stingray [i.e. uncontrolled access to the network traffic across all devices in range], it's a lot like having terminals in police stations that link to national criminal databases and then allowing everyone to have uncontrolled access to them...
What you'd end up with is police officers using the database to run background che
A cellphone spy gizmo? In WashDC? I'm shocked! (Score:1)
Imagine the conversation (Score:3)
I'm thinking about how this played out over the phone after the DHS discovered the devices:
Re: (Score:2)
So NSA should be disbanded for incompetence? (Score:2)
Not only can they not prevent wide-ranging conspiracies (911 and other terrorist attacks) they can't even detect and shut down foreign Stingrays? More likely, this is a case of:
1) More calling wolf, like the accusation that Russia hacked an electrical grid, which turned out to be crap
2) It's more Five Eyes [wikipedia.org] bullshit. The NSA knows perfectly well that these are devices installed by foreign governments - because the NSA helped Australia, Canada or the UK set them up in the first place to get around the 4th A
Re: (Score:1)
2, you just jelling, either that or you've realized there is no escape from charges ...
Re: (Score:2)
Not realising the DHS are then handing all the fake messages over to US Army and Navy as its near their sites.
The Army and Navy take their spy findings to the CIA and FBI.
If the US spies on Germany ... (Score:5, Insightful)
If the US has been caught spying on close allies like Germany and Israel, then you can reasonably assume that Russia, China, North Korea, and others are spying on the US. (we've caught Israel spying on the US for example)
At this point I assume that even the UK spies on the US. And that Sweden probably hosts spies from other countries at the Embassy of Sweden. I guess we all like keeping an eye on our friends and there is no such thing as absolute trust between nations.
Re: (Score:2)
I dunno man, seems like Russia actually poisons people just like in movies. Maybe all the other spy movie tropes are true too.
Finally ! (Score:5, Funny)
Yet more neocon waffle posted on slashdot (Score:2)
The only people using Stingrays are the Washington police and the state security apparatus.
Stingray, the fake cell phone tower cops and carriers use to track your every move [extremetech.com]
Stingray I/II Ground Based Geo-Location (Vehicular) [theintercept.com]
Re: (Score:2)
The only people using Stingrays are the Washington police and the state security apparatus.
"Some people have X that does Y; therefore anything that does Y must be X" -> BIG, FAT LOGIC FAIL.
Good! it is karma!! (Score:2)
you see, do not do to others what you do not want to be done to you!!
Karma is a bitch!