Silk Road forums

Discussion => Security => Topic started by: inigo on January 22, 2013, 12:05 am

Title: Stingrays aka IMSI-catchers
Post by: inigo on January 22, 2013, 12:05 am
Any of you hackers out there working on ways to defeat this evil technology? I am having a hard time finding any info on counter-measures to this LE tool and am coming up with nothing. I know we have some smart cookies in our community here and I would love to get an education on what if anything has been or is being done to combat these things.
Title: Re: Stingrays aka IMSI-catchers
Post by: catfishinmysocks on January 22, 2013, 12:15 am
If you have a phone that is, or can be set to, only 3G then they cannot get you with this if I'm not mistaken.
Title: Re: Stingrays aka IMSI-catchers
Post by: MedicalM on January 22, 2013, 01:15 am
Ive thought about this for a few years and i have been reading about this from published government papers here in the Netherlands.
They need a special permit to place a IMSI catcher near your residence. They will monitor EVERY call in a radius of 40 meters.
Here in the Netherlands they use voice recognition program to map out witch IMEI is belonging to the target (YOU). They will only use this tactic if they know you are using burners.

My advice is to only use (switch on) your burner phone outside the 40 meter radius to be sure. Its a better idea to school your team in using a laptop with a prepaid internet dongle using an VPN based XMPP-OTR chat program so you don't need those nasty phones!
Title: Re: Stingrays aka IMSI-catchers
Post by: kmfkewm on January 22, 2013, 01:38 am
I suggest against using phones. XMPP or IRC are nice, use your own private hidden service if you want, OTR + Tor...you can even do all of these things from your phone if you really need the portability a phone offers. Then you will have encrypted and untraceable text communications, although if you use a phone your movements can still be tracked (then again they can probably be tracked pretty well if you use a laptop too, unless you make sure to very frequently spoof your MAC address).
Title: Re: Stingrays aka IMSI-catchers
Post by: Nightcrawler on January 22, 2013, 07:39 pm
Any of you hackers out there working on ways to defeat this evil technology? I am having a hard time finding any info on counter-measures to this LE tool and am coming up with nothing. I know we have some smart cookies in our community here and I would love to get an education on what if anything has been or is being done to combat these things.

The simplest, not to mention best, way to defeat these IMSI catchers is DO NOT USE A PHONE.

I simply cannot fathom how convenience can be _so_ important, as to place one's security at risk.

Nightcrawler <Nightcrawler@SR>
PGP-Key: 4096R/BBF7433B 2012-09-22
Key fingerprint = D870 C6AC CC6E 46B0 E0C7 3955 B8F1 D88E BBF7 433B
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090
Title: Re: Stingrays aka IMSI-catchers
Post by: sourman on January 22, 2013, 10:39 pm
It appears that IMSI catchers do not rely on the old AX/X GSM stream cyphers in order to simulate a cell tower, so it probably won't make a difference if you are on 3G or not. To avoid them, either use a CDMA line if you're in the US, or remove the battery from your phone and only turn it on in random areas. Once it's on, keep it active (in a call) until it's time to turn it off again. If you are able to place a call immediately after turning it on, odds are you're connected to a legit tower and not a stingray.

Depending on risk factor, one can also use a combination of VOIP/Tor-based text services as kmf outlined. Use encrypted, anonymous, authenticated chat a la OTR as much as possible, and if necessary, it's also possible to setup a paging service via email or some kind of online SMS box. That way you can call people back via VOIP-over-open-WiFi if need be.
Title: Re: Stingrays aka IMSI-catchers
Post by: inigo on January 23, 2013, 03:36 am
I wasn't talking about communications being intercepted, I'm primarily concerned with tracking. It's hard to get by in life without a cell phone in this day and age, and it would be nice if there was some kind of tweak or mod you could do to your phone to stop it from being used as a tracking device to monitor one's movements and location at all times. I get leaving it at home if your on the run, but us privacy buffs need a safe way to carry a mobile phone and not have to worry about big brother keeping tabs on where we sleep/eat/etc.
Title: Re: Stingrays aka IMSI-catchers
Post by: ChemCat on January 23, 2013, 03:41 am
@ inigo
i msg'd ya the other day about being able to keep posting and helping other newbies in the newbie thread. have ya had a chance to look at my msg and possibly have an answer for me?

Thanks,

ChemCat

 8)
Title: Re: Stingrays aka IMSI-catchers
Post by: Tarnished on January 23, 2013, 04:06 am
Silent Circle might be your solution. I signed up to beta test their product, but unfortunately I wasn't one of the lucky few selected. It allows end-to-end encrypted voice communication with anyone else who also has Silent Circle.

[Clearnet warning]: https://silentcircle.com/web/aboutus/
Title: Re: Stingrays aka IMSI-catchers
Post by: ChemCat on January 23, 2013, 04:25 am
Hmmmmm....  crazy info ...or not?!?!?


The FBI calls it a “sensitive investigative technique” that it wants to keep secret.
But newly released documents that shed light on the bureau’s use of a controversial cellphone tracking technology
called the “Stingray” have prompted fresh questions over the legality of the spy tool.

Functioning as a so-called “cell-site simulator,” the Stingray is a sophisticated portable surveillance device.
The equipment is designed to send out a powerful signal that covertly dupes phones within a specific area into hopping onto a fake network.
The feds say they use them to target specific groups or individuals and help track the movements of suspects in real time, not to intercept communications.
But by design Stingrays, sometimes called “IMSI catchers,” collaterally gather data from innocent bystanders’ phones and can interrupt phone users’ service—which critics say violates a federal communications law.


Feds don't care about the average Joe, the ugly but also comforting truth.
Title: Re: Stingrays aka IMSI-catchers
Post by: kmfkewm on January 23, 2013, 06:47 am
@ Nightcrawler & Nightcrawler

i couldnt have said it better  ;)

and IRC?!?!?!  dont think for one minute that it's safe  LOL  i was admin ad sexnet...dalnet..and 2 other servers for over 7 years.
IRC is not a ssafe as one would think  LOL 

i communicate with my clients using tormail and or in person .....


be safe  ;)


ChemCat

 8)

IRC is as safe as the client you use. Considering the sheer number of top hackers who use IRC to communicate, I think that it must not be inherently dangerous.
Title: Re: Stingrays aka IMSI-catchers
Post by: kmfkewm on January 23, 2013, 06:53 am
The unfortunate fact of the matter is that if you carry a device that transmits a signal, chances are high that your movements can be tracked. Even the WiFi card on your laptop can be used to track your movements, not only from the MAC address but also from the unique properties of the vibrating elements.
Title: Re: Stingrays aka IMSI-catchers
Post by: astor on January 23, 2013, 07:16 am
I wasn't talking about communications being intercepted, I'm primarily concerned with tracking.

In that case, IMSI catchers are the least of your concerns. A functional phone is tied to a carrier who can triangulate your position or at least get the closest tower to put you within a radius.

A mobile phone is a snitch in your pocket. As others have said, the best defense is not to use one.

You should ask yourself how often it is necessary to make or take calls when you're away from your house. Yes, it's convenient, but if you're honest about it, you could leave your phone at home 95% of the time you go out and get those calls when you come back. That would go a long way toward protecting your privacy. Also, use cash as much as possible. Your credit/debit card is another snitch in your pocket.
Title: Re: Stingrays aka IMSI-catchers
Post by: Nightcrawler on January 23, 2013, 05:05 pm
I wasn't talking about communications being intercepted, I'm primarily concerned with tracking. It's hard to get by in life without a cell phone in this day and age, and it would be nice if there was some kind of tweak or mod you could do to your phone to stop it from being used as a tracking device to monitor one's movements and location at all times. I get leaving it at home if your on the run, but us privacy buffs need a safe way to carry a mobile phone and not have to worry about big brother keeping tabs on where we sleep/eat/etc.

Well, there are bags and wallets that you can purchase, that will block cellphone signals.  These are what the cops use to safeguard phones when they're being transported from the point of seizure back to the forensics lab. These bags are designed to block any radio signals from reaching the device, preventing it from being remotely erased, for example.

As long as the phone is in the bag, it won't be seen by any celltowers, GPS, ec.

Nightcrawler <Nightcrawler@SR>
PGP-Key: 4096R/BBF7433B 2012-09-22
Key fingerprint = D870 C6AC CC6E 46B0 E0C7 3955 B8F1 D88E BBF7 433B
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090
Title: Re: Stingrays aka IMSI-catchers
Post by: sourman on January 24, 2013, 01:24 am
I think OP is referring to prepaid burner phones, not something tied to an account in his name. Unfortunately, there's no reliable way to prevent tracking via these devices unless you only turn them on in areas you aren't known to frequent. Someone was retrofitting old school Motorola handsets with primitive IMSI-catcher detection capabilities, so I guess that's a start. Hopefully we win this technology race, although it will probably just force the fed contractors to develop even more intrusive, sophisticated crap. Cell phones, by their very design, are just not very private or secure.

As for IRC, if it's a private message conversation over tor that's further encrypted/authenticated via something like OTR, then it's far more secure and anonymous than anything cellular. LE can tap everything you own and the most they'll see is unspecified tor traffic, which can itself be hidden by using a VPN. Even if they can access the IRC server, the secondary (application) encryption via OTR will keep your conversation private.
Title: Re: Stingrays aka IMSI-catchers
Post by: inigo on January 24, 2013, 04:59 am
Yeah I guess there's just no way to win. If you want to carry a cell phone, your signing away your right to privacy. What a bummer. Hopefully we can come up with a better way to communicate that doesn't reveal our location at all times.
Title: Re: Stingrays aka IMSI-catchers
Post by: Tarnished on January 24, 2013, 06:19 am
My instinct tells me the solution will be found in super-wi-fi. You'll be able to replace your iPhone with an iPod Touch.
Title: Re: Stingrays aka IMSI-catchers
Post by: flwrchlds9 on January 24, 2013, 09:43 am
Yeah I guess there's just no way to win. If you want to carry a cell phone, your signing away your right to privacy. What a bummer. Hopefully we can come up with a better way to communicate that doesn't reveal our location at all times.

Yes, this is basically correct. the carrier always knows where you are and can see where you be. LE can ask them or hack them or force them to snitch.

Stingray is not new tech, it a little older in order of this kind tech. It act as cell site, so all phones in area connect to it, and give their ID to register. very simple idea. can clone existing tower id to prevent custom software from noticing new tower id, no reliable way to detect this with only cell phone. would need high end signal processing/signal analysis equipment. then possible person could see 'normal' propagation pattern for said tower ID and have software alert when this changes. it possible to detect use but not simple with cellphone.

this kind survail need man power and dedicated resources so use on big investigation/spy etc. more easy for le to get info from carrier.

Title: Re: Stingrays aka IMSI-catchers
Post by: Nightcrawler on January 24, 2013, 01:10 pm
Yeah I guess there's just no way to win. If you want to carry a cell phone, your signing away your right to privacy. What a bummer. Hopefully we can come up with a better way to communicate that doesn't reveal our location at all times.

Yes, this is basically correct. the carrier always knows where you are and can see where you be. LE can ask them or hack them or force them to snitch.

In the majority of cases, LE doesn't need to either ask nor hack the carrier. Many carriers have setup up law enforcement portals, so all an officer has to do to get the information they want is to fire up their browser,  log into the portal, and access the user location data. Carriers started doing this when the number of information requests got to be too high to be handled manually any longer.

Stingray is not new tech, it a little older in order of this kind tech. It act as cell site, so all phones in area connect to it, and give their ID to register. very simple idea. can clone existing tower id to prevent custom software from noticing new tower id, no reliable way to detect this with only cell phone. would need high end signal processing/signal analysis equipment. then possible person could see 'normal' propagation pattern for said tower ID and have software alert when this changes. it possible to detect use but not simple with cellphone.

this kind survail need man power and dedicated resources so use on big investigation/spy etc. more easy for le to get info from carrier.

Agreed.

Nightcrawler <Nightcrawler@SR>
PGP-Key: 4096R/BBF7433B 2012-09-22
Key fingerprint = D870 C6AC CC6E 46B0 E0C7 3955 B8F1 D88E BBF7 433B
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090
Title: Re: Stingrays aka IMSI-catchers
Post by: sourman on January 24, 2013, 01:31 pm
^^Yup! They literally sit in their office and browse your records and/or listen to your conversations. Most of the time they just subpoena your call records, unless they already have evidence or you're involved in a major crime. They can do this to practically anyone for any given reason as there is little to no judicial resistance. If they find the need to listen in, they'll get a warrant (well, most of the time). IMSI-catchers seem like the perfect tool to link up organized crime and drug distribution networks by uncovering their burner phones, instantly creating conspiracy which then gives LE more evidence for a warrant. I doubt they'll bother using it here in the US unless there's a very good reason. It's not like the courts have embraced these with open arms.
Title: Re: Stingrays aka IMSI-catchers
Post by: kmfkewm on January 25, 2013, 10:51 am
They do need a warrant to listen to the voice or view/listen to communications payload data in general. They also need a warrant to remotely turn on your phones camera or microphone to spy on you (the feds have done this to various targets, particularly mafia stores I have heard about). However, they do not need a warrant to track your geospatial positioning, nor do they need a warrant to gather the list of numbers/IP addresses that you communicate with (or the list of numbers / IP addresses those numbers/IP addresses communicate with, etc). Also, they are possibly able to use traffic classifiers and DPI in order to circumvent their ban on directly viewing your communications, for example they may be able to determine the content you are viewing or even words and phrases you say with only packet timing / size information, which is obtainable without a warrant.  Some commercial services that sell classifiers that can look for illegal content in internet traffic at the ISP level, make the argument that if they can prove only illegal information flows can possibly be intercepted, that it is not unconstitutional to warrantlessly analyze traffic for illegal content in a dragnet fashion. I believe this has not been decided decisively by the courts, although of course it has law enforcement support. In such a case legal communications would not be identifiable, but inherently illegal communications (ie: CP) would be instantly detected at the ISP and justify getting a warrant for a full wiretap. 
Title: Re: Stingrays aka IMSI-catchers
Post by: sourman on January 25, 2013, 01:29 pm
Yep, it's usually a warrant for the contents, and subpoena (or nothing at all) for location and/or pen register. Naturally, LE is going to stretch the latter type of intercept as far as they can.

Enter the IMSI-catchers and unrestrained DPI trolling.