Police using StingRay to collect cellphone data and location

Discuss various technical topics not related to Mozilla.
Gingerbread Man

User avatar
Posts: 7743
Joined: January 30th, 2007, 10:55 am

Post Posted November 28th, 2017, 8:21 am

Does cellphone-sweeping "StingRay" technology go too far? | CBS News
November 27, 2017

NEW YORK — New York City, Los Angeles, Chicago and Las Vegas are among scores of police departments across the country quietly using a highly secretive technology developed for the military that can track the whereabouts of suspects by using the signals constantly emitted by their cellphones.

Civil liberties and privacy groups are increasingly raising objections to the suitcase-sized devices known as StingRays or cell site simulators that can sweep up cellphone data from an entire neighborhood by mimicking cell towers. Police can determine the location of a phone without the user even making a call or sending a text message. Some versions of the technology can even intercept texts and calls, or pull information stored on the phones.

Part of the problem, privacy experts say, is the devices can also collect data from anyone within a small radius of the person being tracked. And law enforcement goes to great lengths to conceal usage, in some cases, offering plea deals rather than divulging details on the StingRay.



User avatar
Posts: 12040
Joined: October 19th, 2007, 4:23 am
Location: ... Da' Swamp

Post Posted November 29th, 2017, 8:47 am

There's a couple of more issues with Stingray setups - One is they can glom onto any wireless device, routers, portable Mifi, dongles, etc. and attempt a redirect to the tower being used. The towers they try to switch to can be identified and the IPs which become evident during an attempt (if you are monitoring your IP traffic) can be blocked. In some cases the attempt may trigger an ISP's admin screen, best to record the IP which attempts the reroute and block it with a firewall if you aren't a drug dealer or other ne'er-do-well. It will be different than the IPs which are normally used for your ISP connection and system.
Lastly, for some reason and don't ask me how, if they are targeting an area the habeus grabbus signal will interfere with some channels of standard over the air broadcast television which is one of the reasons the FCC won't deal with the interferences. If there is an area under surveillance there's an underlying data transmission signal which can be heard when the sound of the television is muted. Some of this was originally thought to be wireless security systems, IoT and aircraft beacons but it's none of those.
It's kind of promiscuous and really sloppy and in my opinion is a direct violation of Miranda and subject to a great deal of abuse.
Worst of this is the technology is in the wild so anyone, terrorists, gangsters or anyone with the technical ability can utilize it.

Omega X

User avatar
Posts: 8101
Joined: October 18th, 2007, 2:38 pm
Location: A Parallel Dimension...

Post Posted November 29th, 2017, 10:11 pm

The silver lining is that judges are increasingly throwing out that scraped data in court as evidence because the company that makes them want to keep how it works secret as long as possible.
Latest: Firefox/63.0.1 *ESR/60.3.0 - Mobile/62.0.3 - Thunderbird/60.3.0
Nightly: Nightly/66.0a1 - Mobile/66.0a1 - Daily/66.0a1


User avatar
Posts: 2283
Joined: February 15th, 2007, 11:13 am

Post Posted December 5th, 2017, 11:33 am

You think that's bad. On this side of the Pond Mozilla wants to distrust certificates issued by the Dutch State due to a dragnet surveilance law due to take effect on January 1, 2018.

Part of the new powers the police will have will be to infect users devices with spyware in order to gather intelligence on their online behaviour. The problem here is that innocent users may be targeted if they communicate with someone under surveillance. Their friends then become targets as well.

Opponents of the Act have won the right to hold a referendum on the subject and that will take place on March 21 next year, but it won't be binding and the Dutch government can choose to ignore it. But we'll have to wait and see what happens I guess.


User avatar
Posts: 12040
Joined: October 19th, 2007, 4:23 am
Location: ... Da' Swamp

Post Posted December 5th, 2017, 12:55 pm

First thought on this is will they be doing this to anyone who connects to a Dutch site/page?
Even if you distrust the certificates is their anything showing how they are accessing since certificates can be disguised and compromised.
, , , or how users from another country can protect themselves from the infection or access?
Or do they actually think they have the authority and right to perform such actions outside of becoming labeled a despised police state like all the other countries who engage in these types of shennaighans?

Return to MozillaZine Tech

Who is online

Users browsing this forum: No registered users and 1 guest