Introduction to StingRay

Cool article about the "StingRay" boxes that have recently been spotted appearing in the UK.

Written by Quantum7765 and taken without permission from Issue #1 of the new Quantum Magazine.

http://mywuwj5f76usg7eo.onion.link/

Introduction to StingRay

Over the past few years you may have heard about the secretive device used by the FBI, DEA and various state and local law enforcement agencies called "StingRay". StingRay is essentially a portable fake cell phone tower that can be deployed anywhere to track people and to intercept data, messages and phone calls. Law enforcement have a standing policy to keep all details on StingRay hidden from the public, at almost any cost.

StingRays can come in many sizes, designed for a car, or plane; for small mobile deployments or large scale towers. There are even cases of StingRays that can be worn or carried by hand to assist in the short-range location of suspects.

Perhaps one of the more worrying uses of the StingRay is the practice of using it on a large aircraft flying over an entire city or across the country by the FBI and other law enforcement agencies. When using a plane or other large size StingRays they can intercept cell phone signals for entire cities.

It works by simulating a cell tower. When a cell phone detects this tower it attempts to connect to it and the device forwards the calls/texts/etc to another separate but real tower. This is known as a "Man in the middle" attack or MITM for short.

Man in the middle attacks work by intercepting and possibly even tampering with messages and data going in between two points.

For example:

When you turn on your cell phone to make a call, your phone will search for a tower to connect to. It will attempt to connect to whatever tower is closest. It will find the StingRay device (simulating an AT&T/Verizon/T-Mobile/etc tower) and will make contact. The StingRay will accept the connection and route it to the nearest real tower.

In the meantime, it gets to intercept all data going back and forth and potentially tamper with it if desired by the StingRay operator.

Outgoing call: Cell phone ––> StingRay ––> Real Cell Tower Incoming call: Cell phone <–– StingRay <–– Real Cell Tower

All incoming and outgoing calls/data/messages are intercepted by the StingRay.

Many cell phones incorporate encryption to prevent such attacks but the encryption used is very weak. Also, most phones include a "rollback" feature which allows the cell phone to revert to its most weak form of encryption in order to function with old cell towers. This is the primary mechanism by which the Stingray operates. See this technical paper for additional information:

(PDF) http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/2006/CS/CS-2006-07.pdf

Once the encryption is broken, it's a trivial matter to intercept all calls and messages sent and received by the cell phone.

Another troubling way StingRay can be used is to identify members of a protest or group. Imagine being with a group of people protesting a new law, or protesting police brutality. Meanwhile, the identities of everyone in the crowd at the time are being recorded by StingRay and could be added to a "Watch List".

How can I protect myself?

At this time, there are no foolproof, easily deployable ways to deal with this. That being said, there are a few options…

1. If you don't need to use your cell phone, turn it off. Leave it at home. Or turn it to Airplane mode. This will disconnect it completely from the cell phone networks and any StingRay devices.

2. If you accept that you can be physically tracked while the phone is ON, but don't want someone to be able to listen in on your phone calls or text messages, use encrypted programs like:

ChatSecure - https://chatsecure.org/ RedPhone - https://whispersystems.org/

3. Use experimental software like Android IMSI-Catcher Detector. This is highly experimental and may not work as you expect. But it's leading the way (at the time this article was written) in software detection of StingRay devices and other major security issues with modern smart phones. It's worth having a look, but understand it is not 100% and may not work.

Android ISMI-Catcher Detector: https://github.com/SecUpwN/Android-IMSI-Catcher-Detector

• • Quantum7765

Scary. Just another reason why you use cell phones like you would social media. Only use it with the expectation that it could be viewed by those you may not be interested in intercepting.

This week, the government even went so far as to assert in a court filing (.pdf) that articles published by WIRED and other media outlets that expose the deception “are full of unproven claims by defense attorneys and advocates [and] are not proper proof of anything.”

So what do we know? “Stingray” is the generic commercial term for a device otherwise known as an IMSI catcher. The stingray impersonates a legitimate cell tower to trick nearby mobile phones and other wireless communication devices, like air cards, into connecting to them and revealing their international mobile subscriber identity (IMSI) number. More importantly, though, the device also collects information that can point to a mobile device’s location.

By moving the stingray around a geographical area and gathering a wireless device’s signal strength from various locations in a neighborhood, authorities can pinpoint where the device is being used with more precision than with data obtained from a mobile network provider’s fixed tower location.

Although use of the spy technology goes back at least 20 years–the FBI used a primitive version of a stingray to track former hacker Kevin Mitnick in 1994–their use of it has grown in the last decade as mobile phones and devices have become ubiquitous. Today, they’re used by the military and CIA in conflict zones–to prevent adversaries from using a mobile phone to detonate roadside bombs, for example–as well as domestically by federal agencies like the FBI, DEA and US Marshals Service, and by local law enforcement agencies.

Stingrays have the ability to also capture call record data–such as the numbers being dialed from a phone–and some also have the ability to record the content of phone calls, as well as jam phones to prevent them from being used. Domestic law enforcement agencies in the US, however, insist that the model of stingrays they use don’t collect the contents of communications.

The use of stingrays is highly controversial, in part because the devices don’t just hook targeted phones–they entice any mobile phone or device in their vicinity to connect to them, as long as the phones are using the same cellular network as the targeted phone. Stingrays can also disrupt cellular voice and text service for any device that connects to them, since the devices are not connecting to a legitimate cell tower that will transmit their communication.

Some rogue towers will also attempt to intercept encrypted mobile communication by forcing a phone to downgrade from a 3G or 4G network connection to a 2G network–a less secure network that doesn’t authenticate cell towers to the phone and contains vulnerabilities that make it easier to decrypt secure communication. The IMSI catchers jam 3G and 4G signals to force the phone to use the less secure 2G network.

And stingrays aren’t cheap. One device from the Harris Corporation, which sells a brand of IMSI catcher actually named Stingray, can cost more than $50,000. But this doesn’t mean stingrays are beyond the reach of anyone but resource-rich law enforcement and intelligence agencies. In 2010 at the Def Con hacker conference in Las Vegas, a security researcher crafted a low-cost, home-brewed stingray for just $1,500 capable of intercepting traffic and disabling the encryption, showing just how easy it would be for anyone to use this technology to spy on calls.

Beyond the controversial ways stingray technology works, the secrecy and deception law enforcement agencies use to cloak their use of the devices is also troubling.

Law enforcement agencies around the country have routinely used the devices without obtaining a warrant from judges. In cases where they did obtain a warrant, they often deceived judges about the nature of the technology they planned to use. Instead of telling judges that they intended to use a stingray or cell site simulator, they have often mischaracterized the technology, describing it as a pen register device instead. Pen registers record the numbers dialed from a specific phone number and are not, for this reason, considered evasive. Because stingrays, however, are used to track the location and movement of a device, civil liberties groups consider them to be much more invasive. They can, for example, be used to track a device inside a private residence.

In some cases, law enforcement agents have also deceived defense attorneys about their use of stingrays, saying they obtained knowledge of a suspect’s location from a “confidential source” rather than disclosing that the information was gleaned using a stingray.

Law enforcement agencies have also gone to great lengths to prevent the public from learning about their use of the technology. In Florida, for example, when the American Civil Liberties Union tried to obtain copies of documents from a local police department discussing their use of the technology, agents with the US Marshals Service swooped in at the last minute and seized the documents to prevent police from releasing them. Law enforcement agencies claim that public information about the technology will prompt criminals to devise methods to subvert or bypass the surveillance tool.

Indeed, there are already apps and tools available to help detect rogue cell towers like stingrays. The German firm GSMK’s secure CryptoPhone, for example, has a firewall that can alert users to suspicious activity that may indicate when a stingray has connected to their phone or turned off the encryption their phone might be using.

Last year, the Justice Department announced a new policy for using stingrays that offers a little more transparency, but only a little. Under the policy, the FBI and any other federal agencies using stingrays will have to get a search warrant before deploying them. The policy forces prosecutors and investigators not only to obtain a warrant, but also to disclose to judges that the specific technology they plan to use is a stingray–which prevents them from deceiving judges and defense attorneys about the surveillance method they plan to use. Agents using the device also have to delete all data a stingray collects “as soon as” it has located the device it’s tracking.

The only problem is that the new policy does not cover local and regional law enforcement, who also use stingrays to track suspects.

That may change, however: A bill introduced last year by Rep. Jason Chaffetz (R-Utah) hopes to fix that loophole. The Cell-Site Simulator Act of 2015, also known as the Stingray Privacy Act, would force state and local law enforcement to obtain a warrant as well.

Source: https://www.wired.com/2016/05/hacker-lexicon-stingrays-spy-tool-government-tried-failed-hide/

Welcome to this site Stingray.