Ever wondered why your cell phone reception suddenly becomes terrible at protests? Ever worried that police could use electronic spoofing devices to suck up your mobile data because you are in the streets exercising your rights?
You might have been onto something.
Mobile "IMSI catchers", currently on the market and being pushed to police and intelligence agencies worldwide, enable these creepy, stealth spying tactics. And if they build it and hawk it, history tells us police will buy it and deploy it.
On Tuesday, July 3, 2012, electronic privacy advocate and technology researcher Chris Soghoian tweeted a link to a photograph of a talk he gave at TED in Scotland in late June. Behind him in the photograph is another image, this one taken by privacy researcher Eric King at a surveillance trade show. (King's Twitter bio contains a quote from a representative of the notorious ISS World — a global surveillance trade firm that often hosts such trade shows: the rep called him an "Anti-lawful interception zealot blogger." High praise.)
Photo: Ryan Lash
Look at the slide behind Soghoian; that's the photo in question. It shows an IMSI catcher strapped onto a model, under the model's shirt.
IMSI stands for "International Mobile Subscriber Identity". The technology is essentially a mobile phone tower with "a malicious operator". It mimics the behavior of a cell tower and tricks mobile phones into sending data to it, instead of to the tower.
As such it is considered a Man In the Middle (MITM) attack. It is used as an eavesdropping device used for interception and tracking of cellular phones and usually is undetectable for the users of mobile phones.
Once it has made a connection with the phone and tricked it into thinking it is a mobile tower, the IMSI catcher forces the phone to drop its encryption, enabling easy access to the contents of the device. The tool then lets the attacker listen in on mobile conversations and intercept all data sent from a mobile phone, remaining undetected. In some cases the tool also allows the operator to manipulate messages.
Here's a creepy video that a purveyor of IMSI catchers made to advertise its product:
Please note that by playing this clip YouTube and Google will place a long term cookie on your computer.
Police in the United States claim they do not need a warrant to use an IMSI catcher or other spoofing device to track your location. A case to determine whether or not the courts agree is working itself through the system.
Privacy International's Eric King took the photo on the slide behind Soghoian at a surveillance trade show, where he says the tool was "pitched to me as being perfect for covert operations in public order situations." In other words, at protests.
The FBI uses IMSI catchers and claims it does so legally, even though it says it doesn't need a warrant to deploy them. The Electronic Privacy Information Center is currently pursuing FOIA litigation to find out exactly how the bureau uses the "Stingray" (a brand name IMSI catcher); unsurprisingly, the FBI wasn't forthcoming with documents to reveal its legal standard or other information about how it uses the tool. Stay tuned for more information as that case makes its way through the courts.
Meanwhile, how can you protect yourself against IMSI catchers? Unfortunately, you probably can't. And the threats are not just from government. As Soghoian and others warned in a friend of the court brief,
Finally, the communications privacy of millions of law-abiding Americans is already threatened by the use of this and similar interception technologies by non-US government entities, such as stalkers, criminals, and foreign governments engaged in espionage. As such, the public interest is best served by greater public discussion regarding these tracking technologies and the security flaws in the mobile phone networks that they exploit, not less.
Yet again, we are faced with a situation in which our technology has outpaced our law reform. It's time for Congress to change that.
To get a more detailed sense of how the technology actually works, watch this excellent talk from DefCon 2011, with Chris Paget: "Practical Cellphone Spying". He spoofs the phones of the people in the audience during the talk; it's well worth watching if you have some time.
Please note that by playing this clip YouTube and Google will place a long term cookie on your computer.
For more on IMSI catchers and the state of the law, click here.