'It Looks Like You're Trying To Harvest Cell Phone Data…:' Quick-Start Guides For IMSI Catchers Leaked

(Mis)Uses of Technology

from the CTRL-ALT-WTF dept

The Intercept has obtained user manuals for Harris Corporation’s IMSI catchers, colloquially known as Stingrays, thanks to an anonymous leaker. The documents appear to have come from a Florida law enforcement agency. This would be the public’s first chance to see these documents in unredacted form. These operating manuals have been held onto tighter by law enforcement agencies than nondisclosure agreements or info on investigations utilizing this technology.

The documents show what’s so attractive about Stingrays: their power and their ease of use.

Richard Tynan, a technologist with Privacy International, told The Intercept that the “manuals released today offer the most up-to-date view on the operation of” Stingrays and similar cellular surveillance devices, with powerful capabilities that threaten civil liberties, communications infrastructure, and potentially national security. He noted that the documents show the “Stingray II” device can impersonate four cellular communications towers at once, monitoring up to four cellular provider networks simultaneously, and with an add-on can operate on so-called 2G, 3G, and 4G networks simultaneously.

The tech can be deployed easily thanks to a relatively user-friendly interface and offers an array of tools to be used that go beyond simply tracking the location of a targeted phone. Not only can these devices snag every phone that happens to be in range of the device, but the IMSI catcher can force every phone in the area to come down to its level, so to speak.

In order to maintain an uninterrupted connection to a target’s phone, the Harris software also offers the option of intentionally degrading (or “redirecting”) someone’s phone onto an inferior network, for example, knocking a connection from LTE to 2G.

However one might feel about the lawfulness of deploying mass surveillance to track — in most cases — a single suspected criminal, there has to be at least some concern that law enforcement can downgrade paying customers’ connections while performing an investigation.

The user’s manual [PDF] uses telco jargon almost ironically, referring to targeted phones as “subscribers” (who haven’t intentionally signed up for law enforcement tracking) and the towers officers will be spoofing as “providers” (the cell companies whose connection will be replaced/downgraded as law enforcement sees fit). Lists of “subscribers” and “providers” can be imported and exported. “Subscribing” numbers can be given nicknames to more easily separate them from the countless other cell phone numbers swept up during the device’s deployment.

Much of what’s in the documents isn’t exactly surprising. A lot of this has been sniffed out by FOIA requesters and defense lawyers, but until this point, the underlying details have mostly been implied — read between redactions and parsed from deliberately-obtuse law enforcement testimony.

Harris can’t be happy these documents have leaked. A warning on the Gemini control software manual [PDF] states that Harris must be allowed to challenge any disclosure of the contents of these documents — which presumably includes law enforcement compliance with defense production requests. Law enforcement agencies can’t be happy either, as it shows just how much power many of them have at their fingertips. But nothing stays a secret forever, especially when the surveillance technology in question has gone from overseas deployment against enemy combatants to chasing down fast food thieves in local neighborhoods.

Three can keep a secret if two of them are dead, as the saying goes. With hundreds of law enforcement agencies deploying cell tower spoofers thousands of times, the FBI’s bullshit nondisclosure demands are apparently no replacement for a pile of silenced corpses.

Filed Under: imsi catcher, law enforcement, manual, stingray, surveillance
Companies: harris corp.