Leaked Stingray Manuals

The Intercept has published the manuals for Harris Corporation's IMSI catcher: Stingray. It's an impressive surveillance device.

Posted on September 13, 2016 at 7:51 AM • 19 Comments

Comments

blablablagingerSeptember 13, 2016 9:12 AM

It is time for an open source baseband implementation that is usable by regular folks. osmocom.org is tied to specific TI chips that are not implemented in many phones these days. It would be so nice to have a customizable and genuinely secure BB that would run in a modern phone.

Dave HoweSeptember 13, 2016 9:17 AM

I do note the devices are labelled SDRx so, yeah.

As another though t- would it be ironic if there was open source software or hardware in here they/police/fbi could be sued for licence violations over? :D

Runn AmmukSeptember 13, 2016 9:41 AM

From the article, Mike Sulzer wrote a succinct comment:
"1.You need a license to transmit, from the FCC. The telecom owns the license, not the local police.
2. Interference with ongoing legal transmissions is a crime."


**********************************************************************

Thus, every time police use a Stingray, they are committing a crime.

That's why they don't want anyone to know about it, like any criminal might. Of course, since every agency in the USA from the very top to the very bottom is committing Stingray crimes, there is no one who can or will arrest them.

Also, at least a few courts have ruled that use of GPS to track suspects requires a warrant. Seems the same should apply to cell phones.

The do because they can, and there is no one to stop them. In short, ordinary operating process for a lawless totalitarian police state regimes.

hawkSeptember 13, 2016 10:09 AM

@Runn Ammuk

Is it illegal for them to enter an office after hours and without permission to place snoopware on a PC just to get information? Say they don't have a warrant but suppose the property manager let them in, in exchange for favors. Then just suppose they copied a proprietary design that was eventually shared with another agency which then provided it to a big company. Just wondering...is that illegal?

Joe UserSeptember 13, 2016 12:36 PM

Someone needs to forward these documents to the FCC, and publish that fact, and ask them to comment on the spectrum license that, for example, Verizo owns that this device, not in the hands of Verizon or one of their agents, is transmitting on.

After thinking just a wee bit more, it's inconceivable that Verizon (or any other mobile operator) don't detect EVERY TIME one of these devices is powered on.

Impressionable YouthSeptember 13, 2016 2:08 PM

What exactly is so impressive? In a world where some horrific terrorist incident provides cover for the police piggies to go hog wild, I'd say stingray sounds to me like pretty much what I'd expect to see emerging from the mud pits.

MouserSeptember 13, 2016 2:17 PM

@Runn Ammuk

It's a cat and mouse game, where honest people are the easiest prey. Yes, the mafia will have sufficient development resources to go claw to claw with the cops. Same as it ever was. However in a world where guns have been outlawed, those who obey the law are powerless to defend themselves against financial and other exploitation.

I'm sure stingrays have never been used by jealous lovers with badges. We've never seen that in any evening news broadcasts have we?? God must be doing a pretty good job of preventing such temptations, or granting the authorities tremendously inhuman immunity from corruption.

Either that or massive government coverups...

TatütataSeptember 13, 2016 2:21 PM

Such kit wouldn't reserved to governments.

There have been ongoing OpenGSM and OpenLTE projects for quite a few years. With rather modest off-the-shelf hardware you can have GSM extensions to your Asterisk PBX. There was one such system installed at Burning Man 8-10 years ago, providing free phone service to participants.

Since these implement much of what you need for registration and authentication, I wouldn't be surprised of the existence of a rogue fork providing functionality similar to the StingRay. The cat is out of the bag anyway.

BradSeptember 13, 2016 3:06 PM

@Joe User

What we need is a telco with enough integrity to go to the FCC and force them to do something. Take the records which they surely have or can capture that show how police use of these devices are interfering with their legal use of the spectrum and ask what the FCC intends to do with these law breakers.

Clive RobinsonSeptember 13, 2016 3:10 PM

Well, certain people should finaly stop being in denial mode about this, but I'm fairly sure that they will keep their heads in rhe "sand-trap".

For those that care to look @RobertT, @Nick P, myself and one or two others have discussed mittigation factors.

One such is having a non smart phone that you can take the battery out of. That is it's "normal state" you also have a pager and those that wish to contact you urgently send a "One Time Message" that signifies in code who they are and which number to call and at what time. You also change the phone and SIM frequently.

There are also tricks you can use via Internet search engines and One Time Messages, that alow people to have communication but not through a single server etc. I've described this in more detail in the past when talking about having "bot nets" not having a fixed IP or DNS named server such that the control channel can not be taken over.

The simple fact is that the likes of Stingray devices whilst not being "one trick ponies" only do their stuff in one circus ring. Thus two observations can be made,

1, Stingrays will not work against those who use other communications methods.

2, Stingrays are thus an expensive way to catch the low hanging fruit of criminals, or to illegally spy on the more or less innocent masses.

But a third point can be made, the manufactureres of these over priced toys know that they are of little or no use against the serious threats to society (organised crime etc). Thus they are themselves in a form of denial for the sake of profit with respect to their customers.

Such lying to customers is obvious when it comes to the lengths that the manufacturers go to to prevent information becoming known. What scares them most is that their "sales talk" will get ridiculed by actual domain experts, thus their bottom line will be effected.

In effect the manufacturers are selling the tin pot Emperor's in LEAs some myth of the finary of their product whilst in reality gulling them of their budgets that come from the tax dollars ordinary everyday folk pay... Thus without doubt the manufacturers are criminals at many levels, and potentially more of a cancer on society than more traditional criminals.

As has been noted befor "Sunlight is a strong disinfectant", thus the more light shone on these corporate criminals the better for they truly are as a cancer killing society.

DanielSeptember 13, 2016 4:12 PM

I'm much more worried about The Intercept hoarding information and leaking it out in bits so as to keep the narrative running. I don't think they enhance trust by doing that.


Median WilfredSeptember 13, 2016 6:14 PM

The document "Gemini Rayfish Controller Distribution 3.3.1 Release Notes" has an interesting "Known Issues (Old)" on page 5:

"External GPS - Sometimes an external GPS device will emit erroneous GPS ticks, causing the Gemini activation license to expire."

That sounds like an amusing way of keeping the snoops out: hack a surveyor's ground station GPS unit, the kind that does differential GPS for greatly increased accuracy, to emit "erroneous" GPS ticks. Gemini Rayfish controller expires its license and shuts down.

I admit I know nothing of differential GPS or how easy it is to futz with one of the surveyor's units, but this kind of thing might mess with more than a Gemini Rayfish Controller.

Jim NSeptember 13, 2016 7:51 PM

@ Daniel,

It's responsible journalism. I'm more bemused by the fact that US of A can't send a commando unit in there and make them relinquish whatever they have in possession.

RatioSeptember 13, 2016 7:58 PM

The documents described and linked below, instruction manuals for the software used by Stingray operators, were provided to The Intercept as part of a larger cache believed to have originated with the Florida Department of Law Enforcement.

Just like the leak about spy equipment from Cobham.

65535September 14, 2016 7:24 PM

@ Runn Ammuk

I agree with the trust of your comment.

The FCC has defacto made and exception for “Stingray” devices. Basically, the FCC has stuck its head into the sand.


“New York (April 29, 2015, 4:48 PM EDT) -- In a letter released by the U.S. Federal Communications Commission on Tuesday, Chairman Tom Wheeler told a U.S. senator that the agency has essentially no authority over state and local law enforcement agencies’ use of cellphone tracking devices known as “StingRays.” [FCC’s] Wheeler’s response to an inquiry by Sen. Bill Nelson, D-Fla., confirmed that the FCC’s certification of the devices manufactured by Harris Corp. was contingent upon the conditions that they only be sold to law enforcement officials and that state and local agencies must coordinate their use of StingRays and other “International Mobile Subscriber Identity catchers” with the FBI, but revealed the limitations of the FCC’s involvement.”

“The commission has no information about the extent to which or conditions under which law enforcement has obtained authority to use the devices,” Wheeler said. In February, Nelson pointed to a Washington Post article that detailed local police departments’ use of StingRays to collect data on phone calls, and asked the FCC to clarify its certification process and oversight of the devices… A representative for Harris Corp. didn’t respond to a request for comment.” –law360

[and]

“For years, state and local police departments across the country have been using Stingrays to track and locate phones in the absence of effective oversight from federal agencies. That may soon end. Today, the ACLU and ACLU affiliates in Northern California, New York, and Maryland, joined by the Electronic Frontier Foundation, are urging the Federal Communications Commission to order local police to stop using Stingrays, at least until the FCC can create rules to protect against excessive secrecy and abuse.” – ACLU

https://www.aclunc.org/blog/aclu-fcc-stop-secret-discriminatory-stingray-surveillance

The problem with local police using Stringrays on patrol is obvious. The Stringray could easily pickup a local lawyers talking to his client[s]. That confidential information would then be shared by local police and local prosecutors. Thus, the client privilege could be broken.

This is a multifaceted issue because the local police could sell information on informants, business intellectual property, sensitive information which could be used in blackmail situations, sway political position and on and on.

One mass surveillance device in the hands of a corrupt officer could cause enormous damage. Worse, said Stingrays could be obtained by local private investigators and put to any use.

Both the police and the maker of said devices should sued or otherwise sectioned. Both have no business breaking the Constitution of the United States of America.

CallMeLateForSupperSeptember 14, 2016 8:12 PM

@65535
"Both the police and the maker of said devices should sued or otherwise sectioned."

I vote for sectioning. :-)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.