StingRays: The smartphone surveillance boxes that cops and spies love

It may not have the same dismal reputation as Facebook, but the StingRay—also known as a cell-site simulator or IMSI catcher—is a pervasive surveillance technology that might be even scarier. These portable devices masquerade as cellular towers, snaring all mobile phones in a given area. Popularized by Florida-based Harris Corporation, the StingRay has become a catch-all for IMSI catchers, like “Xerox” or “Kleenex.” The devices are used by law enforcement agencies—and, it’s increasingly clear, other less scrupulous entities—to locate and even eavesdrop on private phone calls and data traffic. “With proper court authorization, utilization of StingRay-type devices have proven to be an extremely effective tool in assisting in and resolving kidnapping, extortion, fugitive, drug trafficking, and other investigations,” retired FBI Supervisory Special Agent Dennis Franks told Quartz. But while the StingRay can be used for good by law enforcement, advocacy groups like the [Electronic Frontier Foundation say]( police using IMSI catchers cast too wide a net, scooping up data indiscriminately from innocent people. And earlier this month, the US Department of Homeland Security admitted that it has detected rogue StingRays in Washington, DC, presumably in use by foreign intelligence services. “Every embassy ‘worth their salt’ has a cell tower simulator installed,” one security expert told the AP. Here’s what you need to know about the devices that until recently were so secret, they didn’t officially exist. 🐦 [Tweet this]( 🌐 [View this email on the web]( [Quartz Obsession] StingRays April 19, 2018 Once stung, twice shy --------------------------------------------------------------- It may not have the same dismal reputation as Facebook, but the StingRay—also known as a cell-site simulator or IMSI catcher—is a pervasive surveillance technology that might be even scarier. These portable devices masquerade as cellular towers, snaring all mobile phones in a given area. Popularized by Florida-based Harris Corporation, the StingRay has become a catch-all for IMSI catchers, like “Xerox” or “Kleenex.” The devices are used by law enforcement agencies—and, it’s increasingly clear, other less scrupulous entities—to locate and even eavesdrop on private phone calls and data traffic. “With proper court authorization, utilization of StingRay-type devices have proven to be an extremely effective tool in assisting in and resolving kidnapping, extortion, fugitive, drug trafficking, and other investigations,” retired FBI Supervisory Special Agent Dennis Franks told Quartz. But while the StingRay can be used for good by law enforcement, advocacy groups like the [Electronic Frontier Foundation say]( police using IMSI catchers cast too wide a net, scooping up data indiscriminately from innocent people. And earlier this month, the US Department of Homeland Security admitted that it has detected rogue StingRays in Washington, DC, presumably in use by foreign intelligence services. “Every embassy ‘worth their salt’ has a cell tower simulator installed,” one security expert told the AP. Here’s what you need to know about the devices that until recently were so secret, they didn’t officially exist. 🐦 [Tweet this]( 🌐 [View this email on the web]( QUOTABLE “There really isn’t any place for innocent people to hide from a device such as this.” — [Richard Tynan]( Privacy International AP Photo/Nati Harnik Million-dollar question How do they work? --------------------------------------------------------------- Mobile phones are designed to stay connected to a network at all times. This function is handled by a phone’s “baseband,” which communicates with nearby cell towers. When you move from cell to cell, the baseband switches you over to the next tower, always seeking the strongest signal. When your phone connects to a cell tower, it authenticates its identity [using an IMSI]( which stands for International Mobile Subscriber Identity—a unique number linked to a user’s billing account. IMSI catchers subvert this system by blasting out a stronger-than-usual signal and pretending to be a regular cell tower. Once connected to a StingRay—known as a “man-in-the-middle” attack—a smartphone’s data can be exploited in various ways, such as forcing devices to use unencrypted 2G networks in order to intercept calls, messages, and other data. StingRays can also track a person’s movements by having their device check in more frequently than normal, essentially turning it into a location beacon, even if they don’t make any calls. IMSIs have even been used to identify targets for drone assassinations. BY THE DIGITS [$1.3 billion]( Projected revenues for the “lawful interception” market by 2019 [70:]( Number of US police agencies that owned StingRays in 2017, up from 42 in 2014. [$68,479]( Cost of the original StingRay [$157,000]( Cost of the StingRay “KingFish” package [$7]( Cost to make your own primitive IMSI catcher [$93,065]( price of a fully-loaded 2019 Chevrolet Corvette Stingray [$5.9 billion]( Revenue generated by Harris Corp. in 2017 [17,000]( Number of people employed by Harris [20]( Rank of Harris among the top 100 federal contractors [77]( Percentage of Americans with smartphones (2018) Giphy Fun fact! Stingrays in the animal kingdom have one or more barbed stingers, fed by venom glands. Their stings are not usually fatal to humans, with the death of Australian nature host Steve Irwin as [a rare exception](. DIY How to buy an IMSI --------------------------------------------------------------- There are strict rules governing the purchase of IMSI catchers. But it’s not hard to find someone willing to break them. The Chinese e-commerce site Alibaba is full of IMSI catchers. A seller in Taiwan offers the German-made PKI 1640, which will “catch all active UMTS [Universal Mobile Telecommunications System, or, 3G] mobile phones in your proximity,” for [$1,800](. In 2015, two South Africans, a businessman and a bank employee, [used a $2 million Israeli-made “Grabber”]( IMSI catcher to “manipulate and blackmail people in powerful positions and sway multibillion-rand state tenders.” And in the United States, “Interceptor use…is much higher than people had anticipated,” one defense tech insider [told]( Popular Science. “One of our customers took a road trip from Florida to North Carolina and he found eight different interceptors on that trip. We even found one at South Point Casino in Las Vegas. What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases. Whose interceptor is it? Who are they, that’s listening to calls around military bases? The point is: we don’t really know whose they are.” Department of jargon IMSI catchers are [also known as “dirtboxes,”]( a nickname for Boeing subsidiary [Digital Receiver Technology’s “DRT” devices.]( AP Photo/Richard Drew Pop QUIZ When was the first known instance of a StingRay being used by ICE in an immigration enforcement operation? 2004200120082017 Correct. Incorrect. If your inbox doesn’t support this quiz, find the solution at bottom of email. Reuters/Stefan Wermuth Brief history [1895:]( Harris Corporation is founded by Alfred S. Harris, to develop printing presses. [1963:]( Harris builds the secure hotline connecting Moscow and Washington during the Cold War. [1995:]( The FBI begins using StingRay-type technology, referred to in declassified documents as a “Cellular Telephone Digital Analyzer.” [2001:]( Trademark registration is filed for the “StingRay” name. [2005:]( Royal Canadian Mounted Police acquire their first “Mobile Device Identifier.” [2010:]( Hacker Kristin Paget demonstrates an IMSI catcher made at home for about $1,500 at the DEF CON Hacking Conference. [2013:]( An FBI manual called “cell tracking for dummies” is made public. [2015:]( Wired magazine names Harris Corporation as one of the world’s biggest threats to privacy. [2016:]( The IRS reveals [the use of IMSI catchers]( in criminal investigations. [2017:]( Associated Press finds evidence that cell site simulators are being used to send threatening text messages to Ukrainian soldiers fighting pro-Russian separatists. in the news Spy games in DC --------------------------------------------------------------- On March 26, the US Department of Homeland Security reported unauthorized StingRays operating in Washington, DC “[resulting in safety, economic, and privacy risks]( DHS concluded that “the use of IMSI catchers by foreign governments may threaten US national and economic security.” Experts have long known some dodgy business was going on, especially in a city like DC with hundreds of foreign embassies. In 2014, vendors of equipment that can detect StingRays found dozens of suspected devices near sensitive US government offices in DC: Every embassy “worth their salt” has a cell tower simulator installed, Aaron Turner, president of the mobile security consultancy Integricell, told the AP. They are used “to track interesting people that come toward their embassies.” Florida man surveilled --------------------------------------------------------------- In Florida, police have used StingRays to investigate crimes [as small as 9-1-1 hang-ups](. In court documents, they obfuscated use of the devices by citing information from a “confidential informant.” [Here’s a map]( compiled by the ACLU showing known use of IMSI catchers by police. Blue is for local cops, orange is for state cops, and grey is unknown. Take me down this 🐰 hole The whistleblower --------------------------------------------------------------- For a long time, the mere existence of StingRays was a closely guarded secret. Harris and other companies required police departments to sign non-disclosure agreements; if compelled, police would often drop their cases rather than reveal the source of their information. That all changed when a hacker named Daniel Rigmaiden was busted for wire fraud, despite being exceedingly careful to leave no digital trace of his crimes. While in prison, he dug through a stash of declassified FBI records, [he found the first mention of the StingRay](. Since then, awareness of the devices has been growing among defense lawyers, who have argued successfully that the warrantless use of StingRays violates the US Constitution’s provision against unreasonable searches. In 2014, Harris Corp. wrote a [letter]( to the FCC in response to a Freedom of Information Act request, arguing that if the company’s owner’s manuals were released publicly, “criminals and terrorist[s] would have access to information that would allow them to build countermeasures.” Two years later, a [confidential source]( slipped The Intercept [unredacted instruction manuals]( used by StingRay operators “as part of a larger cache believed to have originated with the Florida Department of Law Enforcement.” Two of them were marked with “distribution warnings” that the information was proprietary and “the release of this document and the information contained herein is prohibited to the fullest extent allowable by law.” AP Photo/Nam Y. Huh POLL Do you feel comfortable with the deployment of StingRay-type devices? [Click here to vote]( Yes, public safety is more important than personal privacyNo, nothing overrides the Fourth Amendment The fine print Today’s email was written by [Justin Rohrlich,]( edited by [Adam Pasick]( and produced by [Luiz Romero](. sound off ✏️ [What did you think of today’s email?](mailto:obsession%2Bfeedback@qz.com?cc=&subject=Thoughts%20about%20StingRays.%20&body=) 💡 [What should we obsess over next?](mailto:obsession%2Bideas@qz.com?cc=&subject=Obsess%20over%20this%20next.&body=) 🤔 [What are you obsessed with this week?](mailto:obsession%2Bprompt@qz.com?cc=&subject=%0ATell%20us%20all%20the%20details%20and%20include%20links%20while%20you%27re%20at%20it!%20%20&body=) 📬 [Forward this email to a friend](mailto:replace_with_friends_email@qz.com?cc=obsession%2Bforward@qz.com&subject=Here%E2%80%99s%20what%20you%20need%20to%20know%20about%20the%20devices%20that%20until%20recently%20were%20so%20secret%2C%20they%20didn%E2%80%99t%20officially%20exist.%20&body=Thought%20you%27d%20enjoy.%20%0A%0ARead%20it%20here%20http%3A%2F%2Fqz.com%2Femail%2Fquartz-obsession%2F1255791%2F%0ASign%20up%20for%20the%20newsletter%20at%20http%3A%2F%2Fqz.com%2Fquartz-obsession) The correct answer to the quiz is 2017. Enjoying the Quartz Obsession? [Send this link]( to a friend! If you click a link to an e-commerce site and make a purchase, we may receive a small cut of the revenue, which helps support our ambitious journalism. See [here]( for more information. Not enjoying it? No worries. [Click here]( to unsubscribe. Quartz | 675 Avenue of the Americas, 4th Fl | New York, NY 10011 | United States [Share this email](