It may not have the same dismal reputation as Facebook, but the StingRayâalso known as a cell-site simulator or IMSI catcherâis a pervasive surveillance technology that might be even scarier.
These portable devices masquerade as cellular towers, snaring all mobile phones in a given area. Popularized by Florida-based Harris Corporation, the StingRay has become a catch-all for IMSI catchers, like âXeroxâ or âKleenex.â The devices are used by law enforcement agenciesâand, itâs increasingly clear, other less scrupulous entitiesâto locate and even eavesdrop on private phone calls and data traffic.
âWith proper court authorization, utilization of StingRay-type devices have proven to be an extremely effective tool in assisting in and resolving kidnapping, extortion, fugitive, drug trafficking, and other investigations,â retired FBI Supervisory Special Agent Dennis Franks told Quartz.
But while the StingRay can be used for good by law enforcement, advocacy groups like the [Electronic Frontier Foundation say]( police using IMSI catchers cast too wide a net, scooping up data indiscriminately from innocent people. And earlier this month, the US Department of Homeland Security admitted that it has detected rogue StingRays in Washington, DC, presumably in use by foreign intelligence services. âEvery embassy âworth their saltâ has a cell tower simulator installed,â one security expert told the AP.
Hereâs what you need to know about the devices that until recently were so secret, they didnât officially exist.
ð¦ [Tweet this](
ð [View this email on the web](
[Quartz Obsession]
StingRays
April 19, 2018
Once stung, twice shy
---------------------------------------------------------------
It may not have the same dismal reputation as Facebook, but the StingRayâalso known as a cell-site simulator or IMSI catcherâis a pervasive surveillance technology that might be even scarier.
These portable devices masquerade as cellular towers, snaring all mobile phones in a given area. Popularized by Florida-based Harris Corporation, the StingRay has become a catch-all for IMSI catchers, like âXeroxâ or âKleenex.â The devices are used by law enforcement agenciesâand, itâs increasingly clear, other less scrupulous entitiesâto locate and even eavesdrop on private phone calls and data traffic.
âWith proper court authorization, utilization of StingRay-type devices have proven to be an extremely effective tool in assisting in and resolving kidnapping, extortion, fugitive, drug trafficking, and other investigations,â retired FBI Supervisory Special Agent Dennis Franks told Quartz.
But while the StingRay can be used for good by law enforcement, advocacy groups like the [Electronic Frontier Foundation say]( police using IMSI catchers cast too wide a net, scooping up data indiscriminately from innocent people. And earlier this month, the US Department of Homeland Security admitted that it has detected rogue StingRays in Washington, DC, presumably in use by foreign intelligence services. âEvery embassy âworth their saltâ has a cell tower simulator installed,â one security expert told the AP.
Hereâs what you need to know about the devices that until recently were so secret, they didnât officially exist.
ð¦ [Tweet this](
ð [View this email on the web](
QUOTABLE
âThere really isnât any place for innocent people to hide from a device such as this.â
â [Richard Tynan]( Privacy International
AP Photo/Nati Harnik
Million-dollar question
How do they work?
---------------------------------------------------------------
Mobile phones are designed to stay connected to a network at all times. This function is handled by a phoneâs âbaseband,â which communicates with nearby cell towers. When you move from cell to cell, the baseband switches you over to the next tower, always seeking the strongest signal.
When your phone connects to a cell tower, it authenticates its identity [using an IMSI]( which stands for International Mobile Subscriber Identityâa unique number linked to a userâs billing account. IMSI catchers subvert this system by blasting out a stronger-than-usual signal and pretending to be a regular cell tower.
Once connected to a StingRayâknown as a âman-in-the-middleâ attackâa smartphoneâs data can be exploited in various ways, such as forcing devices to use unencrypted 2G networks in order to intercept calls, messages, and other data. StingRays can also track a personâs movements by having their device check in more frequently than normal, essentially turning it into a location beacon, even if they donât make any calls. IMSIs have even been used to identify targets for drone assassinations.
BY THE DIGITS
[$1.3 billion]( Projected revenues for the âlawful interceptionâ market by 2019
[70:]( Number of US police agencies that owned StingRays in 2017, up from 42 in 2014.
[$68,479]( Cost of the original StingRay
[$157,000]( Cost of the StingRay âKingFishâ package
[$7]( Cost to make your own primitive IMSI catcher
[$93,065]( price of a fully-loaded 2019 Chevrolet Corvette Stingray
[$5.9 billion]( Revenue generated by Harris Corp. in 2017
[17,000]( Number of people employed by Harris
[20]( Rank of Harris among the top 100 federal contractors
[77]( Percentage of Americans with smartphones (2018)
Giphy
Fun fact!
Stingrays in the animal kingdom have one or more barbed stingers, fed by venom glands. Their stings are not usually fatal to humans, with the death of Australian nature host Steve Irwin as [a rare exception](.
DIY
How to buy an IMSI
---------------------------------------------------------------
There are strict rules governing the purchase of IMSI catchers. But itâs not hard to find someone willing to break them.
The Chinese e-commerce site Alibaba is full of IMSI catchers. A seller in Taiwan offers the German-made PKI 1640, which will âcatch all active UMTS [Universal Mobile Telecommunications System, or, 3G] mobile phones in your proximity,â for [$1,800](.
In 2015, two South Africans, a businessman and a bank employee, [used a $2 million Israeli-made âGrabberâ]( IMSI catcher to âmanipulate and blackmail people in powerful positions and sway multibillion-rand state tenders.â And in the United States, âInterceptor use…is much higher than people had anticipated,â one defense tech insider [told]( Popular Science.
âOne of our customers took a road trip from Florida to North Carolina and he found eight different interceptors on that trip. We even found one at South Point Casino in Las Vegas. What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases. Whose interceptor is it? Who are they, thatâs listening to calls around military bases? The point is: we donât really know whose they are.â
Department of jargon
IMSI catchers are [also known as âdirtboxes,â]( a nickname for Boeing subsidiary [Digital Receiver Technologyâs âDRTâ devices.](
AP Photo/Richard Drew
Pop QUIZ
When was the first known instance of a StingRay being used by ICE in an immigration enforcement operation?
2004200120082017
Correct.
Incorrect.
If your inbox doesnât support this quiz, find the solution at bottom of email.
Reuters/Stefan Wermuth
Brief history
[1895:]( Harris Corporation is founded by Alfred S. Harris, to develop printing presses.
[1963:]( Harris builds the secure hotline connecting Moscow and Washington during the Cold War.
[1995:]( The FBI begins using StingRay-type technology, referred to in declassified documents as a âCellular Telephone Digital Analyzer.â
[2001:]( Trademark registration is filed for the âStingRayâ name.
[2005:]( Royal Canadian Mounted Police acquire their first âMobile Device Identifier.â
[2010:]( Hacker Kristin Paget demonstrates an IMSI catcher made at home for about $1,500 at the DEF CON Hacking Conference.
[2013:]( An FBI manual called âcell tracking for dummiesâ is made public.
[2015:]( Wired magazine names Harris Corporation as one of the worldâs biggest threats to privacy.
[2016:]( The IRS reveals [the use of IMSI catchers]( in criminal investigations.
[2017:]( Associated Press finds evidence that cell site simulators are being used to send threatening text messages to Ukrainian soldiers fighting pro-Russian separatists.
in the news
Spy games in DC
---------------------------------------------------------------
On March 26, the US Department of Homeland Security reported unauthorized StingRays operating in Washington, DC â[resulting in safety, economic, and privacy risks]( DHS concluded that âthe use of IMSI catchers by foreign governments may threaten US national and economic security.â
Experts have long known some dodgy business was going on, especially in a city like DC with hundreds of foreign embassies. In 2014, vendors of equipment that can detect StingRays found dozens of suspected devices near sensitive US government offices in DC:
Every embassy âworth their saltâ has a cell tower simulator installed, Aaron Turner, president of the mobile security consultancy Integricell, told the AP. They are used âto track interesting people that come toward their embassies.â
Florida man surveilled
---------------------------------------------------------------
In Florida, police have used StingRays to investigate crimes [as small as 9-1-1 hang-ups](. In court documents, they obfuscated use of the devices by citing information from a âconfidential informant.â
[Hereâs a map]( compiled by the ACLU showing known use of IMSI catchers by police. Blue is for local cops, orange is for state cops, and grey is unknown.
Take me down this ð° hole
The whistleblower
---------------------------------------------------------------
For a long time, the mere existence of StingRays was a closely guarded secret. Harris and other companies required police departments to sign non-disclosure agreements; if compelled, police would often drop their cases rather than reveal the source of their information.
That all changed when a hacker named Daniel Rigmaiden was busted for wire fraud, despite being exceedingly careful to leave no digital trace of his crimes. While in prison, he dug through a stash of declassified FBI records, [he found the first mention of the StingRay](.
Since then, awareness of the devices has been growing among defense lawyers, who have argued successfully that the warrantless use of StingRays violates the US Constitutionâs provision against unreasonable searches.
In 2014, Harris Corp. wrote a [letter]( to the FCC in response to a Freedom of Information Act request, arguing that if the companyâs ownerâs manuals were released publicly, âcriminals and terrorist[s] would have access to information that would allow them to build countermeasures.â
Two years later, a [confidential source]( slipped The Intercept [unredacted instruction manuals]( used by StingRay operators âas part of a larger cache believed to have originated with the Florida Department of Law Enforcement.â Two of them were marked with âdistribution warningsâ that the information was proprietary and âthe release of this document and the information contained herein is prohibited to the fullest extent allowable by law.â
AP Photo/Nam Y. Huh
POLL
Do you feel comfortable with the deployment of StingRay-type devices?
[Click here to vote](
Yes, public safety is more important than personal privacyNo, nothing overrides the Fourth Amendment
The fine print
Todayâs email was written by [Justin Rohrlich,]( edited by [Adam Pasick]( and produced by [Luiz Romero](.
sound off
âï¸ [What did you think of today’s email?](mailto:obsession%2Bfeedback@qz.com?cc=&subject=Thoughts%20about%20StingRays.%20&body=)
ð¡ [What should we obsess over next?](mailto:obsession%2Bideas@qz.com?cc=&subject=Obsess%20over%20this%20next.&body=)
ð¤ [What are you obsessed with this week?](mailto:obsession%2Bprompt@qz.com?cc=&subject=%0ATell%20us%20all%20the%20details%20and%20include%20links%20while%20you%27re%20at%20it!%20%20&body=)
ð¬ [Forward this email to a friend](mailto:replace_with_friends_email@qz.com?cc=obsession%2Bforward@qz.com&subject=Here%E2%80%99s%20what%20you%20need%20to%20know%20about%20the%20devices%20that%20until%20recently%20were%20so%20secret%2C%20they%20didn%E2%80%99t%20officially%20exist.%20&body=Thought%20you%27d%20enjoy.%20%0A%0ARead%20it%20here%20http%3A%2F%2Fqz.com%2Femail%2Fquartz-obsession%2F1255791%2F%0ASign%20up%20for%20the%20newsletter%20at%20http%3A%2F%2Fqz.com%2Fquartz-obsession)
The correct answer to the quiz is 2017.
Enjoying the Quartz Obsession? [Send this link]( to a friend!
If you click a link to an e-commerce site and make a purchase, we may receive a small cut of the revenue, which helps support our ambitious journalism. See [here]( for more information.
Not enjoying it? No worries. [Click here]( to unsubscribe.
Quartz | 675 Avenue of the Americas, 4th Fl | New York, NY 10011 | United States
[Share this email](