Schneier: On Electronic Surveillance And Insecure Network Infrastructure

H/t to PHS for this article.

Leave those electronics at home.

Just that simple.

20 responses to “Schneier: On Electronic Surveillance And Insecure Network Infrastructure

  1. Virgil Kane

    Maybe it’s not as good as we fear. The Cleveland killer had at least 2 cell phones and they couldn’t find him…or maybe they don’t want to tip their hand.

  2. Wouldn'tYaKnow

    Well they are looking for a “dark white male” according to the leading propaganda media outlets so they probably just let the homicidal black guy through the roadblock. Go figure.

  3. Easy to hide with an RF shielding pouch or burner phones.
    Also, the cops who use these totalitarian tools aren’t usually expert-level technicians (even though they think they’re hackers) and they make mistakes more than you think. If it’s used by a pig, it’s going to have exploits and vulnerabilities. Not hard to capitalize on low IQ badged swine.


      Sam: The low IQ badge-carrying swine will still manage to find their acorn, when the acorns have even lower IQs. When I lived in the Peoples Democratic Socialist Republic of Oregon, the local ORCS always managed to show up at the high-schoolers parties because those texting, mouth-breathing Mall Zombies would communicate their plans on their Smartphones.
      The cops denied having the technology. The Zombies could not figure it out and did not, while I lived there, go low tech to outsmart them. One of the first things I did as a sub at the high school was educate these fools about Stingray.

    • S

      If the burner calls anything other than another burner, they can begin mapping. If the burner is used in proximity to your reg phone, they can begin mapping. If the recipient burner is used in proximity to its’ operators reg phone … they can begin mapping.

      Even with strict discipline, every emitter has a totally unique fingerprint, and if it ‘pipes up’ often enough, they can begin mapping its’ contact with other unique emitters.

      What’s not mentioned in this article is the SRays ability to operate a phones camera / vid and voice recorder functions … without any indication on the phone display that this is happening, and then send it to a remote user … and do so without any evidence in memory or trans-logs that this occurred.

      The article is discussing OLD – TECH. Current tech enables the hacked phone to give the same commands to any other phone it contacts … even when the original SRay is not around


      • “What’s not mentioned in this article is the SRays ability to operate a phones camera / vid and voice recorder functions … without any indication on the phone display that this is happening, and then send it to a remote user … and do so without any evidence in memory or trans-logs that this occurred.”

        Nothing unique about that as a Stingray function. I can do that to an Android phone using Metasploit. Tutorial here —

        If the docs for Stingray ever find their way out into the wild I think we will find that half of the functionality is Open Source tooling.

        • thanks Doc …. what’s a rational / do-able measure against Metasploit ?

          thanks in advance for your guidance

          • Surprisingly, some of the same techniques you would use on the desktop. Apply a firewall of your choice as a first line of defense. Check out google play, there several available. But that only protects the OS on the phone.

            For transmission, encrypt your cellular traffic. There are apps to secure both voice and messaging. — I tried CellCrypt for a project a while back. OK app. Not an endorsement, just that I used it for a trial. YMMV. Pick what best suits your circumstances. Downside is the receiver in most cases has to have a similar setup and the public/private shared keys between you beforehand.

            Eventually some cell phone maker will —
            1) Put a physical switch on their phones to drop power to the mic and cams.
            2) Will become a PKI enabled crypto key supplier to all users of their phone sets. Why someone has not thought of this already is baffling. Its a marketing gurus wet dream as far as market lock-in! 🙂

    • Where'sWaldo?

      Two things.
      1. A RF Proof Faraday bag is not 100% protection. If the phone has already been compromised it can and will record audio and video while in the bag for transmission to authorities when it regains a signal. A foam filled hard case like a Hardigg case would stop that.

      2. Just because you shut off your phone does not mean that it can’t still be used against you. Hint: it’s not really off it’s just playing possum in low power mode or appearing to be. If they want you badly enough there are ways to track and identify you even when you remove the phones primary battery. That technology has been around for a looooong time and works basically the same way a passive RFID tag works. They emit a signal on a specific frequency and it induces a current in your dead phone that transmits a tiny but detectable signal that can be fingerprinted and tracked.

  4. It is worth noting that any PD/LEO organization that possesses a Stingray is required to sign a NDA for everything including the documentation. In a case in Sarasota Fla the feds requested a local DA to withdraw charges as the Stingray device was going to be central to the defendants defense. The only conclusion I can draw from that is, for the Stingray to operate it must do so in a mode that opens the device to hack or other counter measures while reading the streams.

  5. Sounds like there’s a real market for inexpensive “dumb” burner phones that do nothing more than make and receive calls.

  6. @Ohio Guy

    Hmmm… interesting. How does S-Ray circumvent file permissions and the ability to start processes for all the type of phones and mobile devices out there?

    • A/M .. check above with drdog and Waldo … they appear to be info-laden

      just seen one in action, in a room full of ‘off-ed” phones, taking realtime vid

    • mice,
      There are only three OSs on most phones. Android, IOS and some Linux derived stuff (small potatoes). The breadth that an attacker needs to know is pretty small.

      Android is a custom kernel of Unix/Linux. Overall layout explained here — Most attacks for Unix like devices take two approaches:
      1) Existing account takeover by various techniques (guess, brute force, etc) then an attempt at promotion to get higher level privileges. In some cases the last step may not even be necessary if an app is a user space implementation.
      2) Install a root kit exploit to get full control.

      But to tell you the truth, Stingray I don’t think even needs that level of detail. Its just copying the data transmissions in real time then forwarding them on. I also assume it has the capability to do a man in the middle and replay attacks in real time.

      Two useful YT vids —

  7. @OhioGuy – Well color me stupid. Thanks.

  8. Another Dorner incident, this time in Cleveland. This was a 5 state lock down, Ohio, Michigan, Pennsylvania, New York and Indiana. With all the guv’s surveillance, with camera’s on every traffic light, with Stephens constantly using his phone, and driving a 2016 car, which by Obamas law, had trackable GPS, it was 4chan/pol that pinged the bad man in Erie. I read that two nights ago on 4chan. Why did it take the guv two days to find him. You have to wonder if the guvment is really this stupid. Is all this surveillance really there to protect us? Or is it simply an extortion tool of the deep state.
    PS……..since it was 4chan/pol that found the guy TWO FUCKING DAYS AGO in Erie, are they gonna get the 50 grand reward?

  9. A phone is off, only when its battery is removed, and it’s shielded from any outside signal. Think ammo can. Maybe even worth lining with lead.
    And definitionally, anything you use everyday has compromised you from the get-go, while a burner phone is only as good as your own self-discipline.

    To beat the technology, you have to completely avoid it in the first place.
    You can’t hack dead tree printed messages, or face-to-face convos, without an actual body wire on one of the parties, or eyes on the document(s) in question.

    Meatspace, baby.

    It’s also pretty tough to crack brevity codes bereft of any outside references.
    But that only denies the content; the sender and receiver are network-linked, which is all the intel we’ve needed to drop a Hellfire on any number of AQ operatives for going on 15 years.

    Put the damned things down, and leave your human electronic leashes and pet ID collars at home. That’s true of smartphones, tablets, laptops, and smart TVs.

    Orwell was prescient: Big Brother IS Watching.

  10. Don’t carry a cell phone or other “chipped” device and you CAN NOT be “day to day” tracked. 99% of the “security state” depends on your willing participation and ignorance. ANYTHING with a “chip” IS being tracked and monitored. If you really want to go “off grid” use cash (ditch the plastic) and avoid town as much as possible. If you get pissed by the cameras just remember that the only thing it takes to “knock them out” is a paint ball or bullet to the lese cover. You don’t even need penetration. Just “F” it up to the point where it must be cleaned or replaced. They can’t see you through shattered glass or paint smeared polycarbonate, and it takes many people and MUCH money to “fix” what can be done in one night. All you have to do to be free is stop being a slave. Just remember that defying the secret police is a death penalty offense to be carried out by SWAT in your own living room. So if you plan to EVER do anything other than talk shit on the internet you had better be ready to put you “Lives fortunes and sacred honor” on the line. You will be doing exactly that.