Tag Archives: Stingray

Fake DC Cell Tower Story Has New Legs

Last week I wrote about the problem of fake cell towers in DC.

Well, the story has some interesting twists and turns.

First, the largest maker of these devices (at least as best we know) is Harris Corp., maker of the Stingray family.  Harris has been so closed mouthed about them that they have made the FBI drop cases against crooks instead of disclosing that these things even exist.

Well, the cat is out of the proverbial bag regarding the fact that there are probably gobs of these things on the loose, made by who knows whom – probably some are home brew – and they are listening in on – maybe Congress critters.

You have probably heard that there is nothing worse than a Congress critter scared that his or her cover is blown – whether it is a mistress or payoff or leak or whatever – and now susceptible to blackmail.  That’s why when you are getting approved for a security clearance, they want to  know about all of your skeletons.  Not because they care very much, but they don’t want to bad guys to use them against you.

It sounds like there may be Stingrays and Stingray-lookalikes all over the country, likely near sensitive facilities, and the FCC and DHS are playing stupid about it.

Why would they do that?


Who do you think is the largest (legal) user of Stingrays?  U.S. law enforcement and spies – and since they don’t want people to know anything about what they are doing, there are no records kept, so no one really knows if a Stingray belongs to the FBI or the KGB or whatever China”s version of those two are.

You can count on all of those having deployed some of them.

But, we don’t really know, actually.

Some of those Congress critters now want to skewer Ajit Pai, head of the FCC.  This could get entertaining, at a minimum.

Information for this post came from The Register.

So what can you do?  Unfortunately, not a huge amount, but there are some things,

Number one is don’t use your cell phone.

Well, not like that.

If you make calls from the data side of your phone, these devices cannot intercept the calls in the same way.

Say you make a call using Signal or Whatapp.  The call is just more data.  Even the number you are calling is just data.  And it is encrypted.  Can spies, given the right motivation, crack the crypto?  Probably, even likely.  Even if it means hacking into your phone.  But you would need to be a very specific target for that to be worthwhile.

Power off your phone when you are not using it.  Truly a pain, but they can’t pick up a signal if the phone is off.  If you want to be off the grid for some reason, you have to be off the grid.

If you are Edward Snowden, you put the phone in the oven (preferably OFF) or the freezer (Likely ON).  Both are sealed metal boxes that don’t transmit radio waves.

If you are paranoid, Amazon sells RF shielding pouches, the portable version of Snowden’s oven or freezer for as little as $6.99.  For an example of one, click here.

So, while there is likely some risk, unless you are at high risk for some other reason, I probably wouldn’t worry much about it.  But, if you are concerned or just want to ‘stick it to the man’, there are some things that you can do if you are willing to be a little inconvenienced.

For First Time Federal Judge Tosses Evidence Based On Stingray

A Federal judge in New York tossed evidence in a drug bust based on the use of a Stingray cell site simulator,  But the devil is in the details.  To be clear, this is not about getting a warrant to use a Stingray and catching a drug dealer.  This is about lying to or omitting key facts from a Federal judge when asking that judge to sign a warrant.

For those of you who read my blog, you know that I have written about Stingray cell site simulators several times.  Those devices Hoover up huge quantities of cell phone and text message traffic and then the agency that collected it is free to go through that data – not just to find that one bad guy, but also so go on a fishing expedition to see what else might be there.  And, they get to keep all that data for as long as they want.

So what happened in New York?

The Feds were looking for a possible drug deal that was going to move large quantities of drugs from South America.  As part of their investigation, they received a wiretap warrant to monitor traffic between two suspected drug traffickers.  Curiously, the traffic that they were going to monitor was done on Blackberrys.  Until recently, we thought that Blackberrys were secure.  Then we found out that Blackberry was secretly intercepting Blackberry traffic without the hassle of pesky warrants and handing that over to anyone who asked (law enforcement agencies only, we assume).

Then the DEA asked for a warrant to get location information for the phone.  What they told the judge was that they were going to ask the cell provider for that information.  So far, so good.

They did, in fact, get that information from the provider, but that only told them that the phone in question was in the area of Broadway and 177th Street in Manhattan.

So what did the DEA do?  They decided, on their own and absent a judge’s approval – which I can guarantee 99% would have been granted – to use a Stingray to get better location information.

Using the Stingray, they located the building and then the apartment where that phone was likely located.  The agents then knocked on the door and the suspect’s father let them in and consented to a search.

Ultimately, they found a kilo of coke and eight cell phones.  Certainly, not a massive amount of drugs, but also, just as certainly, not a personal use amount.

In the past, some courts have ruled that with any data that you give to a third party (such as Microsoft, Google or your cell phone carrier), you revoke your right to privacy because you gave that information to someone else.  In some cases, lawyers have used that third party theory to justify using a Stingray.

This judge, however, said, that Stingrays are different.  This is not data that you gave to anyone.  Since there is no third party involved (Like Google or Verizon), the third party doctrine does not apply.

The government has not said whether they will appeal the case or not.  Historically, the government has kept a pretty low profile on Stingray cases, even to the extent of dismissing charges rather than explain to a judge what a Stingray does, so it is unclear if they will open their kimono this time.

And this case is not even about drugs.  It is about following the law and not hiding from the courts and the public what, exactly, law enforcement officials are doing.

Curiously, the week after this guy was arrested, the Department of Justice changed their own rules and said, yes, we will ask for a warrant before we use a Stingray.  That decision doesn’t affect this case, however.

However this case ends and whatever happens to this drug dealer, this is another example of the changing rules on using Stingrays as judges begin to read the news and understand what they are, because, it seems, they are not getting that information from prosecutors.

Stay tuned for more details.

Information for this post came from Ars Technica.

Friday Shorts – Stingrays,

It’s Friday, so here is a collection of odds and ends –

  • Rep. Chaffetz (R-Utah) introduced a bill this week to require state and local law enforcement to follow the same rules the FBI started following recently.  As a result of the policy that the DoJ just released, DoJ agencies now have to get a warrant before deploying a Stingray cell phone interceptor.  The Stingray is kind of invasive – sweeping up all cell traffic, sometimes including text messages – within the radius of coverage.  Once the Stingray decides you are not it’s target, it will drop you – and maybe your call as well while collecting all of your traffic until it releases your phone.   The bill will also require law enforcement to stop being sleazy when going before a judge to get a warrant to use the Stingray – as reports have indicated they have been less than honest in the past.  In part, this is due to a desire by Harris, who makes the Stingray, to keep the system under the radar.  Of course, this bill still has to go through the legislative process, so who knows what or if anything will become law.
  • Mozilla released Firefox 42 this week.  Besides fixing a number of bugs, including some high severity ones, it adds a new privacy and anti-tracking feature.  The new feature, when the user invokes it, will actively block ads, analytics trackers and social media trackers that record the user’s behavior and report it to third parties.  It is adjustable on a site by site basis.
  • UK Home Secretary Theresa May confirmed that the UK government will seek to force all ISPs to store Internet access data for all users for a year.  While it won’t have to keep data at the page level, it will have to keep data at the site level.  Given things like TOR and VPNs, this is both invasive and meaningless as it will be easy to bypass.  While the bill does not ban end to end encryption as had been predicted, it does say that ISPs must take reasonable steps to provide data in response to warrants unencrypted – without defining reasonable.  It also codifys what GCHQ and other agencies have been doing for years – breaking in to user’s computers and phones – including ones in other countries like, say, the US.  The bill has been called the “Snooper’s Charter” by some.
  • Two of the largest employee background check firms have to pay consumers $10.5 million and pay the government a penalty of $2.5 million for selling inaccurate information about job applicants to employers.  The reports provide information such as criminal background records and information that is not legally allowed to be included in consumer reports.  Part of the problem is these firms run the checks based on first and last name and don’t have a method for resolving confusion between similar names.  Apparently 70% of the disputed criminal history complaints resulted in a change or correction – maybe after the people who’s criminal history was wrongly reported lost the job opportunity.
  • And finally, as Apple and the DoJ fight over unlocking an iPhone, the government is invoking the All Writs Act – a revolutionary war era law as the basis of their requiring Apple to unlock the phone.  The government is saying that since Apple doesn’t sell you the software, they are still the owner and therefore, the All Writs Act authorizes the court to issue All Writs necessary or appropriate to unlock it.  I am sure that the framers of the Constitution did not anticipate it being used to unlock an iPhone. In the past, courts have rubber stamped these requests to have manufacturers unlock phones.  This time Apple appears to have found a judge who is willing to question this.  If the judge sides with the government, then any software developer anywhere could be forced to help the government bypass encryption or help the government in other unspecified ways – for example, retrieving data created by any application.  Stay tuned.


Information on the Stingray bill came from Wired.

Information on the Firefox 42 came from SC Magazine.

Information on employee background check firms came from Credit.com.

Information on the All Writs Act came from JustSecurity.org.

Dirtboxes and Stingrays

I have written several items about cell site simulators or Stingrays.  Dirtboxes are stingray-like devices hung from an airplane that DoJ agencies use to capture tens of thousands of cell phones as they fly over hundreds of miles.

I said early on that it was going to be years before the crap hit the fan, but I later said I was wrong.  It is moving much faster.

Senator Grassley (R-IA) and Leahy (D-VT) have been spearheading the effort to get answers from the DoJ.  This post contains two items from Sen. Grassley’s web site about the questions the Senate is asking DoJ about their use of Dirtboxes and Stingrays.

Dec 31, 2014

WASHINGTON – Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) and Ranking Member Chuck Grassley (R-Iowa) pressed top Obama administration officials on the use of cell-site simulators, which can unknowingly sweep up the cell phone signals of innocent Americans.

Recent news reports have chronicled the use of such simulators by law enforcement, explaining that the simulators have the potential to capture data about the location of thousands of cell phones in their vicinity.  Leahy and Grassley previously pressed the FBI about the use of this technology.  In a joint letter sent last week to Attorney General Eric Holder and Secretary of Homeland Security Jeh Johnson, the Senators raised questions about exceptions to a new FBI policy to obtain a search warrant before using a cell-site simulator.  The Senators also asked about other agencies’ use of the technology.

“It remains unclear how other agencies within the Department of Justice and Department of Homeland Security make use of cell-site simulators and what policies are in place to govern their use of that technology,” Leahy and Grassley wrote.

Outlining privacy concerns for innocent individuals, the letter continues: “The Judiciary Committee needs a broader understanding of the full range of law enforcement agencies that use this technology, the policies in place to protect the privacy interests of those whose information might be collected using these devices, and the legal process that DOJ and DHS entities seek prior to using them.”

A signed copy of the December 23 letter to Attorney General Holder and Secretary Johnson is available Here.  Text of the letter can be found below.

December 23, 2014

The Honorable Eric H. Holder, Jr.                                          The Honorable Jeh Johnson
Attorney General                                                                    Secretary of Homeland Security
Department of Justice                                                             Department of Homeland Security
950 Pennsylvania Avenue, N.W.                                            Washington, D.C. 20528
Washington, D.C. 20530

Dear Attorney General Holder and Secretary Johnson:

In recent months, media reports have detailed the use of cell-site simulators (often referred to as “IMSI Catchers” or “Stingrays”) by federal, state and local law enforcement agencies.  Most recently a November 14, 2014, Wall Street Journal article (“Americans’ Cellphones Targeted in Secret U.S. Spy Program”) reported that the United States Marshals Service regularly deploys airborne cell-site simulators (referred to as “DRT boxes” or “dirtboxes”) from five metropolitan-area airports across the United States.  Like the more common Stingray devices, these “dirtboxes” mimic standard cell towers, forcing affected cell phones to reveal their approximate location and registration information.  The Wall Street Journal article reports that “dirtboxes” are capable of gathering data from tens of thousands of cellphones in a single flight.

We wrote to FBI Director Comey in June seeking information about law enforcement use of cell-site simulators.  Since then, our staff members have participated in two briefings with FBI officials, and at the most recent session they learned that the FBI recently changed its policy with respect to the type of legal process that it typically seeks before employing this type of technology.  According to this new policy, the FBI now obtains a search warrant before deploying a cell-site simulator, although the policy contains a number of potentially broad exceptions and we continue to have questions about how it is being implemented in practice.  Furthermore, it remains unclear how other agencies within the Department of Justice and Department of Homeland Security make use of cell-site simulators and what policies are in place to govern their use of that technology.

The Judiciary Committee needs a broader understanding of the full range of law enforcement agencies that use this technology, the policies in place to protect the privacy interests of those whose information might be collected using these devices, and the legal process that DOJ and DHS entities seek prior to using them.

For example, we understand that the FBI’s new policy requires FBI agents to obtain a search warrant whenever a cell-site simulator is used as part of a FBI investigation or operation, unless one of several exceptions apply, including (among others): (1) cases that pose an imminent danger to public safety, (2) cases that involve a fugitive, or (3) cases in which the technology is used in public places or other locations at which the FBI deems there is no reasonable expectation of privacy.

We have concerns about the scope of the exceptions.  Specifically, we are concerned about whether the FBI and other law enforcement agencies have adequately considered the privacy interests of other individuals who are not the targets of the interception, but whose information is nevertheless being collected when these devices are being used.  We understand that the FBI believes that it can address these interests by maintaining that information for a short period of time and purging the information after it has been collected.  But there is a question as to whether this sufficiently safeguards privacy interests.

Accordingly, please provide written responses to these questions by January 30, 2015:

1.    Since the effective date of the FBI’s new policy:
a.    How many times has the FBI used a cell-site simulator?
b.    In how many of these instances was the use of the cell-site simulator authorized by a search warrant?
c.    In how many of these instances was the use of the cell-site simulator authorized by some other form of legal process?  Please identify the legal process used.
d.    In how many of these instances was the cell-site simulator used without any legal process?
e.    How many times has each of the exceptions to the search warrant policy, including those listed above, been used by the FBI?

2.    From January 1, 2010, to the effective date of the FBI’s new policy:
a.    How many times did the FBI use a cell-site simulator?
b.    In how many of these instances was the use of a cell-site simulator authorized by a search warrant?
c.    In how many of these instances was the use of the cell-site simulator authorized by some other form of legal process?  Please identify the legal process used.
d.    In how many of these instances was the cell-site simulator used without any legal process?
e.    In how many of the instances referenced in Question 2(d) did the FBI use a cell-site simulator in a public place or other location in which the FBI deemed there is no reasonable expectation of privacy?

3.    What is the FBI’s current policy on the retention and destruction of the information collected by cell-site simulators in all cases?  How is that policy enforced?

4.    What other DOJ and DHS agencies use cell-site simulators?

5.    What is the policy of these agencies regarding the legal process needed for use of cell-site simulators?
a.    Are these agencies seeking search warrants specific to the use of cell-site simulators?
b.    If not, what legal authorities are they using?
c.    Do these agencies make use of public place or other exceptions?  If so, in what proportion of all instances in which the technology is used are exceptions relied upon?
d.    What are these agencies’ policies on the retention and destruction of the information that is collected by cell-site simulators?  How are those policies enforced?

6.    What is the Department of Justice’s guidance to United States Attorneys’ Offices regarding the legal process required for the use of cell-site simulators?

7.    Across all DOJ and DHS entities, what protections exist to safeguard the privacy interests of individuals who are not the targets of interception, but whose information is nevertheless being collected by cell-site simulators?

Please number your written responses according to their corresponding questions.  In addition, please arrange for knowledgeable DOJ and DHS officials to provide a briefing to Judiciary Committee staff about these issues following the provision of these written responses, but no later than February 6, 2015


Mar 23, 2015

WASHINGTON – ‎Senators Chuck Grassley of Iowa and Patrick Leahy of Vermont, Chairman and Ranking Member of the Senate Judiciary Committee, questioned the Justice Department about reports that federal law enforcement agencies have deployed cell phone tracking technology on behalf of  federal intelligence agencies. In a letter to Attorney General Eric Holder and Acting Deputy Attorney General Sally Yates, the senators ask whether law enforcement’s use of technology capable of scanning data from thousands of cell phones is part of a domestic test operation on behalf of the intelligence community.  The letter follows a media report detailing cooperation between the Central Intelligence Agency and the U.S. Marshals Service to domestically test surveillance technology.

Grassley and Leahy raised concerns about the legal and privacy implications of this technology in a letter last year to Attorney General Eric Holder and Homeland Security Secretary Jeh Johnson.  The senators have not yet received a written response from the Justice Department, as requested in that letter.

The devices mimic cell phone towers to connect with and collect identifying information from cell phones in the area. While reports have indicated that the technology has been deployed for domestic law enforcement purposes, it remains unclear what legal authority and privacy protections are in place for their use.

A signed copy of the letter is available here.  Text of the letter is below.

March 18, 2015


The Honorable Eric H. Holder Jr.
Attorney General
U.S. Department of Justice
The Honorable Sally Quillian Yates
Acting Deputy Attorney General
U.S. Department of Justice

Dear Attorney General Holder and Acting Deputy Attorney General Yates:

In June and December, we wrote to the Department of Justice (DOJ) and other agencies raising questions about the use of cell-site simulators.  Often referred to as “IMSI Catchers,” “dirtboxes,” or “Stingrays,” these devices mimic standard cell towers and force affected cell phones to reveal their approximate location and identifying serial number.  Although we understand that some versions of these devices can intercept and collect the content of communications, the Federal Bureau of Investigation (“FBI”) and the United States Marshals Service (“USMS”) both maintain that they do not use the devices in this way.  These agencies have also reported that they purge any data collected from non-targeted telephones once an investigation is complete.

Last week, the Wall Street Journal reported that the USMS field-tested various versions of this technology in the United States from 2004 to 2008 on behalf of the Central Intelligence Agency (“CIA”).  If this report is true, such practices raise additional concerns.  In December, we asked about the full range of DOJ entities that use this technology, the policies in place to protect the privacy interests of third parties whose information might be collected by these devices, and the legal process that is sought prior to their deployment, including the information provided to courts that may authorize their use.  DOJ’s failure to answer these questions has heightened our concerns.

Accordingly, please provide written responses to each of the following by March 27, 2015:

1.    Does DOJ policy ever permit the use of cell-site simulators to capture the content of communications domestically?  If so, under what circumstances is this permitted?

2.    Has DOJ or any DOJ entity tested cell-site simulators or other surveillance technology on behalf of the intelligence community, by employing the devices in the course of domestic law enforcement operations?    If so, when, to what extent, and under what legal authority?

3.    What, if any, DOJ policy governs the testing and deployment of new surveillance technology?

4.    Please provide written responses to Questions 1 through 7 of our December 23, 2014 letter, as requested in that letter.

Should you have any questions, please contact Jay Lim at (202) 224-5225 or Lara Flint at (202) 224-7703.  Thank you for your cooperation in this important matter.



Charles E. Grassley
Patrick Leahy
Ranking Member


More Stingray cell site simulator stories

Ars Technica reported about yet another case where prosecutors dropped charges against 4 suspects who robbed 7 people, including one who needed 18 stitches, rather than disclose information about the use of a Harris Stingray.

Or at least that’s what we think.  The cops told the press that is was not related to “technology” (preferring not to admit that Stingrays exist), but they did not say what magic event occurred on the eve of a police officer being deposed about Stingray use in the case to cause them to drop the case.

The D.A. also did not tell the victims, who were not too happy, why they dropped the case, other than to say legal issues had developed.

A copy of an unredacted Harris NDA has surfaced here, which includes language that says that prosecutors will drop charges rather than talk about the Stingray.

In St. Louis, search warrants do not say they are using a cell site simulator but rather say this:

“Twenty-four hour a day assistance to include switch based solutions including precision location pursuant to probable cause based information queries and all reasonable assistance to permit the aforementioned Agencies to triangulate target location, including but not limited to terminating interfering service on the target telephone.”

I am not sure I understand that.

It’s all very interesting.  Likely not illegal.  But interesting.

The article also pointed out that this is an example of why businesses are leery of the new information sharing laws that have been making their way in Congress (there are a half dozen floating around this year alone).  Businesses think that the government will be happy to TAKE your information but less likely to give anything in return.

Stingray Tracking Devices – Who’s Got Them

The ACLU put together an interesting web page (see here).  By surfing the web, they have put together a map with information – as best they have at the moment – of what states are using Stingrays to track citizens and what states are not. I say citizens and not crooks because a Stingray will collect data on every cell phone in say a 1 or 2 square mile area, as long as their cell phone is on.  What we don’t know is the specifics of that.  For example, does it just collect data for one carrier at a time or any phone, any carrier?



The map is interactive – if you click on a state, it will give you links to web pages with articles about some agency’s use of Stingrays.

In addition to listing what state agencies are using Stingrays, the web page also links to federal agencies (such as the FBI, DEA and Secret Service, among others) that have solicitations for procuring Stingray devices.

I think the cat is out of the bag.  I am sure that there is some crook somewhere that does not know about the use of cell phone trackers, AKA Stingray, but certainly every big time crook is aware of it.  And I think most citizens also understand that a cell phone is a homing beacon for them and the only way to stop that is to remove the battery (yes, turning it off doesn’t work – the baseband radio may still be on.  Sorry iPhone users).

Amazon has a couple of dozen different Faraday bags to stick your phone and other electronic goodies in to contain the radio waves and shield it from EMPs (electro magnetic pulses).  I guess it is a big business.

It would be nice if department and agencies would explain how they use them and how they manage the data that they capture for citizens who are not suspected of any wrong doing.