he Anaheim Police Department of California — Home of Disneyland — admitted that they used special Cell Phone surveillance technology, known as DirtBox, mounted on aircraft to track millions of mobile users activities.
More than 400 pages of new documents [PDF] published Wednesday revealed that Local Police and federal authorities are using, DRTBox, an advanced version of Dirtbox developed by Digital Receiver Technology (Boeing Company subsidiary).
DRTBox — Spies in the Sky
DRTBox is a military surveillance technology that has capabilities of both Stingray as well as Dirtbox, allowing the police to track, intercept thousands of cellphone calls and quietly eavesdrop on conversations, emails, and text messages.
[the_ad id="405"]
According to the report, DRTBox model is also capable of simultaneously breaking the encryption hundreds of cellphone communications at once, helping Anaheim Police Department track criminals while recording innocent citizens' information.
"This cell phone spying program – which potentially affects the privacy of everyone from Orange County’s 3 million residents to the 16 million people who visit Disneyland every year – shows the dangers of allowing law enforcement to secretly acquire surveillance technology," said Matt Cagle, technology and civil liberties policy attorney for ACLU-NC.
Besides Dirtbox, the police also purchased multiple Stingray devices, including one that can monitor LTE (Long Term Evolution) networks.
How does DRTBox Work?
DRTBox is capable of retrieving data from tens of thousands of mobile phones during a single flight in order to target criminals and suspects. However, the data on a vast number of innocent people are also being collected.
[the_ad id="405"]
Generally, DRTBox works by masquerading as a cell phone tower. All the mobile phones, within the range that automatically connect to the strongest and nearest cell tower, respond to this signal and trick victims into connecting to it.
DRTBox also collects Hardware Numbers (registration information and identity data) associated with the phone – uniquely identifying IMEI numbers stored in every mobile device.
DRTBox surveillance device runs a Man In the Middle (MITM) attack that could not be detected by the users easily and thus, allows Police to track and catch criminals like drug-traffickers.
As it targets all nearby cellular devices, so Law Enforcements are able to get information from hundreds of devices concurrently.
How does DRTbox Crack Carrier-based Encryption?
Wireless Carriers are using various Encryption technologies to protect the privacy of cellphone communications, which is built into modern GSM 2G, 3G, 4G and LTE networks.
Since GSM is nearly 30 years old and deprecated over the time because of lack of tower authentication, bad key derivation algorithms and terrible encryption algorithms, it is easily crackable.
However, 3G, 4G and LTE networks use strong encryption to encrypt all communication between the handset and the local tower.
If you are using 3G/4G SIM, then you must be aware, in the case of network unavailability, your 3G/4G connections automatically drop down (failover or fallback) to GSM connection.
It seems that DRTbox exploits this fallback feature to implement a rollback attack -- jamming 3G/4G connection and thus re-activating all of the GSM attacks to crack encryption easily in order to intercept calls and other data that would have been harder to break, particularly in bulk.
The government can then figure out who, when and to where a target is calling from, the precise location of every device within the range and even capture the content of your communication.
In this way, the federal agencies and local police can safely engage in passive, bulk surveillance without having original decryption keys and without leaving any trace whatsoever.
Warrantless Surveillance
Last year, the Department of Justice that oversees the FBI as well as the Department of Homeland Security announced a policy that required the Federal Investigation of Bureau and other federal authorities to obtain a court authorization or warrant before deploying these tracking devices.
Moreover, some individual states, including California, also passed a law that requires a warrant for the use of Stingrays and similar tracking devices.
Still, these spying devices continue to be used without the knowledge of citizens.
According to the documents, the police force lent its technology to police departments all over Orange County, thus, it impacted not only local residents but also 3 Million people live in Orange County and 16 Million people visiting Disneyland every year.
[the_ad id="393"]
0 comments:
Post a Comment