US Govt. Uses Fake Cell Towers, Flown on Airplanes, to Harvest Phone Data

from extremetech.com: Proving yet again that the US
government can show a surprising soupçon of tenacity when it comes to
gross invasion of privacy while occasionally catching a terrorist, a new
report claims that, since 2007, the US Marshals Service has been
criss-crossing the country with small airplanes equipped with fake cell
towers.
These small aircraft (fixed-wing Cessnas) intercept
communications between your mobile phone and the carrier’s legitimate
cell tower, allowing the US Marshals to find and triangulate the exact
location of a target. Obviously, the primary target of the system is
criminals — but the report says a lot of “innocent Americans” are also
being tagged by the program.

News of this US Marshals program comes from the Wall Street Journal.
According to “people familiar with the operations,” the US Marshals
Service has been flying fake cell towers out of “at least five
metropolitan-area airports, with a flying range covering most of the
U.S. population.” The program has reportedly been in operation since
2007.
There’s no word on how many suspects/fugitives were actually
caught using this system, but with a reported accuracy of 10 feet (3
meters) — enough to pick out a specific room in a building — it’s
probably quite effective.

The core piece of technology
behind the program is a signals intelligence (sigint) box made by
Digital Receiver Technology (which is now a subsidiary of Boeing). When
the box (known as a DRTBOX or dirtbox)
is nearby, it intercepts the registration signals that are broadcast by
mobile devices as they look for a carrier’s cell tower. In hacking
terms, it’s essentially a man-in-the-middle attack.
From these intercepted signals, the dirtbox can sift through the IMSI
(unique ID) of every cellphone in the area — and with multiple passes of
the plane, triangulate the precise location of each IMSI.
Essentially,
the US Marshals program is very similar to the Stingray devices that police use — but flying around is far
more efficient than sticking an IMSI catcher in the back of a van. It’s
also very hard to triangulate a precise location with a Stingray, while
it’s relatively easy with a dirtbox-equipped Cessna.

The purpose of the program, as
you’ve probably worked out, is to avoid having to ask carriers like
Verizon and AT&T for information — a process that US law enforcement
considers “slow and inaccurate.”
Whether the program is actually legal
or not, I have no idea. Presumably it’s on fairly solid ground if the
Marshals have a warrant for the suspect’s arrest — but obviously, a lot
of data is being collected about innocent people, too. Much like the NSA programs revealed by Edward Snowden,
wide-scale IMSI catching by the US Marshals isn’t intrinsically bad —
but because this is a secretive government program, we have absolutely
no assurances that the right safeguards and appropriate oversight are in
place to prevent abuse.


It will also be interesting to see how
Verizon, AT&T, Sprint, and other US carriers react to this news.
These dirtboxes actively intercept signals from a specific carrier — if
the Marshals are looking for an AT&T customer, the dirtbox will
switch into “AT&T mode,” replicating the frequencies and protocols
used by AT&T cellphones. There’s a possibility that the carriers
signed off on this particularly pernicious piece of governmental
snooping, but I doubt it. More likely, I think the carriers will be
angry that the US government is degrading their wireless services.

Source: Extreme Tech