aacj winter seminar january 8 9 2015 stingray talk by
play

AACJ Winter Seminar January 8-9, 2015 Stingray Talk by Daniel - PowerPoint PPT Presentation

AACJ Winter Seminar January 8-9, 2015 Stingray Talk by Daniel Rigmaiden Email: ddrigmaiden@freedomdujour.com | Twitter: @ddrigmaiden I. Background [Who am I and why does my opinion matter?] A. I was indicted in 2008 by the federal government


  1. AACJ Winter Seminar January 8-9, 2015 Stingray Talk by Daniel Rigmaiden Email: ddrigmaiden@freedomdujour.com | Twitter: @ddrigmaiden I. Background [Who am I and why does my opinion matter?] A. I was indicted in 2008 by the federal government for filing fraudulent tax returns. B. To bring me to justice, the FBI used a vehicle-portable StingRay and man-portable KingFish (both generically, "the Stingray") to locate my Verizon Wireless aircard. 1

  2. C. While in custody, I represented myself and developed strategies to expose the FBI's use of the Stingray and challenge the court order purportedly relied upon for its use. D. From August of 2008 to August of 2013, I lived and breathed Stingray technology and Fourth Amendment law applied to use of the Stingray. E. I was highly motivated to figure out “all things Stingray.” 2

  3. F. “Although Defendant is representing himself... The Court has not seen better work product from criminal defense attorneys.” United States v. Rigmaiden, 844 F.Supp.2d 982, 992 (D.Ariz, 2012). 3

  4. F. “Although Defendant is representing himself... The Court has not seen better work product from criminal defense attorneys.” United States v. Rigmaiden, 844 F.Supp.2d 982, 992 (D.Ariz, 2012). 1. I have never been to law school. 4

  5. F. “Although Defendant is representing himself... The Court has not seen better work product from criminal defense attorneys.” United States v. Rigmaiden, 844 F.Supp.2d 982, 992 (D.Ariz, 2012). 1. I have never been to law school. 2. I am not a lawyer. 5

  6. F. “Although Defendant is representing himself... The Court has not seen better work product from criminal defense attorneys.” United States v. Rigmaiden, 844 F.Supp.2d 982, 992 (D.Ariz, 2012). 1. I have never been to law school. 2. I am not a lawyer. 3. This presentation is not legal advice. 6

  7. F. “Although Defendant is representing himself... The Court has not seen better work product from criminal defense attorneys.” United States v. Rigmaiden, 844 F.Supp.2d 982, 992 (D.Ariz, 2012). 1. I have never been to law school. 2. I am not a lawyer. 3. This presentation is not legal advice. 4. Take everything with a grain of salt. Photo Credit: MTSOfan 7

  8. What Have You Done Since Representing Yourself? ● Interned at the American Civil Liberties Union of Northern California under Linda Lye, Senior Staff Attorney. ● Paralegal work for Philip Seplow, Attorney at Law, in Phoenix, AZ. ● Assist both television and print journalists in their news stories on cell phone tracking technology. ● Write articles about surveillance, etc. at: www.FreedomDuJour.com 8

  9. II. Brief overview of how cell phones operate. A. Cell phones are sophisticated radio communications devices. Photo Credit: Marko Vallius (remix: Daniel Rigmaiden) 9

  10. B. Cell phones receive service via radio waves sent to/from base stations (colloquially “cell tower antennas” or “cell sites”) used by Verizon, AT&T, T-Mobile, etc. $249.99 Verizon Femtocell “The Network Extender works like a miniature cell phone tower in your home providing enhanced coverage for up to a 5,000 square foot area.” Photo Credit: ajmexico Photo Credit: Daniel Spiess 10

  11. C. An active cell tower transmits signals to inform all cellular devices within range: 1. that it is providing cellular service under a specific communication protocol (e.g., GSM, CDMA, UMTS, LTE, etc.); 2. which wireless carrier (e.g., Verizon, AT&T, T-Mobile, etc.) is providing service via the cell tower; and 3. a whole lot of other information relating to the cell tower and network (e.g., LAC, MCC, CID, Neighbor Cells, etc.). 11

  12. D. A cell phone scans the airwaves to: 1. locate cell towers providing service under a compatible communication protocol (e.g., GSM, CDMA, UMTS, LTE, etc.); 2. locate cell towers “belonging” to the wireless carrier that services the cell phone (e.g., Verizon, AT&T, T-Mobile); 3. locate the compatible cell tower providing the strongest signal. E. A cell phone will establish a connection (e.g., “register”) with the compatible cell tower providing the strongest signal. 12

  13. F. During the connection process, the cell tower will require the cell phone to provide its identifying data in the form of serial numbers (e.g., IMSI, ESN, and MEID). 1. The cell phone's identifying data is used by the wireless carrier to link the subscriber account to the cell phone, and determine whether the phone is authorized to access service. G. Important: Cell towers are capable of instructing cell phones to transmit at a specific power (i.e., signal strength). 13

  14. H. Once a cell phone is connected to a cell tower, it will continue to scan the airwaves to find other compatible cell towers providing stronger signals. I. A cell phone will disconnect from its current cell tower and connect to a different compatible cell tower if it is providing a stronger signal. To challenge the Stingray, I(A)-(I) is all you need to know about how cell phones operate. 14

  15. III.Stingray / Cell Site Simulator / Cell Site Emulator / IMSI-Catcher / Over-the-Air device / Duplication of Facilities. A. Operated by law enforcement typically without the knowledge or direct involvement of legitimate wireless carriers. B. What does the equipment do? 1. Performs the same functionality of a cell tower. 15

  16. 2. Broadcasts a cellular network wholly operated by law enforcement (i.e., does not communicate on the air interface with Verizon, AT&T, T-Mobile, etc.). 3. Spoofs identifying data used by a legitimate wireless carriers (i.e., pretends to be Verizon, AT&T, T-Mobile, etc.). 4. Broadcasts a “strong” signal which forces all compatible cellular devices within range to connect (aka “register”) to the equipment (limited to signal coverage area). 16

  17. III(B)(4) REFERENCE : Chen, Xi; Zhou, Kan; and Song, Yubo. Fake BTS Attacks of GSM System on Software Radio Platform . Journal of Networks, VOL. 7, NO. 2, p. 275- 281 (Feb. 2012). 17

  18. 5. Conducts surveillance on the connected cellular devices including: a. device/user Identification; b. location tracking; c. denial of service (both deliberate and incidental); and d. interception of communications (not covered in this presentation). Specific Stingray functionality will be further explained in parallel with legal arguments. 18

  19. C. Who manufactures the equipment used by U.S. law enforcement? 1. Harris Corporation. 2. Digital Receiver Technology, Inc. 3. KeyW Corporation. 4. Possibly others? 19

  20. D. What does the equipment consist of? 1. Covert Base Transceiver Stations. Harris WPG KingFish Harris WPG StingRay II Harris WPG StingRay DRT, Inc. 1183C Harris WPG Triggerfish 20

  21. 2. Direction finding antennas. Harris AmberJack Vehicle Mounted Direction Finding Antenna DRT, Inc. DF520 Direction Finding Antenna DRT, Inc. DF280B Direction Finding Antenna System 21

  22. 3. Laptop and handheld controllers. Handheld computer Laptop computer Photo Credit: Wilson Hui (remix: Daniel Rigmaiden) 22

  23. 4. Geolocation / interception software. DRT, Inc. Geolocation Software 23

  24. 5. Other equipment to tie everything together: additional antennas, amplifiers, cables, power supplies, etc. 24

  25. In basic terms... + = + 25

  26. E. How does law enforcement deploy the equipment? 1. Road vehicle mounted. 2. Aerial vehicle mounted. 3. Carried on foot. 26

  27. IV.Determining whether a Stingray was used to identify and locate a defendant. A. Read Linda Lye's STINGRAYS : The Most Common Surveillance Tool the Government Won't Tell You About (tutorial for criminal defense attorneys explaining how to assess whether a Stingray was used). 27

  28. B. Additional tips on how to determine if a Stingray was used. 1. Use a “fine toothed comb” to go through all pen register / trap and trace orders, stored data orders (e.g., Stored Communications Act), and “tracking device” orders and warrants for Stingray synonyms: a. over-the-air device; b. tracking device (if for targeting a cell phone); and c. cell site simulator / emulator. 28

  29. 2. Use a “fine toothed comb” to go through all pen register / trap and trace orders, stored data orders (e.g., Stored Communications Act), and “tracking device” orders and warrants for these descriptions of Stingray functions: a. duplication of facilities; b. interruption of service; c. initiate a signal on “the service provider's network”; and d. forced registration. 29

  30. 30

  31. 3. Look for a directive in the order requiring the service provider to force the target cell phone to operate under outdated 2G communications protocols such as GSM, “CDMA”, and iDEN. a. Having the service provider force the cell phone to operate under older protocols allows for the following: i. older 2G Stingray equipment can be used on cell phones that ordinarily default to 3G or 4G protocols; 31

  32. ii. less experienced law enforcement personnel can operate the equipment; and iii. an overall less complex surveillance operation. 32

  33. EXAMPLE: United States. v. Robert Harrison, 14-CR-00170-CCB, Doc. 29-1, p. 13 (D.Md., Oct. 10, 2014) (order relied upon to operate a Stingray). 33

Recommend


More recommend