how are mobile phone users spied on in birmingham
play

How are mobile phone users spied on in Birmingham? @OpenRightsBrum - PowerPoint PPT Presentation

How are mobile phone users spied on in Birmingham? @OpenRightsBrum About About ORG ORG Bi Birmi rmingham ngham Local branch of the Open Rights Group (ORG) ORG is the UK's only digital campaigning organisation working to protect the


  1. How are mobile phone users spied on in Birmingham? @OpenRightsBrum

  2. About About ORG ORG Bi Birmi rmingham ngham ● Local branch of the Open Rights Group (ORG) ● ORG is the UK's only digital campaigning organisation working to protect the rights to privacy and free speech online @OpenRightsBrum

  3. How ow are are mobi mobile le phone phone users users in n Bi Birmi rmingham ngham spi spied ed on? on? ● Many ways to access mobile phone information ● Impact of Investigatory Powers Act 2016 AKA Snoopers’ Charter ● Different types of surveillance: ● Focusing today on direct surveillance via IMSI catchers

  4. What’s What’s an an IMSI IMSI catcher? catcher?

  5. How ow do do IMSI IMSI catchers catchers work? work?

  6. What’s What’s the the legal legal basi basis for usi for using ng IMSI IMSI catchers? catchers? ● Legality of IMSI catchers questionable ● In 2015 Home Office cited: ● Police Act 1997 ● Intelligence Services Act 1994 ● Regulation of Investigatory Powers Act 2000 (RIPA) ● Confusion about status of IMSI catchers under Investigatory Powers Act 2016

  7. Vi Vice ce News News documentary: documentary: Phone Phone Hackers ackers

  8. How ow are are IMSI IMSI catchers catchers used used in Birmi Bi rmingham? ngham? ● West Midlands Police will not confirm or deny the use of the technology ● West Midlands PCC: “we maintain close oversight of this important area of work.” ● Investigation by The Bristol Cable revealed more ● No reliable figures on IMSI-catcher use

  9. What’s What’s the the bi big g deal deal about about IMSI IMSI catchers, catchers, anyway? anyway? “It is inconceivable that using devices built to indiscriminately intercept and hack up to 500 phones every minute within an 8km radius can be lawful,” Silkie Carlo, a policy officer for human rights organisation Liberty

  10. What can we do to change how IMSI catchers are used by the police in Birmingham?

  11. How ow do do we we know know WMP WMP have have them? them? Source: Warwickshire Police AGG Minutes https://thebristolcable.org/wp-content/uploads/2016/10/09-imsi-4.pdf

  12. How ow do do we we WMP WMP have have them? them? Source: Warwickshir e Police AGG Minutes https://thebri stolcable.or g/wp- content/uplo ads/2016/10 /09-imsi- 4.pdf

  13. West West Mi Midlands dlands Poli Police ce “The Technical Intelligence Development Unit (TIDU) is a small unit of officers that have technical expertise around telephony, computers and Information Technology. They are able to obtain intelligence and evidence to support investigations and can paint a technological picture of a person ‟ s lifestyle and transactions. The team also operate on-line to obtain intelligence through the use of social networking sites and other media that would be significantly more expensive to obtain by other covert techniques.” Source: Force Intelligence Update 2012 http://www.westmidlands- pcc.gov.uk/media/203470/10b_pservices_11oct2012_intelligence_update.pdf

  14. Source: https://assets.documentcloud.org/documents/3034490/Cellxion-Brochure-UGX-Series- 330.pdf

  15. Source: https://ass ets.docum entcloud.o rg/docume nts/30344 90/Cellxio n- Brochure- UGX- Series- 330.pdf

  16. What data can be captured? ● I M S I , I M E I , T M S I … w h o y o u a r e ● Location data via cell towers and GPS ● Live interception of calls, SMS and internet data ● Deliver malware via silent SMS, SS7 exploits, “man in the middle” attacks ● Denial of service ● 1500 phones a minute!

  17. Detection Source: 2015 Leipzig https://github.c om/CellularPriv acy/Android- IMSI-Catcher- Detector/wiki/U nmasked-Spies

  18. Detection Source: 2015 Leipzig https://github. com/CellularP rivacy/Androi d-IMSI- Catcher- Detector/wiki/ Unmasked- Spies

  19. Detection Source: Taksim Square in Instanbul https://github. com/CellularP rivacy/Androi d-IMSI- Catcher- Detector/wiki/ Unmasked- Spies

  20. AIMSICD https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector

  21. SnoopSnitch https://opensource.srlabs.de/projects/snoopsnitch

  22. Security Tips ● T u r n y o u r p h o n e o f f , r e m o v e S I M c a r d , r e m o v e b a t t e r y ● Use a faraday bag/pouch ● Use encrypted communications apps such as Signal, VPN, Orbot ● Learn more… media.ccc.de is a great resource with many videos on this topic

  23. Long term goals ● Convince mobile networks to improve their security ● Change legislation to improve transparency and accountability ● Make a phone with open hardware and software ● Reduce reliance on the phone network

  24. Useful Useful Resources Resources ● https://www.openrightsgroup.org/ ● https://openrightsgroupbirmingham.wordpress.com/ ● https://thebristolcable.org/2016/10/imsi/ ● https://wiki.openrightsgroup.org/wiki/IMSI_Catcher#L egal_basis ● https://www.privacyinternational.org/node/454?q=nod e/454 ● https://www.whatdotheyknow.com/user/mr_f_clarke ● https://media.ccc.de/ ● https://ssd.eff.org/ ● https://whispersystems.org/

Recommend


More recommend