How are mobile phone users spied on in Birmingham? @OpenRightsBrum
About About ORG ORG Bi Birmi rmingham ngham ● Local branch of the Open Rights Group (ORG) ● ORG is the UK's only digital campaigning organisation working to protect the rights to privacy and free speech online @OpenRightsBrum
How ow are are mobi mobile le phone phone users users in n Bi Birmi rmingham ngham spi spied ed on? on? ● Many ways to access mobile phone information ● Impact of Investigatory Powers Act 2016 AKA Snoopers’ Charter ● Different types of surveillance: ● Focusing today on direct surveillance via IMSI catchers
What’s What’s an an IMSI IMSI catcher? catcher?
How ow do do IMSI IMSI catchers catchers work? work?
What’s What’s the the legal legal basi basis for usi for using ng IMSI IMSI catchers? catchers? ● Legality of IMSI catchers questionable ● In 2015 Home Office cited: ● Police Act 1997 ● Intelligence Services Act 1994 ● Regulation of Investigatory Powers Act 2000 (RIPA) ● Confusion about status of IMSI catchers under Investigatory Powers Act 2016
Vi Vice ce News News documentary: documentary: Phone Phone Hackers ackers
How ow are are IMSI IMSI catchers catchers used used in Birmi Bi rmingham? ngham? ● West Midlands Police will not confirm or deny the use of the technology ● West Midlands PCC: “we maintain close oversight of this important area of work.” ● Investigation by The Bristol Cable revealed more ● No reliable figures on IMSI-catcher use
What’s What’s the the bi big g deal deal about about IMSI IMSI catchers, catchers, anyway? anyway? “It is inconceivable that using devices built to indiscriminately intercept and hack up to 500 phones every minute within an 8km radius can be lawful,” Silkie Carlo, a policy officer for human rights organisation Liberty
What can we do to change how IMSI catchers are used by the police in Birmingham?
How ow do do we we know know WMP WMP have have them? them? Source: Warwickshire Police AGG Minutes https://thebristolcable.org/wp-content/uploads/2016/10/09-imsi-4.pdf
How ow do do we we WMP WMP have have them? them? Source: Warwickshir e Police AGG Minutes https://thebri stolcable.or g/wp- content/uplo ads/2016/10 /09-imsi- 4.pdf
West West Mi Midlands dlands Poli Police ce “The Technical Intelligence Development Unit (TIDU) is a small unit of officers that have technical expertise around telephony, computers and Information Technology. They are able to obtain intelligence and evidence to support investigations and can paint a technological picture of a person ‟ s lifestyle and transactions. The team also operate on-line to obtain intelligence through the use of social networking sites and other media that would be significantly more expensive to obtain by other covert techniques.” Source: Force Intelligence Update 2012 http://www.westmidlands- pcc.gov.uk/media/203470/10b_pservices_11oct2012_intelligence_update.pdf
Source: https://assets.documentcloud.org/documents/3034490/Cellxion-Brochure-UGX-Series- 330.pdf
Source: https://ass ets.docum entcloud.o rg/docume nts/30344 90/Cellxio n- Brochure- UGX- Series- 330.pdf
What data can be captured? ● I M S I , I M E I , T M S I … w h o y o u a r e ● Location data via cell towers and GPS ● Live interception of calls, SMS and internet data ● Deliver malware via silent SMS, SS7 exploits, “man in the middle” attacks ● Denial of service ● 1500 phones a minute!
Detection Source: 2015 Leipzig https://github.c om/CellularPriv acy/Android- IMSI-Catcher- Detector/wiki/U nmasked-Spies
Detection Source: 2015 Leipzig https://github. com/CellularP rivacy/Androi d-IMSI- Catcher- Detector/wiki/ Unmasked- Spies
Detection Source: Taksim Square in Instanbul https://github. com/CellularP rivacy/Androi d-IMSI- Catcher- Detector/wiki/ Unmasked- Spies
AIMSICD https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector
SnoopSnitch https://opensource.srlabs.de/projects/snoopsnitch
Security Tips ● T u r n y o u r p h o n e o f f , r e m o v e S I M c a r d , r e m o v e b a t t e r y ● Use a faraday bag/pouch ● Use encrypted communications apps such as Signal, VPN, Orbot ● Learn more… media.ccc.de is a great resource with many videos on this topic
Long term goals ● Convince mobile networks to improve their security ● Change legislation to improve transparency and accountability ● Make a phone with open hardware and software ● Reduce reliance on the phone network
Useful Useful Resources Resources ● https://www.openrightsgroup.org/ ● https://openrightsgroupbirmingham.wordpress.com/ ● https://thebristolcable.org/2016/10/imsi/ ● https://wiki.openrightsgroup.org/wiki/IMSI_Catcher#L egal_basis ● https://www.privacyinternational.org/node/454?q=nod e/454 ● https://www.whatdotheyknow.com/user/mr_f_clarke ● https://media.ccc.de/ ● https://ssd.eff.org/ ● https://whispersystems.org/
Recommend
More recommend