how are mobile phone users spied on in birmingham? · 2017-02-20 · what data can be captured?...
Post on 17-Jul-2020
1 Views
Preview:
TRANSCRIPT
How are mobile phone users spied on in Birmingham?
@OpenRightsBrum
About ORG Birmingham
@OpenRightsBrum
● Local branch of the Open Rights Group (ORG)● ORG is the UK's only digital campaigning organisationworking to protect the rights to privacy and freespeech online
How are mobile phone usersin Birmingham spied on?
● Many ways to access mobile phone information● Impact of Investigatory Powers Act 2016 AKASnoopers’ Charter
● Different types of surveillance:● Focusing today on direct surveillance via IMSI catchers
What’s an IMSI catcher?
How do IMSI catchers work?
What’s the legal basisfor using IMSI catchers?
● Legality of IMSI catchers questionable● In 2015 Home Office cited:
● Police Act 1997● Intelligence Services Act 1994● Regulation of Investigatory Powers Act 2000 (RIPA)
● Confusion about status of IMSI catchers underInvestigatory Powers Act 2016
Vice News documentary:Phone Hackers
How are IMSI catchers used inBirmingham?
● West Midlands Police will not confirm or deny the useof the technology
● West Midlands PCC: “we maintain close oversight ofthis important area of work.”
● Investigation by The Bristol Cable revealed more ● No reliable figures on IMSI-catcher use
What’s the big deal about IMSI catchers,anyway?
“It is inconceivable that using devices built toindiscriminately intercept and hack up to 500 phonesevery minute within an 8km radius can be lawful,”
Silkie Carlo, a policy officer for human rightsorganisation Liberty
What can we do to changehow IMSI catchers are used
by the police in Birmingham?
How do we know WMP have them?
Source: Warwickshire Police AGG Minuteshttps://thebristolcable.org/wp-content/uploads/2016/10/09-imsi-4.pdf
How do we WMP have them?
Source:Warwickshir
e PoliceAGG
Minuteshttps://thebristolcable.or
g/wp-content/uploads/2016/10
/09-imsi-4.pdf
West Midlands Police
“The Technical Intelligence Development Unit (TIDU) is a small unit ofofficers that have technical expertise around telephony, computersand Information Technology.
They are able to obtain intelligence and evidence to supportinvestigations and can paint a technological picture of a person‟slifestyle and transactions.
The team also operate on-line to obtain intelligence through the useof social networking sites and other media that would be significantlymore expensive to obtain by other covert techniques.”Source: Force Intelligence Update 2012 http://www.westmidlands-pcc.gov.uk/media/203470/10b_pservices_11oct2012_intelligence_update.pdf
Source: https://assets.documentcloud.org/documents/3034490/Cellxion-Brochure-UGX-Series-330.pdf
Source:https://assets.documentcloud.org/documents/3034490/Cellxion-Brochure-UGX-Series-330.pdf
What data can be captured?
● IMSI, IMEI, TMSI… who you are
● Location data via cell towers and GPS
● Live interception of calls, SMS and internet data
● Deliver malware via silent SMS, SS7 exploits, “manin the middle” attacks
● Denial of service
● 1500 phones a minute!
Detection
Source: 2015Leipzighttps://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector/wiki/Unmasked-Spies
Detection
Source: 2015Leipzighttps://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector/wiki/Unmasked-Spies
Detection
Source:TaksimSquare inInstanbulhttps://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector/wiki/Unmasked-Spies
AIMSICD
https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector
SnoopSnitch
https://opensource.srlabs.de/projects/snoopsnitch
Security Tips
● Turn your phone off, remove SIM card, remove battery● Use a faraday bag/pouch● Use encrypted communications apps such as Signal,
VPN, Orbot● Learn more… media.ccc.de is a great resource
with many videos on this topic
Long term goals
● Convince mobile networks to improve their security● Change legislation to improve transparency and
accountability● Make a phone with open hardware and software● Reduce reliance on the phone network
Useful Resources● https://www.openrightsgroup.org/● https://openrightsgroupbirmingham.wordpress.com/● https://thebristolcable.org/2016/10/imsi/● https://wiki.openrightsgroup.org/wiki/IMSI_Catcher#Legal_basis
● https://www.privacyinternational.org/node/454?q=node/454
● https://www.whatdotheyknow.com/user/mr_f_clarke● https://media.ccc.de/● https://ssd.eff.org/● https://whispersystems.org/
top related