how are mobile phone users spied on in birmingham? · 2017-02-20 · what data can be captured?...

How are mobile phone users spied on in Birmingham?

@OpenRightsBrum

About ORG Birmingham

@OpenRightsBrum

● Local branch of the Open Rights Group (ORG)● ORG is the UK's only digital campaigning organisationworking to protect the rights to privacy and freespeech online

How are mobile phone usersin Birmingham spied on?

● Many ways to access mobile phone information● Impact of Investigatory Powers Act 2016 AKASnoopers’ Charter

● Different types of surveillance:● Focusing today on direct surveillance via IMSI catchers

What’s an IMSI catcher?

How do IMSI catchers work?

What’s the legal basisfor using IMSI catchers?

● Legality of IMSI catchers questionable● In 2015 Home Office cited:

● Police Act 1997● Intelligence Services Act 1994● Regulation of Investigatory Powers Act 2000 (RIPA)

● Confusion about status of IMSI catchers underInvestigatory Powers Act 2016

Vice News documentary:Phone Hackers

How are IMSI catchers used inBirmingham?

● West Midlands Police will not confirm or deny the useof the technology

● West Midlands PCC: “we maintain close oversight ofthis important area of work.”

● Investigation by The Bristol Cable revealed more ● No reliable figures on IMSI-catcher use

What’s the big deal about IMSI catchers,anyway?

“It is inconceivable that using devices built toindiscriminately intercept and hack up to 500 phonesevery minute within an 8km radius can be lawful,”

Silkie Carlo, a policy officer for human rightsorganisation Liberty

What can we do to changehow IMSI catchers are used

by the police in Birmingham?

How do we know WMP have them?

Source: Warwickshire Police AGG Minuteshttps://thebristolcable.org/wp-content/uploads/2016/10/09-imsi-4.pdf

How do we WMP have them?

Source:Warwickshir

e PoliceAGG

Minuteshttps://thebristolcable.or

g/wp-content/uploads/2016/10

/09-imsi-4.pdf

West Midlands Police

“The Technical Intelligence Development Unit (TIDU) is a small unit ofofficers that have technical expertise around telephony, computersand Information Technology.

They are able to obtain intelligence and evidence to supportinvestigations and can paint a technological picture of a person‟slifestyle and transactions.

The team also operate on-line to obtain intelligence through the useof social networking sites and other media that would be significantlymore expensive to obtain by other covert techniques.”Source: Force Intelligence Update 2012 http://www.westmidlands-pcc.gov.uk/media/203470/10b_pservices_11oct2012_intelligence_update.pdf

Source: https://assets.documentcloud.org/documents/3034490/Cellxion-Brochure-UGX-Series-330.pdf

Source:https://assets.documentcloud.org/documents/3034490/Cellxion-Brochure-UGX-Series-330.pdf

What data can be captured?

● IMSI, IMEI, TMSI… who you are

● Location data via cell towers and GPS

● Live interception of calls, SMS and internet data

● Deliver malware via silent SMS, SS7 exploits, “manin the middle” attacks

● Denial of service

● 1500 phones a minute!

Detection

Source: 2015Leipzighttps://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector/wiki/Unmasked-Spies

Detection

Source: 2015Leipzighttps://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector/wiki/Unmasked-Spies

Detection

Source:TaksimSquare inInstanbulhttps://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector/wiki/Unmasked-Spies

AIMSICD

https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector

SnoopSnitch

https://opensource.srlabs.de/projects/snoopsnitch

Security Tips

● Turn your phone off, remove SIM card, remove battery● Use a faraday bag/pouch● Use encrypted communications apps such as Signal,

VPN, Orbot● Learn more… media.ccc.de is a great resource

with many videos on this topic

Long term goals

● Convince mobile networks to improve their security● Change legislation to improve transparency and

accountability● Make a phone with open hardware and software● Reduce reliance on the phone network

Useful Resources● https://www.openrightsgroup.org/● https://openrightsgroupbirmingham.wordpress.com/● https://thebristolcable.org/2016/10/imsi/● https://wiki.openrightsgroup.org/wiki/IMSI_Catcher#Legal_basis

● https://www.privacyinternational.org/node/454?q=node/454

● https://www.whatdotheyknow.com/user/mr_f_clarke● https://media.ccc.de/● https://ssd.eff.org/● https://whispersystems.org/