Author Topic: Even if They're Off, Cellphones Allow FBI to Listen In  (Read 625 times)

0 Members and 1 Guest are viewing this topic.

Offline amonvanroark

  • Brigadier
  • *
  • Posts: 3161
  • Karma: +0/-0
    • View Profile
Even if They're Off, Cellphones Allow FBI to Listen In
« on: December 15, 2006, 03:29:33 PM »
Even if they're off, cellphones allow FBI to listen in

By Kevin Coughlin

Newhouse News Service

It should come as no surprise that cellphone calls may be tapped by law enforcement.

But authorities also can use cellphones to eavesdrop on suspects, even when the devices are off.

The FBI converted the Nextel cellphones of two alleged New York mobsters into "roving bugs," microphones that relayed conversations when the phones seemed to be inactive, according to recent court documents.

Authorities won't reveal how they did this. But a countersurveillance expert said Nextel, Motorola Razr and Samsung 900 series cellphones can be reprogrammed over the air, using methods meant for delivering upgrades and maintenance. It's called "flashing the firmware," said James Atkinson, a consultant for the Granite Island Group in Massachusetts.

"These are very powerful phones, but all that power comes with a price. By allowing ring tones and stock quotes and all this other stuff, you also give someone a way to get into your phones," Atkinson said.

Privacy advocates called such use of roving bugs intrusive and illegal. Webcams and microphones on home computers soon may be fair game for remote-control gumshoes, too, they said.

"This is a kind of surveillance we've never really seen before. The government can and will exploit whatever technology is available to achieve their surveillance goals. This is of particular concern, considering the proliferation of microphones and cameras in the products we own," said Kevin Bankston, a lawyer for the Electronic Frontier Foundation.

Converting cellphones into stealth microphones violates the Fourth Amendment protection against overly broad searches, Bankston said. FBI spokesman James Margolin said the bureau's use of roving bugs is monitored closely by the courts.

"The operative thing for any concerned citizen is, we only do this when we get authorization from the judiciary, when we meet the probable-cause threshold," he said.

Legally, he said, bugging cellphones differs little from placing microphones "in a chair or a wall or behind a picture."

"It's not a situation where we just turn the tape on and we gather everything," Margolin said. "By law, we only listen to what the warrant authorizes us to listen to."

However, hackers probably can pull this off, too, said Lauren Weinstein, who warned of the possibility in 1999 on his online Privacy Forum. "A lot of people know an awful lot about the inner workings of these phones," he said.

The roving bugs came to light last month in an opinion by U.S. District Judge Lewis Kaplan in New York.

Kaplan's opinion, reported online by CNET, upheld FBI bugging of cellphones used by John "Buster" Ardito, allegedly a high-ranking member of the Genovese crime family, and his lawyer and associate, Peter Peluso.

A listening device in Ardito's phone "functioned whether the phone was powered on or off, intercepting conversations within its range wherever it happened to be," Kaplan wrote.

Investigators got permission for the bug from another judge in 2003, after learning that Ardito's associates had discovered FBI bugs planted in restaurants where they gathered.

A spokeswoman for the U.S. Attorney's Office in the Southern District of New York declined to comment.

Margolin declined to say if an eavesdropping device was planted in Ardito's cellphone or if agents remotely programmed the phone for real-time eavesdropping or for recording audio to transmit at specified times.

"For obvious reasons, we don't discuss what we are or are not capable of doing, technologically," Margolin said.

Sprint Nextel spokesman Mark Elliott said the company cooperates with authorities when they have warrants and subpoenas. "In this case, we were not aware of any investigation and were not asked to participate," Elliott said.

Samsung spokesman Jose Cardona said he had not heard of any privacy issues with 900 series phones.

Nextel phones are made by Motorola, which also makes the popular Razr. Motorola spokeswoman Molly Sheehan said the company's phones were not designed or intended to violate privacy rights or laws, "and Motorola neither supports nor condones such use." She referred further questions to the FBI.

While all commercial mobile services can be tapped, Nextel is the easiest because its network uses a technology called TDMA, said the Granite Island Group's Atkinson, who was trained by the government and advises corporations about security.

TDMA conveys a constant audio stream to cell towers. That stream can be monitored surreptitiously with another Nextel phone, Atkinson said.

A walkie-talkie feature has made Nextel popular with businesses. But Atkinson said more convenience can mean less security.

That goes for Nextel-toting FBI agents, too, he said. If they gather in Washington, "I can tell you from a few blocks away where the FBI agents are, and how far apart they're sitting in the building."

Asked if the FBI uses Nextel phones, spokeswoman Cathy Milhoan said, "We use a variety of phones and providers."

Atkinson said the only sure way to shield a mobile phone from the prying ears of police, hackers and jealous spouses is to remove the battery. But don't get cocky.

"A smart eavesdropper will bug the battery," he said.


 SOURCE


Poster's comment: I read this before, but cannot recall where. I was incredulous. I guess the best thing to do, is get an old model, that does not support the technology used to eavesdrop, or get rid of the damned thing entirely! I hear they can do the same thing with computer monitors, also! That's OK, the new Privacy Board will teach us all how to love and accept this intrusion into our lives!!
"Truth: An ingenious compound of desirability of appearance."
-Ambrose Bierce

Offline NuclearWinter

  • Loyal Soldier of the Almighty
  • Second Lieutenant
  • *
  • Posts: 561
  • Karma: +6/-0
    • View Profile
Re: Even if They're Off, Cellphones Allow FBI to Listen In
« Reply #1 on: December 16, 2006, 08:12:51 AM »
Here's a little more info from a .gov resource.  The only way to thwart this issue is to remove the battery, and only place outgoing calls to limit the amount of spying.  Gee, real effective there regarding the two way use of a phone.  It would be nice to have a radio guru develop a crypto device to jack into the phone for security.

-NW

http://www.wasc.noaa.gov/wrso/security_guide/cellular.htm#Cellular%20Phones

Cellular Phones


Your cellular telephone has three major security vulnerabilities:

Vulnerability to monitoring of your conversations while using the phone.
Vulnerability of your phone being turned into a microphone to monitor conversations in the vicinity of your phone while the phone is inactive.
Vulnerability to "cloning," or the use of your phone number by others to make calls that are charged to your account.

Before discussing these vulnerabilities, here is a brief tutorial on how cellular phones function. They send radio frequency transmissions through the air on two distinct channels, one for voice communications and the other for control signals. When a cellular telephone is first turned on, it emits a control signal that identifies itself to a cell site by broadcasting its mobile identification number (MIN) and electronic serial number (ESN), commonly known as the "pair."


When the cell site receives the pair signal, it determines if the requester is a legitimate registered user by comparing the requestor's pair to a cellular subscriber list. Once the cellular telephone's pair has been recognized, the cell site emits a control signal to permit the subscriber to place calls at will. This process, known as anonymous registration, is carried out each time the telephone is turned on or picked up by a new cell site.


Vulnerability to Monitoring


All cellular telephones are basically radio transceivers. Your voice is transmitted through the air on radio waves. Radio waves are not directional -- they disperse in all directions so that anyone with the right kind of radio receiver can listen in.


Although the law provides penalties for the interception of cellular telephone calls, it is easily accomplished and impossible to detect. Radio hobbyists have web sites where they exchange cell phone numbers of "interesting" targets. Opportunistic hobbyists sometimes sell their best "finds." Criminal syndicates in several major U.S. metropolitan areas maintain extensive cell phone monitoring operations.


Cell phones operate on radio frequencies that can be monitored by commonly available radio frequency scanners.

If the cellular system uses analog technology, one can program a phone number, or a watch list of phone numbers, into a cell-monitoring device that automatically turns on a voice-activated tape recorder whenever one of the watch listed numbers is in use. Computer assisted, automatic monitoring allows monitoring a specific phone 24 hours a day, as the target moves from cell to cell, without any human assistance.
 
If the cellular system uses newer digital technology, it is possible for a price affordable by most radio hobbyists to buy a digital data interpreter that connects between a scanner radio and a personal computer. The digital data interpreter reads all the digital data transmitted between the cellular site and the cellular phone and feeds this information into the computer. 2

It is easy for an eavesdropper to determine a target's cellular phone number, because transmissions are going back and forth to the cellular site whenever the cell phone has battery power and is able to receive a call. For a car phone, this generally happens as soon as the ignition is turned on. Therefore, the eavesdropper simply waits for the target to leave his or her home or office and start the car. The initial transmission to the cellular site to register the active system is picked up immediately by the scanner, and the number can be entered automatically into a file of numbers for continuous monitoring.


One of the most highly publicized cases of cellular phone monitoring concerned former Speaker of the House of Representatives Newt Gingrich. A conference call between Gingrich and other Republican leaders was "accidentally" overheard and then taped. The conversation concerned Republican strategy for responding to Speaker Gingrich's pending admission of ethics violations being investigated by the House Ethics Committee. The intercepted conversation was reported in the New York Times and other newspapers. 1


Pagers have similar vulnerabilities. In 1997, police arrested officials of a small New Jersey company, Breaking News Network, that was monitoring pager messages to New York City leaders and police, fire, and court officials, including messages considered too sensitive to send over the police radio. They were selling the information to newspaper and television reporters. The offenses carry a penalty of up to five years in prison and fines of $250,000 for each offense. 3


Vulnerability to Being Used as a Microphone


  A cellular telephone can be turned into a microphone and transmitter for the purpose of listening to conversations in the vicinity of the phone. This is done by transmitting to the cell phone a maintenance command on the control channel. This command places the cellular telephone in the "diagnostic mode." When this is done, conversations in the immediate area of the telephone can be monitored over the voice channel. 4


The user doesn't know the telephone is in the diagnostic mode and transmitting all nearby sounds until he or she tries to place a call. Then, before the cellular telephone can be used to place calls, the unit has to be cycled off and then back on again. This threat is the reason why cellular telephones are often prohibited in areas where classified or sensitive discussions are held.


Vulnerability to Cloning


Cellular telephone thieves don't steal cellular telephones in the usual sense of breaking into a car and taking the telephone hardware. Instead, they monitor the radio frequency spectrum and steal the cell phone pair as it is being anonymously registered with a cell site.


Cloning is the process whereby a thief intercepts the electronic serial number (ESN) and mobile identification number (MIN) and programs those numbers into another telephone to make it identical to yours. Once cloned, the thief can place calls on the reprogrammed telephone as though he were the legitimate subscriber.


Cloning resulted in approximately $650 million dollars worth of fraudulent phone calls in 1996. Police made 800 arrests that year for this offense.5  Each day more unsuspecting people are being victimized by cellular telephone thieves. In one case, more than 1,500 telephone calls were placed in a single day by cellular phone thieves using the number of a single unsuspecting owner. 6


The ESN and MIN can be obtained easily by an ESN reader, which is like a cellular telephone receiver designed to monitor the control channel. The ESN reader captures the pair as it is being broadcast from a cellular telephone to a cell site and stores the information into its memory. What makes this possible is the fact that each time your cellular telephone is turned on or used, it transmits the pair to the local cellular site and establishes a talk channel. It also transmits the pair when it is relocated from one cell site to another.


Cloning occurs most frequently in areas of high cell phone usage -- valet parking lots, airports, shopping malls, concert halls, sports stadiums, and high-congestion traffic areas in metropolitan cities. No one is immune to cloning, but you can take steps to reduce the likelihood of being the next victim.


Cellular Phone Security Measures


The best defense against these three major vulnerabilities of cell phones is very simple -- do not use the cell phone. If you must use a cell phone, you can reduce the risk by following these guidelines:

Because a cellular phone can be turned into a microphone without your knowledge, do not carry a cellular phone into any classified area or other area where sensitive discussions are held. (This is prohibited in many offices that handle classified or sensitive information.)
Turn your cellular telephone on only when you need to place a call. Turn it off after placing the call. Do not give your cellular phone number to anyone and don't use your cell phone for receiving calls, as that requires leaving it on all the time. Ask your friends and associates to page you if they need to talk with you. You can then return the page by using your cellular telephone.
Do not discuss sensitive information on a cellular phone. When you call someone from your cell phone, consider advising them you are calling from a cell phone that is vulnerable to monitoring, and that you will be speaking generally and not get into sensitive matters.
Do not leave your cellular telephone unattended. If your cell phone is vehicle-mounted, turn it off before permitting valet parking attendants to park the car, even if the telephone automatically locks when the car's ignition is turned off.
Avoid using your cellular telephone within several miles of the airport, stadium, mall, or other heavy traffic locations. These are areas where radio hobbyists use scanners for random monitoring. If they come across an interesting conversation, your number may be marked for regular selective monitoring.
If your cellular service company offers personal identification numbers (PIN), consider using one. Although cellular PIN services are cumbersome and require that you input your PIN for every call, they are an effective means of thwarting cloning.

References
 1. Jessica Lee, "Focus Shifts from Gingrich to Taped Call," USA Today, Jan. 14, 1997, p. 5A.
 2. "How O.J. Simpson was Tracked in his Bronco by Los Angeles Law Enforcement," U.S. Scanner News, February 1995.
 3. Stephanie Mehta, "Prosecutors Charge Company for Spying on Pager Messages," The Wall Street Journal, August 28, 1997, p. A6.
 4. "Just How Secure Is Your Cellular Phone?" article in National Reconnaissance Organization newsletter,1997.
 5. "Running Cell-Phone Pirates Aground," Business Week, October 27, 1997, p. 8.
 6. Paul F. Barry & Charles L. Wilkinson (Trident Data Systems), "Invasion of Privacy and 90s Technologies," Security Awareness Bulletin, No. 2-96. Richmond, VA: Department of Defense Security Institute, August 1996.
In a time of universal deceit, telling the truth becomes a revolutionary act

Offline amonvanroark

  • Brigadier
  • *
  • Posts: 3161
  • Karma: +0/-0
    • View Profile
Re: Even if They're Off, Cellphones Allow FBI to Listen In
« Reply #2 on: December 16, 2006, 08:41:19 AM »
Thanks for the info. I guess that my idea of using an old phone doesn't cut it.

I think we must regard personal privacy as a thing of the past, and TRY to act accordingly, even though it is difficult.

The one suggestion that I saw in reply to the article that I posted originally, at the source, was to leave the phone sitting on a radio that is turned on, when not in use.
"Truth: An ingenious compound of desirability of appearance."
-Ambrose Bierce

Offline NuclearWinter

  • Loyal Soldier of the Almighty
  • Second Lieutenant
  • *
  • Posts: 561
  • Karma: +6/-0
    • View Profile
Re: Even if They're Off, Cellphones Allow FBI to Listen In
« Reply #3 on: December 16, 2006, 06:28:55 PM »
...was to leave the phone sitting on a radio that is turned on, when not in use.

Way ahead of you  ;D

-NW
In a time of universal deceit, telling the truth becomes a revolutionary act

Offline Proemio

  • Colonel
  • *
  • Posts: 2995
  • Karma: +29/-0
    • View Profile
Re: Even if They're Off, Cellphones Allow FBI to Listen In
« Reply #4 on: December 16, 2006, 07:07:51 PM »
Thanks for the info. I guess that my idea of using an old phone doesn't cut it.

Absolutely - they would have to press one in my cold, dying hands.

I used to get twice weekly phone calls from telephone company, with increasingly better deals. The last one was - and I kid you not - a (small) reduction in my overall bill, if only I take one - 'special package', you see.

I told that guy that I will not voluntarily chip myself. Haven't heard from them since...