Rust tool to detect cell site simulators on an orbic mobile hotspot - GitHub - EFForg/rayhunter: Rust tool to detect cell site simulators on an orbic mobile hotspot
Cell-site simulators operate by conducting a general search of all cell phones within the device’s radius, in violation of basic constitutional protections. Law enforcement use cell-site simulators to pinpoint the location of phones with greater accuracy than phone companies. Cell-site simulators can also log IMSI numbers (unique identifying numbers) of all of the mobile devices within a given area.
…
The fact that government agencies are using these devices without the utmost consideration for the privacy and rights of individuals around them is alarming but not surprising. The federal government, and in particular agencies like HSI and ICE, have a dubious and troubling relationship with overbroad collection of private data on individuals.
But uh, yeah, basically, they’re fake/spoof/honeypot cell towers that man-in-the-middle all nearby cell network traffic.
This is how they do the whole… everything dragnet, all the time, basically all cop cruisers have them in them, active all the time, this is why you just don’t bring your phone to a protest unless you really know what you’re doing.
It’s a little less about reading what you’re saying or looking at on your phone, it’s mostly about tracking where your phone goes and figuring out who you are that way.
They get all your phone’s metadata, and thats usually enough to plug in to a bunch of other databases that they can add you to a watchlist of some kind.
I mean really at this point we are all in a giganto mega watchlist, its just that its so big that the problem is actually sorting through that list and ‘accurately’ assigning threat levels, but thats what Palantir is for.
Like, they get your IMSI code, unless you are somehow regularly/randomly resetting that, uh, they can easily get a bunch of other info from cell providers, they just can’t (usually) specifically use that info alone to convict you of something, but…
They know who you are, roughly where you were and when.
So thats a pretty good starting point for a subsequent investigation, or just throwing it onto the dragnet data pile.
Whatever you do, you shouldn’t accidentally spill saltwater on it. That could destroy a very expensive piece of spying equipment, and would be a terrible, tragic accident that could interfere with the advance of nazism.
Based on this link, the proper thing to do should be to report it to the FCC. I am not sure how much Trump’s FCC will pay attention to the report, though…
Also alert your friends/colleagues that there are IMEI/IMSI scanners at the event, so that they can prepare accordingly by leaving their phone at home, putting it in a farraday bag, etc.
In case you, like me, were wondering wtf stingrays are (besides a type of fish). This is from their report :
Wait, people didn’t know about StingRays?
They’ve been around for like a decade now.
But uh, yeah, basically, they’re fake/spoof/honeypot cell towers that man-in-the-middle all nearby cell network traffic.
This is how they do the whole… everything dragnet, all the time, basically all cop cruisers have them in them, active all the time, this is why you just don’t bring your phone to a protest unless you really know what you’re doing.
So how do they break my SSL connections?
It’s a little less about reading what you’re saying or looking at on your phone, it’s mostly about tracking where your phone goes and figuring out who you are that way.
They don’t really need to.
They get all your phone’s metadata, and thats usually enough to plug in to a bunch of other databases that they can add you to a watchlist of some kind.
I mean really at this point we are all in a giganto mega watchlist, its just that its so big that the problem is actually sorting through that list and ‘accurately’ assigning threat levels, but thats what Palantir is for.
Like, they get your IMSI code, unless you are somehow regularly/randomly resetting that, uh, they can easily get a bunch of other info from cell providers, they just can’t (usually) specifically use that info alone to convict you of something, but…
They know who you are, roughly where you were and when.
So thats a pretty good starting point for a subsequent investigation, or just throwing it onto the dragnet data pile.
When someone finds one of these simulators, what would they do?
Whatever you do, you shouldn’t accidentally spill saltwater on it. That could destroy a very expensive piece of spying equipment, and would be a terrible, tragic accident that could interfere with the advance of nazism.
Hang on while I fly up and spill water on a fucking plane or the side of a private building.
You’re thinking of magnets. That’s how you ruin magnets.
https://youtu.be/rkIKEJPAUzM
Based on this link, the proper thing to do should be to report it to the FCC. I am not sure how much Trump’s FCC will pay attention to the report, though…
Report it to your favorite news media ig
Also alert your friends/colleagues that there are IMEI/IMSI scanners at the event, so that they can prepare accordingly by leaving their phone at home, putting it in a farraday bag, etc.
It doesn’t matter if there are IMSI catchers or not, they should be leaving their phones at home.
Or use GrapheneOS in airplane mode.
That’s probably best case scenario but I have one and left it at home last time.
Someone needs to document the event. 🙂
There’s no shortage of professional photographers and videographers
Find your anarchist friend with excess radio equipment and let them know.