Researchers reveal secret police phone-hacking & spying methods
Kaspersky Labs and Citizen Lab have independently published details of phone-hacking tools sold to police departments worldwide by the Italian firm Hacking Team (here's Kaspersky's report and Citizen Lab's). The tools can be used to attack Android, Ios, Windows Mobile and Blackberry devices, with the most sophisticated attacks reserved for Android and Ios.
They allow, for example, for covert collection of emails, text messages, call history and address books, and they can be used to log keystrokes and obtain search history data. They can take screenshots, record audio from the phones to monitor calls or ambient conversations, hijack the phone’s camera to snap pictures or piggyback on the phone’s GPS system to monitor the user’s location.
The Android version can also enable the phone’s Wi-Fi function to siphon data from the phone wirelessly instead of using the cell network to transmit it. The latter would incur data charges and raise the phone owner’s suspicion. Hacking Team insists that its tools are only sold to "democratic" police forces, but Citizen Lab's report suggests that the tool was used by the Saudi government to target dissidents. The means of infection is device-specific. If police have physical access, it's simple. Android devices can be attacked by infecting a PC with a virus that installs the police malware when the device is connected to it. This attack also works on jailbroken Iphones.
The Android spy module, for example, uses obfuscation to make it harder to reverse-engineer and examine the module. And before installing itself on machines, Hacking Team’s main spy tool has scouting agents that conduct reconnaissance to identify anything on a system that might detect it.
Once on a system, the iPhone module uses advance techniques to avoid draining the phone’s battery, turning on the phone’s microphone, for example, only under certain conditions.
“They can just turn on the mic and record everything going on around the victim, but the battery life is limited, and the victim can notice something is wrong with the iPhone, so they use special triggers,” says Costin Raiu, head of Kaspersky’s Global Research and Analysis team.
“Secretly activating the microphone and taking regular camera shots provides constant surveillance of the target—which is much more powerful than traditional cloak and dagger operations,” notes Kaspersky researcher Sergey Golovanov in a blog post about the findings.
One of those triggers might be when the victim’s phone connects to a specific WiFi network, such as a work network, signaling the owner is in an important environment. “I can’t remember having seen such advanced techniques in other mobile malware,” he says.
In a sleek marketing video for Galileo, Hacking Team touts the tool as the perfect solution for obtaining hard-to-reach data—such as data taken by a suspect across borders or data and communications that never leave the target’s computer and therefore can’t be siphoned in transit.
“You want to look through your targets’s eyes,” says the video. “While your target is browsing the web, exchanging documents, receiving SMS….”
Hacking Team’s mobile tools also have a “crisis” module that kicks in when they sense the presence of certain detection activities occurring on a device, such as packet sniffing, and then pause the spyware’s activity to avoid detection. There is also a “wipe” function to erase the tool from infected systems.
Hacking Team asserts that this will uninstall and erase all traces of the tools, but Citizen Lab discovered that initiating a wipe on some mobile phones creates telltale signs. On a BlackBerry, for example, it causes the device to automatically restart. On Android devices, the uninstall can, under certain conditions, cause a prompt to appear onscreen asking permission from the user to uninstall an application called “DeviceInfo”—the name the Android spy tool uses for itself.
http://boingboing.net/2014/06/24/researchers-publish-secret-det.html
http://www.wired.com/2014/06/remote-control-system-phone-surveillance/
https://www.techdirt.com/articles/20140624/09021027669/security-researchers-expose-new-gold-standard-governmentlaw-enforcement-spyware.shtml
Courts ignore police lying about the illegal use of Stingray surveillance:
Atty. Scott Greenfield: Crossing a state highway patrol officer who had seized my client’s tractor-trailer filled with narcotics at the suppression hearing, he testified to something different than he wrote in his report. The wheels turned as I carefully framed the question so he couldn’t weasel out of his hole, and closed the trap.
He responded:
Well, I couldn’t put that in the report because the judge wouldn’t like it.
Nailed. I had him. Caught the cop dead in a lie, and it doesn’t get any better than that. It was one of those fist pump moments, and I imagined the judge ripping the prosecution a new one for outright lying to the court. So what happened.
Suppression denied. Not another word about it. Move along.
After the United States Marshals snatched the materials that, hours later, were to be disclosed to the ACLU in response to its FOIA request of the Sarasota Police Department on its use of Stringray for cell tower spoofing, Wired reported that the feds were in deeper than anyone was aware.
But the emails released Thursday show police in Florida are going even further to conceal their use of the equipment when they seek probable cause warrants to search facilities where a suspect is located, deceiving the courts about where they obtained the evidence to support their application for the search.
The concealment of the use of Stingray is one thing.
The deceptive claim that Stingray is little more than a trap and trace device is another. But these emails go to a different place. It’s not just the government concealing their cool, secret devices from the public. Not even from criminal defense lawyers. They are lying to the courts about using them.
In the past, and at the request of the U.S. Marshalls, the investigative means utilized to locate the suspect have not been revealed so that we may continue to utilize this technology without the knowledge of the criminal element. In reports or depositions we simply refer to the assistance as “received information from a confidential source regarding the location of the suspect.” To date this has not been challenged, since it is not an integral part of the actual crime that occurred.
They lied. They lie. The U.S. Marshals asked them to lie, and they lie. They use Stingray, but they put in their reports and probable cause applications they “received information from a confidential source,” and it is a bold-faced, total, complete, absolute lie.
The outrage silence from the bench is deafening.
The rationalization for the concealment, the lie, is to keep knowledge of this tool from “the criminal element.” You know, criminal defense lawyers and such. After all, if the truth gets out that there are these devices called Stingray, and they are being used without a warrant because they’re just a new name for that old stand-by, the trap and trace device that courts let cops use without a warrant because reasons, then the criminals will circumvent this clearly critical tool to prevent criminals from raping your daughters.
And the judges nod their heads up and down, muttering “uh-huh, sure, we get it, Daughter rapers.”
Where is the outrage? Where are the judges throwing warrant applications back in the faces of cops and prosecutions, screaming about their integrity and due process and, well, lying to the court?
Even though the emails explaining that this has all been a lie, at the request of the Marshals, have been made public, don’t expect judges to wake up and burn with anger at the idea that they have been lied to. Don’t expect judges to ponder whether this lie is but one of many, a series of deceptions perpetrated on the judiciary by scheming law enforcement and prosecutorial agencies bent on making sure that their secrets remain that way, even from the court.
One might think that judges would be concerned about being treated like untrustworthy fools by law enforcement. And no doubt they are, to some extent. But judges understand why law enforcement felt the need to do this. They understand that probable cause affidavits will eventually be disclosed to defense counsel, who will then share them with their clients, and information about the technological marvel that saves our daughters will spread among the criminal element like wildfire.
We can’t have that. Secrecy and technological marvels are critical to our safety. As much as judges may dislike being kept in the dark, they are attuned to the myriad secrets of law enforcement that allow them to sleep well at night.
And as the follow-up line to “no challenges” says, “it is not an integral part of the actual crime that occurred.” That a crime occurred is taken for granted. That the guy the cops arrested is the guy who committed the crime is taken for granted. That the police need to lie to the judge to protect society is taken for granted
http://blog.simplejustice.us/2014/06/21/hows-that-confidential-source-working-for-you-now-judge/#more-21343
Police chief Scott Jones gets upset over being asked about his department's use of illegal Stingray surveillance:
CA - Sacramento County Sheriff Scott Jones became visibly irate this week after being questioned over his department’s secret use of the cell-phone tracking technology known as Stingray.
Click here to watch the video.
According to reports from ABC News 10, the department obtained the Stingray, a small device that collects countless cell users data by mimicking a cell tower, several years ago without informing the public, local judges or prosecutors.
Scott, who has reportedly failed to provide any substantial information to media and civil liberties groups, became outraged as one reporter began questioning his department’s lack of transparency.
“Are you proud of disrupting an academy graduation?” Scott says before storming off camera.
“We’ve dealt with your incessant badgering of our department over these issues.”
Sacramento County Chief Deputy District Attorney Steve Grippi, who admitted to never once seeing a Stingray warrant, told reporters that any sort of cell phone tracking would absolutely require one.
“We request a search warrant in all of those cases,” Grippi said.
Despite refusing to outright admit to owning the device, records revealed that Scott’s department provided information regarding Stingrays to police in San Jose.
Incredibly, Sacramento County Undersheriff James Lewis argued that the department is not required to inform the public of its purchase due to a non-disclosure agreement with the Stingray provider.
“While I am not familiar with what San Jose has said, my understanding is that the acquisition or use of this technology comes with a strict non-disclosure requirement,” Lewis said in a written statement. “Therefore, it would be inappropriate for us to comment about any agency that may be using the technology.”
The department has even gone as far as citing federal regulations pertaining to railway safety and arms trafficking as justification for concealing Stingray surveillance information.
“In order to be protected under that, there would have to have been a determination that they’re on the U.S. munitions list, and they’re not,” said Linda Lye, an ACLU attorney. “Government agencies cannot enter into private contracts in order to evade their statutory obligations.”
“At the request of the Marshals Service, the officers using so-called stingrays have been routinely telling judges, in applications for warrants, that they obtained knowledge of a suspect’s location from a ‘confidential source’ rather than disclosing that the information was gleaned using a stingray,” Wired Magazine reports.
Only weeks prior, U.S. Marshals brazenly stormed the Sarasota Police Department in Florida in order to seize Stingray documents requested by the ACLU.
“We’ve seen our fair share of federal government attempts to keep records about stingrays secret, but we’ve never seen an actual physical raid on state records in order to conceal them from public view,” the ACLU said.
http://www.news10.net/story/news/investigations/2014/06/23/is-sacramento-county-sheriff-dept-using-stingray-to-track-collect-data/11296461/
http://www.intellihub.com/sacramento-sheriff-confronted-stingray-surveillance/
DHS, FBI, NSA and local police are spying on your Tweets:
When Boston officials decided to monitor Twitter during this year's marathon, they didn't scan the site's 500 million daily posts for signs of trouble.
Dataminr did that for them.
Dataminr's co-founder Ted Bailey said his company offers a valuable (spying) tool to first responders.
The company's software sorts through millions of tweets for clues about major events or emerging threats, flagging mentions of everything from fires to suspicious packages and sending real-time alerts to customers.
"Dataminr transforms the public Twitter stream into actionable alerts, identifying the most relevant information in real-time for clients in Finance, News and the Public Sector. Using powerful, proprietary algorithms, Dataminr instantly analyzes all public tweets and delivers the earliest warning for breaking news, real-world events, off-the-radar content and emerging trends. Dataminr clients receive information first, ahead of traditional sources."
Dataminr has been quietly working with public safety officials in Boston and three other cities with the aim of detecting potential criminal or terrorist activity bubbling up on Twitter before it happens.
Boston's use of Dataminr was part of the city's broader effort to tighten security at the 2014 marathon after last year's bombings. At a time when eyewitnesses may tweet about an emergency before -- or even instead of -- calling 911, Dataminr's co-founder Ted Bailey said his company offers a valuable tool to first responders.
"How can you afford to have these blind spots in your area?" Bailey said in an interview Monday at the company's New York City office, where employees with Ph.D.'s in mathematics and linguistics sat in front of computers and tested Dataminr's complex algorithm.
Dataminr is one of several companies marketing such products to police departments. A company called BrightPlanet is selling a tool called Blue Jay that allows law enforcement officers to listen to what gang members say on Twitter and track their movements.
Bailey said Dataminr customers can only use the software to track major events on Twitter and can't use it to single out individuals or anti-government tweets. He added that Dataminr customers can't store tweets permanently.
The FBI is also building its own application to monitor social media posts for words like "bomb," "suspicious package" and "white powder."
Vernon Keenan, director of the Georgia Bureau of Investigation, said that tools to monitor social media posts can provide useful tips to law enforcement.
"If someone is talking on Twitter (any social media outlet) about planting a bomb or they see explosives or they have a weapon and want to disrupt an event, it alerts you that there's a problem," Keenan said.
But he said police surveillance of social media can raise privacy and civil liberties concerns if used for reasons other than criminal investigations.
"The problem is if you don't have a specific law enforcement purpose for using the monitoring tools," said Keenan. "Why are you monitoring tweets? What type of information are you going to be collecting? How long are you going to retain it? That has to be addressed before you employ the technology."
Two years ago, privacy advocates found DHS was monitoring social media sites to track public reaction to negative news about the U.S. government.
The NSA is spying on our social media comments & posts, click here & here to read more.
What's missing from this story? Another private company profiting from spying on Americans our RIGHTS BE DAMNED!
http://www.huffingtonpost.com/2014/06/25/dataminr-mines-twitter-to_n_5507616.html
Need proof our justice system is corrupt? Judge ruled warrantless bulk surveillance of Americans is legal:
Oregon - A federal judge has affirmed the legality of the U.S. government's bulk collection of phone and email data from foreign nationals living outside the country — including their contact with U.S. citizens — in denying a man's motion to dismiss his terrorism conviction.
It was the first legal challenge to the government's bulk data-collection program of non-U.S. citizens living overseas after revelations about massive, warrantless surveillance were made public by former National Security Agency employee Edward Snowden.
The program also sweeps up information about U.S. citizens who have contact with overseas suspects. This type of surveillance played a key role in this case.
Lawyers for Mohamed Mohamud, a U.S. citizen who lived in Oregon, tried to show the program violated his constitutional rights and was more broadly unconstitutional. U.S. District Judge Garr King on Tuesday denied that effort.
The ruling also upheld Mohamud's conviction on terrorism charges. In his decision, King rejected the argument from Mohamud's attorneys that prosecutors failed to notify Mohamud of information derived under the U.S. Foreign Intelligence Surveillance Act until he was already convicted.
Suppressing the evidence collected "and a new trial would put defendant in the same position he would have been in if the government notified him of the (surveillance) at the start of the case," King wrote. "Dismissal is not warranted here."
King held that Mohamud's most persuasive argument was that, even if the original surveillance were lawful, the subsequent use of that information on a U.S. citizen required a warrant. Previous federal appeals court rulings have said that the government needs a warrant to test pills seized in an unrelated search or to search a computer for more information that the warrant sought.
Those rulings, the defense argued, meant King should apply the same standard to the evidence seized.
But King disagreed.
"I do not find any significant additional intrusion," King wrote. "Thus, subsequent querying of (collected data), even if U.S. person identifiers are used, is not a separate search and does not make (such surveillance) unreasonable under the Fourth Amendment."
The Attorney General and the Director of National Intelligence announced that the President will seek a renewal of the court order authorizing the NSA's bulk collection of American telephone records through September 12, 2014.
http://www.huffingtonpost.com/2014/06/24/warrantless-bulk-surveillance-legal_n_5527800.html
NYPD commissioner wants more surveillance (spy) cameras in subways & buses:
NY - NYPD Police Commissioner Bill Bratton envisions a future in which officers armed with tablets keep tabs on rolling subway cars remotely.
“One of my officers could actually be standing on a platform waiting for that train to come in ... monitoring the cameras on that subway car to see if there’s an issue on that 10-car train that he wants to go and focus on,” said Bratton.
Conductors could also monitor display terminals in their cabins between stations to detect disturbances in real time and enable prompt assessments of reports from riders via subway intercoms, Bratton said. (Passengers spying on each other "See Something Say Something")
“Cameras are ubiquitous throughout the system. Why not inside train cars?” asked John Samuelsen, president of Transport Workers Union Local 100. “Anything that improves security and helps our conductors keep riders safe is a positive.” (There's our government's catch all phrase again & again its for our safety that we're spying on you & they (DHS) encourage the public to report you.)
The MTA is investigating the addition of cameras in the city’s subway system.
Chicago recently installed cameras in 830 older-model subway cars with a $13.9 million grant from the federal Department of Homeland Security. In the first three months of this year, Chicago transit cops made 60 arrests on vandalism and graffiti charges — equal to the total for all of last year, said Chicago Transit Authority spokeswoman Catherine Hosinski.
http://www.nydailynews.com/new-york/nyc-crime/bratton-advocates-security-cameras-city-subway-cars-article-1.1837813
'What I tell people who say they don’t care about their privacy' (Glenn Greenwald)
Journalist Glenn Greenwald said people have told him over and over that government surveillance does not concern them.
“Those people don’t believe what they’re saying,” he told a sold-out audience last week at the Nourse Theater in San Francisco.
To illustrate this, every time someone would come up to Greenwald and say they didn’t mind people knowing what they were doing because they had nothing to hide, he would proceed with the same two steps: first, by giving them his email address and then by asking them to send him all their email and social media passwords — just so he could have a look.
“I’ve not had one single person send me them,” he said, as the room swelled with laughter. “And I check my email box constantly!”
The humorous anecdote, Greenwald said, exemplifies how people instinctively understand how privacy is vital to who we are. Just as much as we need to be social, we need a place where we can go to learn and think without others passing judgment on us.
“Privacy is embedded in what it means to be human and always has been across time periods and across cultures,” Greenwald said.
“Somebody collecting the list of all the people with whom you're communicating will know an enormous amount about your most invasive and intimate realm,” he said. “Oftentimes even more than they’ll learn if they’re listening to your telephone calls, which could be cryptic, or your email communications which could be quite stunted.”
“I started thinking about what those people have in common,” Greenwald said, adding that he realized they all more or less defend the government in their reporting. But if you go into American Muslim communities, or the Occupy movement, or groups who challenge the status quo, he said, you’ll find countless people afraid of being targeted.
In addition, this notion implies that if you don’t challenge the government, you won’t have to worry about being spied on. But “the true measure of how free a society is,” Greenwald said, “is how it treats its dissidents.”
http://www.alternet.org/civil-liberties/glenn-greenwald-heres-what-i-tell-people-who-say-they-dont-care-about-their-privacy
https://www.eff.org/nsa-spying/how-it-works
