Hunting for Stingrays (Part 1)

The single easiest way to track someone today is using their cell phone. We have them with us at all times and in order for them to work, they must be tracked by the cell phone network. When law enforcement wants to identify people at a protest or hanging around a particular area, they could take the time to get a warrant to present to multiple cell phone providers. Or they could simply bring in a portable, fake cell site. Any cell phones in the area will reveal their location to all nearby cell sites, and the owners of those phones will be none the wiser. The use of cell site simulators (often known by a particularly popular model called a “Stingray”) is heavily shrouded in secrecy. Even their very existence was denied for years. Today, we’ll talk with a man who has made it his mission to uncover the use of such devices. We’ll talk about how they work, why they’re so hard to detect, and the broader implications of their use by police and sheriff’s departments with little to no oversight. Cooper Quintin is a security researcher and Senior Staff Technologist with the EFF Threat Lab. He has worked on projects such as Privacy Badger, Canary Watch, and analysis of state sponsored malware campaigns such as Dark Caracal. He has also performed security trainings for activists, non profit workers and ordinary folks, and given talks about security research at security conferences around the world. He previously worked building websites for non-profits, such as Greenpeace, Adbusters, and the Chelsea Manning Support Network. Cooper was also an editor and contributor to the hacktivist journal, “Hack this Zine.” He has spoken at multiple black hat conferences about security issues ranging from IMSI Catchers to Malware attacks against journalists. Further Info BECOME A PATRON! https://www.patreon.com/FirewallsDontStopDragons Electronic Frontier Foundation (EFF): https://www.eff.org/  EFF’s Electronic Frontier Alliance: https://www.eff.org/electronic-frontier-alliance  Crocodile Hunter project: https://github.com/EFForg/crocodilehunter How IMSI catchers work: https://www.eff.org/wp/gotta-catch-em-all-understanding-how-imsi-catchers-exploit-cell-networks EFF page on IMSI catchers: https://www.eff.org/pages/cell-site-simulatorsimsi-catchers Why 5g won’t help: https://www.eff.org/deeplinks/2019/01/5g-protocol-may-still-be-vulnerable-imsi-catchers Sea Glass project: https://seaglass.cs.washington.edu/  Sitch project: https://sensor.readthedocs.io/en/latest/  My new Apress video: Maximum Privacy with End-to-End Encryption https://link.springer.com/video/10.1007/978-1-4842-7034-9