Israeli-Made Stingray Device Found In The Hands Of South African Businessmen
from the snooping-for-the-masses! dept
IMSI catchers: not just for law enforcement agencies anymore! (via Slashdot) The cellphone signal-slurping devices are normally found in the hands of cops and investigators and carefully hidden from public examination by a fine mesh of redactions, withheld documents, non-disclosure agreements and dismissed cases. But two South African men walked into a sting operation, leaving behind an intriguing bit of interception equipment.
At 10am on Friday, [two people] were lured to Irene Mall outside Pretoria in a police and intelligence sting that resulted in their arrest for illegally being in possession of the cellphone-tapping, -tracking and -locator machine worth over R25 million.
The machine, specially installed in a German-made multi-purpose vehicle, was impounded.
The Star knows the identity of the two arrested men – a top businessman in the gold industry and a bank employee – but can only identify them once they have appeared in court.
The device recovered during this appears to be some sort of Stingray-esque device, albeit not one manufactured by Harris Corporation. Instead, “The Grabber” (as it’s known) is manufactured in Israel. “The Grabber” is likely not its official name, as the web is largely free of other references to an IMSI catcher with this name. Israel’s Rayzone Group offers a selection of interception devices, but so far, only one (the Pirahna) has any documentation that has surfaced publicly.
Like any powerful interception device, its sales are supposed to be limited to government agencies. From what’s being reported here, the South African government was involved, but not in the typical way.
The Hawks [special investigative unit] said senior government officials are believed to have helped the suspects purchase the device – which is highly regulated in South Africa and globally.
According to the report, an official from the Department of Public Works is alleged to have written a fraudulent letter “on a government letterhead” claiming that the government wanted to buy the device.
Putting everything together from multiple reports, it appears the device was used (or intended to be used) to intercept communications of government officials overseeing certain lucrative bidding processes: small scale industrial/economic espionage by private persons acting on behalf of both themselves and a few government officials.
If the claims made by unnamed police officials are to be believed, the “Grabber” is possibly more powerful than Harris’ Stingrays.
Police sources told The Star that evidence showed The Grabber, which could bug at least 10,000 lines at a time, had been used to advance certain parties in commercial transactions.
MyBroadband brings these claims a bit more down to earth with a longer examination of the device’s purported capabilities. It appears to be, more or less, a Stingray. It imitates a cell tower and boosts its signal to route as many phone calls through it as possible. It can “grab” phones and track their location. According to the unnamed “security professional” interviewed by MyBroadband, it’s unlikely the device can actually intercept calls, which makes the police sources’ claims of “bugging 10,000 lines” particularly suspect.
In the abstract, a Stingray-device can gather any number of “lines,” but actual interception (i.e., “bugging”) of calls and text messages tends to be on a smaller scale. Whether or not this device can actually intercept communications (as the Stingray has been reported to do), it’s likely true that it does have some interception capabilities, considering that in this context (snooping on government contract bidding, hints of blackmail) call records and phone location would be of minimal use.
Documentation on devices sold by Israel’s Rayzone Group do hint at some powerful interception capabilities. Its “Pirahna” offers “remote control” of targeted devices, and additional software provides even more access via a targeted phone’s WiFi connection.
However, there’s not enough information available to ascertain exactly what device the South African police have recovered. But the technology has been around for years and a number of companies worldwide are steadily improving capabilities.
Finding one of these in the hands of private citizens is a bit surprising, but certainly can’t be completely unexpected. Stingray-type technology was never going to remain under strict government control. The tech itself can be duplicated and utilized by criminals — either by fraudulently obtaining a device from a manufacturer or by putting one together themselves. China’s Amazon (AliBaba) has listings for IMSI catchers and Bruce Schneier points to researchers at 2010’s Def Con displaying a home-built IMSI catcher that ran about $1,500 for parts. So, the capabilities the police feel they enjoy exclusively are undoubtedly in the hands of civilians.
What is remarkable is the circuitous nature of the criminal activity, which involved government insiders providing the paperwork needed for the acquisition, which was then deployed against other government officials to the mutual benefit of both.