NYPD Says Releasing Basic Stingray Contract Info Will Result In A Supercriminal Apocalypse

from the some-prime-ass-talking-going-on-here dept

Secrecy still continues to shroud law enforcement Stingray use, in large part because courts have been far too receptive to the government’s insistence that the release of any details at all would result in the expensive tech being rendered instantly useless.

The NYPD has decided to go past the usual “law enforcement means and methods” obfuscatory tactics and push a rather novel narrative about why it would be “dangerous” for IMSI catcher info to make its way into the public domain. (I mean more so… I guess.)

Joseph Cox of Motherboard reports the NYPD’s latest opacity play involves hoodie-wearing males operating laptops in underlit rooms and comic book supervillain-esque levels of coordinated criminal activity.

In a recent case, the New York Police Department (NYPD) introduced a novel argument for keeping mum on the subject: Asked about the tools it uses, it argued that revealing the different models of IMSI catchers the force owned would make the devices more vulnerable to hacking.

In the words [PDF] of the NYPD’s Gregory Antonsen, hackers would be able to crack open Stingrays like OPM records if the department were to turn over Harris Corp. contract info and nondisclosure agreements to the New York branch of the ACLU in response to its FOIL request. Also: terrorism.

The purpose of this affidavit is to explain the reasons that disclosing the Withheld Records would cause grave damage to counterterrorism and law enforcement operations, and so could endanger the lives or safety of New Yorkers.

Additionally, disclosing the Withheld Records would reveal confidential and non-routine criminal investigative techniques, which would hamper ability to conduct operations and would permit perpetrators to evade detection. Moreover, disclosure of the Withheld Records would jeopardize the ability of NYPD to secure its information technology assets.

After detailing the use of Stingrays to perform a variety of heartwarming investigations (tracking down a missing elderly person, rescuing someone from sex trafficking, etc.), Antonsen gets down to business. According to the NYPD’s theory, any information released about the NYPD’s IMSI catcher contracts could be “scrutinized” by bad guys who would be able to infer from extremely limited information the extent of the department’s cellphone-tracking capabilities. It’s basically the mosaic theory, but without the mosaic.

But the far stupider assertion is the one made without any supportive citations — just a far-fetched hypothetical.

The CSS technologies are also critical and essential information technology assets. As such, all CSS technologies require periodic software updates. Public disclosure of the specifications of the CSS technologies in the NYPD’s possession from the Withheld Records would make the software vulnerable to hacking and would jeopardize ability to keep the technologies secure. Of great concern is that a highly sophisticated hacker could use the knowledge of CSS technologies to invade the CSS software undetected, thus creating a situation in which law enforcement personnel are lured into a situation based on a misleading cell-phone location and are then trapped and ambushed.

The ACLU’s Chris Soghoian has responded [PDF] to the NYPD’s assertions. As to the claims that providing contract information would somehow result in sophisticated criminals finding ways to route around this surveillance, Soghoian points out that every Stingray device — no matter its capabilities — can be defeated by even the dumbest thug… and all without having to scour a redacted invoice for clues.

The most effective countermeasure, which can be used by anyone at no cost is to simply turn off a phone or put it into airplane mode. This will thwart tracking by any model of Stingray. Knowing the models of Stingrays that the NYPD uses does not make this countermeasure more or less effective. It is 100% effective regardless of which models of Stingrays the NYPD uses.

Soghoian went easy on the “but criminals will beat our IMSI catchers” argument. The “but we’ll be hacked” argument is treated with all the respect it deserves: none.

It would be a serious problem if the costly surveillance devices purchased by the NYPD without public competitive bidding are so woefully insecure that the only thing protecting them from hackers is the secrecy surrounding their model names.

He also chides the NYPD for making claims the federal government isn’t even willing to make.

The Harris Corporation, which in addition to manufacturing Stingrays has been awarded public contracts for securing the President’s communications and supplying secure radios used by the U.S. Army, is clearly capable of designing secure products for its government customers that does not rely on keeping secret the mere existence of the devices for their security.

Soghoian also points out that the release of other information would similarly have zero effect on the devices’ capabilities. Because they spoof cell towers, it does criminals no good to know how many the NYPD has or even where they tend to deploy them. A cellphone can’t tell it’s connected to a BS “tower.” And just because the NYPD may be more likely to deploy them in certain areas does not guarantee that avoiding those areas will allow criminals to avoid detection.

And this wonderful paragraph snarkily deflates the NYPD’s paranoid ravings its tech officers deploy as justification for continued secrecy.

Inspector Antonsen also claims that knowing the number of Stingrays owned by the NYPD may enable an extremely well-resourced criminal group to orchestrate a greater number of simultaneous hostage situations than the number of Stingrays available to the NYPD. Even assuming that such a sophisticated criminal group made the unlikely decision to rely on its knowledge of the number of Stingrays in the possession to use cell phones in executing such a hypothetical event, knowing that number will not help them as it is almost certainly the case that one, if not multiple, federal law enforcement agencies would step in and assist the NYPD with their own cellular surveillance technology. Moreover, this hypothetical is no different from saying that at some point some criminal group may be able to overwhelm the number of police cars that the NYPD owns or the number of police officers on the force.

It’s hard to believe law enforcement is still throwing out these tired arguments after nearly a decade of incremental exposure of Stingray information. The NYPD wants publicly-available information (Stingray names, suggested retail prices) to somehow be the first cat successfully stuffed back into the bag. Since it has no legitimate arguments to justify this cat stuffing, tech officers are resorting to hypothetical scenarios even the most-handwavingest of sci-fi writers wouldn’t feel comfortable inserting into their speculative fiction.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “NYPD Says Releasing Basic Stingray Contract Info Will Result In A Supercriminal Apocalypse”

Subscribe: RSS Leave a comment
That One Guy (profile) says:

Re: Re: "Criminals like that get what they deserve, but that would never happen to me..."

But there will always be people who want to believe that the police keep them safe and are virtuous above reproach.

… right until they’re on the receiving end of police abuse of power/lawbreaking, and they look around proclaiming their innocence and wondering why no-one believes them, instead brushing aside their claims of innocence as baseless attempts by a criminal, attempting to tar the good name of the paragons of virtue that are law enforcement.

Anonymous Coward says:

Probably True

revealing the different models of IMSI catchers the force owned would make the devices more vulnerable to hacking.

Most likely far too true. Probably completely open communication protocol with no authentication required to get in.

Would explain the secrecy too, if anyone knowledgeable of the protocols would get the facts into the courts – they’d all but be thrown out because of how easily the records could be falsified … explains a bit too much don’t ya think?

orbitalinsertion (profile) says:

Re: Probably True

The thing about this is… if one wanted and remotely needed to hack at IMSI catchers, they would make exploits and tools for all of them. Then they could go warstrolling to their little supercriminal terrorist hearts’ content.

Next up: Gov demands nerding harder from vendors so phones respond to an “IMSI bit” when in airplane mode, off, and the battery out. Sort of a super-RFID.

Anonymous Coward says:

“thus creating a situation in which law enforcement personnel are lured into a situation based on a misleading cell-phone location and are then trapped and ambushed.”

Someone who wanted to do this could just take the actual phone to the ambush location. No hacking needed.

“Inspector Antonsen also claims that knowing the number of Stingrays owned by the NYPD may enable an extremely well-resourced criminal group to orchestrate a greater number of simultaneous hostage situations than the number of Stingrays available to the NYPD”

Or they could, you know, turn off their hostages’ cell phones, rendering the Stringrays useless. Or they could leave them on and set up an ambush, made even more effective by the presence of the hostages. Again, why are the police worried about an ambush from a false signal and not a true one?

Anonymous Coward says:

Re: Re: Re:

I know, but I prefer to imagine comic-book type super-villains making ill-thought-out plans.

“Here’s the plan. We know, thanks to FOIA, that the NYPD has exactly 19 stingrays. So we’re going to kidnap 20 people and hold them at 20 different locations. Foolproof!”

“But, boss, even if this works, won’t they catch 95% of us?” “Yeah, but you’re henchmen, you’re expendable.” “…”

“But, boss, what if one person sees us enter a building and tells the police about it, and they don’t have to use a Stingray there?” “Well, I guess you’ll just have to be very careful, now won’t you?”

“But, boss, can’t they move one Stringray once they get a location, and use it somewhere else? Aren’t those things mobile?”

“But, boss, can’t they borrow one from a nearby city?”

“… OK, OK, new plan. And this one is sheer evil genius. Using the model numbers of their Stingrays that we obtained, we hack into their system and make it appear that the hostages’ cell phones are coming from a particular location. Then, we ambush the cops when they come.” “But, boss, if we know which phones they’re tracking, couldn’t we just carry those phones to the ambush location?” “But, boss, won’t they then know our exact location, and be able to surround us and send overwhelming force?” “But boss, if you could hack into military-grade hardware that easily, couldn’t you just hack something more deadl-” “SHUT UP, THIS IS THE PLAN.”

TasMot (profile) says:

Re: Re:

Again, why are the police worried about an ambush from a false signal and not a true one?

Because, while exercising their god complex they have veered so far from the truth they have forgotten what the truth is, and yet, have not formed a fully detailed backstory yet for their lies.

Also, because, convictions are now better than prevention. If the crimes would be prevented because the purported criminals knew that the NYPD would be able to catch them because of they advanced technology they could employ, then arrest rates would decline, conviction rates would decline there would be less need for so many NYPD police running around.

Heaven forbid, that would mean a smaller budget and less prestige. We can’t have that, now can we?

DannyB (profile) says:

Re: Re:

Prosecutors too! Let’s not leave them out.

Stingray cases lead to Parallel Construction.

Parallel Construction is a euphemism for perjury. Criminal conspiracy to lie to the court and deprive the defense of real evidence, what actually happened.

Releasing the details of Stingray use would reveal the supercriminals at work and how they operate. (eg, police / prosecutors) And it would be an apocalypse from their POV.

DannyB (profile) says:

Re: Re:

We cannot release information on stingray to protect law enforcement from prosecution.

What is it they way? If you’ve done nothing wrong, you’ve got nothing to hide.

I seem to recall a saying about the goose and gander having compatible ports with need of an adapter, or something like that. A device that is good for the goose is compatible with the gander.

Anonymous Coward says:

It’s always a pity that these supercriminals seem to view the constitution as an obstacle they need to work around, using tools they know from the start that they need to keep hidden from everyone, than a document that is intended to protect everyone.

How many more pedophiles are going to get off because the cops would prefer to find ways to get around the US Constitution then obey it?

Padpaw (profile) says:

Re: Re:

I still suspect they are being trained to ignore their fellow citizen’s rights and to brutally suppress dissent. solely to justify more heavy handed and anti freedom laws when people start fighting back for their god given rights.

Much like creating fake terrorism plots to justify anti freedom laws “designed” to combat terrorism, but in reality turn a country into another tyranny.

Groaker (profile) says:

The NYPD is the SuperCriminal Apocalypse. No one but a known member of this or a similar gangster clan can arbitrarily murder a person, steal their money, sexually molest and rape and have a 99%+ expectation of walking free, most likely with a commendation, promotion, raise in pay and a paid vacation. As well as have the right to refuse to do their job (according to SCOTUS.)

An innocent individual swept up by clan raids has a far less than a 99% chance of being found innocent at trial.

Anonymous Coward says:

A cellphone can’t tell it’s connected to a BS “tower.”

I am not sure this is true.

Each cell tower has a unique ID associated with it, like a MAC address of a network interface. This ID is part of the cell standards (CDMA or GSM). The ID number actually encodes information like the telco that owns it.

A cellphone will connect to the strongest signal it can find, irrespective of anything else, as long as it is permitted to connect. And that decision, permission to connect, is made by the tower itself. E.g your phone provider is telco1, but the strongest signal is from a tower owned by telco2, but if telco2 doesn’t allow 1’s handsets to connect, the phone will then go to the next strongest signal, and the next, until it finds a connection it’s allowed to establish.

Sometimes telco’s will buy the rights to use another telco’s towers, to expand their coverage without having to install towers (or expand capacity on existing towers) themselves. So in this case, if telco1 had such an agreement with telco2, then telco2’s tower may indeed let you connect, even tho you belong to telco1.

It is this that IMSI catchers take advantage of. In fact anyone, with the right technical knowledge and electronics skills, could make their own IMSI catcher.

So, an IMSI catcher just broadcast a stronger signal (whether due to just being closer than other towers or by being more powerful in general) and permits any phone to connect. Then it creates it’s own connection to a ‘real’ tower, and passes the signals through. Basically, it’s just a classic Man-In-The-Middle (MitM) attack.

While it’s certainly possible that the cell tower ID it uses is copied from a ‘real’ tower, like a MAC address it could probably be changed, I would find that unlikely. I’m pretty sure the telco’s would be protesting that appropriation of their property. Actually using their unique identifying prefixes (or suffixes, I forget which it is) would probably in itself be illegal – certainly in the without-warrant type usages these devices seem to be being used in. I don’t find it plausible that the telcos are unaware of these devices, or unaware of each time they are used. Hell, they probably originated from standard test rigs that telco technicians/engineers use as part of their own testing, maintenance, and surveying when determining the best location for a new tower. The standard testing/maintenance they perform on their own infrastructure would pick up these devices as either another telco’s tower in the same area, or an unknown one of their own towers, which surely would raise alarm bells.

Therefore if you have a list of known cell IDs in the area, and you are using software that identifies this information, then you (or the phone) could know that you are not connecting to a known tower, and, possibly, it is not a ‘tower’ that is using your telco’s ID number.

There are many apps out their that can display, log and provide this information. There are open-source “cell-tower mapping” projects underway that create databases of celltowers, their unique ID numbers, and their location. Some of these apps operate entirely inthe background, recording all teh cell tower IDs and locations using GPS, and upload that data automatically to the project for inclusion in the database. So if a new tower, especially if it doesn’t use a known telco ID string, pops up, and then disappears hours or days later, then that’s a good bet that an IMSI catcher is being used.

So, create a database of all know celltowers, and there are probably apps out there that can let you force your phone to only connect to that known list, refusing to connect to any unknown tower. Of course, this will only protect the content of communications, not location info, as even if your phone refuses to connect to this unknown tower, it can still pick up the general broadcast that a phone sends when it’s looking for a tower to connect to.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...