from the making-a-strong-case-for-Snowden's-fridge-logic dept
We know how much information the NSA can grab in terms of cell phone usage -- namely, calls made and received and length of conversations, along with phone and phone card metadata like IMSI and IMEI numbers. It can even grab location data, although for some reason, it claims it never does. (No matter, plenty of law enforcement agencies like gathering location data, so it's not like that information is going to waste [bleak approximation of laughter]).
According to Ryan Gallagher at Slate, the NSA, along with other agencies, are able to something most would feel to be improbable, if not impossible: track the location of cell phones even if they're turned off.
On Monday, the Washington Post published a story focusing on how massively the NSA has grown since the 9/11 attacks. Buried within it, there was a small but striking detail: By September 2004, the NSA had developed a technique that was dubbed “The Find” by special operations officers. The technique, the Post reports, was used in Iraq and “enabled the agency to find cellphones even when they were turned off.” This helped identify “thousands of new targets, including members of a burgeoning al-Qaeda-sponsored insurgency in Iraq,” according to members of the special operations unit interviewed by the Post.Normally, turning a cell phone off cuts the connection to towers, effectively taking it off the grid and making it only traceable to the last point it was connected. The Post article doesn't explain exactly how the NSA accomplishes it, but other incidents over the past half-decade offer a few indications of how this might be done.
In 2006, it was reported that the FBI had deployed spyware to infect suspects’ mobile phones and record data even when they were turned off... In 2009, thousands of BlackBerry users in the United Arab Emirates were targeted with spyware that was disguised as a legitimate update. The update drained users’ batteries and was eventually exposed by researchers, who identified that it had apparently been designed by U.S. firm SS8, which sells “lawful interception” tools to help governments conduct surveillance of communications.The FBI's use, in which cell phones' microphones were remotely activated to record conversations (even with the phones turned off), probably had some bearing on Snowden's request that journalists power down their phones and place them in the fridge.
According to Gallagher, the NSA may be using mass updates to infect phones of targets overseas (and presumably, any "non-targets" applying the same faux update). This would be difficult, but not impossible, and considering what we've learned about the NSA's far-reaching surveillance net, certainly not implausible. A couple of details in support of that theory:
First, two telcos that provide service to millions of cell phone users are known to be overly cooperative with intelligence agencies. You may recall the fact that Verizon and AT&T notably did not sign the collective letter asking the government to allow affected companies to release information on government requests for data. Given this background, it's not unimaginable that Verizon and AT&T would accommodate the NSA (and FBI) if it wished to use their update systems to push these trojans.
Add to this the fact that Microsoft and others have allowed intelligence agencies early access to security flaws, allowing them to exploit these for a certain length of time before informing the public and patching the holes. Add these two together and you've got the means and the opportunity to serve snooping malware to millions of unsuspecting cell phone users.
Sparing usage, properly targeted isn't really an issue. But if updates containing spyware have been pushed to the thousands of non-targeted individuals just to ensure the targets are included, it becomes more problematic, and the track record of the two agencies who have used this technology is far from pristine.