New surveillance systems are being offered to governments around the globe, giving them the ability to track the movements of almost any cellphone carrier. The new technology is utilising standard cellular network data, which must constantly monitor the locations of their customers in order to allow calls and messages to be delivered.
The new technology is utilising standard cellular network data, which must constantly monitor the locations of their customers in order to allow calls and messages to be delivered. This seems like a fairly straightforward procedure, and one which users generally accept as necessary; what users probably do not realise or expect is that surveillance systems are secretly collecting these records to map the travel patterns and locations of each individual over long periods of time, according to marketing documents and experts in surveillance technology.
People don’t understand how easy it is to spy on them,” said Philippe Langlois, chief executive of P1 Security, a research firm in Paris.
It has become a well-known fact that government intelligence services in the West with access to advanced technology, such as the National Security Agency (NSA) in the United States and GCHQ in Britain, have exploited this facility to track targets, but the technology experts have revealed that it is now possible for practically anyone with enough funds or technological know-how to extract location data out of global cellular networks and spy on any cellphone carrier anywhere in the world.
The unsuspecting phone user would never know that they were being spied upon – these systems are designed so that neither cellphone users nor their carriers can detect the tracking. The implications of this is that government officials could in theory operate outside regulations or court orders designed to protect the rights of people targeted for surveillance. Security experts predict that, in a worst-case scenario, hackers, high-level criminal gangs and nations under sanctions could gain access to this technology, which currently operates in a legal gray area.
In fact, this may already have happened, as an anonymous source from within the industry has suggested that numerous countries have bought or leased such technology in recent years, and that the constant innovations in surveillance technology is allowing the dissemination and deployment of advanced spying technology by a variety of different organizations across the world.
Human rights activists with an interest in personal security are alarmed and appalled by the information:
“Any tin-pot dictator with enough money to buy the system could spy on people anywhere in the world,” said Eric King, deputy director of Privacy International, a London-based activist group that warns about the abuse of surveillance technology. “This is a huge problem.”
Some countries have made it an offence to track individuals with either their consent or a court ruling, but internationally, no legal standard has been set and no global regulatory body exists in order to monitor this type of activity. In the United States, there are restrictions on the export of some types of surveillance technology, but these limitations are easily circumvented as many suppliers are based abroad, free to trade the systems to anyone who has the ability to buy and use them.
Accessing the technology is apparently a very simple procedure: a number is typed into a computer portal which collates location information from databases owned and maintained by cellphone providers. An individual’s location can be pinpointed in this way to within a few blocks of where they are.
“If this is technically possible, why couldn’t anybody do this anywhere?” said Jon Peha, a former White House scientific adviser and chief technologist for the FCC who is now an engineering professor at Carnegie Mellon University.
“I’m worried about foreign governments, and I’m even more worried about non-governments,” Peha added. “Which is not to say I’d be happy about the NSA using this method to collect location data. But better them than the Iranians.”
This sensitive information could allow trackers to find targets, and even control their movements, a potential indentified and rather disturbingly promoted in a marketing brochure for SkyLock, a cellular tracking system sold by Verint, an analytics systems developer based in Melville, N.Y., which carries the subtitle “Locate. Track. Manipulate.” The document claims to offer government agencies “a cost-effective, new approach to obtaining global location information concerning known targets.”
Verint markets itself as “a global leader in Actionable Intelligence solutions for customer engagement optimization, security intelligence, and fraud, risk and compliance,” with clients in “more than 10,000 organizations in over 180 countries,” though the company claims that it remains within the law as Skylock is not used against U.S. or Israeli phones. Another company, Defentek, markets a similar system called Infiltrator Global Real-Time Tracking System on its Web site, claiming to “locate and track any phone number in the world.”The site adds: “It is a strategic solution that infiltrates and is undetected and unknown by the network, carrier, or the target.”
The Washington Post employed their own telecommunications security researcher Tobias Engel to use the techniques described by the marketing documents, to try to determine the location of a consenting Post employee using an AT&T phone. Using only her phone number, Engel determined the employee’s location to within a city block.
“You’re obviously trackable from all over the planet if you have a cellphone with you, as long as it’s turned on,” said Engel, who is based in Berlin. “It’s possible for almost anyone to track you as long as they are willing to spend some money on it.”
AT&T declined to respond to the Post’s findings.
The tracking technology exploits the outdated and slack security of SS7, a global network used by cellular carriers use to communicate with one another when directing calls, texts and Internet data.
The system was built decades ago, when there were just a few large carriers controlling the bulk of global phone traffic, but now it can be accessed by thousands of carriers servicing billions of phones and other mobile devices, security experts say. This has profound implications for security as any one of these companies could share its access with others, including makers of surveillance systems. making the whole network vulnerable to exploitation.
“We don’t have a monopoly on the use of this and probably can be sure that other governments are doing this to us in reverse,” said lawyer Albert Gidari Jr., a partner at Perkins Coie who specializes in privacy and technology.
Any carrier can send queries to other companies on the SS7 system, including one query commonly used for surveillance, called an “Any Time Interrogation” query. This query requests that a carrier reports the location of an individual customer, and in recent tests, 75 percent of carriers responded to “Any Time Interrogation” queries.
Engel, the German telecommunications security researcher, publicly disclosed this ability for carrier networks to covertly gather user location information at a 2008 hacker activist group conference in Germany. Using crude techniques, Engel illustrated the security flaws in the systems, techniques employed later by researchers Don Bailey and Nick DePetrill, who found even more concerning threats to personal security when the location data was combined with other publicly available data. By accessing the video feeds of highway cameras, the researchers were able to pinpoint individuals with ease.
“We could tell that they were going a certain speed on I-70,” Bailey recalled. “Not only could you track a person, you could remotely identify a car and who was driving.”
The GSMA, a London-based trade group that represents carriers and equipment manufacturers, acknowledged serious security issues with the network, and it is due to be replaced over the next decade.
“SS7 is inherently insecure, and it was never designed to be secure,” said James Moran, security director for the GSMA. “It is possible, with access to SS7, to trigger a request for a record from a network.”
This may be easier said than done, however, as telecommunications experts say networks have become so complex that implementing new security measures to defend against these surveillance systems could cost billions of dollars, and compromise basic services, such as routing calls, texts and Internet.
“These systems are massive. And they’re running close to capacity all the time, and to make changes to how they interact with hundreds or thousands of phones is really risky,” said Bart Stidham, a longtime telecommunications system architect based in Virginia. “You don’t know what happens.”
In response to recent lobbying by the Washington Post, the Federal Communications Commission has agreed to investigate possible misuse of tracking technology that collects location data from carrier databases. When asked by The Post about systems that use SS7 tracking, FCC spokeswoman Kim Hart said:
“This type of system could fall into the category of technologies that we expect the FCC’s internal task force to examine.”
Companies that market SS7 tracking systems recommend that they are used in conjunction with “IMSI catchers,” surveillance devices that use cellular signals collected directly from the air to intercept calls and Internet traffic, send fake texts, install spyware on a phone, and determine precise locations.
The FCC have put together a task force in order to focus on the misuse of IMSI catchers by criminal gangs and foreign intelligence agencies, which have allegedly utilised this technology for spying on a broad range of targets, including American citizens, businesses and diplomats. The use of IMSI catchers currently falls within the law for authorized purposes.
Cellphones are now an integral part of daily life for billions of people across the globe, even used in some of the most remote areas of the world. The convenience that they offer has been embraced whole-heartedly by the human race, but has this convenience come with at a very high price? The potential for population control and monitoring appears to be unlimited, with our need to communicate potentially compromising our personal privacy.
Do the benefits of cellphones now outweigh this unwelcome side effect; is the risk merely hyped and overplayed, or have we unwittingly asigned away our personal liberty forever?
Share your views with us here at Unknown Country – subscribe today to have your say.
Check out this Special Interview in which Whitley Strieber interviews John Hogue, who gives his own unique take on why the government wants to monitor a quarter of a million people who aren’t involved with terrorism.
Read the original source: http://www.unknowncountry.com/special/nsa-death-freedom-and-new-cold-war#ixzz3BbyBA7Yf