Wednesday, February 6, 2008

MObile telephones - ears from big brother

..
Mobile phones, the stealth ID card, bug and tracking device in your pocket
Resources | Social Control | Technology / Hacklabs
repost >>> Earlier this month it emerged that the FBI had been remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations. The surveillance technique, which "functioned whether the phone was powered on or off." came to light as a result of a ruling by U.S. District Judge Lewis Kaplan on the legality of the "roving bug".

[For extra information on this topic, see Privacy, Email and Activism, a brief intro >>>]

It had been approved by U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping.

Cell phones owned by two alleged mobsters, John Ardito and his attorney Peter Peluso, were used by the FBI to listen in on nearby conversations.

The news that the FBI had been remotely activating mobile phones as eaves dropping devices confirms what many activists have been saying for years.

"A cellular telephone can be turned into a microphone and transmitter for the purpose of listening to conversations in the vicinity of the phone. This is done by transmitting to the cell phone a maintenance command on the control channel. This command places the cellular telephone in the 'diagnostic mode.' When this is done, conversations in the immediate area of the telephone can be monitored over the voice channel." - National Reconnaissance Organization newsletter,1997.

As long as I can remember there has been a kind of unspoken rule among activists about taking batteries out of mobile phones during meetings to prevent bugging - along with occasional arguments about it being paranoid. While it has long been know to be a theoretical possibility, the mafia court case confirms it is actually a practical technique and is being used.

It is not clear exactly how the FBI achieve their remote activation but it is known that it is possible to update the software on a mobile phone by sending an unnoticeable SMS message to a particular cell phone. Changes to the phones software than make it possible to spy on the user around the clock, as long as the phone has power. All SMS messages can be read and all calls and conversations can be listened to, including those taking place in the vacinity of the phone. It would also be possible to access and copy address books and other information stored on the phone.

It should be fairly obvious to anyone that simply 'switching off' a mobile phone could not prevent the software from reactivating the phone at will. Like most computers, the on/off switch on a mobile phone is simply a button that requests the software to do something, ie.. turn the phone on or off - or more acturately, switch the phone between standby and normal operations. Many have an alarm feature which can operate when the phone is apparently 'switched off'.

Some of the vunerabilities of mobile phones may only be exploitable by the state or private interests with financial muscle to obtain access to the records of mobile phone networks. Others however are much easier to exploit and well within the capabilities of private investigators. One example is the ability to read mobile phone numbers from all phones in a room as those phone routinely poll and communicate with the nearest cell phone repeater.

And lets not forget the ability to track cell phones (again, potentially even when they are turned off). With the data retention laws requiring mobile phone networks to keep this data for a year or so, it is easy for the authorities (or private agencies with influence) to not only monitor somebodies movements but also cross reference that with other people and build up acturate pictures of networks of association.

As repression on dissent increases, it is vital that we are all aware of the information we provide our enemies and what steps we can take to limit the damage.

What advice might you consider?

Don't take any mobile phone to a meeting and if you must, remove the battery.
Don't take your personal mobile phone with you on actions.
Remove the battery if making journeys others should not know about.
Better yet, don't take the phone or send it out on a walk in the park with a friend.
Don't power up you 'clean' action phone in any building you don't want assocaited with an action.
Never use 'clean' action phones to call comrades personal phone numbers.
Don't call a 'clean' action phone from any 'non clean' phone.
Don't continue to use the same set of action phones on future actions.
Only pay cash for phone credit and not from places with CCTV (difficult).
[For extra information on this topic, see Privacy, Email and Activism, a brief intro >>>]

No comments: