FBI uses cell phones as bugs

[Crafty_Dog]

FBI taps cell phone mic as eavesdropping tool
Agency used novel surveillance technique on alleged Mafioso: activating his cell phone's microphone and then just listening.
By Declan McCullagh and Anne Broache
Staff Writer, CNET News.com

Published: December 1, 2006, 2:20 PM PST
Last modified: December 1, 2006, 6:35 PM PST
update The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations.

The technique is called a "roving bug," and was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him.


Bottom line:
While it appears this is the first use of the "roving bug" technique, it has been discussed in security circles for years.

Nextel cell phones owned by two alleged mobsters, John Ardito and his attorney Peter Peluso, were used by the FBI to listen in on nearby conversations. The FBI views Ardito as one of the most powerful men in the Genovese family, a major part of the national Mafia.

The surveillance technique came to light in an opinion published this week by U.S. District Judge Lewis Kaplan. He ruled that the "roving bug" was legal because federal wiretapping law is broad enough to permit eavesdropping even of conversations that take place near a suspect's cell phone.

Kaplan's opinion said that the eavesdropping technique "functioned whether the phone was powered on or off." Some handsets can't be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set.

While the Genovese crime family prosecution appears to be the first time a remote-eavesdropping mechanism has been used in a criminal case, the technique has been discussed in security circles for years.

The U.S. Commerce Department's security office warns that "a cellular telephone can be turned into a microphone and transmitter for the purpose of listening to conversations in the vicinity of the phone." An article in the Financial Times last year said mobile providers can "remotely install a piece of software on to any handset, without the owner's knowledge, which will activate the microphone even when its owner is not making a call."

Nextel and Samsung handsets and the Motorola Razr are especially vulnerable to software downloads that activate their microphones, said James Atkinson, a counter-surveillance consultant who has worked closely with government agencies. "They can be remotely accessed and made to transmit room audio all the time," he said. "You can do that without having physical access to the phone."

Because modern handsets are miniature computers, downloaded software could modify the usual interface that always displays when a call is in progress. The spyware could then place a call to the FBI and activate the microphone--all without the owner knowing it happened. (The FBI declined to comment on Friday.)

"If a phone has in fact been modified to act as a bug, the only way to counteract that is to either have a bugsweeper follow you around 24-7, which is not practical, or to peel the battery off the phone," Atkinson said. Security-conscious corporate executives routinely remove the batteries from their cell phones, he added.

FBI's physical bugs discovered
The FBI's Joint Organized Crime Task Force, which includes members of the New York police department, had little luck with conventional surveillance of the Genovese family. They did have a confidential source who reported the suspects met at restaurants including Brunello Trattoria in New Rochelle, N.Y., which the FBI then bugged.

But in July 2003, Ardito and his crew discovered bugs in three restaurants, and the FBI quietly removed the rest. Conversations recounted in FBI affidavits show the men were also highly suspicious of being tailed by police and avoided conversations on cell phones whenever possible.

That led the FBI to resort to "roving bugs," first of Ardito's Nextel handset and then of Peluso's. U.S. District Judge Barbara Jones approved them in a series of orders in 2003 and 2004, and said she expected to "be advised of the locations" of the suspects when their conversations were recorded.

Details of how the Nextel bugs worked are sketchy. Court documents, including an affidavit (p1) and (p2) prepared by Assistant U.S. Attorney Jonathan Kolodner in September 2003, refer to them as a "listening device placed in the cellular telephone." That phrase could refer to software or hardware.

One private investigator interviewed by CNET News.com, Skipp Porteous of Sherlock Investigations in New York, said he believed the FBI planted a physical bug somewhere in the Nextel handset and did not remotely activate the microphone.

"They had to have physical possession of the phone to do it," Porteous said. "There are several ways that they could have gotten physical possession. Then they monitored the bug from fairly near by."

But other experts thought microphone activation is the more likely scenario, mostly because the battery in a tiny bug would not have lasted a year and because court documents say the bug works anywhere "within the United States"--in other words, outside the range of a nearby FBI agent armed with a radio receiver.

In addition, a paranoid Mafioso likely would be suspicious of any ploy to get him to hand over a cell phone so a bug could be planted. And Kolodner's affidavit seeking a court order lists Ardito's phone number, his 15-digit International Mobile Subscriber Identifier, and lists Nextel Communications as the service provider, all of which would be unnecessary if a physical bug were being planted.

A BBC article from 2004 reported that intelligence agencies routinely employ the remote-activiation method. "A mobile sitting on the desk of a politician or businessman can act as a powerful, undetectable bug," the article said, "enabling them to be activated at a later date to pick up sounds even when the receiver is down."

For its part, Nextel said through spokesman Travis Sowders: "We're not aware of this investigation, and we weren't asked to participate."

Other mobile providers were reluctant to talk about this kind of surveillance. Verizon Wireless said only that it "works closely with law enforcement and public safety officials. When presented with legally authorized orders, we assist law enforcement in every way possible."

A Motorola representative said that "your best source in this case would be the FBI itself." Cingular, T-Mobile, and the CTIA trade association did not immediately respond to requests for comment.

Mobsters: The surveillance vanguard
This isn't the first time the federal government has pushed at the limits of electronic surveillance when investigating reputed mobsters.

In one case involving Nicodemo S. Scarfo, the alleged mastermind of a loan shark operation in New Jersey, the FBI found itself thwarted when Scarfo used Pretty Good Privacy software (PGP) to encode confidential business data.

So with a judge's approval, FBI agents repeatedly snuck into Scarfo's business to plant a keystroke logger and monitor its output.

Like Ardito's lawyers, Scarfo's defense attorneys argued that the then-novel technique was not legal and that the information gleaned through it could not be used. Also like Ardito, Scarfo's lawyers lost when a judge ruled in January 2002 that the evidence was admissible.

This week, Judge Kaplan in the southern district of New York concluded that the "roving bugs" were legally permitted to capture hundreds of hours of conversations because the FBI had obtained a court order and alternatives probably wouldn't work.

The FBI's "applications made a sufficient case for electronic surveillance," Kaplan wrote. "They indicated that alternative methods of investigation either had failed or were unlikely to produce results, in part because the subjects deliberately avoided government surveillance."


Bill Stollhans, president of the Private Investigators Association of Virginia, said such a technique would be legally reserved for police armed with court orders, not private investigators.

There is "no law that would allow me as a private investigator to use that type of technique," he said. "That is exclusively for law enforcement. It is not allowable or not legal in the private sector. No client of mine can ask me to overhear telephone or strictly oral conversations."

Surreptitious activation of built-in microphones by the FBI has been done before. A 2003 lawsuit revealed that the FBI was able to surreptitiously turn on the built-in microphones in automotive systems like General Motors' OnStar to snoop on passengers' conversations.

When FBI agents remotely activated the system and were listening in, passengers in the vehicle could not tell that their conversations were being monitored.

Malicious hackers have followed suit. A report last year said Spanish authorities had detained a man who write a Trojan horse that secretly activated a computer's video camera and forwarded him the recordings.

[G M]

http://www.wthr.com/global/story.asp?s=9346833&ClientType=Printable

13 Investigates
Tapping your cell phone
Posted: Nov 13, 2008 03:39 PM
Updated: April 21, 2009 07:01 PM


Courtney and Heather Kuykendall were harassed by an unknown caller for months.
 
WTHR producer Cyndee Hebert agreed to have her cell phone tapped as part of our experiment.
 
A map showed 13 Investigates Cyndee's location - wherever she went with her phone.
 
Rick Mislan, Cyber Forensics Lab at Purdue University
Bob Segall/13 Investigates

Imagine someone watching your every move, hearing everything you say and knowing where you are at every moment. If you have a cell phone, it could happen to you. 13 Investigates explains how your cell phone can be secretly hijacked and used against you - and how to protect yourself.


After four months of harassing phone calls, Courtney Kuykendall was afraid to answer her cell phone.

The Tacoma, Washington, teenager was receiving graphic, violent threats at all hours.

And when she and her family changed their cell phone numbers and got new phones, the calls continued.

Using deep scratchy voices, anonymous stalkers literally took control of the Kuykendall's cell phones, repeatedly threatened Courtney with murder and rape, and began following the family's every move.

"They're listening to us and recording us," Courtney's mother, Heather Kuykendall, told NBC's Today Show. "We know that because they will record us and play it back as a voicemail."
How is something like this possible?

Just take a look on the internet. That's where you'll find the latest spy technology for cell phones.

"Anywhere, anytime"

Spyware marketers claim you can tap into someone's calls, read their text messages and track their movements "anywhere, anytime." They say you can "catch a cheating spouse", protect your children from an evil babysitter and "hear what your boss is saying about you." And while you're spying on others, the Spyware companies say "no one will ever know" because it's supposed to be "completely invisible" with "absolutely no trace."

Security experts say it's no internet hoax.

"It's real, and it is pretty creepy," said Rick Mislan, a former military intelligence officer who now teaches cyber forensics at Purdue University's Department of Computer and Information Technology.

Mislan has examined thousands of cell phones inside Purdue's Cyber Forensics Lab, and he says spy software can now make even the most high-tech cell phone vulnerable.

"I think a lot of people think their cell phone calls are very secure but our privacy isn't always what we think it is."

Is your privacy truly at risk?

13 Investigates tested some cell phone Spyware to find out.

With the permission of WTHR producer Cyndee Hebert, 13 Investigates purchased and downloaded Spyware on her personal cell phone.

Hebert agreed to be spied on - if the spy software lived up to its bold claims.

WTHR's Spy Test

The process of downloading the software took several attempts and a great deal of patience. But once the spy program was installed, Hebert's phone could indeed be tapped into at any time - just as its distributor promised.

While Hebert was at home making phone calls to her family, investigative reporter Bob Segall was outside her house, listening to the conversations on his cell phone.

And there's more - much more.

Every time Hebert made or received a phone call, Segall received an instant text message, telling him that Hebert was talking on her cell phone so that Segall could call in and listen.

On his computer, Segall also got a copy of Hebert's text messages and a list of phone numbers detailing each incoming and outgoing call to Hebert's cell phone.

And no matter where Hebert went with her phone, Segall received constant satellite updates on her location. He could literally track Hebert anywhere she went.

"It's hard to believe you can do all that," Hebert said when she saw the spy software in action. "I think that's really scary."

It gets even scarier.

When spy software was installed onto Hebert's phone, that phone became an instant spy device - even when the phone was not being used.

As Hebert's cell phone was simply sitting on a table or attached to her purse, Segall could activate the speaker on the phone and secretly listen in to the phone's surroundings. While Hebert was in a meeting on the 36th floor of a downtown Indianapolis building, Segall heard her conversations, even though he was four miles away.

13 Investigates found more than a dozen companies willing to sell this type of cell phone spy software, which ranges in price from $60 to $3,000. The majority of the companies are located in foreign countries such as Thailand, Taiwan and the United Kingdom - and for good reason.

Most of the advertised applications for the spy software are illegal in the United States, and the existence of the software angers CTIA-The Wireless Association, an industry organization representing the nation's major cell phone manufacturers.

"These are gross violations of federal and state laws," said association spokesman Joe Farren. "It's very clear, without their express permission, you can't listen in to someone's phone calls, you cannot read their text messages, you can't track their movements. You can't do any of those things and there are numerous laws being broken."

Farren said his organization was not familiar with cell phone Spyware prior to WTHR's investigation, adding "I can tell you our lawyers and engineers are now looking into this."

Government spying

The United States government is familiar with spy software for cell phones.

In 2003 and 2004, the FBI used cell phone spy software to eavesdrop on the conversations of organized crime families in New York, and it used those conversations in its federal prosecutions.

Private investigator Tim Wilcox says several federal agencies rely on cell phone spying technology to monitor suspected criminals, and he says private citizens are now using the technology, too.

"The technology is there. It's been there a long time. It's accessible, and it's done all the time," Wilcox said.

As founder of Indianapolis-based International Investigators Inc., Wilcox says he receives daily letters and e-mails from people wanting help with "cell phone bugging," the ability to download spy software onto a cell phone, turning it into a secret listening device.

"There's only two kinds of people," Wilcox said, holding a large stack of e-mails. "One wants to bug somebody and the other has been bugged and wants to know how it's being done and how to find out and how to stop it.... it's a federal crime, but it's still happening."

The harassment eventually did stop for the Kuykendalls, but only after they brought in police and the FBI. While authorities never figured out who hijacked the family's cell phones, security experts say the case serves as a powerful lesson for others.

"Your privacy is not your privacy. It is exposed and it is exploited," Mislan said. "The key is being vigilant and knowing how to protect yourself.

How to protect yourself

Mislan suggests keeping a close eye on your cell phone so that others never get an opportunity to download information such as spy software when you're not looking. He also says it's important to install a security password on your phone to restrict anyone else from using it.

And while some Spyware marketers claim their products can be used on any make and model of cell phone, Mislan says high-end cell phones that include internet access and online capability are particularly vulnerable to Spyware tapping. To limit the ability of others to download certain types of spyware onto your phone, choose a cell phone that is not internet-accessible.

Wilcox recommends removing the battery from your cell phone when it's not being used and, for sensitive phone calls, he suggests making them on a newly-purchased cell phone that comes with a pre-paid month-to-month service plan.

Based on WTHR's test, here are some subtle signs that could suggest your cell phone is being secretly tapped:

- Cell phone battery is warm even when your phone has not been used
- Cell phone lights up at unexpected times, including occasions when phone is not in use
- Unexpected beep or click during phone conversation

[Body-by-Guinness]

And then things get pushed to the next level:

Your Movements Speak for Themselves: Space-Time Travel Data is Analytic Super-Food!

It doesn’t matter who you say you are!  Where you are (space), when you’re there (time), and your movements over time (travel) are closer to the truth.

I’ve seen a lot of data in my life, and I’d like to think I have a decent grip on what can be accomplished with data and analytics.  However, I recently stumbled upon some facts that have radically reshaped my understanding of the world we are living in.  What I thought was years away is already here! Our toes are dangling over the edge of a very different future.

Now, before you get all worked up, remember: You have helped create this, most folks love this, and most will continue to eat this up despite the obvious consequences.

Mobile devices in America are generating something like 600 billion geo-spatially tagged transactions per day.  Every call, text message, email and data transfer handled by your mobile device creates a transaction with your space-time coordinate (to roughly 60 meters accuracy if there are three cell towers in range), whether you have GPS or not.  Got a Blackberry?  Every few minutes, it sends a heartbeat, creating a transaction whether you are using the phone or not.  If the device is GPS-enabled and you’re using a location-based service your location is accurate to somewhere between 10 and 30 meters.  Using Wi-Fi?  It is accurate below10 meters.

Fancy.

It should be no surprise that all this data lives in the coffers of the cell providers.  Lots of people know that.  What is new, at least to me, is that this data is being provided to third parties that are leveraging specially designed analytics to make sense of our space-time-travel data.

With the data out and specialized analytics emerging, this infant industry is already doing some pretty amazing work. Your space-time-travel data makes where you live and where you work self-evident, and it reveals your most frequent, periodic, infrequent and rare destinations.

The data reveals the number of co-workers that join you Thursdays after work for a beer, and roughly where you all go. It knows where these same co-workers call home, and just exactly what kind of neighborhood they come from (e.g., average income, average home price) … information certainly useful to attentive direct marketing folks.

Large space-time data sets combined with advanced analytics enable a degree of understanding, discovery, and prediction that may be hard for many people to fully appreciate. Better prediction means a more efficient enterprise and nifty consumer services.

Cellular companies are now receiving essential insight about their customers (e.g., to better understand and predict customer churn).  Major retailers can now better understand changes in consumer behavior (e.g., how far their customers are traveling on average this month compared to previous months).  Consumers are benefiting by getting real-time traffic information so they can avoid congested roads.  (I have a colleague that thinks he is saving two to four hours a week in commute time due to this service!)

Tip o’ the iceberg.

I can barely get my mind around the ramifications. My concept about what comes next shifts almost daily now.  A government not so keen on free speech could use such data to see a crowd converging towards a protest site and respond before the swarm takes form –  detected and preempted, this protest never happens.  Or worse, it could be used to understand and then undermine any political opponent.

A stalker might be questioned just days after he starts and before his victim is personally aware of it – detection previously beyond human capacity.  Maybe it’s not a crime in this case, and it turns out to be just a private investigator with poor tradecraft hired by a suspicious husband.

Such a surveillance intensive future is inevitable, irreversible and as I have said before here … irresistible.

Why?  Companies must be competitive to survive and consumers have quite the appetite for almost anything that optimizes their life, especially if it’s cheap or free.  For example:

Tuesday afternoon your [free] Gmail account advises you that your buddy Ken is going to be 15 minutes late to the pool hall this coming Thursday, unless he leaves work 15 minutes early … which he has only done twice in seven years.  Brilliant!

Your Starbucks drink of choice (a grande vanilla soy latte in my case) is handed to you the instant you pull up, and you did not call ahead nor did they ask.  Priceless!

When powerful analytics commingle space-time-travel data with tertiary data, the world we live in will fundamentally change.  Organizations and citizens alike will operate with substantially more efficiency.  There will be less carbon emissions, increased longevity, and fewer deaths.

I think people should know about this imminent new age we are marching into.

[Theatrical pause.  Breathe.]

Now I’m going to step back and address some questions you may have, using the good news/bad news format.

Good news: The space-time-travel collected by the cellular network carriers is de-identified when provided to these third parties for privacy reasons in that it does not include your name, address, phone number, etc.; rather, unique identifiers are assigned to transactions from the same device so that trends can be measured.

Bad news: If you were to provide your home, work and one other address (e.g., gym, school) in most cases, with just these data points, you are re-identified.  With just a few days of space-time-travel activity, your top three or four more frequently visited destinations become self-evident, and without a whole hell of a lot of effort you could be re-identified through a tertiary data set like a credit header.

Good news: There is so much data being produced, a lot of transactions are tossed aside, are sampled and summarized to make the computational effort feasible.  Historical data also falls off the back of the wagon (ages off the system) rather quickly.

Bad news: The competitive nature of this emerging business model will likely require these organizations to make more sense of more data faster.  Cloud computing and new classes of algorithms will make it possible to keep more transaction detail, keep it longer, and commingle it with other large and very interesting secondary data sets (e.g., phone books and property records).

Good news: So far there are only a handful of companies already entrusted with this data.

Bad news.  It may not be good news that only a few companies do this.  If only one company can monitor the consumer foot traffic of all Nordstrom stores in near real time,  this would be an unfair advantage in terms of predetermining its financial condition before anyone else.  As I learned from countless conversations with my friends at the ACLU, very powerful tools in the hands of a few is not often a good idea without one hell of a lot of oversight and accountability. And even then, this is no panacea.

Good news: Some of the organizations holding space-time-travel data are fully aware of the privacy consequences and are offering consumers the ability to opt-out – meaning, if they get a transaction about you it will be permanently removed from the system and all future correlation.

Bad news: If by chance a snapshot of sufficient detail had been sold off to another party before the opt-out request, then the toothpaste is out of the tube.  Data tends to replicate, more about this here.

Good news: Not any old mom and pop operation can get into this business.

Bad news: That won’t be true for long.  Suppose an aspiring entrepreneur makes a compelling proposition to a number of parties holding space-time-travel data.  Anticipating free analytics and a cut of the future action, the parties work a deal. For computing power this entrepreneur simply hops onto Amazon’s EC2 cloud and partners with a data aggregator to get some tertiary data and what do they have?  An ultra-sexy prediction engine.

Good news: People tend to appreciate location-based services, which is why they are opting in.

Bad news: Sensitive information about people is no longer under their own control.  As well, a number of well held secrets (e.g., your hideout) evaporate overnight.

Good news: If you want to escape the consequences of having your space-time-travel being graphed by others, here are some options that come to mind:

(a) Stop using mobile devices;

(b) Use multiple devices e.g., use one device only at work, and only a land line at home – all mobile devices being off at all other times (never moving around with a device on) – being sure these mobile devices are registered to someone other than you – and if you need to use some kind of device while on the move or at other locations. see (c) below;

(c) Unregistered, cash-purchased, disposable devices – used once then discarded (or recycled!) – although in some cases you can use the device a few times, but you better let some fancy software (which I may have to invent) advise you what is safe usage and what is not.

(d) If you can figure out locations on earth where only one cell tower exists (and you are not moving between towers and never using GPS or Wi-Fi) you will probably live safely under the radar – unless you are a way bad mofo and others know it, in which case, you are ‘going down’ anyway because there are more tricks (expensive) which will be levied against you.

Bad news: Few are willing to be this inconvenienced.  And if only a handful of innocent, clean living folks go to this same effort that the bad guys MUST employ … well crap, that in itself may be considered by some to be signal.

Net Net: My guess is most consumers don’t fully realize how their space-time-travel data is accumulating and congealing.  I hope consumers come to appreciate how all of these nice conveniences of life are delivered. And I hope they will continue to enjoy these while they make better informed decisions, especially with respect to their privacy.

However, without a feedback loop consumers may never fully appreciate what can be gleaned from their space-time-travel trail. Therefore, one way to enlighten the consumer would involve holders of space-time-travel data to permit an owner of a mobile device the ability to also see what they can see:

(a) The top 10 places you spend the most time (e.g., 1. a home address, 2. a work address, 3. a secondary work facility address, 4. your kids school address, 5. your gym address, and so on);

(b) The top three most predictable places you will be at a specific time when on the move (e.g., Vegas on the 215 freeway passing the Rainbow exit on Thursdays 6:07 - 6:21pm -- 57% of the time);

(c) The first name and first letter of the last name of the top 20 people that you regularly meet-up with (turns out to be wife, kids, best friends, and co-workers – and hopefully in that order!)

(d) The best three predictions of where you will be for more than one hour (in one place) over the next month, not counting home or work.

I think Google’s Android and Latitude products might be able to move on something like this first.  It would then be cool if other holders of space-time-travel data followed.

On the subject of privacy and civil liberties consequences, privacy by design is essential.  And for those of you with ideas in the area of policy or technology, I would be most appreciative if you would share these thoughts with me … sooner rather than later.

I will continue sharing perspectives about these ideas and the apparent consequences with my many friends in the privacy community, the defense/intelligence community, and media.  (Surprisingly, their feedback so far has been quite similar.)  I am also speaking with the organizations amassing and analyzing this space-time-travel data to learn more about what is possible.  From the perspective of the analytic engines I create, this space-time-travel data looks like “super food.”

USEFUL REFERENCE:

Internet Society: Wireless Location Privacy: Las and Policy in the US, EU, and Japan

 

RELATED POSTS:

Six Ticks till Midnight: One Plausible Journey from Here to a Total Surveillance Society

Prediction: Channel Consolidation

More Data is Better, Proceed with Caution

How to Use a "Glue Gun" to Catch a Liar

05:13 PM in Information management, National security, Privacy | Permalink
TRACKBACK

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83452946769e20120a4fc1cb7970b

Listed below are links to weblogs that reference Your Movements Speak for Themselves: Space-Time Travel Data is Analytic Super-Food!:

[Vicbowling]

What next huh? I mean if the FBI is going to bug your cell phone then why not just use home security systems against believed criminals. I guess the FBI could turn home surveillance systems against homeowners too by tapping into an existing structure. I don't know how that would be done but I bet they could do it with all of their know how.

 

[JDN]

I just read a good novel (I recommend it) called "The Rembrandt Affair" by Daniel Silva.  In the book Israeli Intelligence taps a cell phone and computer.