FBI taps turned-off cellphones (aka "roving bug").

Discussion in 'Legal' started by hammer4nc, Dec 3, 2006.

Thread Status:
Not open for further replies.
  1. hammer4nc

    hammer4nc Member

    Joined:
    Jan 2, 2003
    Messages:
    977
    Comment: I have a LEO friend who's assigned to DHS support. This person once hinted that the .gov can not only pinpoint a cell phone's location, but also activate cell phone, even if it is turned off; and listen in to whatever conversations the phone's mic can pick up. And, this IS practiced on a routine basis!

    The linked article (Dec. 1, 2006) is the first reliable citation I've found, documenting this capability. The technical details are intriguing, disturbing. It also references a court decision (US v. Tomero, et al, a mafia racketeering case) which appears to approve the practice (the actual link is snipped; expect more to be written about this). Also mentioned is a similar listening capability for ONSTAR equipped autos.

    This broadens significantly the implications of wiretaps. Combined with the Patriot Act's warrantless wiretap provisions, would it be a stretch to consider any cellphone, as an OPEN MICROPHONE to the government? Will private hackers and investigative contractors be far behind?

    Link: http://news.com.com/FBI+taps+cell+phone+mic+as+eavesdropping+tool/2100-1029_3-6140191.html?http://www.dailytech.com
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    FBI taps cell phone mic as eavesdropping tool

    Agency used novel surveillance technique on alleged Mafioso: activating his cell phone's microphone and then just listening.

    By Declan McCullagh and Anne Broache
    Staff Writer, CNET News.com
    Published: December 1, 2006, 2:20 PM PST
    Last modified: December 1, 2006, 6:35 PM PST

    The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations.

    The technique is called a "roving bug," and was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him.

    The FBI is apparently using a novel surveillance technique on alleged Mafioso: activating his cell phone's microphone and then just listening.

    While it appears this is the first use of the "roving bug" technique, it has been discussed in security circles for years.

    Nextel cell phones owned by two alleged mobsters, John Ardito and his attorney Peter Peluso, were used by the FBI to listen in on nearby conversations. The FBI views Ardito as one of the most powerful men in the Genovese family, a major part of the national Mafia.

    The surveillance technique came to light in an opinion published this week by U.S. District Judge Lewis Kaplan. He ruled that the "roving bug" was legal because federal wiretapping law is broad enough to permit eavesdropping even of conversations that take place near a suspect's cell phone.

    Kaplan's opinion said that the eavesdropping technique "functioned whether the phone was powered on or off." Some handsets can't be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set.

    While the Genovese crime family prosecution appears to be the first time a remote-eavesdropping mechanism has been used in a criminal case, the technique has been discussed in security circles for years.

    The U.S. Commerce Department's security office warns that "a cellular telephone can be turned into a microphone and transmitter for the purpose of listening to conversations in the vicinity of the phone." An article in the Financial Times last year said mobile providers can "remotely install a piece of software on to any handset, without the owner's knowledge, which will activate the microphone even when its owner is not making a call."

    Nextel and Samsung handsets and the Motorola Razr are especially vulnerable to software downloads that activate their microphones, said James Atkinson, a counter-surveillance consultant who has worked closely with government agencies. "They can be remotely accessed and made to transmit room audio all the time," he said. "You can do that without having physical access to the phone."

    Because modern handsets are miniature computers, downloaded software could modify the usual interface that always displays when a call is in progress. The spyware could then place a call to the FBI and activate the microphone--all without the owner knowing it happened. (The FBI declined to comment on Friday.)

    "If a phone has in fact been modified to act as a bug, the only way to counteract that is to either have a bugsweeper follow you around 24-7, which is not practical, or to peel the battery off the phone," Atkinson said. Security-conscious corporate executives routinely remove the batteries from their cell phones, he added.

    FBI's physical bugs discovered

    The FBI's Joint Organized Crime Task Force, which includes members of the New York police department, had little luck with conventional surveillance of the Genovese family. They did have a confidential source who reported the suspects met at restaurants including Brunello Trattoria in New Rochelle, N.Y., which the FBI then bugged.

    But in July 2003, Ardito and his crew discovered bugs in three restaurants, and the FBI quietly removed the rest. Conversations recounted in FBI affidavits show the men were also highly suspicious of being tailed by police and avoided conversations on cell phones whenever possible.

    That led the FBI to resort to "roving bugs," first of Ardito's Nextel handset and then of Peluso's. U.S. District Judge Barbara Jones approved them in a series of orders in 2003 and 2004, and said she expected to "be advised of the locations" of the suspects when their conversations were recorded.

    Details of how the Nextel bugs worked are sketchy. Court documents, including an affidavit (p1) and (p2) prepared by Assistant U.S. Attorney Jonathan Kolodner in September 2003, refer to them as a "listening device placed in the cellular telephone." That phrase could refer to software or hardware.

    One private investigator interviewed by CNET News.com, Skipp Porteous of Sherlock Investigations in New York, said he believed the FBI planted a physical bug somewhere in the Nextel handset and did not remotely activate the microphone.

    "They had to have physical possession of the phone to do it," Porteous said. "There are several ways that they could have gotten physical possession. Then they monitored the bug from fairly near by."

    But other experts thought microphone activation is the more likely scenario, mostly because the battery in a tiny bug would not have lasted a year and because court documents say the bug works anywhere "within the United States"--in other words, outside the range of a nearby FBI agent armed with a radio receiver.

    In addition, a paranoid Mafioso likely would be suspicious of any ploy to get him to hand over a cell phone so a bug could be planted. And Kolodner's affidavit seeking a court order lists Ardito's phone number, his 15-digit International Mobile Subscriber Identifier, and lists Nextel Communications as the service provider, all of which would be unnecessary if a physical bug were being planted.

    A BBC article from 2004 reported that intelligence agencies routinely employ the remote-activiation method. "A mobile sitting on the desk of a politician or businessman can act as a powerful, undetectable bug," the article said, "enabling them to be activated at a later date to pick up sounds even when the receiver is down."

    For its part, Nextel said through spokesman Travis Sowders: "We're not aware of this investigation, and we weren't asked to participate."

    Other mobile providers were reluctant to talk about this kind of surveillance. Verizon Wireless said only that it "works closely with law enforcement and public safety officials. When presented with legally authorized orders, we assist law enforcement in every way possible."

    A Motorola representative said that "your best source in this case would be the FBI itself." Cingular, T-Mobile, and the CTIA trade association did not immediately respond to requests for comment.

    This isn't the first time the federal government has pushed at the limits of electronic surveillance when investigating reputed mobsters.

    In one case involving Nicodemo S. Scarfo, the alleged mastermind of a loan shark operation in New Jersey, the FBI found itself thwarted when Scarfo used Pretty Good Privacy software (PGP) to encode confidential business data.

    So with a judge's approval, FBI agents repeatedly snuck into Scarfo's business to plant a keystroke logger and monitor its output.

    Like Ardito's lawyers, Scarfo's defense attorneys argued that the then-novel technique was not legal and that the information gleaned through it could not be used. Also like Ardito, Scarfo's lawyers lost when a judge ruled in January 2002 that the evidence was admissible.

    This week, Judge Kaplan in the southern district of New York concluded that the "roving bugs" were legally permitted to capture hundreds of hours of conversations because the FBI had obtained a court order and alternatives probably wouldn't work.

    The FBI's "applications made a sufficient case for electronic surveillance," Kaplan wrote. "They indicated that alternative methods of investigation either had failed or were unlikely to produce results, in part because the subjects deliberately avoided government surveillance."

    Bill Stollhans, president of the Private Investigators Association of Virginia, said such a technique would be legally reserved for police armed with court orders, not private investigators.

    There is "no law that would allow me as a private investigator to use that type of technique," he said. "That is exclusively for law enforcement. It is not allowable or not legal in the private sector. No client of mine can ask me to overhear telephone or strictly oral conversations."

    Surreptitious activation of built-in microphones by the FBI has been done before. A 2003 lawsuit revealed that the FBI was able to surreptitiously turn on the built-in microphones in automotive systems like General Motors' OnStar to snoop on passengers' conversations.

    When FBI agents remotely activated the system and were listening in, passengers in the vehicle could not tell that their conversations were being monitored.

    Malicious hackers have followed suit. A report last year said Spanish authorities had detained a man who write a Trojan horse that secretly activated a computer's video camera and forwarded him the recordings.
     
  2. Biker

    Biker Member

    Joined:
    Mar 10, 2005
    Messages:
    6,214
    Location:
    Idaho
    What was the 4thA all about?

    Biker
     
  3. Chipperman

    Chipperman Member

    Joined:
    Dec 25, 2002
    Messages:
    4,572
    Location:
    Essex Co, MA
    This was discussed pretty well in "Enemies- Foreign and Domestic" by Matt Bracken.

    If you have not read it yet, get off your butt. ;)
     
  4. shooter503

    shooter503 Member

    Joined:
    Apr 28, 2006
    Messages:
    440
    My technical associates have suspected for some time that a "switched on" cellphone could be used as a "bug". This is the first time I've heard that the cellphone could be switched on remotely.

    Perhaps we will now have "cellphone silencer" cases instead of "cellphone belt clips". Of course, the usual people will say that if you are doing nothing wrong it does not matter if the government monitors your daily life.
     
  5. RNB65

    RNB65 Member

    Joined:
    Apr 19, 2006
    Messages:
    4,056
    Location:
    Richmond, VA
    Talk about uninformed consumers. Way too many people think cell phones are secure. A cell phone is nothing but a radio transceiver broadcasting an unencrypted digital or analog signal. With the right equipment, anyone can easily eavesdrop on cell phone conversations.
     
  6. rbernie
    • Contributing Member

    rbernie Contributing Member

    Joined:
    Jan 21, 2004
    Messages:
    24,172
    Location:
    Norra Texas
    Well, sorta. GSM isn't quite as vulnerable as, say, AMPS was. With most all digital standards, you don't have Type 1 comsec but you do have transsec in the form of waveform manipulations. You'd have to be pretty sophisticated to track the chipping on a GSM connection....

    Not saying it can't be done; just that it's not like any old shmo can go out and get a scanner and do it.
     
  7. Manedwolf

    Manedwolf member

    Joined:
    Nov 10, 2005
    Messages:
    3,693
    Location:
    New Hampshire
    Caveat emptor. If you don't research the model of cellphone you buy in a deeply technical sense before you buy it, it's your own fault if you're carrying around a bug. Myself, I not only got one that will noticably change its external display and can be set to make a noise if any active links besides service handshaking are "running", but I hooked it up to a Mac and poked about its firmware besides, completely disabling the locator feature. It also helps to buy one designed and made for, say, the Japanese market and only imported here, since something made in Tokyo or Singapore is far less likely to include Homerland Sekurity "features".

    Anyone who leaves their cellphone's location feature on, even by not selecting "turn off" from a menu, is carrying a tracking device that is actively reporting each and every place they go every day. And it's not just .gov that might use this, but marketing companies want to see just where you go so they can spam you with more junk mail and "personalized offers" while building a consumer profile of you.

    Yes, any cellphone can be tracked in a relative sense via triangulation between signal towers, but that's imprecise and takes a concerted effort by a technician to do for one phone. The location feature constantly reports to automated systems that may keep logs.

    Be informed, make informed decisions, or be part of the unthinking herds.
     
  8. El Tejon

    El Tejon Member

    Joined:
    Dec 24, 2002
    Messages:
    18,090
    Location:
    Lafayette, Indiana-the Ned Flanders neighbor to Il
    Someone at the FBI has a Blockbuster card and rented "Something About Mary".:neener:

    DEA has been doing this for a couple of years now. No surprise.
     
  9. Firehand

    Firehand Member

    Joined:
    Mar 16, 2004
    Messages:
    738
    Location:
    Oklahoma City
    Kim du Toit had a post a couple of years ago about the FBI having hacked into the GM On*Star system in a suspects car and using it to listen to conversations in his car. Can't remember all the details, do remember that they got their hand slapped not for an illegal bug(no warrant for it as I recall) but because the system wouldn't work to report an accident or something when the FBI was in it, so the judge thought it a safety problem.
     
  10. Guns_and_Labs

    Guns_and_Labs Member

    Joined:
    Mar 4, 2004
    Messages:
    517
    Location:
    Hidden Away in the East Bay, CA
    When I was involved in building the first GSM systems in Europe, way back, I recall some discussion of how Siemens and Nokia refused to cooperate, refused to build in a variety of requested "security" features like this. Don't know if it's still true, but I still use Nokia gear whenever possible.
     
  11. Soybomb

    Soybomb Member

    Joined:
    Oct 31, 2005
    Messages:
    3,959
    Sounds a little tin foil hat, anyone have technical docs on this? Perhaps someone pulling apart the software and showing where it can be modified to do it? I'd think you'd notice that you turned your phone off with a full battery and when you turned it back on 2 hours later it was almost dead... Location is certainly easy, the mic thing though I'd like to read more on. Do they get physically modified or they're claiming this is all exploiting existing phone features?
     
  12. Derby FALs

    Derby FALs Member In Memoriam

    Joined:
    Jul 29, 2004
    Messages:
    978
    Location:
    Louisville, KY
    Finishing it today. Good read so far.
     
  13. SoCalShooter

    SoCalShooter Member

    Joined:
    Oct 3, 2006
    Messages:
    3,091
    Location:
    That's for me to know and not you!
    When you want to have a conversation privately, remove the batter from your cell phones, no power, no bug. This really isnt anything new to be honest, scary not really.
     
  14. Lucky

    Lucky Member

    Joined:
    Jul 12, 2005
    Messages:
    2,919
    Location:
    Calgary, near Rocky Mountains - Canada
    Soybomb I don't see it as unrealistic. You can have your computer turned off and there's a setting where it will wake up through incoming transmission.
     
  15. hammer4nc

    hammer4nc Member

    Joined:
    Jan 2, 2003
    Messages:
    977
    The original piece has several informative links & footnotes with tech details... one from the US Commerce dept./Office of Security! Something deliciously ironic, when one .gov agency is trying to spy on you; another agency warns you how to protect yourself! Should we expect anything less?;)

    Link: http://www.wasc.noaa.gov/wrso/security_guide/cellular.htm#Cellular%20Phones

    Excerpt:
    Comment: FBI = criminal syndicate?? (sorry, I couldn't resist):)

    Excerpt:
    And, finally:
     
  16. Manedwolf

    Manedwolf member

    Joined:
    Nov 10, 2005
    Messages:
    3,693
    Location:
    New Hampshire
    Windows with default settings, yes, it can wake-on-network. Inherent flaws.

    It's why I have a Mac. Again, caveat emptor. Be an educated consumer and know the flaws of what you do your private business with, or be a victim.
     
  17. Autolycus

    Autolycus Member

    Joined:
    Feb 13, 2006
    Messages:
    5,456
    Location:
    In the land of make believe.
    This is some real scary stuff. I think that the government has gone wild if they can do this. Imagine all the possibilities...
     
  18. Lucky

    Lucky Member

    Joined:
    Jul 12, 2005
    Messages:
    2,919
    Location:
    Calgary, near Rocky Mountains - Canada
    Hammer good stuff! That'll shut the skeptics up:)

    Manedwolf "It's why I have a Mac."
    Might go to that some day too.
     
  19. GRIZ22

    GRIZ22 Member

    Joined:
    Nov 4, 2006
    Messages:
    5,917
    If all this technology makes this possible you have to remember:

    1. They have to get a warrant to effect the communication. These aren't handed out as easily as some people think.
    2. They have to provide probable cause to get the warrant.
    3. To have probable cause you have to be doing something wrong.
    4. Even if they get the warrant, they can't just sit and monitor your all your conversation. They must minimize non-pertinent intercepts. Thye can only monitor when you are talking about a crime.

    I see no 4A issues with this.
     
  20. razorburn

    razorburn member

    Joined:
    May 16, 2006
    Messages:
    667
    This sounds very tin foil hat to me, and kind of made me laugh when I was reading it. So what's supposed to be happening? Just the phones microphone and transmitter gets turned on, without the rest of the phone getting turned on? And then it sends out sounds? Hehe. Even if possible, I don't think anybody's going to be able to hear much when the mics pressed shut against the rest of the phone as when it is closed, and sound is further muffled by being in a pocket, and far away from the mouth where conversations are actually taking place. Hell, people can't hear me very well even when the phone is open with the mic exposed, and the phone is more than a foot away from my mouth. Or is there some kind of secret, hidden, super powerful amplifying mic built onto the exterior of the phone too? :neener:
     
  21. HiroProX

    HiroProX Member

    Joined:
    Nov 27, 2006
    Messages:
    546
    Oh but there is a "powerful mic" built into most cell phones. Ever used the speakerphone mode?
     
  22. jeepmor

    jeepmor Member

    Joined:
    Nov 6, 2005
    Messages:
    2,825
    Location:
    Stumptown
    razorburn - you don't know what electronics gurus funded by your government can do. They can run your signal through some pretty impressive filters and clean up the signal pretty easily.

    This is not surprising. But now that they don't need a warrant to do it to any American, it is disturbing.

    Cell phones manufacturers should integrate physical switches in new models to disconnect the battery instead of pulling it out.

    Cell phone manufacturers should be sharing all the government agency requests with their customers (literature should be made available) and offer the software, via download or similar, to allow the user to control them manually on their own. Of course, most folks would not do this, but the software and access to such software should be made availabe if it is not.
     
  23. GRIZ22

    GRIZ22 Member

    Joined:
    Nov 4, 2006
    Messages:
    5,917
    jeepmor, how do they not need a warrant?
     
  24. mindwip

    mindwip Member

    Joined:
    Apr 26, 2006
    Messages:
    617
    Location:
    Here in Sunny Sol Cal
    Patriot Act 1 and 2. Is why they dont need a warrent.
     
  25. Brett Bellmore

    Brett Bellmore Member

    Joined:
    Dec 28, 2002
    Messages:
    979
    Location:
    Capac, Michigan
    Typical; What do you want to bet that the government "leaned on" the manufacturers a bit to make sure that feature was included?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice