Private Intelligence and phone locations
Private intelligence companies are again showing that they have what it takes to understand massive amounts of data and to use that data in ways that make it extremely valuable to Government intelligence agencies.
Over the last few months we have been working on new capabilities such as tracking individual cell phones via application usage, bluetooth and WIFI connections using custom built sensors and other methods of location. While Government agencies can just go to the carriers for this information with a warrant (and sometimes without), private sector intelligence gathering requires some innovative techniques to perform locates.
One of the methods we like is watching specific websites for device ID's, some of which will provide the IP address information or other identifiable information so that we can determine where the device is being used. More and more applications are collecting location data but the bigger issue is that there are other methods to determine the location of mobile devices without alerting the user. The more applications installed, the easier this becomes.
In our recent research we have determined that we can tell where cell phones are even when the phone is only connected to WIFI and disconnected from the cellular networks with ease. In short many of the applications in use today leak location information or provide identifiable information that can be exploited to track users.
Lightning Strikes Method
The easiest way to track devices is to have 3 separate locations where you know a particular person will be using their devices and then filtering for ID's associated with those locations to obtain the users unique ID. You can then find the unique identifiers for those applications that support location service and begin tracking. This is known as the lightning strikes method and was developed to be able to track users on the Internet, via cellular devices or even computer identifiable information.
The method is used for GeoSpatial research but can also be used to track individual subscribers to networks, patterns of activity or other specific use cases.
Rogue Cellular Access Points
Last year, DHS reported rogue access points in the DC area, at the time Jigsaw Security was also monitoring some very targeted activity in some other locations in the US and abroad. We put out a bulletin for our customers explaining several methods of detecting when your phone is talking to unauthorized access points so you can prevent interception of information. A utility was created that ensured you would be alerted should this occur.
In the last few months we have been detecting more and more of these rogue access points again, some with totally bogus identifiable information and configurations. The bogus data is pretty easy to detect, whereas the AP's that are configured to emulate operating equipment is much more difficult to detect. We have observed some interesting AP's that clone information from cell towers in the Northern Virginia area in many other parts of the country including Miami and some locations in North Carolina. These AP identifying information indicates that GSM is specifically being targeted as well as some LTE towers.
We highly recommend installing a utility to verify that the tower you are connected to is a legitimate tower (and in the proper geographical location).