Latest posts
-
M
-
-
-
U
-
-
-
-
-
Forum Statistics
- Threads
- 27,638
- Posts
- 542,773
- Members
- 28,583
- Latest Member
- Joannafit
hoodlum
MuscleHead
- Jan 3, 2012
- 903
- 172
Here we go...
This is what you suggested right Gstacker?
Well, your almost spot on the money if it is. The key is having the two phones (in the middle, mentioned as "answer phone" & "voice phone" in the above diagram). These two phones AREN'T connected by any other means but physically. No data is exchanged between the two 'over the air' meaning that the link between the two isn't obvious. Let me explain why and the pitfalls.
Now, for the purposes of this we will assume that NO phones are registered (or otherwise linked) to the owner. They are all registered in fictitious names.
Here is the diagram of how I believe the final setup should be, (yes Gstacker, its more a modified/refined version of what I took from your idea)
Now let me explain... This is going to sound very complicated but its nothing more than a few software mods, a few phones, an antenna and a couple of phone chargers.
Phone #1 & #2 = These are special phones which support END-TO-END encryption (good examples of this are QUASAR IV or CryptoPhone 500)
Phone #3 = This must be either a rooted phone running the Android OS or a jailbroken iPhone (cheap Android phones can be bought easily and would work fine)
You might ask why #1 & #2 need to be using encryption? The answer is kind of complicated but I'll do my best to explain. Firstly its just a hightened level of security, to be honest why wouldn't anyone want this. Secondly, if an IMSI catcher is deployed around the approximate location of Phone #3 (in hopes of finding the caller) it will be able to intercept Phone #2 and therefor trace the call to the location of Phone #1, with encryption in this scenario they can't produce the evidence that would be required to get a warrant but if they had the call data being transferred between #1 & #2 then they would have an undeniable link.
Encryption on the call between #1 & #2 means that the wiretap on the first base station only captures, that a call was placed from phone #1 to phone #2, the duration of the call and the location of the phones (will discuss this soon). The actual contents of the call are completely obfuscated.
You might ask why I seperated Upsteam Collection and an IMSI Catcher? Well, they do both capture data BEFORE it hits the base station (ie: AT&T) however they have seperate limitations and pose seperate threats. Upstream Collection monitors things from a remote location as it passes through the backbone of the internet. An IMSI catcher captures data which is being broadcast over the air, meaning it has to be deployed reasonably close to the phone but it also captures ALL things being broadcast over the air, so if you have two phones side by side it captures the data coming to both (along with all of your neighbourhood, etc) and this is what makes them different, an IMSI catcher is like a big net (that they then sift through with a fine comb to refine your details).
I think that kind of explains everything, all the details are in my head but I might be forgetting to write things or not making them clear.
The one thing I haven't explained is that brown star in the middle of Phone #2 & #3. Thats a vital piece of hardware which would need to be made. First, imagine it as a cradle for two phones to plug in to, it has to contain a charger for each phone with a lead to connect it to a powerpoint (so neither phone runs out of battery for extended periods of time). Secondly, we want this to contain a higher powered antenna (like http://www.simplytech.eu/product_info.php?products_id=18) and be boosting the signal for both phones (#2 & #3).
This is what you suggested right Gstacker?
Well, your almost spot on the money if it is. The key is having the two phones (in the middle, mentioned as "answer phone" & "voice phone" in the above diagram). These two phones AREN'T connected by any other means but physically. No data is exchanged between the two 'over the air' meaning that the link between the two isn't obvious. Let me explain why and the pitfalls.
Now, for the purposes of this we will assume that NO phones are registered (or otherwise linked) to the owner. They are all registered in fictitious names.
Here is the diagram of how I believe the final setup should be, (yes Gstacker, its more a modified/refined version of what I took from your idea)
Now let me explain... This is going to sound very complicated but its nothing more than a few software mods, a few phones, an antenna and a couple of phone chargers.
Phone #1 & #2 = These are special phones which support END-TO-END encryption (good examples of this are QUASAR IV or CryptoPhone 500)
Phone #3 = This must be either a rooted phone running the Android OS or a jailbroken iPhone (cheap Android phones can be bought easily and would work fine)
You might ask why #1 & #2 need to be using encryption? The answer is kind of complicated but I'll do my best to explain. Firstly its just a hightened level of security, to be honest why wouldn't anyone want this. Secondly, if an IMSI catcher is deployed around the approximate location of Phone #3 (in hopes of finding the caller) it will be able to intercept Phone #2 and therefor trace the call to the location of Phone #1, with encryption in this scenario they can't produce the evidence that would be required to get a warrant but if they had the call data being transferred between #1 & #2 then they would have an undeniable link.
Encryption on the call between #1 & #2 means that the wiretap on the first base station only captures, that a call was placed from phone #1 to phone #2, the duration of the call and the location of the phones (will discuss this soon). The actual contents of the call are completely obfuscated.
You might ask why I seperated Upsteam Collection and an IMSI Catcher? Well, they do both capture data BEFORE it hits the base station (ie: AT&T) however they have seperate limitations and pose seperate threats. Upstream Collection monitors things from a remote location as it passes through the backbone of the internet. An IMSI catcher captures data which is being broadcast over the air, meaning it has to be deployed reasonably close to the phone but it also captures ALL things being broadcast over the air, so if you have two phones side by side it captures the data coming to both (along with all of your neighbourhood, etc) and this is what makes them different, an IMSI catcher is like a big net (that they then sift through with a fine comb to refine your details).
I think that kind of explains everything, all the details are in my head but I might be forgetting to write things or not making them clear.
The one thing I haven't explained is that brown star in the middle of Phone #2 & #3. Thats a vital piece of hardware which would need to be made. First, imagine it as a cradle for two phones to plug in to, it has to contain a charger for each phone with a lead to connect it to a powerpoint (so neither phone runs out of battery for extended periods of time). Secondly, we want this to contain a higher powered antenna (like http://www.simplytech.eu/product_info.php?products_id=18) and be boosting the signal for both phones (#2 & #3).
hoodlum
MuscleHead
- Jan 3, 2012
- 903
- 172
I hit enter and it posted instead of giving me a new line, either way I'll continue here.
We need to complete a couple of software modifications, far easier on rooted/jailbroken devices. Phone #1 doesn't need to be touched (assuming its a Quasar IV or similar). Phone #2 & #3 need to have their core call functions hijacked. An incoming call on #2 gets automatically answered and plays a connecting tone then #3 gets passed the call details, places the call and the call audio is directly sent to #2 (by the outgoing audio data being sent through to the hijacked call function). We're basically just hooking the call function and combining the parts we want off #2 and #3 together for seamless forwarding which isn't too hard. Now possibly the most important part of this entire thing is hooking the ping requests to the tower. With our antenna we are able to pick up towers a few miles away, so what we do is play with the base station ping requests to alter the locations of the phones. #2 isn't as important so we can block it from connecting to multiple towers, we block it from connecting to the closest tower, we pick a reasonably strong signal and we lock it to that tower (locking it to the tower will prevent IMSI catchers!). Now for phone #3 we need to completely alter its location, we allow #3 to connect to two towers at a mid-range which is NOT the same as #2 and then we just simply delay ping requests and slow responses. It will give us a broad circle which is completely outside where we are anyway.
This means, your original location, the location of #2, the location of #3, the call data between #1 & #2 are all anonymous!
We need to complete a couple of software modifications, far easier on rooted/jailbroken devices. Phone #1 doesn't need to be touched (assuming its a Quasar IV or similar). Phone #2 & #3 need to have their core call functions hijacked. An incoming call on #2 gets automatically answered and plays a connecting tone then #3 gets passed the call details, places the call and the call audio is directly sent to #2 (by the outgoing audio data being sent through to the hijacked call function). We're basically just hooking the call function and combining the parts we want off #2 and #3 together for seamless forwarding which isn't too hard. Now possibly the most important part of this entire thing is hooking the ping requests to the tower. With our antenna we are able to pick up towers a few miles away, so what we do is play with the base station ping requests to alter the locations of the phones. #2 isn't as important so we can block it from connecting to multiple towers, we block it from connecting to the closest tower, we pick a reasonably strong signal and we lock it to that tower (locking it to the tower will prevent IMSI catchers!). Now for phone #3 we need to completely alter its location, we allow #3 to connect to two towers at a mid-range which is NOT the same as #2 and then we just simply delay ping requests and slow responses. It will give us a broad circle which is completely outside where we are anyway.
This means, your original location, the location of #2, the location of #3, the call data between #1 & #2 are all anonymous!
Gstacker
MuscleHead
- Aug 19, 2011
- 2,149
- 254
Wow hood great read and were deft seeing eye to eye now..
First flow chart is exactly what I had in mind and trying to do...
Second one is yes a lil more complicated for me to read but I'm sure it's ligit since we're on the same page..
The encryption is is a nice touch for the phones and would deft be a huge bonus for a plug n play type set up..
I don't feel it's a must tho I'd have nothing to hide in my communications on this line in fact I'd want it open with little suspicion... I'm not a big technical type of guy and lack education but I do have a mechanical mind and like using it.
First flow chart is exactly what I had in mind and trying to do...
Second one is yes a lil more complicated for me to read but I'm sure it's ligit since we're on the same page..
The encryption is is a nice touch for the phones and would deft be a huge bonus for a plug n play type set up..
I don't feel it's a must tho I'd have nothing to hide in my communications on this line in fact I'd want it open with little suspicion... I'm not a big technical type of guy and lack education but I do have a mechanical mind and like using it.
hoodlum
MuscleHead
- Jan 3, 2012
- 903
- 172
Well if your serious about going through with things I'll see what I can dig up and see how feasible a practical implementation would be. You'd have to build the physical antenna/charger/connection box yourself though as obviously were in different counties. I'll ask a few people about the software side of things to find out the finer details of hooking the call function.
As for encryption, i highly recommend it. I don't think it causes any problems but I do understand your concerns. It opens you up to interception and ultimately tracing your location. The bottom line is I just think when your going to this much effort with the rest of the setup, why skimp out early at 90%?
As for encryption, i highly recommend it. I don't think it causes any problems but I do understand your concerns. It opens you up to interception and ultimately tracing your location. The bottom line is I just think when your going to this much effort with the rest of the setup, why skimp out early at 90%?
Gstacker
MuscleHead
- Aug 19, 2011
- 2,149
- 254
http://io9.com/how-police-caught-two-bank-robbers-using-verizon-cell-p-1232742089
check out how these guys got cracked, they had nothing on them at all no leads what so ever... they ran all the cell#'s that pinged off the closest tower and did the same with the other banks that were robbed until they found two commen #'s... they ran hundreds of thousands of #'s then they simply used the ping info to follow them... crazy!
check out how these guys got cracked, they had nothing on them at all no leads what so ever... they ran all the cell#'s that pinged off the closest tower and did the same with the other banks that were robbed until they found two commen #'s... they ran hundreds of thousands of #'s then they simply used the ping info to follow them... crazy!
Who is viewing this thread?
There are currently 0 members watching this topic