back to article Cell hack geek stalks pretty blonde shocker

Cellphone-hack surveillance techniques, long the preserve of government operatives, may have gone mainstream as a family in the western USA reports unusually competent cellphone stalking. The News Tribune of Tacoma, Washington, carried reports last week of a harassment campaign bearing all the hallmarks of being orchestrated …

COMMENTS

This topic is closed for new posts.
  1. John Browne

    Predator Drones....

    I think Predator drones would make a very effective deterrent to the kind of identity theft that involves cloning someones phone.

    Perhaps this family could borrow one.....

  2. Edwin

    OK, I buy it except

    ...for "eavesdropping via their mobile phones even when turned off"

    TV series routinely claim that it's possible for law enforcement (=anyone, basically) to switch on a phone that is off.

    Nobody has yet made a sufficiently solid case to me that this is possible without physical access to the device. If it's a smartphone, I might buy it (e.g. using bluetooth or wifi to send the phone instructions) but an ordinary handset?

    Can someone explain?

  3. Jon Double Nice

    How do they turn on the phones remotely?

    'Cos all I can picture is some kind of extra long stick being used to press the on button.

  4. Anonymous Coward
    Anonymous Coward

    A bit paranoid

    Tracking a cellphone or monitoring it while it turned off? What would the airlines think if they knew that the phones they so politely asked you to turn off were still emitting a signal? Now technically its possible, but do you think Nokia, Motorola, et al. would actually design such a device? Tell me does your battery drain significantly when the phone is off? Get a frequency counter and measure the RF coming out of the phone if you still believe that its doing this.

    As far as enabling tracking then removing the battery that may work for some carriers and phones in the U.K. but on the phones I have seen in the U.S. you have to also turn on tracking on the target phone itself. This is for privacy reasons, the feds can probably override this since the GPS is always really turned on for emergency 911 location and the carrier has this information and probably saves it for some time.

    The contact data may be remotely lifted on some carriers that use web based contact managers to backup or supplement the contacts already on your phone. Or it could be a bluetooth hack. Or the person gained physical access to the phone at some point.

  5. Ross Fleming

    Doesn't seem outside the realms of reality

    OK it's a bit far-fetched, but I can't see it being impossible. The phone would have to be in what would be effectively a "Wake On LAN" mode that PC's seem to manage with a trickle of current. Presumably it would have to work as a broadcast on all networks though, and would say (along the lines of) "if you have SIM number xyz then switch on" - seems a bit much for every switched-off phone to have to check this whenver a request is sent.

    RF detection wouldn't give it away, as the phone wouldn't have to be transmitting anything. I remember seeing in all of my Sony Ericsson's instruction manual that the alarm would sound whether the phone was "off" or not.

    All sounds rather secret squirrel stuff to me though. It would assume that some government had instructed this to be a standard in all mobiles (thought Nokia - Finnish company - Finland not being a member of NATO?). Can't imagine it happening.

    What I can imagine is the feds getting hold of a phone and "modding" it to do this. Obviously that might be difficult to do to Osama's phone!

  6. Alan Cuartero

    re: Doesn't seem outside the realms of reality

    "RF detection wouldn't give it away, as the phone wouldn't have to be transmitting anything."... not true every radio receiver has an oscillator and is therefore also a transmitter (although a weak one). A frequency counter would prove this out. Also every cpu has an oscillator so if your phone is "off" some part of it is on for the RTC and related features but this does not mean that its ready to receive a signal to turn on. The cellphone networks are based on two way communication. If a phone were to be remotely activated it would actually need to be on the network not "off". That's how its designed, sure they could have made it so it could receive a signal in some sort of passive mode but they didn't and if it was doing this it would emit some RF from its receiver circuit.

    btw, If you want proof that radio receivers can be detected look up those radar detector detectors that the Canadian cops are now using to find people using radar detectors. What we need is a detector detector detector to thwart their detector detector!

  7. Ross Fleming

    Doesn't seem outside the realms of reality

    OK it's a bit far-fetched, but I can't see it being impossible. The phone would have to be in what would be effectively a "Wake On LAN" mode that PC's seem to manage with a trickle of current. Presumably it would have to work as a broadcast on all networks though, and would say (along the lines of) "if you have SIM number xyz then switch on" - seems a bit much for every switched-off phone to have to check this whenver a request is sent.

    RF detection wouldn't give it away, as the phone wouldn't have to be transmitting anything. I remember seeing in all of my Sony Ericsson's instruction manual that the alarm would sound whether the phone was "off" or not.

    All sounds rather secret squirrel stuff to me though. It would assume that some government had instructed this to be a standard in all mobiles (thought Nokia - Finnish company - Finland not being a member of NATO?). Can't imagine it happening.

    What I can imagine is the feds getting hold of a phone and "modding" it to do this. Obviously that might be difficult to do to Osama's phone!

  8. Anonymous Coward
    Anonymous Coward

    I think the internets has stretched the reality...

    Basically I think they tracked the sign to Qaed Senyan al-Harethi's cell/mobile phone using a common strength triangulation method (ie measuring the strength of the signal of nearby aerials).

    I am sure it would be quite possible to 'deliver' a new modified handset to send out a signal to base stations but I doubt it could do it when off.

    I still like it in films where they can hack into the Pentagon/baddie/super secret networks in around 30 seconds or less and download the whole internets into a phone while all around blows up.

  9. Chris Miller

    GPS?

    I've seen several comments (not all of them in the Reg) that US mobiles are required to have GPS built in so that emergency services can automatically identify the location (as would obviously be the case for a land line). I'm pretty sure that this is actually done using triangulation information from the base stations, which can locate a phone to with an error of at most a km or two, and in an urban environment to within a few metres.

    I use a Treo 680 which includes Tomtom GPS navigation but actually requires a separate GPS receiver in order to work. If such a high-end smartphone doesn't have GPS built in, I very much doubt a basic $50 model will.

  10. Anonymous Coward
    Anonymous Coward

    Follow one of those links...

    ...and it all becomes a little clearer, a little more plausible, and generally a little further away from "Black helicopters and tinfoil hats" territory

    Taking the example of the mafia bosses...

    "The government applied for a "roving bug," that is, the interception of Ardito's conversations at locations that were "not practical" to specify, as authorized by 18 U.S.C. § 2518(11)(a). Judge Jones granted the application, authorizing continued interception at the four restaurants and the installation of a listening device in Ardito's cellular telephone. The device functioned whether the phone was powered on or off, intercepting conversations within its range wherever it happened to be."

    ...it's pretty clear to me that in this case at least nobody magically switched on anybody's handset from a distance, rather, in the grand tradition of Ye Olde Tyme Spye Movie a physical device was covertly installed on/in/around the victims mobe[1] (at a guess I'd say someone simply swiped the phone, replaced the battery with a copy containing the listening device and transmitter, and then quietly replaced/returned the handset) - no doubt there are other places you could put your bug but a mobile handset strikes me as a pretty good choice as it's probably one of the few things you can rely on your target taking pretty much everywhere.

    I've worked in and around mobile phone handsets in one capacity or another for years now and I'm currently working for a major handset manufacturer on a soon-to-be-shipped device. I've spent over a year working on power management code (which amongst other things is responsible for turning the damned thing on and off), and if anyone can provide conclusive evidence that it's possible to remotely switch on a standard, undoctored, off-the-shelf handset without the owner knowing I'll happily eat one...

  11. Anonymous Coward
    Anonymous Coward

    Nokia Alarms work while off

    It's not far fetched at all. It's well know that mobiles are not fully off when they appear so. Take for example the Nokia's that had an Alarm clock. They activated at the time even when the phone was off.

    I think it's likely that a phone can be put into a mode where it checks for a signal to switch on. I don't think these things are activated by default. So if the Gov is interested in you, the next time your phone connects to the network, it's told to keep in touch or at least keep an ear our for the signal.

    Anything stored on the Sim is likely to be able to be sent over the same network. It's only soft/firmware after all. A bit of remote programing and your done.

  12. Morely Dotes

    So the UK National ID Card scheme is a smokescreen?

    From http://www.ft.com/cms/s/4239e29e-02f2-11da-84e5-00000e2511c8.html :'"We have inadvertently started carrying our own trackable ID card in the form of the mobile phone," said Sandra Bell, head of the homeland security department at the Royal United Services Institute.'

  13. Anonymous Coward
    Anonymous Coward

    Turning a mobile on remotely

    Typically, even when the unit is powered off, it does still draw power. Try turning your phone off for a week and seeing how much battery life is reported versus taking the battery out for a week and replacing it. You should notice that when the device is "off" that it's still drawing current. That would be the modem processor intently waiting for the opportune moment to record your conversations for posterity.

  14. Anonymous Coward
    Anonymous Coward

    As I said before

    A while back, I mentioned about a mysterious voice coming from inside the house, ended up being a hoax from the kid living there.

    Now, I see these possibilities:

    -either her phone was cloned and she is making a slightly exagerated claim;

    -she made calls and did not want to admit to them (they never told us WHO she called...)

    -she gave too much information to a stalker, and instead of being 100% honest with us, she's exagerating again

    Also, if you are being stalked by CELL PHONE, GET RID OF IT. Pull out the battery, and when you need the phone, then you can turn it on. Heck, buy a phone with no sim, just to make 911 calls if you need it.

    And finally, the infamous myspace link: http://www.myspace.com/caligurl230

  15. Dillon Pyron

    Too much credit

    We give too much credit to our spook's abilities to spy on us. Yes, my phone alarms even when powered off, but I've never detected it radiating. If the "New World Order" conspiracy secret government were to get all mobile manufactures to embed a backdoor into our phones, do you think they would make it very easy for anybody else to gain access to it?

    As far as GPS being required in the US, most 911 dispatch centers aren't equipped to handle anything like that. Only about 75% are e911 ready. It takes a call to the service provider (they can get the server info pretty easily) to triangulate.

    Interesting sidenote. A while back there was a shooting in my neighborhood (neighbor shot at his wife and then went in the backyard and shot himself, apparently early Alzheimer's). The cops wanted permission to recover a projectile from my window sill. So they called my mobile. How'd they get it? "We have access to things you don't".

  16. Jonathon Green

    Wild speculation

    Someone said:

    "It's not far fetched at all. It's well know that mobiles are not fully off when they appear so. Take for example the Nokia's that had an Alarm clock. They activated at the time even when the phone was off."

    It's a huge leap from waking up on an interrupt from a Real Time Clock to secretly being camped on a network and Big Brother being able to boot your phone into covert surveillance mode...

    And someone else added:

    "Typically, even when the unit is powered off, it does still draw power. Try turning your phone off for a week and seeing how much battery life is reported versus taking the battery out for a week and replacing it. You should notice that when the device is "off" that it's still drawing current. That would be the modem processor intently waiting for the opportune moment to record your conversations for posterity."

    Errr no. That would be the current drawn by stuff like the Real Time Clock (see above), possibly a bit of battery backed RAM holding state information to enable your Mobe[1] to boot to full wakefullness a bit more quickly when you hit the power button, and a little bit of leakage. If your handset was secretly camped on a network waiting for a Magic Packet then it's "shelf life" when switched off would be pretty much the same as its standby time when switched on and that's demonstrably not the case as I've occasionally left handsets sitting in a desk drawer for several months without the batteries being completely drained!

    [1] Vulture Central may have excised this from their reporters dictionaries but I don't see why that should stop me :-)

  17. Petrea Mitchell

    It's a poltergeist

    And I mean it in this sense: http://www.randi.org/encyclopedia/Columbus%20poltergeist.html

  18. Jim

    Seems technically possible.

    You can buy microcontrollers for pennies that have sleep mode (draws a couple of microA) that effectively turns everything off till an interrupt is triggered so it could be done.

    @Alan Cuartero

    To join a cell network, it is true that two-way communication is required. If you just want to send a signal then a receiver is all that is needed, think analogue radio...

    Also there are radar detectors that can detect detector detectors and automatically shut down the radar detector circuitry to avoid detection. Been around a few years now.

  19. tim chubb

    phones never are off unless there is no battery

    other wise you would have to set your clock every time you turn it off, just goes into negligable power usage mode. Its not like you are changing the batteries in bed side digital clocks very reguarly is it?

    as for turning the thing on remotely, can think of a few possible ways to do it. the easiest method i can imagine is :

    1) acquire targets phone number

    2) push out a "service message" appearing to be from telco provider, construct the update so that the user's screen is switched off when they 'power off' the phone, then set the phone to reboot next time the power button is pressed, thus appearing to be behaving normally. the battery would only really go down whilst the mic was active and transmitting.

    admittedly that isnt turning the phone on remotely, but thats the sort of phraseology that can mean any thing and likely be a dumbed down explanation to save having to explain to plebs about trickle currents and off and "off". i mean imagine try explaining to the average techno phobe that an ATX pc is never switched off unless the psu switch (on the back of it) is off or its unplugged, theres always some current being drawn, but for all intents and purposes the pc is perceived as off by all but the '10 sorts of people...' crowd (i know, i am one, pot calling kettle black etc. etc. etc., but still least im not gibbering about my collection of micro computers, or valve based RF service gear)

  20. Glenn Alexander

    I imagine the phones aren't 'off'

    I imagine the phones aren't 'off' but in standby mode and the people in question just don't differentiate between the two states and consider their phone 'off' when they are not on a call.

  21. Steve Roper

    The girl has a point

    My phone alarm sounds when the phone is off, but I don't receive SMS messages until I turn it back on - then there's a storm of "beep-beep! beep-beep!"s as all the messages and missed-call advisories I missed while the phone was off come flooding back in. This indicates that the phone is not connected to the network while in a power-down state, and thus would not activate on a remote command, unless it were modified or doctored in some way to do so.

    That does not mean I dismiss the girl's story. Given the plethora of mail-order spy-stores in the US (you know, the ones where you can order micro- and IR- cameras, WiFi bugs and dish-antenna eavesdroppers etc etc), it's entirely possible some geeks at her school have ordered some of this stuff in and had an opportunity to doctor her phone. It beggars the question, what else have they done? They could bug her house (I've seen a device that aims a laser at someone's window and can hear a conversation in a room a mile away), which would account for her conversations being heard while the phone was turned off. Such a crew could also have placed hidden cameras and remote mikes around the neighbourhood - given the ready availablility of such technology these days I would not be at all surprised.

    When I was a teenager back in the early 80s, my geek friends and I used such tech as was available at the time to do exactly this sort of thing. While we didn't have mobile phones or micro-cameras, we DID have dish-antenna eavesdroppers and wireless FM mikes which we'd stash around the school and playgrounds to monitor what the other kids were talking about. If we were doing that back then, what are the young geeks of today doing now with what's available to them?

  22. Rich

    GPS

    The US system uses triangulation between cellphone towers, as do most cellphone location technologies. It's primary purpose is to locate 911 callers - when cellphones were first introduced in the states, the generally cludgy nature of the US systems meant that roamed callers would often reach the emergency services in their hometown when reporting an incident thousands of miles away - geolocation was a rather overkill mandate to prevent this.

    GPS would be fairly useless for this, as it only works outdoors, whereas there is an expectation that all cellphone services work inside.

  23. Anonymous Coward
    Anonymous Coward

    eavesdropping

    From http://news.com.com/2100-1029_3-6140191.html

    << Nextel and Samsung handsets and the Motorola Razr are especially vulnerable to software downloads that activate their microphones, said James Atkinson, a counter-surveillance consultant who has worked closely with government agencies. "They can be remotely accessed and made to transmit room audio all the time," he said. "You can do that without having physical access to the phone." >>

    I take Atkinson at his word.

  24. Pascal Monett Silver badge

    I miss something in his logic

    Sorry, but if you say that MOST operators are not e911-compliant, then go on to say that over 70% ARE compliant, I believe you are shooting your argument in the face.

  25. Anonymous Coward
    Anonymous Coward

    A government counter-surveillance consultant says...

    ...""They can be remotely accessed and made to transmit room audio all the time,"

    Firstly, what kind of idiot believes anything a "government counter-surveillance consultant" says, unless it's been independently verified? Where's the independent verification in this case? Not in the news.com article, that's for sure.

    It seems far more likely that, as already suggested in these posts and also in the original news.com article, the spooks get physical access to the phone for long enough to install some traditional spook gear, before returning the phone to the unsuspecting owner.

    Secondly, just think for a moment about the claim being made - that the mic can be remotely turned on and "transmitting". Ask yourself, transmitting to what? If it's behaving as though it's in a GSM call, that's trivial to detect in various ways - "GSM buzz" on nearby electronic kit and unexpectedly high battery drain being just two of the most obvious ones (not to mention the inability to actually make a *real* GSM call when the user wants to). If it's using Bluetooth, there's the small matter of limited range (long range Bluetooth isn't low power). If it's using something else - what is it using - maybe traditional spook technology :)

  26. Anonymous Coward
    Anonymous Coward

    phones are never off...

    my old Nokia had the nice feature of silent answer/auto-answer, so I could leave it in a room/faraway country and call it, then after about a second I could listen to ambient sound until I hung up, or the battery ran-out.

    Menu 4 7, toggle On or Off (Automatic answer) Menu 8 2 (Silent Function) with 'M' to confirm. OK the 1611 wasn't the 'smallest' of bugs - but it worked out of the box and this was 9 years ago...actually I still have the 1611 in a cupboard somewhere next to my Marconi '807 triode' based TF867a RF signal generator

    Now with Symbian OS on the best phones it would be trivial for a TLA organisation to stuff in some remote malware, I suppose the youth in this case might have had physical access to manipulate the menu or bought some cloning kit from the local X-Box mod-shop?

  27. Anonymous Coward
    Anonymous Coward

    of course its possible...

    The reg has even reported on such things being possible.

    http://www.theregister.co.uk/2006/03/30/flexispy/

    It wouldn't take a lot to make the phone appear to be off.

    Of course its not going to be 100% stealth, but then again no one said that it was undetectable.

  28. Lance Wantenaar

    Technical response to article

    This is a response from me brother who works in the industry in South Africa.

    "This could be possble only if they could get hold of the cellphone for a while to try and clone the IMEI and certian other stuff like the HLR and other coding bits. More possible in the Amercan market as they work of more of an analogue system. If like Vodafone and and the European market definately more difficult."

  29. Alan Edwards

    Analog(ue)?

    Are the analogue cell networks still active in the US?

    Having read the reports, apart from a reference to a text message there's nothing the stalkers did that could not be achieved with a cloned analogue handset, a scanner and good-old observation. They would need physical access to pair up Bluetooth to replace the ring tone, but in a school situation that would not be difficult.

    All the references to costs coming back to the girl's account point to cloning of some sort.

    Alan.

  30. Anonymous Coward
    Anonymous Coward

    All you guys are thinking you need to be logged in to the digital network carrier to do this.

    But you don't need a two-way handshake and an active connection to send just one command.

    You just need to have the target phone (and by nature all other phones) to have an undocumented listening-only mode straight from the factory. Then broadcast a "phone abcxyz go into bugging mode" out of EVERY MAST IN THE COUNTRY! :¬)

    That, as far as I can tell, is the only way to do it.

    Of course, it does sound preposterous and is probably not real. But not impossible.

  31. Hud Dunlap

    beware of porn

    I checked out a couple of the cell phone locator sites that I found using Google. These were free and looked very professional, even bringing up a satellite photo and terms of use etc. That is while they were downloading the porn movie.

This topic is closed for new posts.