Scotland Yard trackers operate fake mobile base stations London's Metropolitan Police are using fake base stations to intercept mobile-phone calls, not to mention running a covert air wing, according to reports over the weekend. The base stations come from Leeds-based Datong plc, and can blanket a 10km2 area within which every mobile phone is tracked and monitored, according to the …
" even spooks would be impressed to see the police running a 14-seater Cessna registered to a shell company consisting of nothing more than a rented post-office box."
With my (dusty, not recently used) fraud investigator hat on, I'd be be bloody suspicious of having millions of pounds of my employer's budget flowing through a foreign or non-existent company* that appears to be non-transparently** controlled by an employee and when that company did not go through a transparent tendering process. And that would go double if I knew my employer had proven to be pretty inept at finance management in the past.***
* No record of Nor Leasing at Companies House.
** Met Police Authority didn't supervise
*** Tony Williams
Well, if all you're tracking is phones asking for authentication from their home network, then no, you don't need them to /want/ to connect to you.
If you are intercepting calls then you'll have to pretend to be from the same company as the target phones contact -but that isn't what is being suggested here
from my knowledge there is no authentication from the base station to your phone so if this cell was broadcasting/advertising as if it was from your operator there is no real way to know otherwise, and if its offering the strongest signal your phone will latch on over the real base stations in the area, all without you knowing.
there are some very nice talks on this from the ccc (c3) events over the last 2~3 years so might be worth checking out
"The same information can be obtained from the mobile network operators, but that takes time and costs money with the two vectors being directly related."
It also takes a specific court order listing the person or persons to be intercepted. Something I am sure the Met had before switching on their snooping gear and hoovering up all that yummy data.
No it does not! just like ANPR does not need a court order. All that "Yummy Data" is just phones squaking their ID' s and asking for service. It only requires a court order if that Data is on someone else's database, ie a data protection issue. Real-time collection is not subject to this problem.
Do they? The TIMSI on its own tells them nothing about who is being tracked, but it would be naive to assume that's OK. I imagine it would be fairly easy to determine a target's TIMSI and thence to be able to track them specifically. The only case where there are no privacy implications is where the trackers do not have the power to demand the TIMSI-IMSI link. If they subsequently join the two together, then doesn't that make the tracking data an invasion of privacy and, since the data was obtained without an appropriate court order/warrant, wouldn't the evidence be inadmissible in court?
I would argue that privacy issues remain even "where the trackers do not have the power to demand the TIMSI-IMSI link": for example, merely observing that a TIMSI was at a certain places at certain times (e.g. a home address every day between 22:00 and 06:00 hours, and a work address every day between 10:00 and 16:00) would provide the trackers with a pretty solid idea of to whom it belongs.
Personally, I think that any form of mass surveillance is dangerous—anonymous or otherwise.
Interesting (from the above comments) that the only defence we have against abuse in evidence gathering is that the court -may- be inclined to throw it out. But if that is so, why are the police not merrily listening in on all our landline calls just on the off-chance that they may find something juicy? Something stops them, doesn't it?
On that score, this activity seems to constitute 'interception of communications' and so it should be subject to the RIPA. How are they authorised to intercept the traffic (bearing in mind that it is not targeted but is a general trawl of communications)?
Not only is making the link a potential invasion of privacy, the mere evisaged use of the means to do so brings it squarely within the provisions of the UK Data Protection Act. This covers information that identifies a living person and information that would do so if combined with other information that might come into the Data Controller's possession. If an established mechanism is in place for obtaining the further information, it's a cut and dried case - except if there are exemptions for law enforecement. There might be via other legislation.
The police use these to follow suspects and try to link the TIMSI to a handset so that they can later request call logs under lawful intercept processes in order to build up a picture of criminal networks.
Many criminals use pay as you go SIM's and change them regularly, the police follow a suspect using a vehicle containing the equipment and then capture all of the TIMSI's in an area, they then follow the suspect to another area and take another capture of the TIMSI's. They look for TIMSI's that are in both data captures (sometimes they do further captures to further reduce the number of false positives) and attempt to tie the handsets down to the suspect or individuals that may be travelling alongside the suspect (i.e. shadowing them but not making contact with them).
Some criminal networks also use this technique and the same (or similar) equipment to try to identify if officers are following them, since the equipment is all commercially available.
The equipment is not capable of intercepting or otherwise recording communications to or from handsets within the area and only acquires a connection to a handsets for a very short time, takes the TIMSI and then immediately drops the connection following acquisition, the base station has no connection to any phone network and it would disrupt the functionality of phones if it maintained a connection persistently.
Anon for obvious reasons.
...was that a phone was within the nearest 10km^2 of the base.
It wouldn't give them triangulation (well I guess if they used three of them it would).
And JustaKOS is right, the recent DPA case reported by El Reg makes it clear that this falls under the DPA as personal data if the organisation concerned has the ability to link identifying data to non-identifying data.
It was reported that the organisers of certain anti-runway protests went one better, and passed their phone and oyster card off to friends, whilst they went to their protest planning meetings.
and yes it did apprently cause the relevant police team some confusion, whilst they went following the "suspects" all over london.
QED
point of origin of a signal source does not equal location of person of interest.
I'm sure some nice barrister will point it out to the cps and met if they try to use it in court
Here's the registration numbers for the planes, if you want to search for pictures of them:
G-BVJT
G-TDSA
Took 5 mins to find them when you know the owners name. In pictures it shows that the older one has only front passanger windows blocked by a rack, but in the newer one also the rear windows are blocked too.
The police mess with cell systems, then someone might be tempted to mess with TETRA, a glorified trunked radio system.
Trunked systems use control channels and a jammed control channel sort of spoils their game. They could switch to DMO (Direct Mobile) mode but range and traffic capacity is limited.
Some protesters have resorted to having a few WiFi base stations (TP Link is best as you can reprogram their power output) working from batteries all carried in backpacks. These mobile WiFi carriers don't have to be in with the crowd, just nearby at a highish location.
Power to the people!
I'm all for the police using whatever technology is available in order to combat serious crime and terrorism, as long as it is used proportionately and in accordance with the relevant laws - that's the essence of my above posts. What you are advocating is direct interference in their operations and, as you seem to know TETRA, in the operations of other emergency services. Anyone taking you up on it should quite rightly end up in the slammer.
Does me in all of this whining "what about my privacy" crap. If you want a secure channel, whisper in someone's goddam ear and stop complaining. If I use my moby to connect to someone else's infrastructure (O2 in my case), to communicate with someone else - somewhere else, I'm grateful for the convenience, and not concerned that someone might be listening into my domestic with the wife.
People need to stop living in a world where they believe that it is OK to hide things and walk around anonymously. Stop reading this, disconnect from the internet immediately (someone might be spying on you) throw away all technology and go live in a cave.
Anonymous for dramatic effect
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
