www.infosecinstitute.com
Open in
urlscan Pro
2606:4700:4400::6812:259a
Public Scan
URL:
https://www.infosecinstitute.com/resources/general-security/cellphone-surveillance-the-secret-arsenal/
Submission Tags: falconsandbox
Submission: On September 22 via api from US — Scanned from DE
Submission Tags: falconsandbox
Submission: On September 22 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
POST
<form action="" method="post" id="newsletterForm" class="form">
<label for="emailAddress" class="sr-only">Enter your email</label>
<input type="email" id="form_input_email" class="form__input" placeholder="Email address..." aria-label="Email address..." required="">
<button type="submit" class="btn btn-accent btn-block" aria-label="Submit Modal Form"> Subscribe </button>
<p class="text-small text-light mt-20 mb-0">For information about how Cengage uses personal information, see our <a href="https://www.cengagegroup.com/privacy/" target="_blank">privacy policy</a>.</p>
<input name="__RequestVerificationToken" type="hidden" value="CfDJ8L039E6eQgNDiOt87HnDaVtVFp_uGEtmX0HHM0G0_zZbFJDRzqIYeaTl-vRKnUi33mIuKBl8rKb1yrhcPtEzvzANn2LVM7px3goe2y0xT4UXELLppxTnLC-2aheZtfqEdkutpsuvAlGrPhV_nxh0s2I">
</form>Text Content
Skip to content
* 708.689.0131
* Contact us
* Partners
* Login
*
* Training
Go to the "Certificates"
All cybersecurity training
--------------------------------------------------------------------------------
Live Boot Camps
Infosec Boot Camps offer live, instructor-led cybersecurity and IT
certification training in-person or online.
View All Schedules Learn More
--------------------------------------------------------------------------------
Self-Paced Training
Infosec Self-Paced Training accommodates your schedule with
instructor-guided, on-demand training.
Contact Us Learn More
--------------------------------------------------------------------------------
Immersive Boot Camps
Infosec Immersive Boot Camps kickstart cybersecurity careers with tailored
training in as little as 26 weeks.
View Program Learn More
--------------------------------------------------------------------------------
Learning Paths
Infosec Skills provides on-demand cybersecurity training mapped to skill or
role paths for any level.
View Pricing Learn More
--------------------------------------------------------------------------------
Training by role
--------------------------------------------------------------------------------
* Cloud Security Engineer
* Cybersecurity Beginner
* Digital Forensics Analyst
* OT Security Practitioner
* Information Risk Analyst
* Penetration Tester
* Privacy Manager
* Secure Coder
* Security Architect
* Security Engineer
* Security Manager
* SOC Analyst
Team training
--------------------------------------------------------------------------------
Advance your team's cybersecurity skills with our customizable,
industry-recognized programs and take advantage of our team training
discounts.
Learn More
Award-winning training you can trust
--------------------------------------------------------------------------------
*
*
*
*
* Certifications
Go to the "Security Awareness"
Cybersecurity certifications View All Certifications
--------------------------------------------------------------------------------
Most popular certifications
* CompTIA Security+
* ISC2 CISSP®
* ISACA CISM
* PMI Project Management Professional (PMP)
* Cisco CCNA Associate & CyberOps Associate
--------------------------------------------------------------------------------
CompTIA
* CompTIA A+
* CompTIA Network+
* CompTIA Security+
* CompTIA CySA+
* CompTIA PenTest+
* CompTIA CASP+
* CompTIA Linux+
--------------------------------------------------------------------------------
ISC2
* ISC2 CISSP®
* ISC2 CCSP®
* ISC2 CGRC®
* ISC2 CSSLP®
* ISC2 ISSEP®
--------------------------------------------------------------------------------
ISACA
* ISACA CISM
* ISACA CISA
* ISACA CRISC
* ISACA CGEIT
--------------------------------------------------------------------------------
Other certifications
* Ethical Hacking Dual Certification (CEH & PenTest+)
* Infosec RHCSA
* Cyber Threat Hunting
* Microsoft Azure Dual Certification
* Certified CMMC Professional (CCP)
* AWS Certified DevOps Engineer
View All Certifications
We offer multiple ways to save when it comes to training and certifying your
team.
Learn More
* Security Awareness
Go to the "Solutions"
--------------------------------------------------------------------------------
Empower employees with knowledge and skills to stay cyber secure at work and
home with 2,000+ security awareness resources.
View Pricing Learn More
Security awareness training
* Prebuilt training plans
* PhishNotify
* Threat quarantine
* Phishing simulator
* Reporting and assessments
* Integrations and automation
* Global administration
* Program management
Demo Now Browse Featured Training
* Solutions
Go to the "Resources"
Enterprise solutions
--------------------------------------------------------------------------------
* Businesses and industries
Security education to the right people from IT and security staff to the
C-suite and every employee.
* Security and IT teams
* Government and contractors
* Manufacturing
* Higher education
* MSPs and resellers
--------------------------------------------------------------------------------
* Technical training and certifications
Skills and certifications your team should get next with training mapped
to NIST and NICE Frameworks.
* Subscription learning
* EdAssist Solutions Client discounts
* Affirm financing
* Training vouchers
* SmartPay
--------------------------------------------------------------------------------
* Compliance
Flexible, scalable training solutions that add value to your client
services portfolio and reduce business risk.
* DoD 8570/8140
* Security awareness
* Resources
Go to the "About Us"
Popular resources
--------------------------------------------------------------------------------
* Blog Blog
* Ebooks Ebooks
* Webinars Webinars
* Certifications
* Security awareness
* Phishing
* Professional development
--------------------------------------------------------------------------------
* Cyber Work Podcast Cyber Work Podcast
* Career series
* Quick tips
* Live events
--------------------------------------------------------------------------------
Certification hubs
Certification Hubs
* CompTIA Security+
* Certified Information Systems Security Professional (CISSP)
* Certified Information Security Manager (CISM)
* Project Management Professional (PMP)
* Cisco Certified Network Associate (CCNA)
* Certified Cloud Security Professional (CCSP)
* Certified Ethical Hacker (CEH)
* CompTIA Network+
* CompTIA CASP+
* CompTIA CySA+
--------------------------------------------------------------------------------
Free tools and downloads
Free tools and downloads
--------------------------------------------------------------------------------
* Phishing Risk Test
* Security Awareness Training Plans
* Skill Development and Certification Course Catalog
* Cybersecurity Interview Tips
* Case studies
--------------------------------------------------------------------------------
Featured webinar
* About Us
Go to the "Search"
We are the leader in cybersecurity training
--------------------------------------------------------------------------------
We help IT and security professionals advance their careers with skills
development and certifications while empowering all employees with security
awareness and phishing training to stay cyber safe at work and home.
Learn More
* Leadership
* Careers
* Partners
* Events
* Alliances
* Community
* Scholarship
* Awards
Contact Us
*
* Book a Meeting
* Award-winning training you can trust
--------------------------------------------------------------------------------
*
*
*
*
* Resource Center
* General security
* Cellphone Surveillance: The Secret Arsenal
General security
CELLPHONE SURVEILLANCE: THE SECRET ARSENAL
January 8, 2016 by
Pierluigi Paganini
STINGRAY AND THE CELLPHONE SURVEILLANCE
In a previous post, I detailed the technologies used to track mobile devices,
with a specific reference to the StingRay IMSI-catcher (International Mobile
Subscriber Identity).
An IMSI-catcher is a surveillance solution used by law enforcement, military and
intelligence agencies for telephony eavesdropping, it is the technology used for
intercepting mobile phone traffic and tracking movements of mobile phone users.
What should you learn next?
From SOC Analyst to Secure Coder to Security Manager — our team of experts has
12 free training plans to help you hit your goals. Get your free copy now.
Get Your Plan
An IMSI catcher runs a Man in the Middle (MITM) attack acting as a bogus mobile
cell tower that sits between the target mobile phone and the service provider's
real towers.
The only way to prevent being tracked by an IMSI catcher is using specific
products that secure communication on mobile devices. Modern Sting
Ray implements a large number of functionalities, they allow attackers to
intercept calls and Internet traffic, send fake texts, locate the devices and
also inject malware, typically spyware and mobile RAT, that allows to gain full
control over the victim's device an exfiltrate the data.
The use of the IMSI-catcher is condemned by privacy advocates, the StingRay and
other IMSI surveillance systems are invasive and the principal problem related
to their usage is that they operate a dragnet surveillance spying not only the
targeted mobile, but concurrently also all nearby cellular devices.
Figure 1 - StingRay
HOW DOES STINGRAY WORK?
Stingray equipment could operate in both active and passive modes, in the first
case the device simulates the behavior of a wireless carrier cell tower, in the
second case it actively interferes with cellular devices performing operations
like data exfiltration.
The Stingray system is typically installed in a vehicle in a way that agents can
move it into any neighborhood, it tricks all nearby cellular devices into
connecting to it and allowing data access by law enforcement. Recently law
enforcement and intelligence agencies installed Geo-Locating systems also on
aircraft and drones.
Let us see in detail the two operative modes implemented by the StingRay
technology.
THE PASSIVE MODE
A StingRay that is operating in passive mode is able to receive and analyze
signals being transmitted by mobile devices and wireless carrier cell stations.
The term "passive" indicates that the equipment doesn't communicate directly
with cellular devices and does not simulate a wireless carrier cell site.
By adopting a passive mode technique, the attacker can extract information
related to the cell phone, including identification numbers, signal strength,
and signal coverage areas. The Stingray operates as a mobile phone and collect
signals sent by cell stations near the equipment.
THE ACTIVE MODE
A StingRay equipment operating in "active mode" will force each cellular device
in a predetermined area to disconnect from its legitimate service provider cell
site and establish a new connection with the attacker's StingRay system.
StingRay broadcasts a pilot signal that is stronger than the signals sent by
legitimate cell sites operating in the same area, forcing connections from the
cellular device in the area covered by the equipment. The principal operations
made by the StingRay are:
* Data Extraction from cellular devices - The StingRay collects information
that identifies a cellular device (i.e. IMSI, ESN) directly from it using
radio waves.
* Run Man in The Middle attacks to eavesdrop Communications Content
* Writing Metadata to the cellular device
* Denial of Service, preventing the cellular device user to place a call or
access data services.
* Forcing an Increase in Signal Transmission Power
* Forcing an Abundance of Signal Transmissions
* Tracking and Locating
Figure 2 - StingRay case study
TRACKING CELLULAR DEVICES, A PROLIFIC MARKET
A growing number of actors are interested in the StingRay technology, not only
law enforcement, but also foreign intelligence agencies use these devices to spy
on their targets.
In this paragraph we will analyze in detail the solutions available on the
market, at least the most popular ones.
Recently the news agency The Intercept has leaked online a secret catalog of
cellphone spying devices used by the US intelligence, and not only. The document
is a precious source of information that has been given to the online
publication by someone inside the intelligence community.
The person who passed the document to The Intercept declared to be concerned
about the growing militarization of domestic law enforcement.
"The Intercept obtained the catalogue from a source within the intelligence
community concerned about the militarization of domestic law enforcement. (The
original is here.)" states the post published on the Intercept.
"A few of the devices can house a "target list" of as many as 10,000 unique
phone identifiers. Most can be used to geolocate people, but the documents
indicate that some have more advanced capabilities, like eavesdropping on calls
and spying on SMS messages. Two systems, apparently designed for use on captured
phones, are touted as having the ability to extract media files, address books,
and notes, and one can retrieve deleted text messages."
The catalog includes 53 cellphone spying devices, including Stingray I/II
surveillance boxes and Boeing "dirt boxes."
There are some devices small enough to fit in a backpack such as the Blackfin
that allows agents to eavesdrop nearby communications.
The document also includes many other cellphone spying devices that are less
popular of the Stingray that could be used by law enforcement and intelligence
agencies in various scenarios, including the deployment on drones and aircraft.
One of the spying devices is sold by the NSA, while another was designed for use
by the CIA.
These systems are a long debated because they allow authorities to conduct
dragnet surveillance, the cellphone spying devices have been used by local law
enforcement agencies across the United States for a long time.
"The archetypical cell-site simulator, the Stingray, was trademarked by Harris
Corp. in 2003 and initially used by the military, intelligence agencies, and
federal law enforcement." continues the post. "Another company, Digital Receiver
Technology, now owned by Boeing, developed dirt boxes — more powerful cell-site
simulators — which gained favor among the NSA, CIA, and U.S. military as good
tools for hunting down suspected terrorists. The devices can reportedly track
more than 200 phones over a wider range than the Stingray."
The Intercept also reported the case of Marc Raimondi who was employed by the
Harris company and that now is a Department of Justice spokesman who claims the
agency's use of Stingray cellphone spying devices is legal.
Jennifer Lynch, a senior staff attorney at the Electronic Frontier Foundation
has repeatedly expressed its disappointment in the use of these devices in a
domestic context.
"We've seen a trend in the years since 9/11 to bring sophisticated surveillance
technologies that were originally designed for military use—like Stingrays or
drones or biometrics—back home to the United States," said Jennifer Lynch "But
using these technologies for domestic law enforcement purposes raises a host of
issues that are different from a military context."
THE BLACKFIN-I/II
The Blackfin is a device produced by the Harris Corporation, the same that
designed the StingRay. It has limited dimension that allow agents to worn it on
the body, its main features are the eavesdropping capability (both voice and
text) and possibility to use it to shut down nearby devices in a selective mode.
It costs $75,000, and implements a mobile controller via Bluetooth.
Figure 3 -Blackfin Device
DRT 1101B, AKA DIRT BOXES
This surveillance device allows agents to monitor up to 10,000 mobile devices,
making it ideal for monitoring during public events and political protests. It
is able to target both analog and digital wireless devices, intercepting voice
data.
Figure 4 - Dirty Box
These devices could be also mounted in an aircraft or a drone flying over the
targeted people.
It is sold by Digital Receiver Technologies, a subsidiary of Boeing Integrated
Defense Systems and costs $78,850.00.
The equipment belongs to a complete family of devices known as dirt boxes which
includes DRT 1183, DRT 1201C, DRT 1301C, DRT1101B
The DRT 1301C and the DRT 4411B provide features similar to other tools of the
family but they are characterized by a limited overall dimensions. They cost
respectively $100,000 and $40,000.
Figure 5 - DRT 4411B DIRT Box
TYPHON
Typhon is a surveillance product designed by the experts of the TAO unit at the
National Security Agency, it is able to capture data only from GSM mobile
devices. It works only in the US, but won't work on Sprint, Verizon, and U.S.
Cellular phones in the United States. The device has an operative range of 30
kilometers in rural areas and 5 kilometers in urban ones. It cost $175,800.
Figure 6 - NSA Typhon
TRIGGERFISH
The Triggerfish is an eavesdropping equipment that allows law enforcement to
intercept cellular conversations in real time. Its use extends the basic
capabilities of StingRay, which are more oriented to device location monitoring
and gathering metadata. The Triggerfish allows authorities to monitor up to
60,000 different phones at one time over the targeted area.
Figure 7 - Triggerfish
According a post published by the journalist Ryan Gallagher on Ars, its cost
ranges between $90,000 and $102,000.
CYBERHAWK
Cyberhawk is able to exfiltrate data off over 79 mobile devices, including SMS
messages, phonebook, dialed numbers, and any other file stored in the phone. It
is a privileged instrument for espionage and investigation, it can be used to
track network of individuals analyzing the information on their mobile devices.
Figure 8 - Cyber Hawk
KINGFISH
The Kingfish is a surveillance transceiver produced by the Harris Corporation
that is used by law enforcement and intelligence agencies to track cellular
devices and exfiltrate information from mobile devices over a targeted area. It
could be concealed in a briefcase and allow to gather unique identity codes and
show connections between phones and numbers being dialed. Its cost is slightly
higher than $42433.
The device is able to locate a phone only when the phone is turned on and the
owner isn't involved in a conversation, it works with both GSM and CDMA phones.
Figure 9 - Kingfish
STARGRAZER III
Stargrazer is a military device used to degrade or disrupt a targeted
adversary's command and control (C2) system on the satellite Thuraya Handsets
(HS). The equipment is able to extract IMSI, IMEI and other metadata from the
handset locating it, and jam the device when operates in "attack mode."
Figure 10 - Stargrazer III
RADIANCE
The Radiance is a fixed Wing Geo-Location system is able to capture, query and
locate CDMA-2000 and IS-95 mobile devices.
Figure 11 -Radiance
WINDJAMMER
Windjammer is a hand-held satellite simulator that can be used to geo-locate a
handset or launch a denial of service attack on a given target. It tricks
satellite terminals into thinking they are communicating with the legitimate
network. It is manufactured by the SR Technologies Inc which offer it for sale
at $192,000.00.
Figure 12 - Windjammer
AMBERJACK
The Amberjack is an important accessory for the surveillance systems like
Stingray, Gossamer, and Kingfish. It is a direction-finding system antenna that
is used for cellular device tracking. It costs nearly $35,015
HARPOON
The Harpoon is an "amplifier" (PDF) that can work in conjunction with both
Stingray and Kingfish devices to track targets from a greater distance. Its cost
ranges between $16,000 and $19,000.
Figure 13 - Harpoon
HAILSTORM
Hailstorm is a surveillance device that could be purchased as a standalone unit
or as an upgrade to the Stingray or Kingfish. The system allows the tracking of
cellular devices even if they are based on modern technology.
"Procurement documents (PDF) show that Harris Corp. Has, in at least one case,
recommended that authorities use the Hailstorm in conjunction with software made
by the Nebraska-based surveillance company Pen-Link. The Pen-Link software
appears to enable authorities deploying the Hailstorm to directly communicate
with cell phone carriers over an Internet connection, possibly to help
coordinate the surveillance of targeted individuals." states Ars in a blog post.
The cost of Hailstorm is $169,602 if it is sold as a standalone unit, and it
could be cheaper if acquired as an upgrade of other surveillance devices.
RAVEN
Raven is one of the most powerful tools for surveillance of WCDMA, it is able to
interrogate and geolocate target devices. It can operate from the air or from
the ground. Among its limitations, it requires a separate network survey device
and can cause Denial of Service (DOS) during operation of the UMTS network. It
costs $800K.
Figure 14 - Raven
GOSSAMER
The Gossamer is a portable unit that is used to access data on cellular devices
operating in a target area. Gossamer provides similar functionality of Stingray
with the advantage of being a hand-held model. The Gossamer lets also law
enforcement to run a DoS attack on a target blocking it from making or receiving
calls, as explained in the marketing materials (PDF) published by a Brazilian
reseller of the Harris equipment.
The Gossamer is sold for $19,696.
Figure 15 - The Gossamer
GARUDA (G-BOX) AND THE CARMAN II
The G-Box a GSM airborne geo-location system that emulates a GSM network Base
Station to trick victims' devices to connect it. The device is able to spy only
on those handsets whom IMSI (International Mobile Subscriber Identity) or IMEI
(International Mobile Station Equipment Identity) is included in a target watch
list.
When the targeted handset is registered to the box, a geo-location solution is
calculated. Its cost is $185,000.00.
Figure 16 - Key-W G-Box
The same Key W company also produces the Carman II, aka C-Box II, which is a GSM
BTS that operates in like the Garuda. It works in the 850/900/1800/1900 MHz GSM
bands and cost $130,000.
Figure 17 - Carman II
ARTEMIS AND ARTEMIS II
Artemis is a family of GSM Geo-location systems produced by the Martone Radio
Technology (MRT) company that operate like the Carman and G-box devices. The
principal limitation related to these equipment is that they cannot be mounted
on an airplane and can be used exclusively as a ground system in coordination
with Nemesis/Maximus.
The version Artemis "T" to be used for Thuraya in development. The cost for both
Artemis and Artemis II devices is $83,333.00.
Figure 18 - Artemis
MAXIMUS
Maximus is a Ground GSM stimulation & geo-location device that simulates a BTS
to STIM handset into RF TCH allowing for DF. The system incorporates the Artemis
equipment to implement geo-location functionality.
It can operate from a ground distance ~1-4 Km, also in this case in order to
capture the target the handset must be on and not engaged in a call. It is sold
by the Martone Radio Technology, Inc. for $365,000.00
Figure 19 - Maximus
DEEPPARK
The DeepPark is a fixed Wing Geo Location manufactured by the Rincon IAW NRO and
offered for sale at $250,000.
The surveillance equipment could target 450 sub-band A/C, 800, and 1900MHz
CDMA-2000 & IS-95 mobile devices. It could be used to conduct both passive and
active stimulation and geolocation of the. Differently from other similar
devices, it cannot be used to launch a DOS attack on the system.
Figure 20 - DeepPark
NEBULA
The Nebula is another surveillance device developed by the experts at the NSA.
Nebula is a geo-location system designed to monitor GSM (Multi-Band), CDMA,
UMTS, and HSDPA. Currently can target HPCP, GSM, Inmarsat, Thuraya, CDMA-2000,
HSDPA devices.
Nebula is able to lock and hold traffic from a distance of 12 miles and is able
to GeoLocate a device within 200m. The catalogue disclosed by the Intercept
revealed Nebula has high DC power requirements.
Figure 21 - Nebula
SPYING FROM THE SKY
In November 2014, the Wall Street Journal revealed a secret U.S. surveillance
program leveraging on bogus cell phone towers installed in airplanes to scan
Americans' cell phones and syphon their data.
Figure 22 - WSJ about Dirtboxes on a Plane
The tower signals are used to trick phones to automatically switch over to its
signal, the technique is the same used to spy on cellphone and dubbed StingRay
"The boxes used by the program allow planes to pose as the nearest cell phone
tower, which prompts cell phones under surveillance to disclose their location
and identity information, even if a legitimate tower is closer than the plane
overhead. The dirtboxes also have the ability to interrupt calls, though
officials have reportedly tried to mitigate the harmful consequences of that
function." reported the Business Insider.
The technique was adopted by US law enforcement, the Justice Department used
this method to collect huge amount of data to use in its investigations.
Security and privacy experts are contrary to this "insanely broad airplane data
dragnet" because it affects people all over the country.
The program started in 2007 and U.S. Marshals used different aircrafts equipped
with the spying technology, also referred as dirtboxes, to spy data from
individuals on the entire US soil.
"The U.S. Marshals Service program, which became fully functional around 2007,
operates Cessna aircraft from at least five metropolitan-area airports, with a
flying range covering most of the U.S. population, according to people familiar
with the program.
Planes are equipped with devices—some known as "dirtboxes" to law-enforcement
officials because of the initials of the Boeing Co. unit that produces
them—which mimic cell towers of large telecommunications firms and trick
cellphones into reporting their unique registration information."
The technique allows law enforcement to spy on tens of thousands of cellphones
in a single flight, collecting their identifying information, metadata and many
other information.
The catalogue disclosed by the Intercept provided more information on the
equipment that could be mounted on Aircraft and drones to spy on mobile.
Below the list of the surveillance equipment:
Name Vendor Price Description
Icarus - NVDF AST (Raytheon) $1,5 Mil Geolocation System
Twister Firescout APG Northrop Grumman N/A Base Station Router
Traveler (EW-FOS) BAE Systems $750K Active/passive GSM geo-location System
Guava G-POD/STE LOS Northrop Grumman IS ICW General Atomics N/A GSM airborne
(UAV) geo-location system
Garwind – Blos POD N/A N/A GSM airborne (UAV) geo-location system
Gilgamesh Sierra Nevada Corporation ICW NSA OTRS/DAED and General Atomics N/A
Geo-location system
Airhandler Sierra Nevada Corporation ICW NSA OTRS/DAED and General Atomics N/A
Geo-location system
CONCLUSION
The information disclosed by the Intercept and contained in the catalogue
provided by an anonymous source in the US intelligence are very precious to
understand the methods of investigation of the US intelligence and law
enforcement. The Stingray technology raises serious privacy concerns because it
is used in dragnet surveillance activities.
Anyway, the massive surveillance is prohibited in the US by the Fourth
Amendment, and organizations for the defense of Civil Liberties request
government to provide warrants to use surveillance technologies like the
StingRay.
Organizations such as the American Civil Liberties Union and Electronic Privacy
Information Center (EPIC) highlighted in many cases the risks related to the use
of such method of investigation.
Despite the heated debate on the surveillance technology, such kind of devices
still represents a privileged solution for the secret surveillance operations
conducted by governments worldwide.
REFERENCES
https://theintercept.com/2015/12/17/a-secret-catalogue-of-government-gear-for-spying-on-your-cellphone/
http://securityaffairs.co/wordpress/42861/intelligence/cellphone-spying-devices-catalog.html
https://theintercept.com/surveillance-catalogue/
http://securityaffairs.co/wordpress/30175/intelligence/cell-phone-data-spied-airplane.html
/stingray-technology-government-tracks-cellular-devices/
http://securityaffairs.co/wordpress/28397/hacking/surveillance-solutions.html
http://www.wsj.com/articles/americans-cellphones-targeted-in-secret-u-s-spy-program-1415917533?tesla=y&mg=reno64-wsj
https://www.aclu.org/blog/national-security-technology-and-liberty/trickle-down-surveillance
https://www.aclu.org/maps/stingray-tracking-devices-whos-got-them
http://www.phonearena.com/news/Cellphone-spying-gear-law-enforcement-has-it-and-it-wants-you-to-forget-about-it_id58920
https://www.scribd.com/doc/238334715/Stingray-Phone-Tracker
http://www.washingtontimes.com/news/2014/jul/18/lye-short-circuiting-stingray-surveillance/?page=all#pagebreak
http://www.usatoday.com/story/news/nation/2013/12/08/cellphone-data-spying-nsa-police/3902809/
https://www.aclu.org/files/assets/rigmaiden_-_doj_stingray_emails_declaration.pdf
http://arstechnica.com/tech-policy/2013/09/meet-the-machines-that-steal-your-phones-data/2/
http://cdn.arstechnica.net/wp-content/uploads/2013/09/amberjack.pdf
http://records.oaklandnet.com/feedback/request/2595
http://cdn.arstechnica.net/wp-content/uploads/2013/09/oakland-penlink-hailstorm.pdf
Posted: January 8, 2016
Pierluigi Paganini
View Profile
Pierluigi is member of the ENISA (European Union Agency for Network and
Information Security) Threat Landscape Stakeholder Group, member of Cyber G7
Workgroup of the Italian Ministry of Foreign Affairs and International
Cooperation, Professor and Director of the Master in Cyber Security at the Link
Campus University. He is also a Security Evangelist, Security Analyst and
Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security
expert with over 20 years experience in the field, he is Certified Ethical
Hacker at EC Council in London. The passion for writing and a strong belief that
security is founded on sharing and awareness led Pierluigi to find the security
blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some
major publications in the field such as Cyber War Zone, ICTTF, Infosec Island,
Infosec Institute, The Hacker News Magazine and for many other Security
magazines.
In this Series
* Cellphone Surveillance: The Secret Arsenal
* Diving deep into data analytics and its importance in cybersecurity
* Free Valentine's Day cybersecurity cards: Keep your love secure!
* How to design effective cybersecurity policies
* What is attack surface management and how it makes the enterprise more secure
* Is a cybersecurity boot camp worth it?
* The aftermath: An analysis of recent security breaches
* Understanding cybersecurity breaches: Types, common causes and potential
risks
* Breaking the Silo: Integrating Email Security with XDR
* What is Security Service Edge (SSE)?
* Cybersecurity in Biden’s era
* Password security: Using Active Directory password policy
* Inside a DDoS attack against a bank: What happened and how it was stopped
* Inside Capital One’s game-changing breach: What happened and key lessons
* A DevSecOps process for ransomware prevention
* What is Digital Risk Protection (DRP)?
* How to choose and harden your VPN: Best practices from NSA & CISA
* Will immersive technology evolve or solve cybercrime?
* Twitch and YouTube abuse: How to stop online harassment
* Can your personality indicate how you’ll react to a cyberthreat?
* The 5 biggest cryptocurrency heists of all time
* Pay GDPR? No thanks, we’d rather pay cybercriminals
* Customer data protection: A comprehensive cybersecurity guide for companies
* Online certification opportunities: 4 vendors who offer online certification
exams [updated 2021]
* FLoC delayed: what does this mean for security and privacy?
* Stolen company credentials used within hours, study says
* Don’t use CAPTCHA? Here are 9 CAPTCHA alternatives
* 10 ways to build a cybersecurity team that sticks
* Verizon DBIR 2021 summary: 7 things you should know
* 2021 cybersecurity executive order: Everything you need to know
* Kali Linux: Top 5 tools for stress testing
* Android security: 7 tips and tricks to secure you and your workforce [updated
2021]
* Mobile emulator farms: What are they and how they work
* 3 tracking technologies and their impact on privacy
* In-game currency & money laundering schemes: Fortnite, World of Warcraft &
more
* Quantitative risk analysis [updated 2021]
* Understanding DNS sinkholes - A weapon against malware [updated 2021]
* Python for network penetration testing: An overview
* Python for exploit development: Common vulnerabilities and exploits
* Python for exploit development: All about buffer overflows
* Python language basics: understanding exception handling
* Python for pentesting: Programming, exploits and attacks
* Increasing security by hardening the CI/CD build infrastructure
* Pros and cons of public vs internal container image repositories
* CI/CD container security considerations
* Vulnerability scanning inside and outside the container
* How Docker primitives secure container environments
* Top 4 Zapier security risks
* Common container misconfigurations and how to prevent them
* Building container images using Dockerfile best practices
* Securing containers using Docker isolation
Related Bootcamps
* CompTIA CASP+ Training Boot Camp
* ISC2 CISSP® Training Boot Camp
* ISC2 CCSP® Training Boot Camp
* ISACA CISA Training Boot Camp
* ISACA CISM Training Boot Camp
* ISC2 CSSLP® Training Boot Camp
* CompTIA Cybersecurity Analyst (CySA+) Certification Course
* CompTIA Network+ Training Boot Camp
* CompTIA Security+ Training Boot Camp
* Certified Ethical Hacking Course: CEH Certification Boot Camp
GET CERTIFIED AND ADVANCE YOUR CAREER
* Exam Pass Guarantee
* Live instruction
* CompTIA, ISACA, ISC2, Cisco, Microsoft and more!
View Certifications
General security
Diving deep into data analytics and its importance in cybersecurity
September 10, 2024
Stephan Miller
General security
Free Valentine's Day cybersecurity cards: Keep your love secure!
February 10, 2024
Jeff Peters
General security
How to design effective cybersecurity policies
February 07, 2024
John Bandler
General security
What is attack surface management and how it makes the enterprise more secure
November 21, 2023
Drew Robb
*
*
*
*
*
*
Products
* Infosec IQ
Security awareness, culture & phishing simulator
* Infosec Skills
Hands-on skill development & boot camps
Resources
* Cyber Work
* Blog
* Events & webcasts
Company
* Contact us
* About Infosec
* Careers
* Newsroom
* Partners
Newsletter
Get the latest news, updates and offers straight to your inbox.
Thanks! You're signed up.
Newsletter
Get the latest news, updates and offers straight to your inbox.
Enter your email Subscribe
For information about how Cengage uses personal information, see our privacy
policy.
Thanks! You're signed up.
Infosec, part of Cengage Group — ©2024 Infosec Institute, Inc.
* Privacy
* Terms of Use
We use cookies to personalize content, customize ads and analyze traffic on our
site.
Manage Options Accept
PRIVACY PREFERENCE CENTER
* YOUR PRIVACY
* STRICTLY NECESSARY COOKIES
* FUNCTIONAL COOKIES
* PERFORMANCE COOKIES
* ONLINE BEHAVIOR ADVERTISING
YOUR PRIVACY
When you visit websites, they may store or retrieve information on your browser
in the form of cookies. This information might be about your preferences or your
device and is mostly used to make the site work as you expect it to. The
information does not usually directly identify you, but it can give you a more
personalized web experience. Because we respect your privacy, you can choose not
to allow some types of cookies. However, blocking some types of cookies may
impact your experience of the site and the services we are able to offer.
Infosec, a Cengage Group company.
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off. They are usually only set in response to actions made by you such as
setting your privacy preferences, logging in or filling in forms. You can set
your browser to block or alert you about these cookies, but some parts of the
site will not work as a result. These cookies do not store any personally
identifiable information.
FUNCTIONAL COOKIES
Functional Cookies Inactive
These cookies enable the website to provide enhanced functionality and
personalization. They may be set by us or by third-party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.
PERFORMANCE COOKIES
Performance Cookies Inactive
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. All information these cookies collect is
aggregated and therefore anonymous. If you do not allow these cookies we will
not know when you have visited our site, and will not be able to monitor its
performance.
ONLINE BEHAVIOR ADVERTISING
Online Behavior Advertising Inactive
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant ads on other sites. They do not store directly personal information,
but are based on uniquely identifying your browser and internet device. If you
do not allow these cookies, you will experience less targeted advertising.
Back Button
BACK
Filter Button
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Clear
checkbox label label
Apply Cancel
Confirm My Choices
Allow All