Targeted digital surveillance: IMSI-catcher

Contents

Description
Mitigations
- Bug search
- Encryption
Used in repressive operations
- Case against Boris

Contents

Description
Mitigations
- Bug search
- Encryption
Used in repressive operations
- Case against Boris

An IMSI-catcher (also known as a Stingray) is an eavesdropping device used to collect information about all mobile phones that are turned on in a limited area (from a few meters to several hundred meters) around it. A passive IMSI-catcher simply listens to the traffic, while an active IMSI-catcher acts as a “fake” cell tower between the phones and the legitimate cell towers.

An IMSI-catcher can collect the following information about the phones around it:

Their numbers.
Their IMSI numbers^[1].
Data and metadata about their activity: the content of SMS and regular calls, the list of visited websites, metadata about the use of end-to-end encrypted messaging applications (e.g. when Signal is used and the approximate size of messages sent or received through Signal).

An adversary can use an IMSI-catcher to link people and phone numbers. For example:

At a public demonstration, to record the phone numbers of all the phones present at the demonstration and later obtain the names associated with those phone numbers through the collaboration of the mobile network operators.
As part of a physical surveillance operation to record the target's phone number or the phone numbers of people the target meets with.

An adversary can also use an IMSI-catcher to record phone activity. For example:

To record the activity of a target phone without requiring the collaboration of the mobile network operator (which, in some contexts, may require a warrant).
To record the activity of a target phone when the adversary knows where the phone is being used, but doesn't know its phone number.

See the IMSI-catchers topic.

Used in tactics: Incrimination

Mitigations

Name	Description
Bug search	With the proper techniques and tools, or simple visual observation, you can detect the presence of an IMSI-catcher. Such a detection can have various benefits: The simple presence of an IMSI-catcher is a valuable clue as to the level of surveillance employed by an adversary. If the IMSI-catcher is used during an event or demonstration, you can persuade all participants to turn off their phones. You can destroy the IMSI-catcher (professional IMSI-catchers can be very expensive).
Encryption	If a phone's “in motion” data is encrypted, it is unintelligible to an IMSI-catcher. For example, you should use end-to-end encrypted messaging applications instead of legacy texts and calls for your phone communications.

Name

Description

Bug search

With the proper techniques and tools, or simple visual observation, you can detect the presence of an IMSI-catcher. Such a detection can have various benefits:

The simple presence of an IMSI-catcher is a valuable clue as to the level of surveillance employed by an adversary.
If the IMSI-catcher is used during an event or demonstration, you can persuade all participants to turn off their phones.
You can destroy the IMSI-catcher (professional IMSI-catchers can be very expensive).

Encryption

If a phone's “in motion” data is encrypted, it is unintelligible to an IMSI-catcher. For example, you should use end-to-end encrypted messaging applications instead of legacy texts and calls for your phone communications.

Used in repressive operations

Name	Description
Case against Boris	Investigators used IMSI-catchers during physical surveillance operations to find the phone numbers of people Boris was meeting with — and then identified those people by asking mobile network operators for the names corresponding to the phone numbers^[2].

References

An International Mobile Subscriber Identity (IMSI) number is a number that uniquely identifies a phone, and that is sent from the phone to the mobile network operator when the phone connects to the network.

https://rupture.noblogs.org/post/2023/10/04/no-bars