If you’ve visited the Home of Disneyland, you may have noticed a small plane fly above at one time. The OC is full of rich and luxurious people, might be a Newport Beach golfer, no great deal, right? Besides, as it rolls out, the Anaheim Police department of California had access to military-grade dragnet mobile phone spying equipment. It is a kind of device that can suck up all the information of your mobile from an airplane flying overhead along with thousands of others. The police department of California admitted that they used special Cell Phone surveillance technology, called as ‘DirtBox’ which is mounted on the aircraft in the Disneyland so as to track millions of mobile users activities.
Anaheim in California isn’t a large city which has a population of 336,265 and it is considerably smaller than other cities like Wichita, Kansas and Mesa, Arizona. This is how safe America’s insane surveillance culture is: A local city’s police department had access to spying devices called dirtboxes, the same spying tools explore by the Air Force. DRTBox is an advanced version of Dirtbox which is developed by Digital Receiver Technology, a subsidiary of Boeing’s Maryland.
What is a DRTBox?
In short, a DRTBoxes are the spies in the sky. DRTBox is a military surveillance technology that has capabilities of both Stingray and Dirtbox as well. Stingrays are spying devices that simulate cell phone towers, letting owners prevent information from cell phones. “Dirtbox” devices are almost similar to Stingrays, except they can operate in airplanes, which makes them even more effective since it raises the number of cell phones they can spy on. These devices let the police spy, track, blocks thousands of mobile phone calls and calmly eavesdrop (listen) on conversations, emails, and text messages.
DRTBox model is also capable enough to break the encryption of hundreds of cell phone communications at once and concurrently assisting Anaheim Police Department track criminals. But this sort of spying is recording the information on innocent citizens. Besides Dirtbox, the police also acquired various Stingray devices, including one that can control LTE (Long Term Evolution) networks.
This unexpected cellphone spying program probably affects the privacy of all the people including the innocent ones from Orange County’s 3 million citizens to the 16 million people who visit Disneyland every year. This indicates the hazards of enabling law enforcement to covertly obtain surveillance technology.
How does DRTBox Work?
DRTBox is a spying device which is capable of retrieving data from tens of thousands of cell phones during a single flight so as to target criminals and suspects. However, the information on a huge number of innocent citizens are being spied and collected. The website of DRT that develops these spying equipment touts that the products manufactured by the company are lightweight, low power, small, and are supportable on multiple platforms. These products can be used in different carriers like UAVs, planes, helicopters, vehicles, towers, and on walk-tests, submarines, and boats.
Usually, DRTBox operates by masquerading (pretending) as a cell phone tower. All the mobile phones which are present within the range automatically connects to the strongest and the nearest cell tower, respond to this signal and trap victims into connecting to it.
After connecting to the signal, the device DRTBox starts spying on the users mobile activities and collects Hardware Numbers that includes registration information and identity data which is associated with the user’s mobile phone. These hardware numbers are uniquely identifying IMEI numbers that are stored on every mobile device.
DRTBox monitoring device makes use of a Man In the Middle (MITM) attack that could not be detected or identified by the users quickly and therefore, enables the Police to track and find criminals similar to drug-traffickers. This device aims all nearby cellular devices, so Law Enforcements are able to get data from hundreds of devices simultaneously.
How does DRTbox Break Carrier-based Encryption?
Mobile data is a carrier-based information. But, how is it possible for the DRT spying devices to crack such carrier-based encryption? Here’s how! Wireless Carriers makes use of different encryption standards in order to preserve the privacy of cellphone data communication, which is actually built into GSM 2G, 3G, 4G and LTE networks.
Since GSM network is such a popular network that is used by millions of people since 30 years and it got belittled over the time. There are some reasons for the downfall of GSM network. Here are a few!
- Lack of tower authentication,
- Poor key derivation algorithms
- Offensive encryption algorithms
Because of all these reasons, it is crackable with much ease.
Yet, 3G, 4G, and LTE networks have fixed these potential vulnerabilities and are using powerful encryption standards to preserve communication between the mobile device and the local tower secure. If the SIM which you’re using is a 3G or 4G network, then you must be conscious that in the case of network unavailability, your 3G/4G connections will drop down automatically. It means it will failover or fallback to GSM connection.
In such a case, this spying device DRTbox utilizes this fallback feature to execute a rollback attack. Rollback attack is nothing but jamming 3G/4G connection thereby re-activating all of the GSM attacks to break encryption easily in order to intercept calls and other data that would have been difficult to break, especially in bulk.
The Government can then trace out who, when and to where a target is coming from, the exact place of every device within the tower range and capture the data of the communication as well. In this way, the federal agencies and local police of California can securely fasten in quiet, bulk surveillance without having original decryption keys and without letting any trace whatsoever.
How to Protect yourself from DRTbox or Stingrays Spying Devices?
You need not worry about your mobile data as there are some measures to protect against such potential vulnerabilities. The carrier-based encryption with application-level encryptions (end-to-end encryption), both are separate. If you are highly worried about police snooping on your mobile data communication, just follow the below measures:
- Use software to encrypt your emails (PGP), instant messages (Telegram or Signal), documents and even your voice calls (RedPhone).
- Apart from this, you need to enable 3G/4G/LTE-only mode from device settings to forcibly restrict your smartphone to use only secure and reliable connection.
Using the above-given safety measures, you can prevent DRTBox or any other cell phone spying and tracking device to intercept your data communication, but might enable location tracking. We need some special laws to protect our privacy from the people who are actually supposed to protect us.