John McAfee, Stingrays and Cyber Security
By: Kirk DouglasFor many of us in the tech community, talk of security solutions and government oversight (and sometimes, over-reach?) are nothing new. You’d have to be lacking online presence entirely and be out of the news loop to have missed the recent security debate between Apple and the FBI regarding an inquiry into a certain terrorists’ iPhone.We live in such a time that regardless of your opinions on the matter, there are strong cases to be made on each side of the argument of what is lawful and just when it comes to the government having access to our personal data. But it is an argument that cannot be ignored given todays vast array of technology acting as a conduit for our day to day communications.In just about everything I’ve read and across various online polls, people remain split on the balance between personal privacy and government oversight and security. But the topic has relevance now more than ever. And that is why long time security guru and businessman John McAfee caught my attention Tuesday evening.In a breaking news report last night, an interview with John McAffee of McAffee Antivirus software had the security specialist telling CNBC news correspondents that the government already has tools in use to track and harvest American’s communications here at home. McAffee further suggested the devices be used overseas to prevent future ISIS attacks like that of the European capital of Brussels early Tuesday.Among the devices McAfee references in the video (link here) was the “Stingray” product developed by Harris Corporation in Florida. This caught my attention for a number of reasons. For one, the device is one that I have heard of before and it is one who’s use has been shrouded in controversy repeatedly. Second, although it has been reported on many times, it hasn’t seemed to have reached the consciousness of people in the way that the Apple vs. FBI case has. It is a topic I think is worth exploring. So what is a Stingray? According to Wikipedia, the Stingray device is an IMSI-catcher (International Mobile Subscriber Identity); A device capable of mimicking a cell tower in order to intercept communications from devices in-range and connected to it. It is both capable of “spoofing” a typical cell tower and once connected, it is able to triangulate the location of an individual based on geographic location between itself, the mobile device, and other cell towers. Furthermore, it exploits a well-known vulnerability among GSM networks in particular to do so, authenticating the connection in the same way a real tower would, but bypassing encryption methods employed by the cellular operator. This is known in the security world as an “MITM” (man in the middle) attack. Due to this vulnerability and the devices capability to exploit the encryption, the cellular line can then be “tapped” during a phone call or data transmission.Why is this important? John McAfee is a man who’s been widely acknowledged as the programmer who developed the first commercial Anti-Virus computer software. He has a long history in programming development ranging from work with NASA to Xerox, Lockheed and Booz Allen Hamilton to name a few. In other words, he’s a smart guy, considered by many the top expert in his field. You may have heard of him before because of the familiarity of the McAfee Security Software commonly packaged or promoted with modern PC’s. He also gained notoriety last month, as he commented on the Apple case, offering to hack the encrypted iPhone in question ‘so that apple doesn’t need to place a back door in its product’.Earlier this month, John contributed an op-ed to Business Insider to help define the role of someone in his position by detailing accounts of his own experiences and the evolving landscape of cyber crime and cyber security. It is an interesting and insightful bit that I can suggest to you as required reading.The importance of his presence in the conversation of security, is that when John McAfee says on a public news program that the US government , (including local governments and many police departments across several states in the U.S.) have deployed devices such as the Stingray, it means there’s a very good chance he is spot-on in his assessment. And there is a myriad of other articles, leaked documents and freedom of information requests suggesting his view is true. (see required reading, end of page) As I watched the CNBC news video, I thought to myself about how many people might be familiar — or completely unfamiliar — with the Stingray device and others like it. The conversation around these devices converge with a more general discussion on security at large and they affect every single one of us carrying a common cellular device.I am suggesting that those of us both inside the tech community and outside, arm ourselves with knowledge of such instruments as they continue to become more commonly discussed topics across the news and in our politics.Whether you have in interest in the topic or not, the debate around the methods and tools in use for accessing cellular communications is sure to rage on. But in the interim, and as the topic becomes more and more visible to the general public, I surmise we’re looking at a future whereby cases like Apple vs. the FBI are going to become more and more public.It doesn’t take a twisted or “conspiracy” world-view to see the writing on the wall. These devices are very real, very much in use and there are state and federal government contracts and leaked documents to prove it.If you're as interested as I am, and wish to keep well informed on this budding topic, take a look at this short list of linked stories to get you started. --------------------------------------Cyber Security & Stingray Required Reading: LA Weekly: LAPD Spy Device Taps Your Cell Phone:http://www.laweekly.com/news/lapd-spy-device-taps-your-cell-phone-2176376 The Guardian: IRS possessed Stingray Surveillance Gear:http://www.theguardian.com/world/2015/oct/26/stingray-surveillance-technology-irs-cellphone-tower RT: NYPD Carried Out Stingray Surveillance:https://www.rt.com/usa/332229-nypd-stingray-surveillance-phones/ RT: Intercepted Catalog Shows Off Secret Surveillance Gear:https://www.rt.com/usa/326361-secret-surveillance-catalog-intercept/ ABC 10: 9 California Law Enforcement Agencies Connected to Cellphone Spying Technology:http://legacy.abc10.com/story/news/investigations/watchdog/2014/03/06/5-california-law-enforcement-agencies-connected-to-stingrays/6147381/ ExtremeTech: NY Police Caught Lying over Stingray Use:http://www.extremetech.com/mobile/202935-new-york-police-caught-lying-over-stingray-use-spying-without-court-oversight Ars Technica:http://arstechnica.com/tech-policy/2014/06/legal-experts-cops-lying-about-cell-tracking-is-a-stupid-thing-to-do/ The Blot: Stingray Maker Asked FCC to Block Release of Spy Gear Manual:http://www.theblot.com/exclusive-stingray-maker-asked-fcc-to-block-release-of-spy-gear-manual-7739514 Harris Request for Confidentiality Against Freedom of Information Request:http://www.scribd.com/doc/259988405/Harris-Letter-Response-Request-for-Confidentiality-FOIA-2014-669