[CSS-research] Hello and welcome to the Cell Site Simulator Research mailing list

Mon Nov 20 13:15:57 PST 2017

Hello,

Nice to meet everyone! Cooper, thanks for starting this list. I think it is
a great idea to get everyone working on cell-site simulators in touch.

I'm Peter Ney, a graduate student in the Security Lab at the University of
Washington, and a member of the SeaGlass team (
https://seaglass.cs.washington.edu/), along with Ian Smith, Karl Koscher,
and Yoshi Kohno. Our long term goal with SeaGlass is to build systems that
are able to detect cell-site simulators at scale (especially commercial
models) with high accuracy. This means building systems to collect cellular
data and developing algorithms that can use this data to detect cell-site
simulators.

We aren't there yet. In addition to the challenges of collecting data, I
think there are two unsolved problems:

1) If you detect something anomalous/suspicious, how do you know if it is a
cell-site simulator or some other network anomaly (e.g., cell-on-wheels,
femtocell, misconfigured legitimate BTS, etc)? In our experience looking at
network data, really weird stuff happens all the time that is innocuous.
This would be easier to answer if we had ground truth from the network, but
we really shouldn't rely on having this. This is going to be especially
important to solve if we want to use our results in court.

2) We need rigorous evaluation that convinces us that a detection system
would actually work in the wild. The recent White-Stingray paper published
this year at WOOT'17 highlights this point when they showed that
phone-based IMSI-catcher detection apps are missing lots of cell-site
simulator behavior. This problem gets harder because showing that a given
system can detect a homemade SDR IMSI-catcher doesn't mean that it could
detect a Harris Stingray or Hailstorm (because we are still making educated
guesses about their behavior unless we can get access to them).

Right now we are revamping the SeaGlass sensor to collect lots more data
with SDRs, and are working on improving our evaluation infrastructure (with
IMSI-catchers) to add more rigor to our evaluation. We hope to start
collecting more data in the wild sometime next year.

Ian and I are also involved in a cell-site simulator court case down in
Tacoma, WA, so we may have some questions for the list as we get further
along in that process.

Peter

On Tue, Nov 14, 2017 at 11:23 AM, Eric Null <null at opentechinstitute.org>
wrote:

> Hi Cooper, thanks for getting this started and thanks to Yomna for
> compiling the resources.
>
> Hello mailing list! I'm Eric Null, a broadband policy attorney at New
> America's Open Technology Institute. IMSI catchers/surveillance tech makes
> up a small portion of my work (mostly because OTI has its own security
> policy team), but I'm happy to be on this list so I can learn more about
> what's happening.
>
> One thing I wanted to mention is that we (OTI and two other orgs) filed a
> complaint last year at the FCC
> <https://www.newamerica.org/oti/press-releases/oti-and-others-file-stingray-complaint-against-baltimore-city-police-department/>
> arguing that Baltimore PD's use of IMSI catchers violated the
> Communications Act (the complaint has some fun maps/data viz in it!). We
> had some meetings in late 2016, but even under a Dem administration it was
> difficult to get them to move. Needless to say, under Trump's FCC chairman,
> we'd probably get bad precedent if the FCC acted on it, so we're no longer
> pushing it for the time being.
>
> Anyway, thanks everyone!
>
> On Tue, Nov 14, 2017 at 2:10 PM, Cooper Quintin <cooperq at eff.org> wrote:
>
>> Hello and welcome to the Cell Site Simulator Research mailing list!
>>
>> I am a senior staff technologist at EFF on our Cybersecurity Team. For
>> the last year or so I have been studying—among other things—Cell Site
>> Simulators (IMSI catchers) and their use against activists in the United
>> States.
>>
>> Since I began researching IMSI catchers some time last year I have made
>> contact with many other researchers and organizations. What I have
>> discovered is that many of those people are working along the same lines
>> but not sharing knowledge, ending up in a situation where people are
>> duplicating each other's work, or solving problems which have already
>> been solved.
>>
>> The goal of this working group will be to bring everyone working on IMSI
>> catcher detection technology and IMSI catcher policy strategies
>> together, so as to not duplicate each other's current and past work. We
>> can also share our findings and strategies with each other which will
>> hopefully multiply our effectiveness.
>>
>> To start with, here is a list of relevant literature and videos that my
>> colleague Yomna compiled, along with descriptions and ratings for most
>> of them.
>> https://docs.google.com/document/d/10cDNl3qnmi_MFU66JcdKEXWy
>> QVZDRIsPCPAMHWzuQqU/edit#
>>
>> I think a good next step might be a round of introductions (for anyone
>> who wants to do so) and a bit about what we have all been working on. I
>> will do so for myself in a separate thread.
>>
>> Cheers,
>> --
>> Cooper Quintin
>> Senior Staff Technologist | EFF
>> PGP: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA
>> Twitter: @cooperq
>> _______________________________________________
>> CSS-research mailing list
>> CSS-research at eff.org
>> https://lists.eff.org/mailman/listinfo/css-research
>>
>
>
>
> --
> Eric Null
> Policy Counsel
> New America's Open Technology Institute
> 740 15th Street NW, Suite 900
> Washington, DC 20005
> (202) 596-3493
> @ericnull
>
> _______________________________________________
> CSS-research mailing list
> CSS-research at eff.org
> https://lists.eff.org/mailman/listinfo/css-research
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/css-research/attachments/20171120/b2430e90/attachment.html>