[CSS-research] Hello and welcome to the Cell Site Simulator Research mailing list

Martin Shelton mshelton at riseup.net
Mon Nov 20 15:15:06 PST 2017 

Hey all, and thanks for organizing, Cooper + Yomna!

Very brief intro: I'm Martin. I conduct user research and study how U.S. journalists and media activists manage information security. To help relay good information on this topic, it's an area I'd like to learn more about.

Martin

> On Nov 20, 2017, at 1:15 PM, Peter Ney <neyp at cs.washington.edu> wrote:
> 
> Hello,
> 
> Nice to meet everyone! Cooper, thanks for starting this list. I think it is a great idea to get everyone working on cell-site simulators in touch.
> 
> I'm Peter Ney, a graduate student in the Security Lab at the University of Washington, and a member of the SeaGlass team (https://seaglass.cs.washington.edu/), along with Ian Smith, Karl Koscher, and Yoshi Kohno. Our long term goal with SeaGlass is to build systems that are able to detect cell-site simulators at scale (especially commercial models) with high accuracy. This means building systems to collect cellular data and developing algorithms that can use this data to detect cell-site simulators.
> 
> We aren't there yet. In addition to the challenges of collecting data, I think there are two unsolved problems:
> 
> 1) If you detect something anomalous/suspicious, how do you know if it is a cell-site simulator or some other network anomaly (e.g., cell-on-wheels, femtocell, misconfigured legitimate BTS, etc)? In our experience looking at network data, really weird stuff happens all the time that is innocuous. This would be easier to answer if we had ground truth from the network, but we really shouldn't rely on having this. This is going to be especially important to solve if we want to use our results in court.
> 
> 2) We need rigorous evaluation that convinces us that a detection system would actually work in the wild. The recent White-Stingray paper published this year at WOOT'17 highlights this point when they showed that phone-based IMSI-catcher detection apps are missing lots of cell-site simulator behavior. This problem gets harder because showing that a given system can detect a homemade SDR IMSI-catcher doesn't mean that it could detect a Harris Stingray or Hailstorm (because we are still making educated guesses about their behavior unless we can get access to them). 
> 
> Right now we are revamping the SeaGlass sensor to collect lots more data with SDRs, and are working on improving our evaluation infrastructure (with IMSI-catchers) to add more rigor to our evaluation. We hope to start collecting more data in the wild sometime next year.
> 
> Ian and I are also involved in a cell-site simulator court case down in Tacoma, WA, so we may have some questions for the list as we get further along in that process.
> 
> Peter
> 
>> On Tue, Nov 14, 2017 at 11:23 AM, Eric Null <null at opentechinstitute.org> wrote:
>> Hi Cooper, thanks for getting this started and thanks to Yomna for compiling the resources.
>> 
>> Hello mailing list! I'm Eric Null, a broadband policy attorney at New America's Open Technology Institute. IMSI catchers/surveillance tech makes up a small portion of my work (mostly because OTI has its own security policy team), but I'm happy to be on this list so I can learn more about what's happening.
>> 
>> One thing I wanted to mention is that we (OTI and two other orgs) filed a complaint last year at the FCC arguing that Baltimore PD's use of IMSI catchers violated the Communications Act (the complaint has some fun maps/data viz in it!). We had some meetings in late 2016, but even under a Dem administration it was difficult to get them to move. Needless to say, under Trump's FCC chairman, we'd probably get bad precedent if the FCC acted on it, so we're no longer pushing it for the time being.
>> 
>> Anyway, thanks everyone!
>> 
>>> On Tue, Nov 14, 2017 at 2:10 PM, Cooper Quintin <cooperq at eff.org> wrote:
>>> Hello and welcome to the Cell Site Simulator Research mailing list!
>>> 
>>> I am a senior staff technologist at EFF on our Cybersecurity Team. For
>>> the last year or so I have been studying—among other things—Cell Site
>>> Simulators (IMSI catchers) and their use against activists in the United
>>> States.
>>> 
>>> Since I began researching IMSI catchers some time last year I have made
>>> contact with many other researchers and organizations. What I have
>>> discovered is that many of those people are working along the same lines
>>> but not sharing knowledge, ending up in a situation where people are
>>> duplicating each other's work, or solving problems which have already
>>> been solved.
>>> 
>>> The goal of this working group will be to bring everyone working on IMSI
>>> catcher detection technology and IMSI catcher policy strategies
>>> together, so as to not duplicate each other's current and past work. We
>>> can also share our findings and strategies with each other which will
>>> hopefully multiply our effectiveness.
>>> 
>>> To start with, here is a list of relevant literature and videos that my
>>> colleague Yomna compiled, along with descriptions and ratings for most
>>> of them.
>>> https://docs.google.com/document/d/10cDNl3qnmi_MFU66JcdKEXWyQVZDRIsPCPAMHWzuQqU/edit#
>>> 
>>> I think a good next step might be a round of introductions (for anyone
>>> who wants to do so) and a bit about what we have all been working on. I
>>> will do so for myself in a separate thread.
>>> 
>>> Cheers,
>>> --
>>> Cooper Quintin
>>> Senior Staff Technologist | EFF
>>> PGP: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA
>>> Twitter: @cooperq
>>> _______________________________________________
>>> CSS-research mailing list
>>> CSS-research at eff.org
>>> https://lists.eff.org/mailman/listinfo/css-research
>> 
>> 
>> 
>> -- 
>> Eric Null
>> Policy Counsel
>> New America's Open Technology Institute
>> 740 15th Street NW, Suite 900
>> Washington, DC 20005
>> (202) 596-3493
>> @ericnull
>> 
>> _______________________________________________
>> CSS-research mailing list
>> CSS-research at eff.org
>> https://lists.eff.org/mailman/listinfo/css-research
>> 
> 
> _______________________________________________
> CSS-research mailing list
> CSS-research at eff.org
> https://lists.eff.org/mailman/listinfo/css-research
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/css-research/attachments/20171120/f453617a/attachment-0001.html>

More information about the CSS-research mailing list