Re: [Discuss-gnuradio] IMSI Catcher Catcher?

[Ronald F. Guilmette]

In message <address@hidden>, 
"Ralph A. Schmid, dk5ras" <address@hidden> wrote:

>> Thank you!!!
>> 
>> That's exactly the kind of information I've been looking for.
>
>These few words?! 

Yes.  I was only seeking information that would allow me to make
contact with people who have already done this stuff.  Now I have
that.  (I see no reason for me personally to try to re-invent the
wheel here, especially given how utterly unqualified I am to do so
in this case, as well as that fact that I now know of at least
FOUR groups that seem to have already done the necessary engineering
to create such things, i.e. (1) Aftenposten... a Norwegian newspaper,
(2) the group of researchers at  the Vienna-based SBA Research, and
(3) the guy at Privacy International who appears in the Youtube video,
and (4) the California guy who is going to be giving a talk on this
at DEFCON.)

>In fact all you need already exists, software to decode GSM network data
>already exists; you just need to put the pieces of information together.

I may be wrong, but I think that the same could be said of nuclear weapons.

Nontheless, even if I had the requsite materials I would have no immediate
plans to personally attempt to construct one in my basement.  It's just
too complicated for me, I have zero experience in this area, and as Clint
Eastwood (playing "Dirty Harry") once astutely said "A man's got to know
his limitations."

Likewise, I personally also have very nearly zero experience with and/or
knowledge of cellular data communications technology and/or standards.

>Means, look for MCCs/MNCs and ARFCNs, compare if they fit into the official
>band plan, check the LAC and cell IDs and T3212 and other timers and flags
>and have a look if they follow the official scheme...

No offense intended, but I had to giggle a little bit when I read the above,
just because it exemplifies what I said at the outset of this thread:  I
personally have zero knowledge of "radio" generally, except for the
trivial kinds of knowledge that anybody who took and passed a High School
physics class 40 years ago would have.  Thus, I'm 100% ignorant of
literally every single one of the acronyms you mentioned.  It's all
Greek to me!  (I *do* understand the trivial concept of a "cell tower ID",
but only because it was mentioned in the paper by the Vienna researchers,
and only because I have a ready analogy to draw on, i.e. the SSID of my
own local WiFi router.)

>Means, it is not only a matter of building some fancy device and writing
>some fancy code, you have to take the local network situation into account.
>The technical side is one thing, but intelligence is the main factor. There
>won't be a device to tell for sure that a tower is rogue, there must be some
>heuristics or some human that evaluates the data and knows the local
>network, knows how it should look like, to determine what may be wrong.

Yes.  Thanks.  I did at least understand this part, based on what I had
read already regarding the Oslo incidents, and also that Youtube video
where they tried to detect stingrays at a London protest demonstration.

In short, I understand that even with the best equipment and software,
all that can be said, at most, is that something in the air looks very
odd and/or exceptionally fishy.  That's enough for me.  Certainly, if
I can see that 3G and 4G signals appear to be being locally jammed
(thus forcing phones in the area to downshift to the far-less-secure 2G),
and/or if an alleged tower in a metropolitain area is claiming that
it belongs to a major carrier, but that it only supports 2G, then as I
understand it, those are fairly definitive signs that something extremely
fishy is going on.  And also, as I understand it, there are a few other
telltale indicators that could be looked for as well.

(I was interested also to see that the upcoming DEFCON presentation will
lay out, not only how to detect such anomalies, but also how to triangulate
the (exact?) locations from which they emmanate.  Although one might not
ever be able to assert 100% proof of the existance and operation of a
stingray within some specific aarea, just based on the signals floating
through the air, if one could actually triangulate the thing, one might
be able to take an actual pictures of it, and that, I think, would go
a long ay towards definitively proving that such a device was in fact
operating in the area at around the time that the signals in the air
raised suspicion that such a thing might be present.)


Regards,
rfg