Anarchist, Antifa, Antifa Ost, Error451, General, Germany, repression, Surveillance, Technology, Transcribed, United States, zine

Rayhunter with Cooper Quintin plus deBanking the Movement in Germany

This week, we’re sharing two segments.

"Rayhunter: Detecing Cell-Site Simulators (aka Stingrays) with Cooper Quintin | The Final Straw Radio – TFSR 2-22-26" featuring the logo for Rayhunter, an orca leaping and taking a bite out of a graph showing available cellular connectivity
Download This Episode

First up, a chat with Cooper Quintin, a senior staff technologist at the Electronic Frontier Foundation and developer of the Rayhunter. Rayhunter is open-source firmware to turn specific hotspots into IMSI-catcher, effectively scanning for and logging any signs of fake cell towers (often known under the brand-name of Stingrays) in the area. Law enforcement has at times deployed these as a way of collecting information about phones in the area and could use it to intercept some communications like sms or phone calls. Cooper talks about what’s known of law enforcement use of IMSI-catchers, what has been observed of the data collected by deployed Rayhunters, phone security at demonstrations and related topics.

Then you’ll hear Radio Ausbruch from Frieberg from this month’s B(A)D News podcast from the A-Radio Network talking about the repression and deBanking of anti-repression projects like ABC Dresden and Rote Hilfe in Germany based on pressure from the US government related to the so-called Antifa Ost case. This carries heavy implications for prisoner support, anti-racist and other social struggles.

Links

. … . ..

Featured Track:

. … . ..

Transcription

TFSR: Okay, thank you so much for coming on to the Final Straw Radio today. Could you introduce yourself, your name, any pronouns or affiliations you’d like to share?

Cooper Quintin: Yeah, hi. My name is Cooper Quintin. My pronouns are he/him? I work for the Electronic Frontier Foundation, where I am a senior staff technologist.

TFSR: Cool, and you are coming on with us today specifically to talk about your work around rayhunter. Could you share with us a little bit about what that work is and what you do with rayhunter?

Cooper Quintin: Yeah, so rayhunter is open source software to find sting rays or IMSI (International Mobile Subscriber Identity) catchers. To explain a little bit about what those are, a Stingray is a device that law enforcement uses. It pretends to be a cell tower. And it tries to trick your phone and any phones in the area into connecting to it instead of a real cell tower to get their IMSI, which is the unique ID that’s associated with your SIM card. This can be used to identify you. IMSI catchers or Stingrays, that is, their popular brand name, are typically used to locate people very specifically, right? So police can ask a phone company for the location of a person, and the phone company can give location based on their relative signal strength to the towers that they’re connected to. And this will give police an area of about a city block, or sometimes greater in rural areas. What an IMSI catcher can do is track a person down very specifically, right to the exact location that they’re in. Or to the exact apartment that they’re in, inside of a large apartment building, and give cops the ability to track people down in manhunts and that sort of thing.

The concern is that because they can identify all the phones in an area, they could be used to identify, say, for example, all of the people who are at a protest, or all of the people who are going to a specific mosque or an abortion clinic. And that’s what we’re more concerned about. Specifically. The other concern with IMSI catchers is that they could be used to do what’s called a “Man-in-the-Middle” attack. Where law enforcement could potentially listen in on your phone calls or read the contents of regular text messages, not like Signal messages or encrypted messages, but regular SMS messages as you send them. And that would be a big concern as well. So rayhunter is a piece of software that you can install on a $20 mobile hotspot. These are the devices that take your cell signal and give you a little WiFi access point which you can connect your laptop or your switch or whatever to. So there’s a lot of old ones out there that people haven’t bothered, that are just sitting in sort of overflow storage that you can buy for $20 on like Amazon or eBay. And rayhunter is a piece of software that you can install on that to turn it into an IMSI catcher or detector.

TFSR: Okay, so how did your development process for this go? How did the history of this get started? Is this a pretty recent thing we’ve been seeing with law enforcement, or has this been going on for a long time?

Cooper Quintin: Yeah. So Stingrays are actually an older technology as far as the surveillance space goes. So, the sort of first noted use of them was to catch the hacker Kevin Mitnick. And this was back around the year 2000. They used a Stingray, they actually called it a Trigger Fish, was the specific device they used. But they used it to locate one of the clone phones that he was using and arrest him.

TFSR: Yeah, I read his autobiography, and I think at one point there’s a manhunt for him, and there’s a helicopter overhead, right? And he’s like, “What if that was for me? I’m like, being totally overblown. It couldn’t be for me. Like, how would they know where I am?” And then it wound up being for him.

Cooper Quintin: Yeah, right, exactly when the black helicopters actually are for you, totally justified.

TFSR: Anyways, sorry.

Cooper Quintin: Yeah, they were actually driving a van around, looking for him, using a Trigger Fish device, because they had figured out the identity of one of his phones that he had cloned, and that’s how they caught him. And then so police have been using these for roughly the last 20 to 25 years. And they’ve been growing in sophistication. So the first ones, especially, like the Stingray, was sort of the one that really caught on and became, well there’s a term (genericized trademark) for this. Like when a brand name becomes the generic name for the thing, right? So that’s what happened with the Stingray.

And the Stingray only operated on old 2G networks, and there were a lot of problems with 2G, right? And so the telecom industry came out with 3G, and then 4G which were more secure. And the companies that build these devices had to come up with ways to attack these new protocols, right? There was 3G, 4G and now they’re doing the same thing with 5G. But police have been using these devices for the last 25 years and for roughly, we think, the first 20 years of that, they generally thought that they did not need a warrant to use these devices, at least for the location finding aspects of it.

Recently, however, it seems like in the last five years, most police departments around the country have decided that now they do, in fact, need a warrant for the most part, and the FBI as well. There was a FISA (Foreign Intelligence Surveillance Act) court document, where the FBI requested a warrant to use an IMSI catcher from the FISA court, and actually got turned down, and this was unsealed. And in that document, it mentioned that this was the first time that they had requested a warrant to use an IMSI catcher. So we think that, basically around 2020 there was this Supreme Court decision called Carpenter that prohibited police from getting historical cell-site location information, which is the sort of location information that I had talked about earlier, where the phone companies give police information on how strong your signal was to the towers or basically, roughly where you were. It prohibited police from using that data without a warrant, and it seems like the law enforcement community interpreted that as also applying to IMSI catchers. And now, for the most part, in the US, it seems that IMSI catchers require a warrant, and therefore maybe aren’t as attractive.

TFSR: I imagine the rayhunter would potentially help kind of fill in the blanks there when they are being used with or without a warrant, right? If we get enough data.

Cooper Quintin: Yeah, exactly. I mean, the reason that we built the rayhunter project is because we were getting the impression that activists all over the US were very concerned about Stingrays. Which is understandable, right? But they had the impression that Stingrays were being used all the time, right? And that basically, if you went to any protest ever, your phone was going to get caught by a Stingray. And I didn’t think that was exactly the case. So I first got interested in this during the North Dakota Access Pipeline protests. So I guess this was in late 2019, I went out there, and we had been receiving reports that the activists on the ground there were pretty convinced that IMSI catchers were being used. And some people sent us some screenshots from some apps that really looked like maybe there was some evidence of IMSI catchers.

I went out there and brought some equipment to try to figure out whether or not we could identify IMSI catchers being used on the protesters. I brought a couple of phones loaded with some of the apps that existed. I brought a couple of pieces of equipment called software to find radios, which is just programmable radios, and went out there and, you know, used the apps and scanned around. And what I figured out was that I had no idea what I was doing. The apps were seeing some things, but it was really impossible to tell whether these were false positives or false negatives. A lot of the apps were tuned to look for signs of what we knew, like what 2G-based IMSI catchers did, right? Those sorts of attacks. And the problem was there was no 2G service out there, at the No DAPL (No Dakota Access Pipe Line) protests at all. It was all 4G out there. They also had a temporary cell tower parked in the field across from the protests right? Theoretically, to give the protesters more access to cellular service, but what’s the difference between a temporary cell tower and a Stingray? It’s whose operating it, right? So we realized we needed to think harder on this, and we needed to have an idea of how to detect IMSI catchers better. We needed to have an idea of how native 4G or LTE IMSI catchers might work. And we needed to just get better at this, in general.

We worked on a couple of projects for a while, and then eventually I had another project called Crocodile Hunter, which required thousands of dollars of equipment, and it required you to understand C programming and Linux. And it was great for me, because I’m a huge nerd, but it was not great for the people that I actually wanted to be using this, which was like, activists and journalists.

So we went back to the drawing board and came up with rayhunter, which, like I said, it’s $20, you install it, you throw it in your pocket, and it’s easy to use. You don’t need to know anything about Linux or C programming, right? And this is something that we think that activists all over can take with them as they go to protest.

TFSR: And for clarification, the equipment is $20 and the software that you wrote is free, right?

Cooper Quintin: Yes, that is correct. So with rayhunter, our goals are to figure out how IMSI catchers are being used in the US, right? And to test my theory that they’re probably not being used against protesters all that much, but if they are, we want to know, right? That would be a huge concern. And then our other goals are to know internationally how often IMSI catchers are being used, right? That law enforcement in the US seems to think they need a warrant, but that certainly might not be the case in other countries. And then we want to have real sort of ground truth data about how IMSI catchers work, like how they work on a technical level, and then how we can stop them.

TFSR: Okay, I imagine that this stuff with the warrants has made them significantly less attractive than other options of surveilling people. So I guess it would make sense if they’re trying to push into international markets, if people here were getting a little bit over them.

Cooper Quintin: Yeah, for sure. I mean, when you look at what police have access to, and one of the tools that I’m looking at right now that police are using is a tool called Web Lock from a company called Pen Link, which Web Lock is a tool that takes the location data that your phone sends to advertisers, and that your phone sends to some of the apps that you use. And scrapes all of that from the bidding markets where advertisers bid to sell you ads. And puts it in a little map for cops to access. And they sell this to cops, so like police can, using this tool, draw a circle around an area and see information on all the phones that have been in that area, for the last, however, many days. And when I say all the phones, I shouldn’t say all the phones, but many of the phones. Any of the phones that have apps which are getting access to their location and sharing that with advertising networks.

But for any of those phones that are in this database, they can also click on one of those phones and look at a lot of its historical location, right? So you can see where that phone spends its nights, that’s probably that person’s home. You can see where that phone spends its weekdays, that’s probably that person’s work, right? You can see where that phone goes in the evenings, or on the weekends, or wherever. And that’s a terrifying amount of information which the police and ICE (Immigration and Customs Enforcement) can get just by paying this company a small fee. So when you consider that a that a truck mounted with an IMSI catcher costs about a million dollars, and it takes at least two or three members of the police force who are super highly trained and have to go run this thing. Why would they use an IMSI catcher when they can just use this tool, right? There are reasons you would use an IMSI catcher if you really needed to locate a specific person in real time. Like, if you’re on a manhunt. But if you just want to see who was at the protest, or you just want to see where somebody probably lives, this other tool, the Pen Link tool, is cheaper. It’s got no warrant requirements, and cops are going to use this every time.

TFSR: Would there be any reason to use the man in the middle capabilities of the Stingray? And also, for our listeners, you have a great talk at the Black Hat conference, where you talk a little bit more in depth about this history, and one of the things you mentioned was, I believe a scammer in France was sending “Man-in-the-Middle” attacks to folks driving around.

Cooper Quintin: Yeah, so the “Man-in-the-Middle” capabilities is something the police would love to do, right? That is almost certainly going to require a warrant. I don’t know, maybe I’m too constitution-brained here. But it sure seems like listening to an active phone call should require a tap-and-trace warrant. I don’t know. Maybe that’s just me.

TFSR: Yeah, I feel like scammers at least have helped people be pretty inoculated against random texts, even if it’s like, “Hey, where are you?” Yeah, like, come on, I know where this is going.

Cooper Quintin: From police, it’s definitely a concern, right? And especially in other countries. You know here, as the rule of law continues to disintegrate and we continue slide further and further into fascist dictatorship. I think that that becomes more of a concern, right? If ICE has been given total immunity and the ability to enter houses without a warrant, why would they necessarily think that they can’t also record phone calls without a warrant, right? I think that’s not a huge leap. The other side of the coin is that scammers are using this for “Man-in-the-Middle” attacks, not to listen to phone calls and text messages, but to send text messages from convincing numbers, right?

The story in France was there was this woman who is driving around France with some equipment in her car. She got pulled over because she was driving erratically. The police saw what they thought was a bomb in the back of her car. Called out the bomb squad. The bomb squad took a look at it and called out the IT department. When they took a look at it and realized that it was an IMSI catcher. And what she was doing, it turns out, was driving around, sending people SMS messages from the phone number of the French Health Ministry telling people “to go log in and update their data” or whatever. It was basically a phishing attack to get people’s credentials for health insurance, probably to do some sort of health insurance scam on top of that. The attack there is generally called an “SMS blaster”, and that’s something that we’re seeing more of, especially in Europe and in Southeast Asia. A lot of these sorts of scams were just sending out SMS messages from real phone numbers that people might trust more, or, think is real.

TFSR: And this is kind of an aside, but let’s say someone has the cell-site simulator. They’re trying to scam you. You’re busy. They drive away, and then you reply, does the French Health Ministry just get like, weird, random replies?

Cooper Quintin: Yeah, I think that they would. So, this feels a little sketchy to say, but if I was conducting this attack, what I would do is send a link along with that text message. And then try to convince that person to click the link and say something like, “This is an automated text message.” Or, just “type STOP to stop” or whatever, right? I think there’s a pretty specific format to those type of text messages that people almost never reply to. And if you indicate that it’s not something to reply to, but like, click this link to go log in and deal with your healthcare, I think more people will click that link then will reply to the message.

TFSR: Yeah, makes sense. Anyways, I’ve sidetracked us a little bit, but would you want to kind of talk about what it looks like for someone here in the US who’s worried about law enforcement and not random scammers, to get the device they need and set up rayhunter for the first time? And what does the process of that look like?

Cooper Quintin: Yeah, for sure. So unfortunately, the setup is the hardest part. But the way this works is, basically, you go buy one of these devices on eBay, or there might be some left on Amazon. We found eBay to sort of be the most reliable place to find them. So the device is called an Orbic device, and there’s a link to it. If you go to RayHunter.eff.org, you can find a link to an eBay search for them in our documentation and guides. You go buy one of these devices, and then once you get it, you go to our GitHub website and download the latest release of rayhunter. Then you have to open a terminal. You have to open a command line, and this is where it gets even worse. But, if you follow our documentation, you run one command. You connect to the WiFi of the device, you run one command, and it should just install it. Once you installed it, then it’s going to have a little green line at the top that indicates that rayhunter is running and it’s looking for Stingrays.

If that line ever turns red, that means that rayhunter has found something suspicious. Once that line turns red, you can again connect to the WiFi and go to the URL of rayhunter, which will (it’s in the documentation guide on the site), which take you to the sort of web interface for rayhunter. You can download the files of what it captured, and then you can send those to us on Signal, and we’ll take a look at them and tell you what we think. For safety purposes, let’s say like, if you’re at of protest or something, right? And your ranter turns red, that might be a good time to turn off your phone and tell the people around you to turn off their phones, right?

TFSR: Do you need to have a working SIM card in the Orbit device to do all this?

Cooper Quintin: You do not need to have a working SIM card, but you do need to have a SIM card. So, what many people do is take an old SIM card that they have laying around, or, if you don’t have one of those, go buy like a $1 SIM card from, you know, Walgreens, Walmart, Target, whatever, and just shove that in there, like a prepaid SIM and just don’t activate it, right? It does not need to be an active SIM card, but there does need to be a SIM card. If you do have an active SIM card, you can get a couple of things. You can use the hotspot as a hotspot, right? Which is nice if you want that sort of thing. You can also get push notifications to your phone when it detects something, which can be useful, because otherwise you have to kind of pull it out and look at it every so often.

TFSR: Do you know, offhand, if any of the prepaid plans that you can buy with cash offer the hotspot? Do you know if it has to be a different configuration with those?

Cooper Quintin: I bought one, and I can’t remember who I bought it from now, but I bought one, and It seemed to work just fine. They’re certainly out there. I think that a lot of them don’t even recognize that it’s a hotspot. It’ll work just fine. I wish I could remember who I bought one from, so I can tell people to just go use that.

TFSR: Because I might go try that with, like, a non-hotspot one, and see if it can work. Cool. So it sounds like, if you’re not totally technically comfortable it’s a little bit of an adventure. But if you have a technically minded friend, they might be a little bit disappointed by how easy it is.

Cooper Quintin: Yeah, that’s exactly it. That is exactly the reaction that we’ve gotten right? Like our hacker friends and our technically minded friends are like, “Oh, this is so easy, awesome.” And then, you know, being who I am, being a giant nerd, I forget that, like, most people don’t just have a command line open all the time. And so, for example, I did an install clinic with these, and I was like, “now, open the command line,” and just watched everybody’s faces drop. And I was like, “oh, right, that’s not a thing that normal people do.”

So yeah, the best bet is definitely, if there’s somebody in your in your community, in your town, right, that is sort of more comfortable with the command line, or a bit more technically minded, you can maybe just buy 10 of these and have that person set them all up. And then you can distribute them in your community, or in your group or town or whatever.

TFSR: Yeah, do you know if there’s any resources online for folks that might not have that person, or want to be that person, but you know, something goes wrong and they need a little help?

Cooper Quintin: Yeah, for sure. So we have documentation at rayhunter.eff.org. That’ll walk you through it. We also have a group chat on a website called Mattermost. There’s a link to that in the documentation. You can join that and get help from us. There’s also a few YouTube videos. That’ll walk you through the installation. I can’t speak to any of them specifically, but there’s a few of them that will help you walk through the installation.

TFSR: We can link some in the show notes too. Thank you for that. I just anticipate someone being really excited and then something going wrong.

Cooper Quintin: Yeah, absolutely. It’s really unfortunate. But the installation is also like the source of 90% of our bug reports, and 90% of our issues. It’s definitely the hardest part, but once you get it installed, literally all you do is throw it in your pocket and go about your day, right? The hardest thing to remember is just to keep it charged and to check it occasionally to see if the lines turned red.

TFSR: Do you have an idea of how close to the actual IMSI catcher you need to be? Like, should you be scurrying around the protest, block to block, trying to get close to it? Or can you be parked in a cafe somewhere a quarter-mile from the action and pretty sure you’re going to get everything?

Cooper Quintin: Yeah, I get this question a lot, and it’s hard to answer because it depends on a lot of different things. It’s going to depend mostly on how strong the signal is from the IMSI catcher. It’s going to depend on radio physics, so meaning, like, radio waves work based on line-of-sight. And how high up the transmitter is, how high up the receiver is, how dense the area is with buildings, how dense the area is with people, can all affect how far away you’ll be able to receive the signal. I think generally, if you’re in a coffee shop a quarter of a mile away, you’re probably not going to see it.

Also, I don’t think you need to, like, scurry block the block and be right up next to it. I think if IMSI catchers were being used at protests, being, you know, in the group, in the crowd, would be enough to detect it. And I want to say, on that note, that so we’ve been doing this project for a year now, and so far, we have not seen any evidence of IMSI catchers being used at protests. There was one report in a publication called Straight Arrow News, where they thought they had seen evidence of an IMSI catcher being used at a protest outside of a DHS (Department of Homeland Security) facility in Oregon. I disagree with that reporting. They actually had rayhunter with them, as well as a different system, and rayhunter did not detect anything. The detections from the other system, I took a look at the data, and I don’t agree with their findings. I didn’t see any evidence that there was an IMSI catcher present at that protest. So as far as I’m concerned, there’s been very little to no evidence of IMSI catchers being used at protests. I think it’s unlikely right now.

TFSR: Okay, what would that evidence look like? Just like the presence of an unexpected cell tower at a location where there normally isn’t one?

Cooper Quintin: So to get a little technical, it would basically look like a tower that is suddenly requesting your IMSI and then dropping your connection over and over and over again. And the best evidence would be if multiple people had rayhunter, for example, at a protest and they all detected that same behavior, that would be a really strong signal that there was an IMSI catcher around. Other than that, we actually have recordings from real, confirmed law enforcement IMSI catchers that we’ve been able to capture in a lab setting. So we have a ground truth. We know exactly what IMSI catcher attacks look like. And these are the sorts of things that rayhunter looks for, right? It looks for those same patterns that we saw in those commercial IMSI catcher tests. So that’s what we’re looking for. And if rayhunter had also found something at that protest, I would have been more convinced. But, rayhunter didn’t see anything suspicious at that protest at all. And we haven’t seen anything really at any protests, right? We have found what we think are pretty strong signs of IMSI catchers, but not in protest contexts. But it seems to be, usually, in a large city, right? At a sort of one-off event, which happens and then stops, but so far, hasn’t been coinciding with any protests,

TFSR: Okay, in what context have you seen this? Do you have any thoughts on the motivations of having them at these particular locations, at those particular times?

Cooper Quintin: So, yeah, the context we’ve seen them in is really, like, without context, right? It’s just sort of a random time of the day in a big city. What we’ve seen from police reports, that do talk about these, there was a court document about an ICE manhunt that used an IMSI catcher, and this was specifically HSI (Homeland Security Investigations). They had tracked a specific guy who had been charged with a murder and was on the run, and they had tracked him down to a house in Orem, Utah, using an IMSI catcher. Ironic choice of a town, given what would happen there just a few months later. Yeah, that was basically for a manhunt, which is exactly what law enforcement says they need IMSI catchers for.

So, you can’t, unfortunately, from the technical evidence, you can’t say, like, “Oh, it was this law enforcement agency and they were using it for this purpose”, right? That’s not something that rayhunter can give us, unfortunately. But based on the pattern of use and based on the court reports that I’ve seen, it really does seem like, for now, in the US, they are mainly being used, actually, just to do manhunts, just to do the sort of thing that they’re supposed to do.

TFSR: Have you all been FOIA-ing (Freedom of Information Act request) stuff around cell-site simulator use?

Cooper Quintin: We have. It’s hard to get good responses from law enforcement about these. We’ve occasionally succeeded in getting aggregate numbers of how often they’re being used. Like we were able to figure out that, for example, where I live, here in Oakland, CA, the Oakland PD had used theirs three times in, I think it was like 2017 and 2018 respectively two or three times each year. Another number that we got, actually not from a FOIA request, but it was from a FOIA request that got us marketing materials from one of the big companies, which is called Jacobs. That makes these, and in their marketing materials, they stated that the Fontana California Police Department, which is a suburb, it’s down in Southern California, a suburb of San Bernardino, had used their IMSI catcher 300 times between, I think 2019 and 2020. So they are using theirs constantly.

This begs the question, what are they finding the use of this for? You know, every other day, on average, right? Like, how are they finding so many uses for that? And is there a judge there that’s just signing all these warrants, or does Fontana, California still not think that they need a warrant to use an IMSI catcher?

So if you’re listening to this and you live in or near Fontana or San Bernardo. Please get in touch and build a rayhunter and send much more data from that area.

TFSR: Yeah, no kidding. Well, I have two questions, one, with kind of all of this concern about cell site simulators being used around 2020, in protests, do you think they just weren’t quite as widespread as folks thought? Or do you think that their use has really tailed off since then? If you can speculate.

Cooper Quintin: Yeah, it’s hard to say, because we don’t have that background information. I was really looking for these in 2020, here in Oakland, and I didn’t really find much evidence, but my system was not as good then. I wish we had had rayhunter back in 2020, it’s, I mean, it’s certainly possible that they were being used. If I had to guess, I would guess that they, before the requirement for a warrant, they were being used a lot more than they are now. But how much is hard to say, right? Again, at the end of the day, this is a million-dollar piece of equipment that requires some highly trained cops to use. I don’t think maybe they weren’t ever quite used quite as much as people think, or maybe they were right? But now that there’s a warrant requirement, cops hate getting warrants. That’s paperwork for them, that’s a judge they got to talk that they don’t want to, especially when they can get this data that’s almost as good, without a warrant.

TFSR: Okay, the second question is, given what we are seeing with the trends toward surveillance taking place through that potential geolocation data from advertisers. How do you think folks should respond to that as protesters?

Cooper Quintin: So there’s a few things you can do. The best thing you can do, and this will stop many different attacks that police use, is to turn your phone off when you’re at the protest. A lot of my peers give the advice of like, “leave your phone at home,” and that’s fine advice. But I don’t think it’s realistic advice, right?

People need their phones to get rides, to get in touch with their loved ones, to take pictures or document abuses or whatever. So, I don’t think that that’s really useful advice. Turning your phone off while you’re at the protest is a bit more realistic, and that would be the best protection. The next best protection you can have say you’re like, “I really need my phone to take pictures or document abuses” or whatever, is to leave your phone in airplane mode and then turn it back on after the fact. If you also need Signal or whatever to communicate with your group or with your people while you’re at the protest or, if you need to communicate generally, I would first off recommend using Signal, this is the bare minimum you should do, is use Signal. Turn off any sort of face unlock or fingerprint unlock, because a lot of courts have decided that police can compel you to unlock your phone with your face or your fingerprint, but if you have a password, only a judge can compel you to unlock your phone with your password. And then to keep your phone locked with a strong password, and then also to turn off location services. So this is a setting in Apple or a setting in Android, you can turn off location services, which will mean that no application is able to get your location, and therefore they can’t send your location to databases like the one that Pen Link runs.

All as a bit of what we call “security hygiene”, I think that right now, you can take out your phone and go through the list of apps that have access to your location and turn off any apps that don’t have a damn good reason why they need access to your location. Basically, like anything that’s not your maps app, turn that location access off. There’s no reason for that.

TFSR: Yeah. And then when folks are bringing their phones, if they’re on and the police do take them, it’s better to have them… the protections on the phone are stronger before first unlock, right?

Cooper Quintin: Yeah, that’s correct. So that is why I tell people to leave their phones off. Let me back up here. So the concern that we’re advocating for here, is that when you get arrested, police will take your phone and plug it into a machine called a Cellbrite or a Graykey, which, if your phone is unlocked, or if it can unlock your phone, it will make a copy of all of the data on your phone, including all of your Signal messages, all of your WhatsApp messages, all of your pictures, your location history, all of your text messages, all of your contacts, all of your calendar entries, everything.

It will make a copy of all of that for police to go through later at their own leisure, make connections between you and other people on the ground and, you know, troll for evidence to convict you or other people of crimes. The best protection you can have against Cellbrite, well, first of all, is to not get your phone taken, right? Which is why people recommend leaving your phone at home.

The second-best protection you can have against Cellbrite is to have your phone in what’s called “before first unlock mode”, which is where it’s either off or it’s on, but you’ve rebooted it and turned it on, but haven’t put in your passcode yet to unlock it. This means that all of your data will still be encrypted, and there’s very little that the police can get off it in that state. And it’s also less likely that police will be able to brute force your password, and unlock your phone through force, in that state. So if you can, if your phone has the ability, if you need your phone for pictures or whatever, right? My recommendation would be to leave your phone off, get a digital camera, take pictures that way. If you can’t do that, that’s going to be a financial burden for some people. I totally understand. Turn your phone on, but don’t unlock it. Just use the little camera button that’s on the front and take pictures without unlocking your phone.

TFSR: Yeah, makes sense. Easy, much easier, I think, for a lot of folks, then going totally without it.

Cooper Quintin: And then when the protest is done and you need to call somebody, you’re checking with somebody, you’re gonna ride home, then you unlock your phone.

TFSR: Yeah, great, thank you for that. Also, this a little bit of a tangent. But to bring things back to the cell site simulators, have you seen them ever, or heard of them being used in, like, conflict situations? Like, let’s say, right now, northeast Syria, so much of the conflict is really close to the border with Turkey, Ukraine, etc.

Cooper Quintin: Absolutely in conflict situations, cell site simulators are a big issue. We know that the US Army was using them a lot in Afghanistan and Iraq. I think it’s reasonable to assume that they were being used not just for their manhunting capabilities, but for their identification capabilities, for their ““Man-in-the-Middle” attack capabilities, for denial of service capabilities to try to disable IEDs (Improvised Explosive Devices) that had a cellular trigger on them for myriad reasons. And I think that you can assume, I think it’s safe to assume, that these cell system owners are being used for these same reasons in war zones around the world, in Ukraine, in Syria. Yeah. We would expect that to be very common. I would love to get some data from Ukraine. I’m not willing to do that in a way that puts anybodies’ lives at risk. So it’s a moot point, but you know, unless somebody who’s in Ukraine is like, “Yeah, I’ll throw one of these in my pocket, and I’m not going to think about it, and I carry a cell phone anyway, so I’m not worried about the extra risk to me or anything like that,” that would work. But you know, I don’t want anybody to do that without fully understanding the risks.

But generally, I would love to get more data internationally, because we’re not seeing these being used for infringing on free speech in the US. But I would love to know what’s going on internationally. And we actually have devices that work internationally. So the Orbit device, the one that’s used for the US, will work in Canada and in South America and Central America. We have another device which is made by TP-Link. I can’t remember the exact model name, but that should work in Europe and in most of Africa. And then the one blind spot we still have right now is Asia and Oceania. We have one device that works there, but it’s not a great device. We still don’t have a mainline-supported device that works there, and that’s one of our top priorities, is to get a device that will work really well out there.

TFSR: Okay, and you have some developers working with y’all to kind of beef up the support for the various devices, right?

Cooper Quintin: Yeah, so this is an open-source project. We have about 300 people in our channel right now. I’d say we’ve had contributions from probably maybe, you know, 20 or so developers. We have a couple of core developers within EFF, and then we have a couple of core developers outside of EFF that are volunteer developers that have really helped us out, a lot.

TFSR: Cool, we’ll keep our ears out for the updates for those other devices. Well, anything else that you would want to touch on?

Cooper Quintin: Yeah, you know, I think that the thing that I really want people to remember is that, as we descend further into a fascist dictatorship in the US that these people, they don’t have magical capabilities. The Panopticon is not perfect. They don’t have the ability to see and hear everything you do. And they don’t have, you know, 100% total surveillance of everything. And, even if they did, we still need to fight back. We still need to not allow this takeover of our country, right? And I’m so proud of the people in Minneapolis who are fighting back against ICE right now and are about to go on a general strike tomorrow. And I think what I want people to remember, and part of the reason I did this project, is I don’t want people to live in fear. We didn’t think that IMSI catchers were that prevalent, and we didn’t think that they had all the capabilities that activists seem to think they had. And so far, we’re seeing that to be true. And we hope that by spreading this information, people will be more willing and more excited to just go get out in the streets and fight back. Because that’s the most important thing we can do.

If we live in fear, if we assume that their surveillance is complete and total and that we can’t do anything, then they’ve already won.

TFSR: Yeah, yeah. And I don’t think we have time to go into it today, but there are a lot of other cool projects, specifically ones that use Bluetooth IDs to be able to identify and perform counter-surveillance against like cop body cams. I think some meta Ray-Ban counter-surveillance relies on the Bluetooth ID, although I’ve also seen a project that is, like, has another way of trying to identify them that was maybe not 100% ready, but I can try and link it in the show notes for folks. And there’s a variety of cool projects like this that let us kind of get an idea of where these things that seem to be surveilling us everywhere actually aren’t.

Cooper Quintin: For sure, or actually are right. So if I do have two minutes, I would love to plug the Oui Spy, which is the tool that you were alluding to just now. This is a really, really awesome tool. It’s just a little Bluetooth dongle that you can buy, and it has a little computer chip connected to a little buzzer. And you can load some software on it that will alert you whenever a Flock camera or license plate reader camera is nearby. Whenever an Axon device nearby, which is the company that makes the body cameras and smart holsters and other things for cops, it’ll alert you one of those is nearby. You can set it up to alert you when somebody’s wearing meta Ray-Bands. It’s just a really cool piece of counter-surveillance that I think is awesome, and I think is a great tool for activists to have around to map out the surveillance in their cities.

TFSR: Yeah. Anything else that the EFF is doing right now that you’d like to plug or bring to folks’ attention? I know you all do great work.

Cooper Quintin: So we have a lot of lawsuits going on where we’re suing ICE. We’re suing the government over DOGE. We’re suing ICE over the takedowns of various ICE-reporting apps from the App Stores. But the thing that I think is most important for people to know is that we have a really excellent set of guides called our Surveillance Self-Defense Guides, that will give you a number of ways to make your own devices more secure and protect yourself from surveillance. And protect your friends and family and community from surveillance. And those are constantly being updated, and we’re always making sure they’re accurate. We put a lot of work into those, and those can be found at ssd.eff.org.

TFSR: Okay, cool. We will link those in the show notes. Well, Cooper, thank you so much for your time today, and coordinating when we’re gonna meet, and putting together your presentation that we’ll link in the show notes and sharing all the information with us here.

Cooper Quintin: Yeah, super happy to be here. Thank you so much for having me on the show, and keep on, keep on fighting the good fight. It’s a really excellent show, and it’s an honor to be on it.

TFSR: Yeah, likewise, as a not so usual host, it’s been great to help out with the project.