An apparently original StingRay cell phone surveillance device listed on eBay was taken down by the company on Tuesday after 404 Media contacted it about the listing. The device, which was labeled as used, was up for sale for $100,000.
The device was listed as “Harris Stingray Cellular Phone Surveillance w/ Power Cord & Rolling Case - USED.” Photos uploaded to the listing show the device, numerous cables, and a StingRay operating manual with the original Harris Communications logo. A close-up photo shows the power switch, which glows green when turned on. According to the operating manual, this device was from 2004.
“Powers on. Not fully tested,” the seller wrote in the listing details. “Only pictured parts are included in listing.” When reached for comment about whether the device was real and any background information on how they had obtained it, the seller responded, “No background.”
Is this one of those things like the GPS trackers they just sort of plant on your shit by trespassing, and if you find them they typically come to collect them because their cover is blown anyway and they are expensive?
Or is this one of those things that you need to like… actively do things with? From the pics it looks like an active-use device but idk shit about 2004 tech so… (I was an adult, but barely conscious of things)
(I am just going into the basics, so ignore gross errors.)
It just fakes a cell tower. Because of the nature of how modern radios work, a phone will likely connect to the strongest signal it detects. The stingray acts as a “man in the middle” and relays the phone signal to an actual tower as if it was the original phone making the call. As it relays the call, the operator can listen in.
It’s akin to answering a call, making a call on another phone and then holding the two phones together.
(MITM attacks on HTTPS connections are similar, but there are some nuances with how the connection is decrypted and the re-encrypted.)
Yup that’s a good description. The scary part is that the new ones are sooo much better. And even work from the planes and helicopters and now drones.
Ah alright that makes sense, thanks :)
Why do they need these? They have backdoors at the providers. No need for a fake mast they control the real masts.
It’s easier to target a specific area or person, regardless of the provider and legalities can be ignored. Its best feature is that it’s portable and likely hard to detect because it doesn’t need to be turned on all the time. The second best feature is that training people to use it is probably really easy.
If backdoors exist or not, the setup and use would be significantly more complex. More people would be aware, there is more risk in getting caught, there will always be system logs somewhere, etc.