Stingray phone tracker

From Wikipedia, the free encyclopedia
Jump to: navigation, search

A StingRay is an IMSI-catcher, a controversial cellular phone surveillance device, manufactured by the Harris Corporation.[1] Initially developed for the military and intelligence community, the StingRay and similar Harris devices are in widespread use by local and state law enforcement agencies across the United States. Stingray has also become a generic name to describe these kinds of devices.[2]


The StingRay is an IMSI-catcher with both passive (digital analyzer) and active (cell site simulator) capabilities. When operating in active mode, the device mimics a wireless carrier cell tower in order to force all nearby mobile phones and other cellular data devices to connect to it.[3] In active mode, the StingRay is capable of performing multiple operations upon a cellular device: (1) extracting stored data such as International Mobile Subscriber Identity ("IMSI") numbers and Electronic Serial Number ("ESN"),[4] (2) writing cellular protocol metadata to internal storage, (3) forcing an increase in signal transmission power,[5] (4) forcing an abundance of radio signals to be transmitted, (5) tracking and locating the user of the cellular device,[3] and (6) conducting a denial of service attack. While it is also technically feasible for the StingRay to intercept voice and data communications while conducting a man-in-the-middle attack in cell site simulator mode, government documents only confirm key extraction and passive interception capabilities under the GSM standard.[6] Additional passive mode operations include (1) conducting base station surveys, which is the process of using over-the-air signals to identify legitimate cell sites and precisely map their coverage areas, and (2) signal jamming for general denial of service purposes, or to aid in protocol rollback attacks. The StingRay family of devices can be mounted in vehicles, on airplanes, helicopters and unmanned aerial vehicles, as well as carried by hand.

The StingRay's Active (Cell Site Simulator) Capabilities[edit]

In active mode, the StingRay will force each compatible cellular device in a given area to disconnect from its service provider cell site (i.e., operated by Verizon, AT&T, etc.) and establish a new connection with the StingRay. In most cases, this is accomplished by having the StingRay broadcast a pilot signal that is either stronger than, or made to appear stronger than, the pilot signals being broadcast by legitimate cell sites operating in the area.[7] A common function of all cellular communications protocols is to have the cellular device connect to the cell site offering the strongest signal. StingRays exploit this function as a means to force connections from unsuspecting cellular device users.

Extracting Data From Internal Storage[edit]

During the process of forcing connections from all compatible cellular devices in a given area, the StingRay operator needs to determine which device is a desired surveillance target. This is accomplished by downloading the IMSI, ESN, or other identifying data from each of the devices connected to the StingRay.[4] In this context, the IMSI or equivalent identifier is not obtained from the cellular service provider or from any other third-party. The StingRay downloads this data directly from the device using radio waves under a standard cellular communications protocol.

In some cases, the IMSI or equivalent identifier of a target device is known to the StingRay operator beforehand. When this is the case, the operator will download the IMSI or equivalent identifier from each device as it connects to the StingRay. When the downloaded IMSI matches the known IMSI of the desired target, the dragnet will end and the operator will proceed to conduct specific surveillance operations on just the target device.

In other cases, the IMSI or equivalent identifier of a target is not known to the StingRay operator and the goal of the surveillance operation is to identify one or more cellular devices being used in a known area.[8] For example, if visual surveillance is being conducted on a group of protestors,[9] a StingRay operator will use the device to download the IMSI or equivalent identifier from each phone within the protest area. After identifying phones being operated within the area, locating and tracking operations can be conducted, and service providers can be forced to turn over account information identifying the device users.

Writing Metadata to Internal Storage[edit]

Forcing an Increase in Signal Transmission Power[edit]

Forcing an Abundance of Signal Transmissions[edit]

Tracking and Locating[edit]

A StingRay can be used to identify and track a phone or other compatible cellular data device even while the device is not engaged in a call or accessing data services.

Denial of Service[edit]

The FBI has claimed that when used to identify, locate, or track a cellular device, the StingRay does not collect communications content or forward it to the service provider.[10] Instead, the device causes a disruptions in service.[11] Under this scenario, any attempt by the cellular device user to place a call or access data services will fail while the StingRay is conducting its surveillance.

The StingRay's Passive Capabilities[edit]

Base Station (cell site) Surveys[edit]

Denial of Service[edit]

Interception of Communications Content[edit]

Usage by law enforcement[edit]

The use of the devices has been frequently funded by grants from the Department of Homeland Security.[12] The Los Angeles Police Department used a Department of Homeland Security grant in 2006 to buy a stingray for "regional terrorism investigations". However, according to the Electronic Freedom Foundation, the "LAPD has been using it for just about any investigation imaginable."[13]

In addition to federal law enforcement, military and intelligence agencies, StingRays have in recent years been purchased by local and state law enforcement agencies. According to the American Civil Liberties Union, 42 law enforcement agencies in 17 states own StingRay technology. In some states, the devices are made available to local police departments by state surveillance units. The federal government funds most of the purchases with anti-terror grants.

Privacy International and The Sunday Times reported on the usage of Stingrays and IMSI catchers in Ireland, against the Irish Garda Síochána Ombudsman Commission (GSOC), which is an oversight agency of the Irish police force Garda Síochána.[14][15]


The increasing use of the devices has largely been kept secret from the court system and the public. In 2014, police in Florida revealed they had used such devices at least 200 additional times since 2010 without disclosing it to the courts or obtaining a warrant.[1] The American Civil Liberties Union has filed multiple requests for the public records of Florida law enforcement agencies about their use of the cell phone tracking devices.[16]

Local law enforcement and the federal government have resisted judicial requests for information about the use of stingrays, refusing to turn over information or heavily censoring it.[17] In June 2014, the American Civil Liberties Union published information from court regarding the extensive use of these devices by local Florida police.[18] After this publication, United States Marshals Service then seized the local police's surveillance records in a bid to keep them from coming out in court.[19]

In some cases, police have refused to disclose information to the courts citing non-disclosure agreements signed with Harris Corporation.[17] The ACLU has said "potentially unconstitutional government surveillance on this scale should not remain hidden from the public just because a private corporation desires secrecy. And it certainly should not be concealed from judges."[1]


In recent years, legal scholars, public interest advocates, legislators and several members of the judiciary have strongly criticized the use of this technology by law enforcement agencies.

Critics have called the use of the devices by government agencies warrantless cell phone tracking, as they have frequently been used without informing the court system or obtaining a warrant.[1] The Electronic Frontier Foundation has called the devices “an unconstitutional, all-you-can-eat data buffet.”[20]

Privacy Implications Upon Innocent Third Parties[edit]

See also[edit]


  1. ^ a b c d Zetter, Kim (2014-03-03). "Florida Cops' Secret Weapon: Warrantless Cellphone Tracking". Retrieved 2014-06-23. 
  2. ^ Gallagher, Ryan (September 25, 2013). "Meet the machines that steal your phone’s data". Ars Technica (Condé Nast). Retrieved August 22, 2014. 
  3. ^ a b Valentino-Devries, Jen (Sep 22, 2011). "‘Stingray’ Phone Tracker Fuels Constitutional Clash". The Wall Street Journal. Retrieved Aug 22, 2014. 
  4. ^ a b United States v. Rigmaiden, CR08-814-PHX-DGC, Dkt. #0674-1 Declaration by FBI Supervisory Agent Bradley S. Morrison, ¶ 5, p. 3 (D.Ariz., Oct. 27, 2011). ("During a location operation, the electronic serial numbers (ESNs) (or their equivalent) from all wireless devices in the immediate area of the FBI device [(i.e., the StingRay)] that subscribe to a particular provider may be incidentally recorded, including those of innocent, non-target devices.").
  5. ^ Wessler, Nathan Freed (2014-06-03). "Transcription of Suppression Hearing (Complete)". American Civil Liberties Union. p. 7. Retrieved 2014-06-23. "Additionally, once the equipment comes into play and we capture that handset, to make locating it easier; the equipment forces that handset to transmit at full power." 
  6. ^ "59 -- Network Monitoring System". FedBizOps. Drug Enforcement Agency. Archived from the original on Aug 22, 2014. Retrieved Aug 22, 2014. "The Harris StingRay system w/FishHawk GSM Intercept S/W upgrade is the only portable standard + 12VDC powered over the air GSM Active Key Extraction and Intercept system currently available." 
  7. ^ Hardman, Heath (May 22, 2014). THE BRAVE NEW WORLD OF CELL-SITE SIMULATORS. Albany Law School. p. 11-12. doi:10.2139/ssrn.2440982. Retrieved Aug 24, 2014. "For a cell-site simulator operator to induce a cellphone to camp on his or her cell-site simulator (CSS), all he or she needs to do is become the strongest cell in the target cellphones preferred network." 
  8. ^ In the Matter of The Application of the United States of America for An Order Authorizing the Installation and Use of a Pen Register and Trap and Trace Device, 890 F. Supp. 2d 747, 748 (S.D. Tex. 2012) (Law enforcement sought to use StingRay "to detect radio signals emitted from wireless cellular telephones in the vicinity of the [Subject] that identify the telephones (e.g., by transmitting the telephone's serial number and phone number)..." so the "[Subject's] Telephone can be identified." (quoting order application)).
  9. ^ Eördögh, Fruzsina (Jun 13, 2014). "Are Chicago Police Spying on Activists? One Man Sues to Find Out". Mother Jones. Retrieved Aug 24, 2014. "Martinez, who works in the software industry, first wondered about police surveilling his phone in 2012 while he was attending the NATO protests. 'I became suspicious because it was really difficult to use our phones[.]'" 
  10. ^ United States v. Rigmaiden, CR08-814-PHX-DGC, Dkt. #0674-1 Declaration by FBI Supervisory Agent Bradley S. Morrison, ¶ 4, p. 2-3 (D.Ariz., Oct. 27, 2011) ("[T]he [][StingRay] used to locate the defendant's aircard did not capture, collect, decode, view, or otherwise obtain any content transmitted from the aircard, and therefore was unable to pass any information from the aircard to Verizon Wireless.").
  11. ^ United States v. Rigmaiden, CR08-814-PHX-DGC, Doc. #723, p. 14 (D.Ariz., Jan. 5, 2012) (Noting government concession that the StingRay "caused a brief disruption in service to the aircard.").
  12. ^ "Police use cellphone spying device". Associated Press. 2014-05-30. Retrieved 2014-06-23. 
  13. ^ Campbell, John (2013-01-24). "LAPD Spied on 21 Using StingRay Anti-Terrorism Tool". LA Weekly. Retrieved 2014-06-23. 
  14. ^ Mooney, John (9 February 2014). "GSOC under high-tech surveillance". The Sunday Times. 
  15. ^ Tynan, Dr. Richard (15 February 2014). "Beirtear na IMSIs: Ireland's GSOC surveillance inquiry reveals use of mobile phone interception systems". Privacy International. 
  16. ^ Wessler, Nathan Freed. "U.S. Marshals Seize Local Cops' Cell Phone Tracking Files in Extraordinary Attempt to Keep Information From Public". American Civil Liberties Union. Retrieved 2014-06-23. 
  17. ^ a b Gillum, Jack (2014-03-22). "Police keep quiet about cell-tracking technology - Yahoo News". Retrieved 2014-06-23. 
  18. ^ Wessler, Nathan Freed (2014-06-03). "Transcription of Suppression Hearing (Complete)". American Civil Liberties Union. Retrieved 2014-06-23. 
  19. ^ Zetter, Kim (2014-06-03). "U.S. Marshals Seize Cops' Spying Records to Keep Them From the ACLU". Retrieved 2014-06-23. 
  20. ^ Timm, Trevor (2013-02-12). "As Secretive "Stingray" Surveillance Tool Becomes More Pervasive, Questions Over Its Illegality Increase". Electronic Frontier Foundation. Retrieved 2014-06-23.