Big Brother is
tracking you!
Part Two: by Dr David Maddison
Our article last month was about all the ways that companies or
individuals can track you, both in your online activities and as you
move around in real life, using your smartphone or another wireless
device. This second part concentrates on the ways that governments
monitor their citizens’ activities.
Source: https://unsplash.com/photos/9wXvgLMDetA
H
ere are just a few examples of
government surveillance of citizens. Since we “don’t know what we
don’t know”, chances are there is a lot
more going on behind the scenes. This
sort of monitoring can benefit society
if used to fight crime or help to fight
pandemics, but that relies on proper
oversight.
Retention of metadata
Under Australian law, records of
all telephone calls and internet access
(although supposedly not recordings
of the audio or specific website access)
must be kept by telcos and ISPs for a
minimum of two years. Text messages
are also included, although it’s not
clear if the content is also recorded.
The following metadata is retained,
according to the website at siliconchip.
com.au/link/abaf
• Your name, address, and billing
information
• Your phone number or email
address, and the phone number
or email of the person you’re communicating with
• The time, date and duration of a
communication
12
Silicon Chip
• Your IP address
• The location of the communication equipment you use; for example, the closest mobile tower
• The type of communication;
phone call, text, or email
• The amount of data uploaded and
downloaded
Almost any government department
is allowed to access this information.
According to the latest available information (2016), 60 departments were
included; there are probably many
more now. For the 2016 list, see the
ABC article at siliconchip.com.au/
link/abag
This seems to be a data-mining exercise, collecting data for its own sake,
because criminal law enforcement
agencies already had access to such
data with appropriate warrants. No
need for this massive data collection
exercise was ever demonstrated.
It seems that the main reason that
website traffic and browser history
was excluded was the vast amount of
storage required to do so. During discussions about the new laws, one ISP
(iiNet) said that this would require
1000 terabytes per day of storage.
Australia’s electronics magazine
As much as various politicians and
government agencies might want it,
recording all phone calls would take
considerably more storage.
Weeping Angel
Weeping Angel is a method devised
by the US CIA and British intelligence to listen in on the microphones
of smart TVs. It was described in the
WikiLeaks “Vault 7” release of March
2017.
The logo used for documents under
Vault 7: https://wikileaks.org/ciav7p1/
siliconchip.com.au
Fig.12: Malte Spitz’s recorded call data as seen at the interactive website siliconchip.com.au/link/abam You can explore
the data at that site in various ways. It was collected over ten years ago and seems relatively tame compared to what is
collected by both government and big tech firms today.
The exploit created a ‘fake off’ mode
to make it look like the TV was off,
even though the microphone was listening. You can view part of the Weeping Angel user manual and notes at
siliconchip.com.au/link/abah
It only works with specific models
of Samsung TVs. When it was brought
to Samsung’s attention, they said they
were urgently looking into it. It also
required physical access to the TV
and the insertion of a USB drive to
‘update’ the TV software/firmware.
Also see the video titled “Smart TVs
have a surveillance problem” at https://
youtu.be/KxjnjiVF8JE
Apps and uses Bluetooth Low Energy
to find other contacts within 10m.
Several countries use GAEN. Australia does not, instead adopting Singapore’s open-source BlueTrace protocol (https://bluetrace.io/). Australia’s
implementation is called COVIDSafe.
It is designed to detect contacts that
have been within 1.5m of the App user
for 15 minutes or more.
It is unclear why this App cost
$8 million to develop, costs at least
$75,000 per month to maintain and
has had little use despite 7 million
downloads. See siliconchip.com.au/
link/abaj
Mass surveillance
Electricity usage monitoring
While you might not be surprised
to hear of massive surveillance in the
People’s Republic of China, are you
aware that more than 691,000 CCTV
cameras operate in London alone?
According to US News, nine of the
ten most surveilled cities in the world
are in China (calculated as most cameras per head of population), but London comes in at number three. See
siliconchip.com.au/link/abai
Some people grow illegal drugs
in suburban houses. The grow lights
use a lot of electricity, so they usually bypass the electrical meters to
avoid paying the large bills and avoid
suspicion. Electricity companies can
detect line voltage drops via smart
meters around suspect properties, thus
revealing the presence of a possible
“crop house”.
Contact tracing
Authorities in Australia regularly
monitor sewage to track drug use
in various locations. They also look
for DNA fragments corresponding to
COVID-19 outbreaks. There is no reason they couldn’t or don’t look for
other types of DNA either, including
that of individuals.
In Australia, drug use is monitored
Both Apple and Google Android
have contact tracing ‘infrastructure’
(the “Exposure Notification Interface”
application programming interface
[API]) built into the operating systems.
This is known as Google/Apple Exposure Notification or GAEN.
This API is used by contact tracing
siliconchip.com.au
by the Australian Criminal Intelligence Organisation under the auspices
of the National Wastewater Monitoring
program. Around 56% of the population is subject to such monitoring. It
is not just restricted to illegal drugs;
nicotine and alcohol are included as
well. You can read their public reports
at siliconchip.com.au/link/abak
Location tracking
Telcos or governments can determine the location of a mobile phone
owner even if the phone is not in use,
since a powered-on mobile phone
is constantly communicating with
nearby towers. At the very least, they
will know the phone’s approximate
location. Certain technologies allow
for more precise triangulation.
Sewage monitoring
Australia’s electronics magazine
The COVIDSafe app is used by
the Australian Government for
contact tracing. It is based on the
Singaporean-developed open source
BlueTrace protocol.
December 2021 13
4G and 5G telephony can use
advanced beamforming so that rather
than a mobile tower transmitting
omni-directionally, a pencil-like beam
is directed to your specific phone. This
gives more precise location data than
tower triangulation alone.
WiFi can also be used to determine
the device’s location, as discussed
last month. The data collected is used
by the government and others. Malte
Spitz sued a German phone company
about location data his phone company kept on him (see Fig.12). He gave
a TED Talk on the subject in 2012,
which you can watch at siliconchip.
com.au/link/abal
Mobile phone data analytics
Governments are known to use
mobile phone data and analytics for the
following pandemic-related purposes:
1. COVID-19 contact tracing with
Apps (as mentioned above)
2. Using mobile phone location data
Fig.13: movement data provided by Vodafone to the government before and after
COVID-19 restrictions and published in the Sydney Morning Herald, 05/04/2020.
to monitor individual compliance
with movement restrictions
3. Using data analytics to understand the general movements of
people during a lockdown
4. Hot spot mapping to analyse the
movement of COVID-19 positive
people
See articles on these subjects in
Australia at siliconchip.com.au/link/
aban (Sydney Morning Herald) and
siliconchip.com.au/link/abao (AusDroid). The second article is about
Vodafone handing over anonymised
mobile phone movement data to the
Australian government – see Fig.13.
Sale of surveillance tools to
Australian government
According to the 2015 ABC news
The fourteen eyes
Fourteen Eyes refers to an agreement between the governments of 14 countries: Australia, New Zealand, Canada, the
USA, the UK, Germany, France, the Netherlands, Belgium, Italy, Spain, Norway, Sweden and Denmark. The intelligence
services of these countries collaborate and share information.
The concern over this is that it’s often illegal for an intelligence agency to spy on the citizens of their own countries,
as they exist mainly to prevent the operation of spies from overseas, and there is concern that they could abuse their
powers otherwise. However, there’s little stopping the intelligence agency of country A from spying on the citizens of
country B, then passing their findings on to the government of country A. In fact, there is growing evidence of this sort
of activity, especially since the 2013 NSA leaks (see https://w.wiki/3xsV).
This is the main reason why we suggest in the article that if you’re looking for secure online services, you look for
those hosted outside of this group of countries. Of course, that’s no guarantee that nobody is spying on their services,
but it does improve your chances that if someone is spying on the service, they are not passing that information back
to members of our own government. Note that in no way does a desire for privacy imply any wrongdoing or intent of
wrongdoing any more than does putting an old fashioned letter into an envelope (in most countries).
Five Eyes (USA, Canada, UK, Australia, New Zealand)
Nine Eyes (France, Netherlands Denmark, Norway)
Fourteen Eyes (Germany, Sweden, Belgium, Italy, Spain)
14
Silicon Chip
Australia’s electronics magazine
siliconchip.com.au
article at siliconchip.com.au/link/
abap several companies have tried to
sell various spyware and tools to the
Australian government.
One example is the tool RCS or
Remote Control System, it can “siphon
off data and listen in on communications before they are encrypted”, and
is made by an Italian company called
Hacking Team.
“Once a computer or mobile phone
is infected the tool can read emails,
switch on the microphone or camera
on the device, identify passwords
and record Skype calls”. For more
information on RCS, see https://w.
wiki/3xtV
ECHELON
When discussing privacy, the subject of ECHELON comes up frequently.
It is a surveillance program operated
by Australia, Canada, NZ, the UK
and the USA (collectively known as
Five Eyes). Its existence is well documented.
In 2001, The Guardian reported that
ECHELON is “a global network of electronic spy stations that can eavesdrop
on telephones, faxes (now obsolete)
and computers. It can even track bank
accounts. This information is stored
in Echelon [sic] computers, which
can keep millions of records on individuals. Officially, however, Echelon
doesn’t exist.”
Theoretically, it is used for military
and diplomatic intelligence and not
against innocent persons, but there
have been claims of abuse.
Fig.14: the discontinued L3Harris Technologies StingRay II for interception
of mobile phone communications. Source: www.engadget.com/2016-01-28california-secretly-listened-to-cellphone-calls-from-the-air.html
ECHELON is said to use voiceto-text technology so keywords and
context can easily be automatically
determined. Presumably, this is common practice for interceptions done
by other government agencies. That
is pretty standard technology today.
IMSI catchers
IMSI (International Mobile Subscriber Identity) catchers are devices
used by various law enforcement agencies (and conceivably criminals) that
act as a fake mobile phone tower or
“cell site simulator”. Thus, surveillance can be undertaken without cooperation from phone companies and
with or (potentially illegally) without
warrants.
They use what is known as a
‘man-in-the-middle’ attack, where a
phone user thinks they are connecting to an official, secure mobile phone
tower or site, but they are actually connecting to an IMSI Catcher device. The
device performs all the normal functions of a phone tower, but with the
added “feature” of data collection.
StingRay (see Figs.14 & 15) was a
particular brand of IMSI catcher made
by the US company now known as
L3Harris Technologies. However, they
discontinued sales and support of
StingRay in June 2020.
See the videos titled “The Stingray: How Law Enforcement Can Track
Your Every Move” at https://youtu.
be/wzSgLpNrr2E and “How Stingray
technology works” at https://youtu.be/
HyONknZ_x_g
Fig.15: a page from
the manual of a nowobsolete StingRay,
released online. You
can find copies of the
manual if you search
for it.
siliconchip.com.au
Australia’s electronics magazine
December 2021 15
L3Harris also made products such
as Kingfish (a hand-carried version
of StingRay), Harpoon (a device to
enhance the capability of the StingRay), Amberjack, Arrowhead and
Hailstorm.
Apparently, a popular replacement
for the L3Harris StingRay is the Octasic Nyxcell V800 PBU/F800 TAU.
Many US Government departments
have online contract bids to acquire
this device (no picture is freely available).
Other manufacturers of IMSI catcher
devices include:
• Ability Computers and Software
Industries (Atos)
• Boeing subsidiary Digital Receiver
Technology’s ‘DRT’ devices
(hence another name for these
devices, “dirt boxes”)
• Datong (Seven Technologies
Group)
• Gamma Group
• Martone Radio Technology
• Meganet Corporation
• Octasic
• PKI Electronic Intelligence
• Rayzone
• Rohde & Schwarz
• Septier Communication
These devices have been in use for
decades.
Information that they can collect
includes:
• A phone’s location
• The IMSI or ESN (electronic serial
number, a 32-bit number embedded in a wireless phone and also
printed on it) and other identification details
• Call metadata, such as who is
being called and the duration
• The content of voice calls and
text messages
• Websites visited
They can also be configured to divert
calls and text messages, edit text messages and spoof the identity of the origin of text messages and voice calls.
These devices can also collect all
phone IDs in a geofenced area.
There is a PDF report about the
extensive use or overuse of IMSI catchers in Canada and abroad: siliconchip.
com.au/link/abaq
In that report, some of the uses for
these devices are quoted as follows:
• Confirming the presence of a
device in a target’s home before
a search
• Identifying an individual responsible for sending harassing text
messages
• Locating a stolen mobile device as
a precursor to searching homes in
the vicinity
• Locating specific individuals
by driving around a city until a
known IMSI is found
• Mounted on aeroplanes to allow
the United States Marshall Service to sweep entire cities for a
specific mobile device
• To monitor all devices within
range of a prison to determine
whether prisoners are using
mobile phones
• Reportedly at political protests
to identify devices of individuals attending
• To monitor activity in the offices
of an independent Irish police
oversight body
Operation Ironside, arresting criminals & Australia’s lack of privacy laws
The story of Operation Ironside is a
good illustration of how government
surveillance can prevent crime and
also how poor Australia’s privacy laws
(and civil liberties in general) are compared to other democratic countries.
The story begins in 2018 when an
informant for the US Federal Bureau of
Investigation (FBI) developed smartphone software called AN0M which
supposedly provided anonymous,
encrypted communications. It was
quickly adopted by various criminal
operations (see https://w.wiki/3xsU
for more details).
The informant supplied communications data to the FBI, who then
shared it with the Australian Federal
Police. This led to almost 300 arrests
in Australia and over 800 worldwide.
Many of the charges had to do with
the importation and distribution of
banned drugs, although apparently at
least one murder plot was uncovered
by the operation.
The interesting part is that, despite
there being many AN0M users in the
USA, no arrests were made there as
much of the ‘overheard’ messages
would not be admissible in court
as evidence, as that would require
warrants to be issued approving the
eavesdropping. For those warrants to
be issued, there would have to be a
valid reason to suspect the surveilled
individuals were involved in criminal
activity.
It appears that Australian authorities do not have to operate under such
strict rules.
According to the ABC article at
siliconchip.com.au/link/abb4, this
is because Australia’s privacy laws
are amongst the weakest of any
democracy. As stated in that article,
“… innocent parties’ data could be
obtained, stored and used in ways
that they would never have foreseen”.
If there is just one lesson to take
away from Operation Ironside, it’s
that you can’t trust unknown third parties to uphold your privacy. If an App
or service claims to be anonymous
or encrypted, absent laws ensuring
those things being true, you should
assume they aren’t. And even if such
laws do exist, those services could
operate overseas, outside those jurisdictions. So you clearly need to know
whom to trust.
In fact, based on the information
recently revealed by the Australian
Federal Government at siliconchip.
com.au/link/abb5, the Australian government will have even more power to
monitor online activity.
The various logos used in Operation Ironside (also known as Operation Trojan Shield), from leftto-right you have: ANOM’s app logo (AN0M or ANØM), the AFP’s logo for the operation and the
FBI’s logo for the operation. See https://en.wikipedia.org/wiki/ANOM
16
Silicon Chip
Australia’s electronics magazine
siliconchip.com.au
See also the comprehensive video
titled “Catching IMSI Catchers” at
https://youtu.be/eivHO1OzF5E
In that video, it is stated that for
US$1400, it is possible to build your
own IMSI catcher, and while this is
documented publicly, we don’t suggest you do as it is certainly illegal.
However, it is clear that criminals
could make their own IMSI capture
devices. Further details on IMSI catchers can be found on the EFF’s website:
siliconchip.com.au/link/abb6
Tower “dumps”
As reported in the Sydney Morning Herald at siliconchip.com.au/link/
abas, Australian authorities use tower
“dumps” to track criminals. A tower
dump provides the “identity, activity
and location of any phone that connects to targeted cell towers over a set
span of time”.
Old-fashioned listening at the
exchange
The Author recalls how the introduction of GSM (2G) to Australia in
1993 was delayed by about a year
because the exchange equipment had
to be modified to ensure authorities
could intercept any conversation at
will.
This is despite the same exchange
equipment being accepted in other
countries, which therefore introduced
GSM earlier.
There is a contemporary article in
the Australian Financial Review on
this, at siliconchip.com.au/link/ab3d
No doubt, this capability still exists
and likely has been enhanced now.
as the Australian Taxation Office or
Australian Electoral Commission,
according to www.passports.gov.au/
protecting-your-privacy but presumably any other agency that wants them
can get them, including foreign governments in some cases.
License and passport photos
Finding patterns in aerial or
satellite imagery
Governments routinely digitise
drivers’ licences and passport photos
and put them in databases so, like it
or not, your picture is in a national
database. That means that you can be
automatically recognised and tracked
by camera systems with access to that
database.
Australian governments employ
extensive facial recognition systems
within a National Facial Biometric
Matching Capability. Services include
the Face Verification Service (FVS), the
Face Identification Service (FIS), the
National Driver Licence Facial Recognition Solution (NDLFRS) and “Other
Face Matching Services may be added
over time”.
For more information on this, see
the Australian government (OAIC)
website at siliconchip.com.au/link/
abat
Australian passport photos can also
be shared among other agencies such
Terrapattern was a project of The
Frank-Ratchye STUDIO for Creative
Inquiry with the purpose of matching
patterns in satellite images.
An image such as a tennis court
is selected, then all similar-looking
tennis courts from the satellite imagery database are found. The software
uses a Deep Convolutional Neural Net
(DCNN) to assist with image recognition. We are unaware of this project
still being active.
See Fig.16 and the video titled
“Terrapattern (Overview & Demo)” at
https://youtu.be/VHv5W7Ei80s
An example of use for financial or
state-based intelligence is finding and
examining all images of oil storage
tanks. As the oil level changes, so does
the floating roof of the tank. By examining the shadows cast, it is possible
to determine the oil levels of tanks in
a particular region, which could influSC
ence the price.
Fig.16: a Terrapattern search of objects in satellite imagery that look like oil tanks to determine oil level from shadows.
This is a screengrab from the YouTube video at https://youtu.be/VHv5W7Ei80s
siliconchip.com.au
Australia’s electronics magazine
December 2021 17
