How You Are Spied On : Surveillance Devices

Around the world, security professionals gather at conventions where governments and corporations can view the latest in spy equipment. These events are sometimes called “spy bazaars.” The sale of surveillance technology is booming, and in most cases, this market is unrestricted by the West. This means that tyrannical governments can purchase the latest technology to surveil their populations, or buy the latest spyware to track their opposition. Today, I will give you a glimpse of some of the surveillance technology that is available to both governments and private parties.

I’m sure my list will be incomplete, since I don’t have any inside information. But what I do know is enough to make you nervous. It’s safe to say that the spy technologies available today are incredibly invasive and scary.

The Rise of Mobile Phone Surveillance

Technology for surveillance has shifted to mobile phones in the past decade. The most appealing tool for phone owners is wiretapping, which is the ability to listen in on phone calls. However, the majority of phone traffic today is digital data, such as texting or app usage. Therefore, the wiretapping concern can be broadened to include phone hacking, the most frightening of which is the remote access Trojan.
Remote access Trojans allow an external party to fully manage your phone as if they were physically holding it. Even reputable software programs like LogMeIn can be used for remote access, and they were formerly installed on many phones. T-Mobile even used it on their Android phones to provide technical support, which essentially allowed anyone to take control of a customer’s phone. Numerous app developers offer remote control software, and if you willingly download it from an app store, you have just enabled remote access.

Phones: A Surveillance Dream Come True

A cybersecurity research group discovered that the baseband modem SIM card contains built-in instructions that can be executed remotely. This vulnerability, dubbed SimJacker, is likely a government initiative program. It allows an external party with access through the phone carrier to remotely control the phone, including initiating phone calls, viewing and sending SMS texts, and silently dialing out (which activates the microphone).
In other words, phones are full of surveillance technology. The GPS and Wi-Fi modules are responsible for tracking locations, and every regular phone reports its updated location to the OS 24/7. This technology powers features like AirTag location, Find My Phone, and government geofencing.
Phones also have a gyroscope sensor, which can detect changes in position and space. This can be used to track movement precisely, including orientation. It is mostly used for gaming and UI, but it can also be used to gauge your actual physical position.

Mesh Networks: Surveillance for the Masses

iPhones use a peer-to-peer communications grid outside of the internet called the Apple Mesh Network. It is powered by Bluetooth. Amazon has a similar mesh network called Amazon Sidewalk. These technologies allow low-energy devices to communicate with each other over long distances, enabling surveillance equipment to send data to headquarters using only a battery.
The most common consumer device that uses this mesh is the AirTag, but other devices, including covert devices, can piggyback on it. When we think of surveillance, we think of the tech field.

Remote Surveillance: The New Normal

Most surveillance today can be done remotely through the internet using the data that you already reveal about yourself through your phone and computer.
For example, in the old days, wiretapping involved someone posing as a phone company repair person and installing a listening device on your landline. However, hardly anyone uses landlines anymore, so wiretapping has transitioned to devices called Stingrays or IMSI catchers.
Stingrays can be used to fake a cell tower and cause your phone to connect to it instead of an actual tower. This creates a “man in the middle” attack, which allows the attacker to intercept your phone calls and data.
Governments commonly use Stingrays to track people. When a Stingray is used, it can capture the identity of phones in the area by broadcasting an identifier called IMSI. In passive mode, a Stingray can also collect the IMSIs of all phones within its receiving distance.
For example, someone could park a van nearby with a Stingray and capture IMSI data, or they could walk around with a portable Stingray or fly it in a helicopter or drone.
While Stingrays are still used in some cases, there are now alternative technologies that are less resource-intensive. For example, the phone’s location is stored in Google’s Sensor Vault, so governments can simply subpoena this information from Google to identify phones that were within a certain geographic area during a particular time period.
This technique was used to charge around 1,000 people in the January 6th riots in the US Capitol, all based on their phone locations.
Law enforcement does not need to use Stingrays if they know the person’s phone number. They can simply access the account via a specific system to read text messages, listen to conversations, and track phone traffic, all with a point-and-click browser interface.
Stingrays are only useful when the people being tracked are unknown.
Interestingly, phones also broadcast a signal for near-access called a MAC address. This is broadcast by both the Bluetooth and Wi-Fi features. A MAC address is a unique identifier, so a listening device can record the MAC addresses of phones nearby.
When cross-matched against other data, such as from a camera, this information can be used to identify people. For example, buildings can have equipment that can track the movements of someone with a phone using this capability.
Facebook actually used this feature to track users and their proximity to other Facebook users in public places. For example, anyone near a wireless network at Walmart could be tracked as being near specific Facebook users.

Surveillance Vans: A Threat to Privacy

The surveillance van can be equipped with a variety of technologies to listen in on people inside a house. One such technology is to point a laser at a glass window and listen to the laser reflection. The laser reflection is so precise that it can measure minute vibrations in the glass from sounds.
Another technology is to use an empowered microphone. This type of microphone can be attached to a flying insect and flown into the house. The microphone will then reflect back data including sound.
Wi-Fi RFS can also be used to detect movements inside a house. This requires a receiver and nothing invasive has to even enter the house.
RFID tags can also be used to track people inside a house. The surveillance van can send out a powerful enough pulse to read RFID tags from a distance.
The best surveillance for proximity is to have a camera. Cameras are now everywhere, including on freeways and in neighborhoods. The photos from these cameras can be used to identify people and track their movements.
Private companies are also involved in the collection and use of surveillance data. For example, the company Palantir has contracts to collect and use surveillance data from various sources. Clearview is another company that provides facial recognition services to the government. Amazon is also involved in facial recognition, and its facial recognition AI is used by the government. Amazon also uses facial recognition data from Ring cameras and Amazon vans.

Smart TVs, Voice Prints, and Ultrasound Beacons: New Spy Technologies Revealed

Another spy technology that was revealed in Wikileaks is the ability of three-letter agencies to reverse the logic in a smart TV to turn the TV speaker into a microphone. The particular TV mentioned at the time was Samsung, but in general, any internet-connected device with a speaker and no apparent microphone could be tricked into turning the speaker into a microphone.
Many people have devices with speakers and microphones that are active spy devices but are ignored. These include Alexa Echo devices. Amazon is one of the largest government contractors, so it is not surprising that this technology could be lent to the intelligence community.
These same three-letter agencies have an unbelievable voice print capability. They are able to identify someone’s unique voice anywhere in the world in just a few moments. If your voice is heard through some electronic means, it can be voice printed. This can be even more sophisticated if the voice is matched to other data like facial recognition and device IDs.
Another interesting surveillance use of sound is ultrasound. Ultrasound cannot be heard by the human ear, but it is within the range of normal electronic devices to detect. For example, specific locations could have an ultrasound beacon transmitting location data. If you are having a phone conversation in this area, the ultrasound beacon could hear the conversation and transmit your location. This could be used in a terrorist thriller movie, or it could already exist and be unknown to the public.

Surveillance for the Masses: The Rise of Smart Dust and Other Cheap Tracking Devices

Government agencies have developed smart dust, which are tiny microprocessors that can be attached to people without them knowing. Smart dust can be used to track people’s movements. I don’t know how smart dust works, but it may be similar to RFID, which uses a particular frequency to communicate. Smart dust, like RFID, would be unpowered.
The limiting factor in long-term surveillance technology is power. Mesh networks can allow small devices to run on low power using CR80 batteries. Solar-powered devices with lithium batteries are also low energy and could in theory allow long-term surveillance. Solar power is very common now.
Tracking devices are now so cheap and available to the common man. One of the easiest to deploy is the Apple AirTag. Surveillance technology can now be done by anyone. Many people already surveil their spouses and kids using AirTags.
It is actually pretty easy to build a location tracking device using even a Raspberry Pi and just Wi-Fi triangulation. I have seen these types of projects on the internet, one even from a provider of location services itself. You could also just go low-tech and put an old phone in a car and connect it remotely to track where it is. With everyday technology, even hobbyists can turn into serious surveillance experts.

Surveillance in the Era of AI and Big Tech

Collecting surveillance data is one thing, but putting it in massive intelligence databases with AI is another issue. This takes surveillance to a new level.
One of the little-known secrets is the mass surveillance of all internet communications at TNT peering stations. A peering station is a place where local internet traffic is aggregated and then transported to different parts of the world. The point of a peering station is to avoid duplicating the technology for routing internet traffic.
ISPs contract with each other to handle the different legs of transporting data. AT&T is so big that it transports most of the internet traffic in the world, making it a centralized area where most of the data can be captured.
A three-letter agency put screening hardware on AT&T’s traffic to search for keywords and track IP addresses to determine the source and destination. This data is then forwarded to a huge database in Utah for safekeeping.
This means that every email you have ever sent or received could be available for posterity.
The problem is that peering station technology has been surpassed by the surveillance technology of big tech itself. Everything you do online is recorded and known by Google, for example.
Apple has the technology to automatically search content on millions of phones in an instant using AI-based client-side content scanning.
Tyrannical countries have the technology to break TLS encryption, which powers HTTPS. They do this by using fake RSA root certificates. This was a big part of what the old company Let’s Encrypt was doing until Google called them out and banned their root certificate.
However, this is still possible by forcing the installation of fake root certificates directly on machines.
Many people have heard of the NSO Group’s spyware Pegasus. This is an example of tech powered by zero days, which are hacks that have not been made public.

Surveillance and DNA: A Scary Future

The last surveillance attack I will mention is probably the scariest. There are now devices that can secretly collect your DNA, and of course, millions of people have already provided their DNA to 23andMe and Ancestry.com. Researchers are working on ways to reconstruct your face from your DNA. This would be an incredible new level of recognition, but it could also be used for racial profiling.
In China, AI is being used to identify Uyghur Muslims automatically and impose rules on them. Once a government collects valence data on a population and uses AI to understand each person individually, the AI can then be used to implement the government’s goals.
In other words, we are moving towards a future where governments can use AI to track and control their citizens in ways that were never before possible.


error: