Tuesday, January 5, 2021

Comsec Example

Ghislaine Maxwell may not be someone that we have a lot of sympathy for. If she is guilty of what she is accused of, her sentence will be long. That is not the point of this post. 

The Daily Mail published a article today that outlines how the FBI located Ms. Maxwell. They got a search warrant that allowed them to use cell phone metadata in their effort to locate her. That data used GPS and cell tower use data. With that the FBI was able to narrow their search to a one square mile in New Hampshire.

Another warrant allowed them to use a "stingray", a device that mimics a cell tower causing phones to provide information about location and registered user automatically. They used that within the narrowed search area and located her phone's exact position.

It took less than 24 hours from the issuing of the warrant to find and arrest Ms. Maxwell.


9 comments:

Old NFO said...

They know where you are if you own a cell phone... Period...

Toirdhealbheach Beucail said...

Not surprised - except in the speed of recovery. That is amazing.

Yes, if you own a cell phone - or more appropriately, you have your cell phone on you - they know where you are. One of my more conscious efforts this year is to try to go less places with my cell phone (once upon a time, of course, this was standard practice. You know, all of 10 years ago...)

Unknown said...

It is surprising to me that she chose to be in the USA at all, especially after Epstein's death.

I've a thought though -
• many data-using apps on a smartphone work fine without a SIM-card in the phone, so long as there is good wifi
• this includes VOIP phone apps
• While this is still traceable, it is with a lot more steps and a lot less resolution than geolocation of the phone or the phone's self-reporting it's GPS location to local towers for the telco's database.

It seems to me that even people who are skin-grafted to their smartphone should be able to make and receive calls and use their messaging apps while still obscuring their location, so long as they leave the SIM out and use VPN.

20 years ago when I wasn't really living in the USA but most of my clients were, I did a pretty good job of spoofing a US presence using a VOIP telephony service. This wasn't government-level search for my location -- just that I preferred to decide myself whether the 'gig' was 'too small for me to travel back', rather than have the clients assume that it would be. And some clients were intimidated by a foreign phone number and the need to consider time zones.

I had my first 'iPod touch' set up in 2007 such that I could make and receive calls on it wherever there was accessible wifi.

And for the past few years, I've had a subterranean office location with no cell signal for voice or data -- so it made sense to have all my cell calls autoforward to a voip number that finds my phone over wifi if the phone is connected to wifi. I'm no longer intentionally obscuring my location in the world, but as it turns out I'm still doing it unintentionally for much of the working day.

About 6 weeks ago I had to use some 'google docs' in a situation where I thought I needed some opsec, so I installed the "Location Guard" extention and used it for a week after configuring it. It seemed pretty effective in all the ways I could think to test it, and it had the interesting side effect that many websites even 5 weeks later think that every device on my home network is accessing the internet from the center of a large coastal city that is some 300 miles from my actual location.

Jonathan H said...

Agreed. She could have used a VPN and and VOIP to hide her location better; I'm surprised she didn't, but she may not have had a tech savvy person to advise her.

Staying in the US could be because she didn't have another passport, or because she liked it here and didn't think she'd be found - I doubt hiding was a subject she studied while she was part of the "in" crowd!

Aesop said...

Compare and contrast that with the "ease" and "speed" of locating both the Unabomber, and Eric Rudolph.
There are lessons there for those willing to learn them.

All cops, forever: "We only ever catch the dumb ones."

Eric Wilner said...

Something that occurred to me a few months ago...
Big Brother will be looking for patterns, and for unexpected changes in patterns.
Unfortunately, the family situation currently requires that I have my cellphone on, and with me, pretty much all the time.
For those without such constraints (not being the designated emergency contact, etc.), I suggest establishing a new pattern. Turn your phone off for a few hours a day, not always at the same time. Leave it on your desk, instead of in your pocket, when walking around home or office.
Once the pattern is established, there will be nothing different about your phone remaining in one place, or being turned off, while you nip out to a special event.
Oh, and TOR? Needs to be made easier to use, so more people will use it for non-subversive things that nevertheless call for privacy - I'm sure we can all think of examples.
Let's all think "Hammer Into Anvil."

Aesop said...

Nobody who isn't on the list of people who can board Air Force One, or a 10-figure-and-up stock/currency/commodity trader needs a phone.

You choose that level of availability.

1) Phones are cheap. Get several. Randomly switch around which one you carry, if any. Put one in a storage unit somewhere for a week. Pack it in the trunk of your teenager's car for a week. Hell, tie one to your dog's collar, and turn him loose in the woods for a couple of days.
2) Get a burner phone. Set it to automagically forward all calls to your actual phone. Only give out the burner phone number. Throw the phone away. Pay the bills. The switching takes place electronically, at Phone Co HQ. Now no one is ever calling you directly, and they can't do anything to track that. The number they're looking for is silent. (Yes, you can even make that not just an A to B, but also an A to B to C to Infinity transfer, if you want to.)
3) Anyone who got their kids an iPhone "so they could track them" and couldn't make the next connection to realize that Apple, and Big Brother, have done the same thing to you, isn't tall enough for this ride.
4)Unplug, unplug, unplug.

selsey.steve said...

I have resolved this problem of being traced by the location of my mobile phone.
I threw mine away after beating it with a hammer and burning the SD card.
I phone, via land-line, my wife during my breaks at work and that's it.
Want to call me? You know my home phone number. Use it.

Bear Claw Chris Lapp said...

And what exactly have they done to ms. maxwell? I imagine growing their blackmail information.