Mobile location, the ability to track a target to his precise geophysical coordinates using a Harris StingRay or other IMSI catcher is one of the most widely used surveillance apps. An analyst, after all, can follow SIGINT/COMINT all day long – apprehending the bad guy is what counts.
At the same time, the use of mobile location data in lawful intercept and intelligence gathering remains one of the most contentious points in the surveillance vs. privacy debate. Federal laws, which date to the 1986 Electronic Communications Privacy Act, do not address location privacy. Local court jurisdictions apply a widely varying set of legal standards depending on the type of mobile location technology an LEA wants to use in a lawful intercept. Some states have passed their own laws placing onerous restrictions on the use of mobile location.
Rising above the debate, and serving clients that range from local police departments to the NSA, Department of Homeland Security, and federal, state and local police departments, one company stands out: the Harris Corporation.
Based in Melbourne, FL and ranked as the 11th largest government contractor for products that serve a range of needs — including electronic surveillance — US $5B per year Harris is the undisputed leader in technologies and appliances that can take agents straight to the target.
Hard to believe they started out more than a century ago in, of all things, the printing business. Founders Alfred and Charles Harris in 1895 patented an automated sheet feeder for the printing press that was such a vast improvement over processes then in use that they were forced, as the company history puts it, “to understate its capabilities in order to get potential customers to believe them.”
Time passed, the company sold off its printing business and by the 1970s was already established as a prominent innovator of advanced communications and IT capabilities for the military, intelligence community, space agencies and law enforcement.
Aside from excellence in all they do, one constant that remains from the early days: understating capabilities. That certainly applies to mobile location and related applications made by Harris.
Primer on Mobile Location
Before we dive into reviewing the company’s product suite in this area, a primer on mobile location tracking is in order.
The basis of cellular radio technology is the built-in capability of the network to know at all times where any connected device is located in order to receive and send calls and data to and from the device. This is done by having the network continuously “ping” all devices to determine their location as the device either remains stationary or is physically moved by the user transiting through the network’s region — or “roaming” onto another carrier’s network, where usage may incur additional charges. Aside from call routing and billing accuracy, an important benefit of pinging is the ability to locate parties for 911 “first responder” activities. For obvious reasons, continuous pinging is also extremely helpful in determining mobile location.
There are four principal types of mobile location data tracking device, and Harris products overlap with two. The four types:
- A “beeper ”attached to a suspect’s vehicle;
- Continuous signaling (“pinging”) of the suspect’s cell phone, either with the cooperation of the target’s mobile services provider — or independent of the provider by replicating a cell tower.
- Use of Signaling System 7 (SS7) to find the cell tower nearest to the target in real time; often used under authority of a FISC order to track foreign intelligence operatives offshore.
- Malware aka “Trojans” that augment the precise geophysical location of a target’s mobile device with the power to become its master: watching keystrokes; seeing every number or IP address contacted; turning on its microphone, camera or videcam to eavesdrop on conversations in a room or to capture images and videos of the target; viewing and even changing downloaded documents; and, issuing communications from the device as though they originated from the target himself.
A fifth method of mobile location has to do with historic records versus real-time tracking of a device, but we include it here for the sake of completeness:
- Use of a target’s mobile location records, stored by his or her CSP, to associate the use/day/time/whereabouts of the target’s mobile device with the location of a criminal or terrorist event.
Mobile Location with a “Sting”
Harris appliances fit into two of the five categories: cell tower replication and malware. The best-known is the Harris StingRay, which intercepts mobile communications to and from a target’s device. The least well-known is the Harris Hailstorm, which provides malware or “Trojan” capabilities. Let’s start with the StingRay and its offshoots: Kingfish, Gossamer, Triggerfish, Amberjack and Harpoon.
StingRay is a portable device that mimics a mobile network base station sending out signals. As the target travels through a network cell — the area serviced by a base station — his device assumes that the signal originating from the StingRay is from a mobile service provider’s radio tower. In the field, the StingRay can capture and track hundreds of device addresses, make a record of all calls made to and from the area, or focus on one target. Small and portable, the StingRay can be used anywhere, including in a vehicle. While the base unit is limited to signaling, Harris sells software add-ons that let the agent intercept call and message content.
Like StingRay, Kingfish tracks mobile devices, identifies users and connections to other devices, only in a more compact unit that can be concealed in a briefcase.
Gossamer provides similar functionality but in a hand-held model that resembles some of the original mobile handsets of the mid-1980s — clunky by comparison to a smart phone, but easier to tow around and use without notice than the StingRay. One important difference: the Gossamer lets the user initiate attacks on a target, essentially taking his mobile device out of action.
With Triggerfish, we’re back to a box design like the StingRay’s. Triggerfish also does mobile location — but in a much bigger way. The device can collect signaling data from over 60,000 devices simultaneously. Triggerfish also lets the agent intercept a target’s conversations on his cell phone, just like a software-enhanced StingRay.
Amberjack is a directional antenna that looks like a home smoke alarm. Magnets and a tie-down kit secure the antenna to a car’s roof, where it sits unobtrusively during an intercept. Used with StingRay, Kingfish and Gossamer, Amberjack’s contribution is signal monitoring that further helps the user zero in on the target’s location.
Harpoon, a companion device, is a simple amplifier that comes into play when the target moves out of range, or if the agent wants to maintain his distance. Harpoon amplifies the signal to and from the target’s device in either event.
A Trojan from Harris?
Tired of the Moby Dick naming conventions yet? Let’s move on to a Harris product that can race in on a target like a derecho: Hailstorm. Information on the Hailstorm is highly confidential and subject to Homeland Security Laws, hence Harris is tight-lipped on the subject. The raw data:
- The suitcase-sized device, deployed in a specialized vehicle, was first used by U.S. troops in Iraq.
- Hailstorm provides mobile location data and can intercept content.
- Reports indicate that the device also has embedded capabilities that enable it to take over the target’s mobile device. That would put Hailstorm in a league with products made by Gamma Group International. The Hacking Team, Oxygen and Vupen.
Applications in Law Enforcement
While the Harris family of mobile location (and more) products are commonly deployed for intelligence and homeland security needs, they are increasingly finding their way into criminal investigations.
Oakland, CA police acting under warrants have used StingRays to apprehend suspects in cases involving murder, attempted murder, kidnapping, gun recovery and witness intimidation.
Recent publicity surrounding the use of StingRays by LEAs has triggered objections from privacy advocates over their legality. Again, decisions on the legal standards of using mobile location vary widely from one court jurisdiction to another. However, when a court order is approved, use of mobile location technologies is entirely legal. And when mobile location data falls under the purview of homeland security, including when such devices are used by state and local LEAs, they are legally beyond reproach.
Of the innumerable companies that provide the same robust suite of mobile location and intelligence gathering capabilities, Harris is the front runner, earning our 5-Star rating.