The tricky thing about stuff like this is that the majority of people at protests (and in the general population) are incredibly tech illiterate. They are easily exploitable, but also prone to misunderstanding what they're seeing when things go weird with their devices.
We know that hacking and spying on protestors happens, because there are FOIA (and similar state level public information act) requests that have revealed it. We also know there is collusion between private tech firms and the government at all levels that utilize questionable tactics (Stratfor leaks; Barrett Brown just got out of jail for covering this collusion as a journalist and Jeremy Hammond is still in jail for leaking it). So, something is certainly happening at Standing Rock. It is a protest against perhaps the most powerful interests in the world (oil and gas and international finance) so surely every tool available is being used against them.
So, this is probably half paranoia and half correct. It's hard to know which parts are correctly diagnosing the symptoms, however.
Also, some of the practices are likely unconstitutional, by most reasonable interpretations, but we long passed the point where the US government gave a damn about that when it comes to tech privacy.
"The tricky thing about stuff like this is that the majority of people at protests (and in the general population) are incredibly tech illiterate."
Combine this with the fact that even those who are tech literate are in fact illiterate in many ways. As a result, sadly exploitation becomes in many ways trivial and virtually undetectable even when targeted at the literate. This year as an example it was discovered that if you use proxies on iOS or macOS because you are trying to protect your privacy, that opened you up to having your HTTPS communication fully intercepted:
This flaw dated all the way back to the earliest versions of iOS. What else is out there? Here we are in 2016 and we've not even mastered 22 year old proxy technology when it comes to secure implementations and worse, as a technical community, told people that using anonymizing proxies was a way to protect themselves. There are likely hundreds, if not thousands of ways to intercept and tamper with traffic including HTTPS what we are not aware of yet.
> "So, this is probably half paranoia and half correct. It's hard to know which parts are correctly diagnosing the symptoms, however."
If you believe the story, then tech-savvy people have caught attacks whilst they were happening (the article mentions they spoke to someone that demonstrated a Wireshark re-enactment of ARP attacks performed on networking equipment at the camp).
Even those parts of the story leave much to guessing and theorizing. I believe wholeheartedly that the government at many levels is spying on these folks, probably using illegal techniques. I just don't know that the explanations given in this article are right.
Whilst it's healthy to have some cynicism about news stories (and the reasons they're spread), I wonder what level of proof you'd be looking for before you were convinced. Aside from finding equipment involved in the alleged signal jamming, what sort of information is likely to convince you? If someone took the time to triangulate the source of these attacks and could link those locations to government officials, would that suffice?
Oh, I think you're assuming I'm more skeptical than I am. I believe they have one or more Stingrays on site. It would be silly to assume they don't, given the history of use of Stringrays at protests.
I also suspect the number of active cell phones on the networks in that area is probably a hundred times higher than usual; there's probably enough cell traffic happening there to saturate the current capacity many times over. This can lead to cell phones dying faster than usual (searching for signal), cell phones coming online and off, failing to send large files, etc. It can look like "jamming", even when there is no nefarious activity actually happening.
So, I'm not trying to argue nefarious shit isn't going down. I have absolute confidence it is; I know too much about our nation's history with protestors to think otherwise. I don't know that airplanes are carrying the Stingrays (or other cell phone hacking devices) or WiFi honeypots. I don't know that all of the unsecured networks are honeypots put up by law enforcement. etc. I'm saying the specifics of their assessment may be wrong, not that the hacking and spying isn't happening. It's picking nits, in some regards.
But, the motivations of law enforcement are sometimes misinterpreted by protestors, and the capabilities of law enforcement are sometimes over-estimated, even by people that understand the technical side of things. Law enforcement does shady stuff all the time, particularly in dealing with protestors, but, local police also don't have particularly strong technical teams. If the FBI is involved, then things get murkier. They have the resources and the expertise to do probably more than the worst thing we can imagine them doing (and possibly the will, as well).
But, to be clear: I support the protestors, and think that the abuses they've endured in all of this have been criminal. Indigenous peoples in the US have been treated like garbage from the very beginning, and it continues today; this very reservation has been shrunk and unilaterally "renegotiated" (sometimes with guns) multiple times due to profit motives. The reservation has been shrunk on behalf of gold miners, and for major river re-routing, flooding, and damming projects. Even if these folks were making huge and unreasonable demands (which they aren't) I would still support them.
I'd like to see a more thorough investigation of what's actually happening, by someone with a bit more expertise than Cracked. Wireshark dumps are great, but that's just the beginning of an exploit post-mortem.
There are a few comments questioning the journalistic abilities of the article and despite that they did mention that someone else with more resources ought to take over, they could have done a bit more. A few days ago I came across a youtube video regarding this protest. It showed Peaceful protestors getting shot by rubber bullets, attacked by dogs and I don't remember what else against a heavy militarized police force. Wanting to know a bit more, I was surprised how good their website looked. And also, under special cases like this one, instead of criticizing certain pain points, support in any way should be given. Whether it be fact checking, increase awareness, whatever. What I saw on that video should never happen, anywhere, no matter the reason, and much less over the protection of WATER.
Ship in the water in big tankers. Like they do in the Middle East. In any case heavy handed military sort of dealing with people can massively backfire. Right now it's American Indians with small numbers in the future it might be alt-right conservatives with millions of supporters and lots of guns. It's a two way street with violence, you could start an insurgency if the other side had enough numbers and felt that you were acting out a war scenario. This is not good for any sense of democracy or civil rights to engage in this sort of behavior with locals. Which again points to a sort of racism when dealing with rights of minorities, especially economically disadvantaged minorities, compared to advantaged minorities like Corporations.
If everything in this story is true (and I see no reason to doubt it), then there is a 0-day being used here in the wild to hack gmail accounts for political purposes. There really need to be some security engineers (ideally Google security engineers) on-site investigating, both to identify and fix the exploits being used, and to establish their use later for legal purposes.
I don't think so. The phones connect to a honeypot network and send over their credentials. The person who controls the honeypot now has their gmail password and so can use it to login and change their password.
I doubt your implication that they've broken the TLS layer just by having a honeypot. It sounds like they are taking advantage of exploits to own the phone itself based on their power on/off ability and may be stealing credentials straight out of memory. Or they are putting up a fake gmail honeypot as well and grabbing the passwords from there, but this seems less likely since most people use apps on their phones. Worst-case they actually do have a Google certificate and have in fact broken Google's TLS.
Gmail credentials are supposed to be delivered over an encrypted connection. Controlling the network should be insufficient to see passwords in transit. That said, passwords are a poor form of authentication that is prone to interception by poorly configured clients, HTTP downgrade attacks, and typosquatting login forms. I wouldn't jump straight to "0day".
I've seen this particular article before and despite me being fairly liberal, seems kind of lazy for journalism. It's a bunch of heresay with no conclusion, but clearly wants to draw the reader's opinion. The author admits that they aren't a place with an investigation budget and "someone else" should look into it. This damages the story - which seems likely to be happening to some degree - to the point where it is completely lost to someone who isn't fully aligned with the conclusion ahead of time.
I mean, a simple technical fact check of one paragraph that they could have enhanced by speaking with someone who understands these things:
> would talk about their cellphone signals cutting out just as drones circled above.
OK, plausible
> Mobiles would switch themselves off and on again -- not in pocket but in hand.
If they mean turn on and off, unlikely. Maybe rebooting via DDoS on the baseband, but we're jumping into suppositions and inventions here.
> Camera apps were opened out of nowhere
Pretty unlikely
> and batteries would drain by enormous percentages, killing the phones in minutes, rather than the steady decline of any device pinging back and forth searching for a signal
That seems plausible. DDoS on a phone by making the bandwidth burn power.
Note this important comment at the end of the article:
... we've really got to get back to writing about
Back To The Future. Some site with an "investigation"
budget should probably take it from here.
This is Cracked. While their writing is often a lot better than their clickbait headlines suggest, they are still primarily a comedy/culture based site. This story is way outside their usual style, and they know that.
Why isn't this story being covered by other reporters that do have experience investigating government, technology, the oil industry, etc? Cracked is reporting on this because it's important and the only coverage the larger media has given to the pipeline protests has ranged from "nothing" to "reading the police press release".
""That seems plausible. DDoS on a phone by making the bandwidth burn power."
That's not what is happening. IMSI catchers are well known to ask their victim handsets to transmit at full power - which your phone almost never has to do normally.
The article fails to mention that Standing Rock is currently a very cold place. From what I can tell, it's been below freezing for weeks now.
In those conditions, batteries can drain much faster, report capacity incorrectly and then fail unexpectedly. It's probably magnified by all the extra work the radio has to do to find and hold a signal from the overloaded rural cell towers.
And anyone who's used a phone in extreme cold with gloves on knows that touchscreens can do a lot of weird things, including opening apps unexpectedly.
My hunch is that a large part of the reports are hearsay by visiting protestors who aren't used to the conditions.
>> Camera apps were opened out of nowhere
>Pretty unlikely
I thought the same thing, that this is pretty unlikely. But then, most of my personal experience is with iOS, which is pretty well buttoned down. With Android on the other hand, all bets are off. We can't even talk about the security of Android sensibly because there are so many old and unpatched versions out there. So from that perspective, maybe it's not as far fetched as it sounds.
If some or all of this is real -- someone in the command chain above these resources needs to reshape their thinking and fast! Talk about a quick way to radicalize individuals against the society in which they are embedded:
- Visitors from all over the country come to a welcoming self-supporting nature camp with friendly people behaving peacefully and protesting the destruction of nature for profit
- Apply violence to those people
- Attempt to disrupt these people's ability to communicate about their experience
That kind of visceral experience is the stuff of which revolutions are made. Lately I can't stop thinking about this quote from JFK:
Those who make peaceful revolution impossible will make violent revolution inevitable
I've been following the DAPL protests for a couple of weeks now. The actions of the police have already begun to backfire massively. For example, around 2000 veterans are due to be arriving at Standing Rock over the next couple of days in support of the water protectors. Whilst these veterans have said they won't be bringing weapons, I suspect their presence will increase the mainstream media attention on the protests.
I agree it's sad that the MSM has largely ignored the protests so far, but sympathetic social status is not the only way to get attention.
The thing that really gets the MSM interested in a big story like this is when it fits into a narrative that doesn't undermine their corporate funders. For example, if the protesters had turned violent they'd be all over this like white on rice, as it let's them paint the protestors in a less favourable light. They're only reluctant to get involved because they'll find it hard to spin the story the way they want to.
Relevant part of the Constitution, the first amendment:
"Congress shall make no law [...] abridging [...] the right of the people peaceably to assemble, and to petition the government for a redress of grievances."
Full first amendment:
"Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances."
The real problem is, when all you need to justify a crackdown is to make a peaceable assembly unpeaceful, it's relatively trivial to insert agent provocateurs to instigate violence and fade into the background or through the police lines as they push. Therefore I think there needs to be a massive congressional inquiry into the use of agent provocateurs domestically, and laws passed to prevent that usurpation of our Constitutional rights.
> "The real problem is, when all you need to justify a crackdown is to make a peaceable assembly unpeaceful, it's relatively trivial to insert agent provocateurs to instigate violence and fade into the background or through the police lines as they push."
It has been suggested that this tactic has already been tried in the DAPL protest, with an DAPL-linked employee called Kyle Thompson:
No need for agent provocateurs; most crowds react poorly when riot police start pushing them around. For example, to enforce a curfew against a peaceful crowd => riot => see, the curfew was justified! They were rioting!
Just to expand, lack of cipher status is a massive problem on every phone produced in the last decade. I've not had a warning on any smartphone I've used (Apple, HTC, Samsung, Microsoft etc) or for that matter on any feature phone I've used, including going back to things as old as the Nokia 3310, 6310, 8100 or as new as things like the Nokia 105 or E51.
Even on a handset that supports the indicator (the spec says all should) the spec also says this can be overridden by the SIM card and apparently most sim producers and macro operators disable the warning by default anyway.
It's also worth pointing out that I'm only aware of this being part of the GSM spec. I don't know what happens with CDMA (which I believe is prevalent in the USA) and 3G and 4G _can't_ run without encryption so it should (theoretically) be a non-issue there too.
Speaking of radio... one of the water protectors has been flying a small drone with a camera to try to monitor the pipeline progress. He explained that sometimes this was difficult because he would lose control when the drone was within a small-ish (10-20m? maybe?) radius of a specific building or work site. The drone was programmed to auto-return if it lost signal, so the operator was usually able to regain control a few seconds later.
Does anybody know what legal status is for jamming? I believe the FCC usually considers interfering with other transmissions to be some sort of violation, but it's been a very long time since I studied radio law (my amateur radio license expired >20 years ago).
I'd suggest there has been far better coverage of the protests that can be found from non-comedic sources, but you're not going to find insightful coverage from the mainstream news.
Overall, the best coverage I've found has been from TYT Politics. Whilst I dislike the clickbaity nature of the main TYT channel, the TYT Politics channel is surprisingly decent. Here's one example of the coverage from TYT Politics, giving clear evidence that the police have been lying to the press:
I'm not really on board with the whole anti pipeline narrative but this kind of action is really inappropriate. The FBI can't catch two Russian kids with a pressure cooker before they become a problem but they can spend god knows what screwing around with protesters. If it was just doing "back-end" stuff to help out the state police who should be running the show then I'd be less not ok with it. If it was the typical dragnet eavesdropping bs applied to everyone they see come or go then I'd chalk it up to business as usual but I'm going to call foul on using cell site simulators anything but sparingly. The FCC should be very pissed off about the FBI for this. The Telecom companies should be very pissed off at the FBI anialiating their QoS.
It has been reported, yet the government has still not backed down in attacking its own citizens over legal and morally correct actions.
The news should continue to be reported until it is no longer news, especially given the large scale anti-American technological effort being mounted by our own government to protect the interests of Big Oil.
Morally correct? That's a pretty questionable statement.
The protesters tried to cause a privately owned herd of buffalo to stampede into the construction site... This resulted in a number of buffalo and a horse being killed.
The protesters are causing damage to construction equipment owned by individual owner-operators. Small businesses. This isn't right. This isn't standing up to the government, or civil disobedience, it's destruction of private property.
And before someone accuses me of not caring about the people there... I grew up about 30 miles away from where the main protest is happening. These are my family members... on both sides.
You going to give up your car and not use any oil? If so, great, you've got a leg to stand on. But we have thousands of miles of pipelines across this country. Pipelines are more efficient than trains or trucks... as long as people still use oil, we still need oil pipelines. What's the alternative?
The Oil industry has no future, and anyone who continues to invest in it or further the goals of that industry isn't a very good investor and is prioritizing short term profits over long term investments.
One of the largest drains on the US economy is the fossil fuels industry. There is no future for them. We, as a society, need to admit this, and move on.
How do we appologize to future generations, "Sorry, we raped the land, we killed innocent people, you're dying of cancer, because temporary money was more important instead of using better energy production methods"?
I've never heard of a solar farm having a sunlight pipeline leak, or earthquakes caused by fracking the ground for wind reserves, or people mining renewable energy and the mines collapsing and killing dozens.
People's lives have monetary value: they are assets that are worth something. It is not profitable to sacrifice assets of such high value for such unimportant things.
So, yes, morally and financially correct.
And the alternative? Tesla. Either buy their car, buy a car from someone that licensed their technology, or buy a brand new... ancient relic from the past.
Do the math. It's going to take time to switch off of petroleum. Even if Teslas were free, it'd take decades to replace all the existing cars with Teslas. You want us to do nothing in the interim?
We're in the process of moving on, but we can't stop everything while it's happening.
The fact that you think people in North Dakota should be driving Teslas... it's pretty shitty uneducated thing to say. Compassion, right? Understand what people need to do, what they want to do, and suggest alternatives. You aren't even trying, just spewing, "Oil is bad!" sound-bites. This isn't Reddit...
Please note that there isn't a single Tesla supercharging station in the entire state of North Dakota. 0. So... I guess you want those people to just... move? Die off? What exactly is your plan here for the people who live in North Dakota? Give up oil tomorrow, give up jobs that provide for their families, and... what exactly do they do next? It's a process, it'll take time.
You're clearly clueless and haven't ever been to North Dakota. Understand that most roads aren't paved, many people live in rural areas, when it rains... we're talking massive washouts and mud you can't drive a car through. Mud that a 4-wheel drive pickup gets stuck in.
And you're there saying those people, and everyone, should just instantly overnight drive a Tesla. Smart.
Refusing to authorize the construction of more petroleum-extraction infrastructure is a great way to spur market-based activity toward switching away from petroleum. If fossil fuels are cheap, people will keep using them. When fossil fuels become more expensive than the alternatives, people will switch. We do not have very much time left - we've been hanging out in the "interim" you propose for at least thirty years now, which is as long as I've been aware of the issue - so we really do need to push on both ends of this equation.
First, it hasn't been 30 years. The Tesla is the first sort-of-viable alternative to most cars that hit the market. And... I say "sort-of-viable" because you can't tow a horse trailer or throw hay bales off the back of a Tesla. So... see my previous comment, it's not a viable alternative.
The oil pipeline represents the kind of economic engine that allows the people of North Dakota to be able to afford Teslas. Look at the state... it's filled with industrious people (very very low unemployment rate), who make not a lot of money (very very low average wage). Besides, nobody is talking about NOT having a pipeline, they're just talking about moving it. One way or the other a pipeline is getting built, it's just a matter of 10-15 miles one way or the other.
If I'm hearing you right, you'd rather ship oil from over seas (the amount of carbon released is staggering), or ship it via truck, because building a pipeline is wrong and bad and evil. Because... why exactly? It'll be a generation or more before we're off petroleum, won't happen over night. Does it make sense to be less efficient, and make it harder for the people in that state to earn money, while we wait?
The pipeline will function for the rest of our lives... we aren't getting off fossil fuels that quickly. Think about not only cars, but pickups, tractors, construction equipment... on our ranch we had a 50+ year-old bulldozer that we still used. Those sorts of big-engine items won't be replaced by solar power for a lifetime or more. Not like we could have afforded to buy a new bulldozer... fossil fuels... plan on them being here for our lifetimes. I understand climate change, I don't think it's a great thing, but it's just the world we live in.
You're the one that wants to ship oil overseas. The oil that Energy Transfer Partners intends to pump through the DAPL is not for domestic use. They promised otherwise, of course. They also promised that this pipeline would provide jobs, which conveniently ignored the truck drivers the pipeline would replace.
The DAPL oil is intended to be exported[1]. This has the convenient effect of allowing the very dirty shale oil to be sold to countries that have weaker carbon regulations. ETP (and those that fund them) is trying to work around environmental regulations for profit. The only connection to the US economy or oil supply is the damage their pipelines will do to the ecosystem.
I realize it's hard to break free from propaganda once it's affected you, but I recommend verifying the facts and investigating the larger situation before believing talking points that happen to align with big business profits.
It's been at least 30 years since we've known that we need to stop burning fossil fuels. The fact that it has taken this long to actually begin the transition reveals a terrible failure of global political leadership - and the US government is one of the worst culprits.
The cost of solar power dropped as rapidly as it did because governments - in particular the government of Germany, though others followed along with similar programs - chose to heavily subsidize solar panel installations. This stimulated a rapid increase in the level of investment in solar panel technology and in the factories which produce them, which led to a rapid improvement in both power-generation efficiency and manufacturing efficiency; the whole industry scaled up, and now we live in a world where generating electricity via solar is cost-competitive with fossil fuels, with no further need for subsidy.
The fact that "the pipeline will function for the rest of our lives" is exactly why we need to stop building pipelines. We don't have the rest of our lives to wean ourselves off this petroleum addiction. It's not about replacing the pipeline with ships or trains; it's about making petroleum expensive and inconvenient so that non-petroleum-based solutions can become more competitive. We need petroleum to become more expensive, and we need the cost to rise quickly, because that's the only way we're going to stimulate the kind of investment that will enable the kind of scale-up that will let us accomplish the enormous infrastructure reinvestment we should have started working on long ago.
Yes, it sucks for the people of North Dakota that their lifestyles are unsustainable, and it's going to be hard times ahead for them as they figure out other ways to live. It's going to suck much, much more for the many millions of people around the world on the verge of being displaced, impoverished, and probably even killed as a result of the climate change we are creating by continuing to burn petroleum products.
No, it won't happen overnight, but this is not overnight. We've known this for decades. We have already been running down the clock. We can't just magically demand more time, and more time, and more time, while continuing to do things the way our parents and grandparents did them.
If you think we can continue living this way for the rest of our lives, you really don't understand climate change. One way or another, our lives are all on the verge of changing. Do you want to choose how that change happens now, or wait til it is forced on you?
There's a difference between knowing we need to stop, and having an alternative. The way you paint it... people should have just woken up in the 70s and said, "Yup, guess it's time to let my kids starve... I can't be driving this car to work any more... it'll be better for the planet if we all just die off since we inconvenience people on the coats."
What's kind of funny... North Dakota has a LOT to gain from global warming. Look at their location. A flip to what you're saying is... "Hey, maybe all those people who live on the coasts should move someplace that could stand to have an extra 4-6 degrees added to the average annual temperature." I say that tongue in cheek, mostly to point out how silly it is to mandate change.
People have to decide for themselves, right? Freedom and all that. Telling one of the poorest states that they need to forgo economic improvement because people in coastal states say that global warming is bad... it's exactly like me saying you should move away from the coasts. You don't get to decide how others live any more than they get to decide how you live.
It gets old hearing, "oil is bad" -- we've certainly heard all the doom and gloom for a long time. People need viable alternatives. Just saying, "Yes, it sucks for the people of North Dakota that their lifestyles are unsustainable..." you aren't going to get anyone to side with you. Not your point, but you also realize that the power of government derives from the consent of the governed -- right?
I split my time growing up in Seattle and North Dakota... and I'm quite purple as a result. It's important to see the big picture. The reason Tesla is tying in self-driving cars to electric cars. They know that as soon as more people start driving electric cars... the price of oil is going to tank. Even with amazing strides towards solar, wind, hydro... because of those strides even... we're faced with 50+ more years of oil. As oil prices fall... it's just that much harder to buy an electric car. They need a hook... and self-driving is just that.
But it's not like we have to cut off all oil use tomorrow. Especially in more rural areas, places that can absorb the CO2, places like North Dakota... the places that have too many people, where nature can't possibly hope to keep up... those are the places that need to stop using oil. Right? So putting the burden on North Dakota... cities, people in cities should bear the lion share because they're the ones causing the most damage.
I really wish they would have confirmed that the attacker was in a plane. If this really was the FBI, has there ever been a case where the U.S. government was this flagrant at hacking citizens?
At the beginning of the article they author mentions that there is no cell signal once you reach the camp.
Wouldn't a Cessna with a Stingray on board show up on your cell phone as a signal?
It was my understanding that the way the Stingrays works is that they broadcast a pilot signal just like a regular cell tower albeit a spoofed one.
Wouldn't you be able to see that your cell phone all of sudden has x bars signal when you hear or see the Cessna and then that signal would disappear when the Cessna leaves?
Cessnas are not that quiet and they aren't capable of flying that high to the point that you couldn't hear or see them right?
There's no way they would stoop that low. They can just as easily block service with a stingray and avoid causing interference for everything other than the target. There's also the issue that a jammer will also block 911 calls so I don't really see why the FBI or any domestic law enforcement would want a simple jammer instead of using a stingray to selectively block service. There's really only downsides to it when compared to using a cell site simulator.
I'm not sure you are familiar with the history of the police state. Just when you think they won't go below a certain bar, then do. Why do you think, when performing any other manner of illegal and unconstitutional things, they wouldn't add one more to the list, especially when there seems to be no repercussions?
I'm also reminded of occupy wall street, in which is was found out after the fact that:
"Banks sat down with FBI officials to pool information about OWS protesters harvested by private security; plans to crush Occupy events, planned for a month down the road, were made by the FBI – and offered to the representatives of the same organizations that the protests would target; and even threats of the assassination of OWS leaders by sniper fire..." - Revealed: how the FBI coordinated the crackdown on Occupy - Naomi Wolf
Much later we even found out the CIA had some involvement, and that's an organization which is not supposed to operate domestically! So, I think you are being naive in putting the abuse of zero-day cell exploits past them, especially when it might not even be the police forces themselves, any number of three-letters could just be seeing this as a good realistic training exercise to test out their latest toys.
"Why do you think, when performing any other manner of illegal and unconstitutional things, they wouldn't add one more to the list, especially when there seems to be no repercussions?"
Because there's just no incentive for them to use a jammer as opposed to a cell site simulator. With all of the news of government corruption I absolutely wouldn't assume that the government isn't doing something nefarious, but with corruption, it has to be driven by some incentive, there isn't really one here.
"So, I think you are being naive in putting the abuse of zero-day cell exploits past them"
I'm not saying that they wouldn't do this, just that they wouldn't ever bother with jamming specifically other than maybe for a bomb scare.
I was referring to a literal jammer as opposed to using a cell site simulator and null routing everyone's data. Using an actual jammer is simple and cheap but it's also illegal and I don't believe the FBI could use one outside of exigent circumstances.
Reading this I was immediately reminded of the Del Rio Water scenes from Sleep Dealer [0]. I find the prescience of that film quite remarkable, although I suppose events like these have played through before, just without the technology aspect.
First, someone should look at the coverage map of the area. Verizon and AT&T are iffy, and Sprint and T-Mobile are non-existent.
Second, the article starts with "The demonstration at Standing Rock, North Dakota is the largest gathering of indigenous people in modern American history." which is taken from the source material's statement "The largest gathering of indigenous nations in modern American history".
The article cannot even get its first fact correct, and frankly I would dispute NBC's statement as well. I guess we haven't heard of Pow Wows and government meetings.
I also notice that both articles seem to gloss over the indigenous versus non-indigenous ratio. Not good for the narrative I guess.
Also, to be truthful there was a fairly sustained attack on all North Dakota networks when that damned actor from the avengers said the state should be hacked. I guess he forgets that all the tribal schools are on the ND network. Maybe some of the protesters were caught in that?
[okay fine, cracked is factually untrue, but I get down voted for being here - wtf?]
They mention unsecured Wi-Fi?
Either way, openly attacking citizens accounts seems... surprising for a government agency confronted to peaceful protesters?
I don't doubt the US (or German, or UK, etc) have the technical capacity to do such things, but would they risk it be discovered for such a "low" target as a natural site?
If true that probably means they have much more powerful tools at their disposal for "true emergencies"...?
If they've connected to Gmail before they would have received HSTS headers. So I'm not sure what you are suggesting? Could you elaborate on how you think GSM cipher downgrades lead to stolen Gmail credentials?
edit: Furthermore Chrome/Firefox implement HSTS preload lists on which gmail.com is included. [0][1]
The article said people were reporting that Gmail accounts have been hacked in an environment where malicious Wifi APs are prevalent. Your post said that report "sounds suspiciously false."
My reply contended that it's possible. A device running something other than a recent version of a modern browser is entirely susceptible to connection to Gmail over a non-TLS pipe or TLS to a MITM, especially when that device is using a fake Wifi AP.
Citing that the state of the art in browser technology exists does not change that point.
> Citing that the state of the art in browser technology exists does not change that point.
> Do you agree it's possible the claim is true?
HSTS preload lists are not new (the Mozilla blog I referenced above is dated 2012).
> The article said people were reporting that Gmail accounts have been hacked in an environment where malicious Wifi APs are prevalent. Your post said that report "sounds suspiciously false."
If it's a case of 'technically illiterate user entered gmail credentials on a wifi-login page' than that can happen on literally any wifi-AP. I'm saying that the claim that phones are being forced to connect to fake base-stations mounted on Cessna's (which is possible) is not at all substantiated by reports of people's Gmail accounts being hacked, the later just sounds like lazy journalism as another commenter has pointed out.
I very much doubt the claims are as narrowly scoped as that. As you say, it's either imprecise journalism or merely repeating the reports of people who are (by definition) terribly confused about what's going on.
By the way, I wouldn't call these people technically illiterate. The way you're using that term sets a bar so high that it includes almost everyone. If many people were at that level of technical literacy, we wouldn't have needed HSTS in the first place.
You folks are talking about HSTS and Browsers, but with phones there's a quite simpler attack vector for grabbing email credentials: IMAP. If the FBI has a certificate for imap.gmail.com that is signed by a CA, they can MITM that route.
Even for my 2FA GMail setup (where each non-2FA enabled app gets an app-specific password), doing IMAP MITM will get the app-specific password, which would enable further IMAP access.
I can see something simple like redirecting random pages to a fake login page. The average person will fall for the simplest of attacks so it wouldn't surprise me to hear that they were just using a captive portal that asked for their Google account credentials to use wifi.
This doesn't even seem that different from how gmail actually works -- before I stopped using it I was always astonished by the insane chain of redirects the browser is directed through before eventually seeing the login screen.
There's also a screenshot of an iPhone lock-screen in the Cracked article (running iOS 10 too), but it's dated November 11. It seems odd that it would appear in an article on December 01.
We know that hacking and spying on protestors happens, because there are FOIA (and similar state level public information act) requests that have revealed it. We also know there is collusion between private tech firms and the government at all levels that utilize questionable tactics (Stratfor leaks; Barrett Brown just got out of jail for covering this collusion as a journalist and Jeremy Hammond is still in jail for leaking it). So, something is certainly happening at Standing Rock. It is a protest against perhaps the most powerful interests in the world (oil and gas and international finance) so surely every tool available is being used against them.
So, this is probably half paranoia and half correct. It's hard to know which parts are correctly diagnosing the symptoms, however.
Also, some of the practices are likely unconstitutional, by most reasonable interpretations, but we long passed the point where the US government gave a damn about that when it comes to tech privacy.