How the police identify criminals without sophisticated technology

Carder

Carder

Professional
Messages
2,616
Reaction score
1,940
Points
113

All-seeing eye​

Often, the police will not even try to hack or intercept something, but will simply make a request to the cellular operator, and the latter will give back not only the call history, but also a lot of other interesting information. As an example: an article about an Australian journalist, which analyzes the information collected about the journalist by his mobile operator over the past two years (and only that).

According to Australian laws, cellular operators are required to store certain information about network users, the Call detail record base, for two years . This includes information about the location of the device at each moment in time (by the way, a precedent was recently set in Sweden: this information alone is not enough to pass a sentence), a call log, including information about another subscriber, and data about Internet sessions. As for SMS, under the Australian privacy law, without prior authorization for wiretapping, the operator has the right (and is obliged) to save only metadata: the time of sending, the size of the message and the addressee. The content of the messages themselves (much less voice calls) is not saved.

This is how the information collected by the operator about the journalist looks like.

top_contacts.jpg


Places visited by the journalist.

surveillance.jpg


Places that he most often visited during a given time period.

heatmap.jpg


The link are available online version of the data.

Metadata includes information about who the user called and wrote messages to, about the duration of calls and about which base stations the phone was connected to at what point in time (such information allows you to accurately determine the location of the device). In some countries (we will not point the finger, but this is the United States), operators not only give out information about the location of the police user, but also gladly trade in such data.

The most interesting thing is that mobile operators have access (and are issued to the police, as well as are sold to anyone who wants to) details about the use of the Internet, including website addresses and the amount of data transferred. This is a completely separate topic for discussion; the data is collected by tracking requests to the provider's DNS servers. Operators are also happy to trade with these data; The trough is so attractive that operators have even tried to block customers from using third-party DNS servers.

INFO
By the way, devices issued (imposed) by stationary Internet providers (usually a combined cable or ADSL modem + router) often do not allow changing the DNS server on the router. If you want, change it on the computer, on each individual phone, smart TV and speaker, but the user will not be able to protect his privacy completely by simply setting the router settings.
Click to expand...
US mobile operators are also required to keep CDR records. In addition, in the United States, the intelligence services maintain a single MAINWAY database , in which records can be stored for much longer than is allowed by law by mobile operators themselves.

In Russia, the so-called Yarovaya Law was adopted, which obliges mobile operators to store metadata for three years (their list almost completely coincides with the Australian version of the law). In addition, operators are required to store for at least 30 days (but not more than six months) text, voice, video and other messages of users. Accordingly, in Russia, any call must be recorded by the operator and provided to the police upon legal request.

Not only CDR​

In the above study, journalist Will Oakenden used an iPhone. A properly executed request to Apple (in the company's terminology - Device Request, that is, such a request in which the police have nothing but the hardware device identifier - IMEI) will allow the police to receive the data that is collected about the Apple user, and this includes almost everything with rare exceptions. This is how, for example, the statistics of requests to Apple in Russia looks like.

apple_transparency_ru.jpg


For comparison, in the United States, in the same year, the police requested information on 19,318 devices (81% of requests were successful). Google offers an interactive graph, which can be viewed here.

And unless Apple provides the police with data such as user passwords, device usage statistics, SMS / iMessages, and Health data (the user's physical activity history, including the number of steps and heart rate in a given time frame, is the most useful thing to catch as criminals and unfaithful spouses), then Google will give everything, including passwords (to be completely technically correct, I will add that encryption of backups appeared in Android 9; accordingly, the police will not receive either the backups themselves, or the SMS and logs stored in them calls)

Disposable Phones​

Criminals using their main phone for threatening calls, extortion and other criminal acts are now almost nonexistent; above we figured out in detail why. What remains for the criminal? Disposable SIM-cards (perhaps, we will not discuss now the ways in which criminals acquire such cards) and disposable (usually cheap push-button) devices, preferably completely devoid of Internet access.

In order to get at least some information about a suspect, the police need at least one clue - IMEI is enough. But what can you tell from a device ID that has only been turned on for a few minutes? Having read conspiracy theories (an excellent example), novice criminals tenderly remove the battery from the phone, including the device, just to make a call.

Of course, none of them even think about what happens when the device turns on and off (both normally and emergency, with the battery removed). Moreover, few people think about whether the operational police officers know about such a template.

Confident in his safety, the criminal leaves the house (if he does not leave, it is highly likely that his location will be determined immediately or after the fact by analyzing the logs) and calls from a disposable phone. Where is his main phone? Let's consider the options.

Method 1​

Let's start by looking at the most typical situation: a “suspicious” call is made from a one-time, “anonymous” phone, and the criminal took his own phone with him. There is nothing incredible in this; it is enough to read police reports to understand that this is how the majority acts.

The police will ask the cellular operator for the CDR records for the specified period. Depending on the country and the laws in force in it, the operator returns either raw data or an anonymized list of devices (each hardware identifier is replaced with a hash function). In fact, the police receive a ready-made list of devices connected to the cell where the device from which the call was made was registered. It is assumed that among these devices will be present and the criminal's own phone.

Several thousand subscribers can be simultaneously connected to the same cell, so a single request will give little to the police. However, if the perpetrator calls the victim again - whether from the same cell or from a different (even better) cell - the police will receive additional samples. Further, the set of devices that were registered in the same cell at the time of the call from the "anonymous" device are crossed; as a rule, only a few dozen or even single identifiers remain in the second or third sample.

Of course, in practice, everything is somewhat more complicated. For example, not only the connection to a particular tower from which the call was made is taken into account, but also data from neighboring towers. The use of these data allows (and allowed, by the way, even fifteen years ago) to perform triangulation, determining the location of the device with an accuracy of several tens to several hundred meters. Agree, it's much more pleasant to work with such a sample.

However, in large cities with a high population density (anonymous calls are often made in crowded places) the circle of suspects, even as a result of the third sample, may turn out to be too wide. In such cases (not always, but in especially important cases) the analysis of "big data" comes into play. I was able to learn more about this two years ago from the opening speech at the police congress in Berlin. The analyst examines patterns of device behavior indicated by conditional identifiers. Talking on the phone, active traffic consumption, movement in space, registration time in the cell and a number of additional parameters allow excluding a significant part of the devices, thereby significantly reducing the number of suspects.

Conclusion: the easiest way to detect a criminal who has a personal device (personal smartphone) with him and who moves at the same time. Made an anonymous call from one cell - many devices outlined. I made a second call from another cell - and the list of devices following the same route was reduced by an order of magnitude.

By the way, I will debunk the popular cinematic template. To accurately determine the location of the phone, the time it is on the network does not play the slightest role: the location is determined instantly when the phone is registered on the network and is saved in the logs, from where it can be easily retrieved. If the device is moved, the location can be established even more accurately. At the same time, let's go through the conspiracy theorists: the switched off phone does not report its location, even if you do not remove the battery from it (well, the iPhone 11 can communicate thanks to the U1 chip, and even then not now, but sometime in the future, when Apple turns on this feature in firmware).

To summarize: the criminal turned on the device, made an anonymous call or sent an SMS, turned off the device, or removed the battery. The next day I turned it on again, called from another part of the city, turned it off. The list of devices that may belong to the criminal has been reduced to a few pieces. The third call made it possible to definitively identify the offender, you can leave. All this - without the use of any special tools, a simple analysis of logs for three inclusions.

Method 2​

"Who goes to business with the phone on?" - you can logically ask. Indeed, a prudent criminal can turn off the main phone before making a call from an anonymous device. Very good: now the police only need to look at the list of devices that were turned off at the time of the anonymous call. In this case, one iteration is enough. If the offender also turns on his main phone after an anonymous call, then you can safely send a task force for him.

Why is that? The fact is that when disconnected, the phone sends a signal to the cell, and this allows you to distinguish devices that have been disconnected from those that have left the cell. When enabled, a new record is created accordingly. Tracking such activities is a matter of a few clicks.

Method 3​

"Who even takes their own phone with them?" Oddly enough, they take and carry, and not only phones. Take phones or leave your phone at home, but take a smartwatch; incidentally, this allowed the police to solve a lot of crimes. Most of the "telephone" criminals are far from professionals, and their knowledge of how cellular communication functions, what data is collected and how it is analyzed is in its infancy. The human factor allows the police to solve many crimes by simply comparing the facts.

If the criminal really never takes a phone with him (practice shows that usually at least once, but everyone is wrong), then big data analysis can help to calculate it. Much here will depend on how much time the attacker is willing to spend and how much effort the attacker is willing to put into making an anonymous call, as well as how many such calls will be.

If there are many anonymous devices​

And what if the criminal is cunning and uses not one, but several anonymous phones, getting rid of evidence every time after a call? This practice is often shown in films. After reading the previous sections, you probably already realized that all that a criminal gains from using several different devices is a few extra seconds of anonymity, those that precede the actual call. As calls from all anonymous devices will be added to the case, the police have additional leads: the source of the "anonymous" SIM-cards and, possibly, the place of purchase of disposable phones. The call was made from the same device or several different ones, will not affect the course of the investigation.

Telephone terrorism: what if the call was really one?​

What if there was really only one call? In order to inform about the mining of a school or airport, a second call is not needed: a telephone terrorist only needs to make one call, after which the “lit up” device can be thrown away or destroyed along with the SIM-card.

Surprisingly, and such criminals are often caught using operational-search measures, worked out in the days of calls from street payphones. If a criminal has a permanent smartphone, then the circle of suspects can be sharply limited by conducting an analysis using the first of the methods described in the article. Thus, even in a city with a population of over one million, the circle of suspects narrows down to several hundred (rarely thousands) subscribers. If we are talking about "mining" the school, then many "suspicious" subscribers intersect with many of the school's students. It will be enough for the operative to just talk to those who remain.

The fact that such criminals, as a rule, have little idea of the possibilities and features of the work of operatives and try to protect themselves from invented, non-existent dangers, completely ignoring the obvious, helps in disclosing telephone terrorism. Two years ago, the office of our colleagues (coincidentally also the developers of software for the police) was evacuated by a call from an unknown person who reported an explosive device in the building. Less than a few hours later, the police had already detained the criminal. The culprit turned out to be a crazy grandmother who wanted to annoy the neighbors, but got the address wrong. Neither a push-button telephone specially bought by a vengeful old woman, nor an "anonymous" (or rather, registered to a non-existent name) SIM-card helped.

What about VoIP calls using a VPN?​

If it occurred to you that a really anonymous call can be made through the VoIP service (preferably free, so as not to shine the means of payment), and even through a VPN service that does not store logs, congratulations, you think like a real bandit.

Of course, there is always a chance to "puncture" by forgetting to control the connection to the VPN server or by accidentally entering with your own, not "anonymous" data for calls. To prevent this from happening, criminal groups go to serious expenses, ordering the manufacture of modified (at the software level) phones. The case of the arrest of the CEO of a company that produces such devices based on old BlackBerry phones, showed the scale of operations. Despite the fact that the police managed to shut down this criminal network (and gain control over the encrypted communications infrastructure used by the criminals), the police understand that this is only the first step. “Criminals inevitably migrate to other services, and we can imagine which ones. I will not point a finger, but sooner or later we will get to them ”(AFP Assistant Commissioner Gogan).

How the analysis works​

The report, published by the ITU (Republic of Guinea), describes in some detail both the methods and tools used by analysts. In general, the process can be depicted as follows.

CDR_Workflow.jpg


And in a little more detail.

CDR_Analysis_ITU.jpg


All the police need is actually "raw" CDR data and software that can be used to download and analyze it ("raw" data is not very useful for manual analysis, but filtered data can be displayed in text form or printed).

The popularity of this method of investigation is evidenced by the fact that CDR records are supported by almost every serious forensic package. Examples: Penlink, HAWK Analytics, GeoTime, CSAS, Oxygen Software's Russian Oxygen Forensic Suite, Advanced Cell Tracking and many others. However, we also had to communicate with police officers who successfully use a combination of Google Maps and Microsoft Excel in their work.

Without a doubt, the special services have special equipment in service that allows them to suppress cellular communications, replace a base station or fake GPS coordinates. Only the police do not use most of this technique - at least in the investigation of routine crimes of telephone terrorists and ransomware. Expensive, fussy, time consuming, and by and large not necessary, and sometimes ineffective. Analyzing CDR (Call Detail Record) logs is a much more efficient investment of time and effort.

A case that happened a few years ago in Great Britain is indicative. The police were monitoring one of the bosses of the drug cartel. Detention is not a problem, but there is no evidence, the case would have collapsed in court. According to the police, the criminal's phone (he used an iPhone) could contain vital evidence, but it was not possible to crack the lock code of a sufficiently fresh model at that time. As a result, an operation was developed; the criminal was under surveillance. As soon as he took the phone, unlocked it and started typing, the drug lord was detained, and the phone was literally snatched from his hands.

The interesting thing here is not the background, but such an insignificant detail: in order to take the criminal's iPhone to the laboratory in an unlocked state, a special policeman was appointed, whose whole work was reduced to periodically swiping his finger across the screen, preventing the device from falling asleep. (You don't need to think of the police as idiots: everyone knows that there is a setting that controls the time after which the phone screen turns off, and the phone itself is locked. But that on the phone it is easy, in a couple of clicks, you can install a configuration profile that prohibits disabling automatic blocking, not everyone already knows.) The phone was successfully taken to the laboratory, the data was extracted, the necessary evidence was obtained.

Somehow it's all ... unreliable!​

If, after reading this article, you got the impression that it is somehow not entirely correct to base the verdict on data received from cellular operators, I hasten to agree. Moreover, the Danish Supreme Court agrees with you, which restricted the use of location data from CDR records by the prosecution. The ban did not appear out of the blue: out of 10,700 convictions based on these data (which is a lot for a quiet small country), 32 people have already been found innocent as a result of additional checks. According to the director of the Association of the Telecommunications Industry, "this infrastructure was created to provide communication services, and not to spy on citizens." "Attempting to interpret this data leads to errors," and "evidence that appears to be based on accurate technical measurements is not necessarily of high value in court."

Most refresher courses for police officers are required to say that digital evidence cannot be completely trusted, regardless of the way it was obtained. They talk about cases where the location of a suspect was determined based on metadata from photos that were synced through the cloud, and not taken by the device itself.

An indicative case is when the answer to an incoming call was interpreted as "distraction while driving", which led to an emergency. In fact, the then push-button telephone was still peacefully in the driver's pocket, but because of the accidentally pressed button, the phone “answered” the call, which was registered by the operator. The defense was able to acquit the driver by interrogating the second subscriber, who showed that the conversation did not take place (by the way, what was there "in reality" is unknown, but the court sided with the accused).

I am sure this is not the only case. CDR data is an excellent tool in the hands of an operative, but not reliable as an evidence base.
 
Is a psychological profile useful in the fight against crime?
When drawing up a psychological profile, the circle of searches only narrows. The crime scene does not serve as a starting point in the search for a criminal, but it characterizes him. The Profiler carefully analyzes the case file, looks into the past, and draws conclusions. "A psychiatrist, as a rule, studies a person and makes reasonable predictions about his possible actions in the future: how he will react to certain stimuli, how he will behave in a particular situation, studying the actions, I made conclusions about what kind of person committed them." Look for a middle-aged Slav in a double-breasted suit. Drawing up a psychological profile does not ask the question "who did this?", but describes a specific person, the one who committed the crime.

e48387b201abcc15cb77e.jpg


The Profiler doesn't catch criminals. He leaves that to the local police. He arranges meetings. And he rarely writes down his predictions. Let the police officers who come to him take notes - if they want. He does not see the need to take a personal part in further investigation or even, as it turns out, confirm the predictions he made. One day, Douglas recalls, he arrived at the local police station and offered his services in investigating the brutal beating and rape of an elderly woman. The case was handled by ordinary police officers, and Douglas worked in the Bureau, so you can imagine him sitting on the edge of a desk while the others pull up chairs.

"So, I began, here's what I think. This is a high school student of about sixteen or seventeen. Untidily dressed, with shaggy unkempt hair. He continued, "he's a loner, weird, without a girlfriend, and has a lot of anger in Him. He breaks into an old lady's house. She knows, she's alone. Maybe I did some work for her in the past." Douglas continues:

I paused in the description and informed the detectives that somewhere there is a person who matches this description. If they can find him, he will be the culprit.

b59e6ef47c65094c1b699.jpg


The detectives exchanged glances. One of them remarked with a smile:

"Douglas, you're not psychic, are you?"

"It's just that a couple of weeks ago, a psychic named Beverly Newton came to us and said the same thing."

But Douglas didn't object. Instead, he began to ponder the inexplicable origins of his foresight. In this connection, the question arises: what is this mysterious art called "forensic profiling" and can it be trusted? Douglas writes:

"When I get a new case, I absorb all the evidence that I have to work with... then I try to get into the criminal's mind intellectually and emotionally. I try to think like him."

In the late 1970s, John Douglas and his FBI colleague decided to interview the most notorious serial killers in the country. They started with California, because, in Douglas 'own words," California has always led the way in the number of horrific, heartbreaking crimes." They interviewed 36 serial killers.

72e5d972376ced2c522ea.jpg


Douglas and Ressler wanted to establish the existence of a pattern of connection between the life of a maniac and the nature of his crimes. They tried to identify what psychologists call "homology" - the correspondence between personality and action. After comparing the results of the interviews with the characteristics of the murders already known to them, they were convinced that such a connection exists.

Serial killers, they said, fall into one of two categories. Some crime scenes indicate logic and preliminary planning. The maniac selects and tracks down the victim to realize a certain fantasy. To get close to the victim, the criminal uses some trick or trick. During the Commission of a crime, he controls the situation. He is in no hurry to kill his victim, diligently realizing his fantasies. He knows how to adapt and adapt. He almost never leaves the weapon behind. Carefully hides the body.

Each of these two styles of committing a crime corresponds to a certain type of personality. An organized killer is intelligent and knows how to Express himself competently. He considers himself superior to others. A disorganized killer is unattractive and suffers from low self-esteem. Often he has some kind of disease. Due to his excessive isolation and numerous oddities, he has neither a wife nor a girlfriend. If he doesn't live alone, he usually lives with his parents. He keeps a collection of pornography in his closet. The car, if it exists at all, is a complete wreck.

"It is believed that the crime scene reflects the behavior and personality of the perpetrator, just as the interior reveals the character of the owner of the house," the forensic manual States.
Click to expand...

"In the course of our research, we found that... many serial killers unsuccessfully tried to become police officers and subsequently took related jobs: security guard or night watchman," writes Douglas. Since serial abusers are fixated on the idea of control, it is reasonable to assume that they have an admiration for social institutions that symbolize control and power. From this assumption, a new one has emerged: "In our assessments, we began to mention that an unknown subject will drive around in a car that looks like a police officer."

At first glance, the system developed by the FBI is extremely useful.

b8e36418f429cfe80db41.jpg


In the early 1980s, Douglas advised police and FBI agents in Marin County on the case of a Road killer who killed women walking in the hills North of San Francisco. According to Douglas, the killer was a classic example of a disorganized criminal - white, in his early 30s, prone to sudden attacks, blue-collar, perhaps "as a child, he wetted the bed, set fires and mistreated animals." After that, he moved on to the social alienation of the killer. Why does it attack in deep forests far from the road? Douglas assumed that the killer was seeking privacy because he was ashamed of something special about himself. Maybe a physical injury, say, a missing limb? But how did he get so far into the forest and be so much stronger than the victims? Finally, it dawned on him. "One more thing,"I added after a significant pause," the killer has some kind of speech impediment."

And so it turned out. This detail is really useful. Or maybe not? According to Douglas, he made a mistake with the age: the criminal was not 30 with a little, but 50. With the help of a psychological profile, detectives narrow down the circle of suspects. Specific details are of little use if the main characteristics are incorrect.

A psychological profile is not a test that you pass if you answer most of the questions correctly. This is a portrait, all the elements of which must be combined into a complete image in order for it to be of any use.

527eb190fcf5b11f32983.jpg


Forensic profiling has another, more serious problem. In developing their typology, Douglas and Ressler did not interview a representative group of serial killers. They talked to prisoners who found themselves in jails in the neighborhood. In addition, they did not conduct interviews in accordance with a standardized Protocol. They just sat and chatted, which is hardly a reliable basis for building a psychological system.

Recently, a group of psychologists from the University of Liverpool decided to test the FBI's assumptions. First, they compiled a list of characteristics of crime scenes that were traditionally considered organized: the victim may have been alive at the time of the sexual acts; the body was positioned in a certain way; the crime weapon was missing; the corpse was hidden; and torture and binding were used. They then compiled a list of characteristics that indicate disorganization: the victim was probably beaten, the body was left in a secluded area, and the victim's belongings were scattered; the crime was committed with the help of a handy object.

If the FBI was right, the psychologists reasoned, the features of the crime scenes on both lists should match — in other words, if a crime has one or more characteristics of organization, it is highly likely that other characteristics of organization can be found in it. After analyzing a sample of 100 serial crimes, they were unable to find evidence of the FBI's classification. Crimes usually don't fall into any one category. They almost always belong to a mixed type, combining several key characteristics of organization and a random set of characteristics of disorganization. Lawrence Allison, one of the leaders of the Liverpool group and the author of "Notes from a criminal psychologist," told me: "the Situation is much more complicated than the FBI sees it."

d3dbce8147edafa5c6c3a.jpg


If Douglas was right, then a certain type of crime must correspond to a certain type of criminal. The Liverpool-based group selected 100 rapes committed by unidentified men in the United Kingdom and categorized them according to 28 variables, such as whether the perpetrator wore a mask; whether they complimented the victim; whether they were bound, gagged or blindfolded; whether the rapist apologized; whether property was stolen, and so on. After that, they checked the circumstances of the crimes for compliance with the personal qualities of the criminals age, occupation, ethnicity, level of education, status, number and type of previous offenses, the presence of drug addiction. Is it possible to say that rapists who tie up a victim, gag her, and blindfold her are more similar to each other than those who, say, pay compliments and apologize? Answer: no, not in the least.

"The problem is that different criminals exhibit the same behavior for completely different reasons," says a forensic scientist who is highly critical of the FBI's approach. You have a rapist attacking a woman in a Park and pulling a blouse over her face. Why? What does this mean? A dozen different explanations can be given. Maybe he doesn't want to see her face. Maybe he doesn't want her to see his face. Maybe he wants to see her Breasts, imagine another woman in her place, restrict the movement of her hands - all of the above is quite possible. You can't be guided by behavior alone."

40db484de69b4bd2e926d.jpg


A few years ago, Alison revisited the case of a teacher who was murdered on the roof of her Bronx home. He decided to find out why the FBI's approach, based on such simplistic psychological assumptions, continues to be considered so useful. The answer, in his opinion, lies in the manner of writing psychological profiles. As Alison sorted the analysis, sentence by sentence, he found, predictably, that it contained so many unverifiable, contradictory, and ambiguous statements that it could be interpreted almost anywhere.

After analyzing the psychological profile of the killer on the roof of the building, Alison gave a group of British police and forensic specialists the details of the crime scene, the profile prepared by the FBI and the description of the criminal. What do they think about the profile? It's very accurate. Alison then gave the same materials to another group of police officers, but this time he invented an imaginary criminal who was completely different from Calabro. The imaginary criminal was 37 years old. He's an alcoholic, a plumber who was recently fired from his job. He met the victim during one of his visits. Moreover, according to Alison, there were cases of abuse of women and arrests for assault and robbery in his biography. How accurately do experienced police officers think this FBI profile matched the fictional criminal? Extremely accurate, just like in the case of a real criminal.

"Here's what I think about this guy," Douglas said, opening the meeting that begins the Book " what's going on in BTK's head." The killer was still at large.

db08e35abe345585b6855.jpg


It was Walker's turn: BTK never had sexual relations with the victims. In his opinion, this characterizes the criminal as a person with "an incomplete, extremely irregular sexual life." By the nature of his character, he is "a lone wolf. But he is lonely not because others reject him, but because of his own desire… It may well function in society, but only on a superficial level. He may have female friends to chat with, but he doesn't feel comfortable with women in his own circle."

Hazelwood spoke next: BTK must "masturbate frequently". He went on: "Women who had sexual contact with him would describe him as an aloof, cold man, demanding that a woman please him, and not the other way around."

Douglas picked up on his idea: "the Women who agree to have sex with him are either completely naive girls much younger than him, or much older, who receive money from him." In addition, the profilers decided that BTK drives a "decent" but "inconspicuous" car.

After that, ideas came pouring in like a cornucopia. According to Douglas, he previously believed that BTK was married, but now it seems to him that he is divorced. Hazelwood described him as "educated and middle-class". Douglas had assumed a possible connection to the army. Nothing even remotely close to the essential facts that BTK was a prominent member of society, a Church President, or the father of two children.

The investigation identified thousands of suspects and cost hundreds of thousands of dollars in man-hours, travel expenses, and phone bills. This was America's most elusive serial killer.

Take care of yourself, friend!
 
Last edited by a moderator:
3f49424b15afeece56206.png


Imagine this situation: an unknown person calls from a disposable phone and demands a ransom for the person he kidnapped. The next day, the criminal calls again. The victim goes to the police, and in half an hour they will find out not only the real number of the caller, but also the entire history of his movements and calls. And all this without complicated equipment, fake base stations and signal interception.

The all-seeing eye
We regularly write about vulnerabilities in smartphones, data networks, and the security of cloud services. We are so used to "thinking hard" that we completely forget about the existence of much simpler and more effective methods available to police in different countries.

Often, the police will not even try to hack or intercept something, but simply make a request to the mobile operator, and the latter will give not only the call history, but also a lot of other interesting information. As an example: an article about an Australian journalist, which analyzes the information collected about the journalist by his mobile operator over the past two years (and only it).

Under Australian law, mobile operators are required to store certain information about network users, including the Call detail record database, for two years. This includes information about the device's location at any given time (by the way, a precedent was recently set in Sweden: this information alone is not enough to pass a sentence), a call log, including information about another subscriber, and data about Internet access sessions. As for SMS, under the Australian privacy act, without prior authorization for wiretapping, the operator has the right (and is obliged) to save only metadata: the time of sending, the size of the message and the addressee. The contents of the messages themselves (and even more so of voice calls) are not saved.

This is the information collected about the journalist by the operator.

d28bcea83037dd94ab021.png

Places that the journalist visited on April 1, 2015.

surveillance.jpg

Places that the user most often visited during the specified time period.

heatmap.jpg

Interactive versions of this data are available here.

Metadata includes information about who the user called and wrote messages to, the duration of calls, and which base stations the phone was connected to at what point in time (this information allows you to accurately determine the device's location). In some countries (we will not point fingers, but this is the USA), operators not only give out information about the user's location to the police, but also gladly trade such data.

The most interesting thing is that mobile operators have access to (and are issued to the police, as well as sold to anyone) details about Internet usage, including site addresses and the amount of data transmitted. This is a completely separate topic for discussion; data is collected by tracking requests to the provider's DNS servers. Operators are also happy to trade this data; the feed is so attractive that operators have even tried to block clients from using third-party DNS servers.

Mobile operators in the United States are also required to keep CDR records. In addition, in the United States, intelligence agencies maintain a single MAINWAY database, where records can be stored for much longer than is allowed by law for mobile operators themselves.

In Russia , the so-called Spring law[ has been adopted, which obliges mobile operators to store metadata for three years (their list almost completely coincides with the Australian version of the law). In addition, since October last year, operators are required to store text, voice, video and other user messages for at least 30 days (but no more than six months). Accordingly, in Russia, any call must be recorded by the operator and provided to the police upon legal request.

Not just CDR
In the above study, journalist will Ockenden used an iPhone. A properly executed request to Apple (in the company's terminology - Device Request, that is, a request in which the police have nothing but the hardware device identifier - IMEI) will allow the police to get the data that Apple collects about the user, and this includes almost everything with rare exceptions. This is how, for example, the statistics of requests to Apple in Russia looks like.

apple_transparency_ru.jpg

For comparison, in the United States in the same year, the police requested information on 19,318 devices (81% of requests were successful). Google offers an interactive chart, which can be viewed here.

And if Apple does not provide the police with such data as user passwords, device usage statistics, SMS/iMessage messages, and "Health" data (the user's physical activity history, including the number of steps and heart rate in a given time interval, is the most useful thing for catching both criminals and unfaithful spouses), then Google will give everything, including passwords (to be completely technically correct, I will add that backup encryption has appeared in Android 9; accordingly, the police will not receive the backups themselves, nor the SMS and call logs stored in them).

Disposable phones
Criminals who use their main phone number for threatening calls, extortion, and other criminal offenses are now almost nonexistent; we have discussed why in more detail above. What's left for the criminal? Disposable SIM cards (perhaps we will not discuss now the ways in which criminals acquire such cards) and disposable (usually cheap push button) devices, preferably completely deprived of the ability to access the Internet.

In order to get at least some information about the suspect, the police need at least one clue-the IMEI is quite enough. But what can be determined by the ID of a device that was turned on for only a few minutes? Well-read conspiracy theories (a perfect example) novice criminals tenderly remove the battery from the phone, including the device, just to make a call.

Of course, none of them even think about what happens when the device turns on and off (both normally and in an emergency, with the battery removed). Moreover, few people think about whether police operatives are aware of such a template.

Confident in their safety, the criminal leaves the house (if they do not leave - they will most likely determine their location immediately or after the fact by analyzing the logs) and calls from a disposable phone. Where is his primary phone number located? Let's consider the options.

Case 1
Let's start by looking at the most typical situation: a "suspicious" call is made from a one-time, "anonymous" phone, while the criminal took his own phone with him. There is nothing improbable about this; you only have to read the police reports to know that this is how the majority of people act.

The police request CDR records for the specified period from the mobile operator. Depending on the country and its laws, the operator returns either raw data or an anonymized list of devices (each hardware identifier is replaced with a hash function). In fact, the police receive a ready-made list of devices connected to the cell, where the device from which the call was made was registered. It is assumed that among these devices will be present and the criminal's own phone.

Several thousand subscribers can be connected to the same cell at the same time, so a single request will do little for the police. However, if the perpetrator calls the victim again-whether from the same cell or from a different cell (even better) - the police will receive additional samples. Next, many devices that were registered in the same cell at the time of making a call from an "anonymous" device intersect; as a rule, only a few dozen or even individual identifiers remain in the second or third sample.

Of course, in practice, everything is somewhat more complicated. For example, it takes into account not only the connection to the specific tower from which the call was made, but also data from neighboring towers. Using this data allows (and allowed, by the way, even fifteen years ago) to triangulate, determining the location of the device with an accuracy of several tens to several hundred meters. You must admit that it is much more pleasant to work with such a sample.

However, in large cities with a high population density (anonymous calls are often made in crowded places), the circle of suspects may be too wide even as a result of the third sample. In such cases (not always, but in particularly important cases), big data analysis comes into play. I was able to learn more about this two years ago from the opening speech at the police Congress in Berlin. The analyst examines the behavior patterns of devices identified by conditional identifiers. Talking on the phone, active traffic consumption, moving in space, time of registration in the cell, and a number of additional parameters allow you to exclude a significant part of devices, thereby significantly reducing the circle of suspects.

Conclusion: the easiest way to detect a criminal who has a personal device (personal smartphone) and who is moving around at the same time. I made an anonymous call from the same cell — a lot of devices are outlined. I made a second call from another cell and the list of devices following the same route was reduced by an order of magnitude.

By the way, I will debunk the popular movie template. To accurately determine the location of the phone, the time it is online does not play the slightest role: the location is determined instantly when the phone is registered on the network and stored in logs, from where it can be easily extracted. If the device moves, the location can be set even more precisely. At the same time, let's go through the conspiracy theorists: a switched-off phone does not report its location, even if you do not remove the battery from it (well, the iPhone 11 can report thanks to the U1 chip and then not now, but sometime in the future, when Apple will enable this feature in the firmware).

To summarize: the criminal turned on the device, made an anonymous call or sent an SMS, turned off the device or removed the battery. The next day, I turned it back on, called from another part of town, and turned it off. The list of devices that may belong to the criminal has been reduced to several pieces. The third call allowed us to finally identify the criminal, and we can leave. All this — without using any special tools, a simple analysis of logs for three inclusions.

Case 2
"Who goes to work with the phone turned on?" - you can logically ask. Indeed, a prudent criminal can turn off the main phone before making a call from an anonymous device. Very good: now the police just need to look at the list of devices that were disabled at the time of making an anonymous call. In this case, one iteration is enough. If the criminal also turns on his main phone after an anonymous call, then you can safely send a task force for him.

Why is this so? The fact is that when disconnected, the phone sends a signal to the cell, and this allows you to distinguish devices that were disconnected from those that left the cell. When enabled, a new record is created accordingly. Tracking such activities is a matter of a few clicks.

Case 3
"Who even takes their own phone with them to work?» Oddly enough, they take and carry, and not only phones. They take phones or leave the phone at home, but they take smart watches; by the way, this allowed the police to solve a lot of crimes. Most "phone" criminals are far from professionals, and they have rudimentary knowledge of how cellular communication functions, what data is collected and how it is analyzed. The human factor allows the police to solve many crimes by simply comparing the facts.

If the criminal really never takes the phone with him (practice shows that usually at least once, but everyone is wrong), then big data analysis can help to calculate it. Much of this will depend on how much time the attacker is willing to spend and how much effort the attacker is willing to put into making an anonymous call, as well as on how many such calls there will be.

If there are a lot of anonymous devices
What if the criminal is cunning and uses not one, but several anonymous phones, getting rid of evidence every time after the call? This practice is often shown in films. After reading the previous sections, you probably already realized that all that a criminal gains when using several different devices is a few extra seconds of anonymity, those that precede the actual call. Since calls from all anonymous devices will be linked to the case, the police will have additional clues: the source of origin of the "anonymous" SIM cards and, possibly, the place of purchase of disposable phones. If a call was made from the same device or several different ones, it will not affect the progress of the investigation.

Telephone terrorism: what if there was really only one call?
What if there was really only one call? In order to report the mining of a school or airport, a second call is not needed: a telephone terrorist just needs to make exactly one call, after which the" lit up " device can be thrown away or destroyed along with the SIM card.

Surprisingly, such criminals are often caught using operational search measures that were developed during the time of calls from street payphones. If the criminal has a permanent smartphone, then the circle of suspects can be sharply limited by conducting an analysis using the first of the methods described in the article. Thus, even in a million-plus city, the circle of suspects narrows down to several hundred (rarely thousands) subscribers. If we are talking about "mining" a school, then a lot of "suspicious" subscribers intersect with a lot of school students. With those who remained, the operative will simply have to talk.

It also helps in uncovering telephone terrorism that such criminals, as a rule, have little idea of the capabilities and features of the work of operatives and try to protect themselves from invented, non-existent dangers, completely ignoring the obvious. Two years ago, the office of our colleagues (coincidentally also software developers for the police) was evacuated after a call from an unknown person who reported an explosive device in the building. In less than a few hours, the police had already apprehended the criminal. The culprit turned out to be a crazy grandmother who wanted to annoy the neighbors, but got the address wrong. Neither the push button phone specially bought by the vindictive old lady, nor the "anonymous" (or rather, registered with non-existent full names) SIM card helped.

And if you call via VoIP, using a VPN?
If it occurred to you that a truly anonymous call can be made through a VoIP service (preferably free of charge, so as not to Shine payment means), and even through a VPN service that does not store logs, congratulations, you think like a real bandit.

Of course, there is always a chance to" make a mistake "by forgetting to check the connection to the VPN server or accidentally logging in with your own, rather than" anonymous " data for calls. To prevent this from happening, criminal groups go to serious expenses, ordering the manufacture of modified (at the software level) phones. The case of the arrest of the CEO of a company that produces such devices based on old BlackBerry phones, shows the scale of operations. Despite the fact that the police managed to cover this criminal network (and gain control over the encrypted communications infrastructure used by criminals), the police understand that this is only the first step. "Criminals inevitably migrate to other services, and we can imagine which ones. I won't point fingers, but sooner or later we will get to them" (AFP assistant Commissioner Gogan).

How the analysis works
The reportpublished by ITU (Republic of Guinea) describes in some detail both the methods and tools used by analysts. In General, the process can be depicted as follows.

CDR_Workflow.jpg

And a little more detail.

CDR_Analysis_ITU.jpg

All that the police need is the actual " raw " CDR data and software that can be downloaded and analyzed ("raw" data is of little use for manual analysis, but filtered data can be displayed in text form or printed).

The popularity of this method of investigation is indicated by the fact that CDR recordings are supported by almost every serious forensic package. Examples: Penlink, HAWK Analytics, GeoTime, CSAS, Russian "Mobile criminalist" from Oxygen Software, Advanced Cell Tracking, and many others. However, we also had to communicate with police officers who successfully use a bundle of Google Maps and Microsoft Excel in their work.

Without a doubt, the special services are armed with special equipment that allows them to suppress cellular communications, replace the base station or fake GPS coordinates. But the police do not use much of this technique — at least not in the investigation of routine crimes of telephone terrorists and extortionists. Expensive, fussy, time-consuming, and by and large unnecessary, and sometimes inefficient. Analyzing CDR logs (Call Detail Record) is a much more efficient investment of time and effort.

A case that occurred several years ago in the UK is indicative. The police were monitoring one of the drug cartel bosses. Detain is not a problem, but there is no evidence, the case would fall apart in court. According to the police, the phone of the criminal (he used an iPhone) could contain vital evidence, but it was not possible to crack the lock code of a fairly recent model at that time. As a result, an operation was developed; the criminal was monitored. As soon as he took the phone, unlocked it and started typing, the drug Lord was detained, and the phone was literally snatched from his hands.

What is interesting here is not the background, but such an insignificant detail: in order to take the criminal's iPhone to the laboratory in an unlocked state, a special police officer was appointed, whose entire job was to periodically swipe his finger on the screen, not allowing the device to fall asleep. (You don't need to think of the police as suckers: everyone knows that there is a setting that controls the time after which the phone screen turns off and the phone itself is locked. But not everyone knows that you can easily install a configuration profile on your phone that prohibits disabling automatic blocking in a couple of clicks.) the Phone was successfully delivered to the laboratory, the data was extracted, and the necessary evidence was obtained.

Somehow this is all ... unreliable!
If, after reading this article, you have the impression that basing the verdict on data received from mobile operators is somehow not entirely correct, I hasten to agree. Moreover, the Danish Supreme court agrees with you in restricting the use of location data from CDR recordings by the prosecution. The ban did not come out of the blue: out of 10,700 convictions based on this data (which is quite a lot for a quiet small country), 32 people have already been found not guilty as a result of additional checks. According to the Director of the telecommunications industry Association ," this infrastructure was created to provide communication services, and not to spy on citizens." "Trying to interpret this data leads to errors," and " evidence that appears to be based on accurate technical measurements is not necessarily of high value in court."

In most advanced training courses for police officers, it is mandatory to say that you cannot fully trust digital evidence, regardless of the method in which it was obtained. They talk about cases where the suspect's location was determined based on metadata from photos that were synced through the cloud, and not taken by the device itself.

A case in point was when answering an incoming call was interpreted as a "driving distraction" that led to an emergency. In fact, the push-button phone was still lying peacefully in the driver's pocket, but because the button was accidentally pressed, the phone "answered" the call, which was registered by the operator. The defense was able to acquit the driver by interrogating the second caller, who showed that the conversation did not take place (by the way, what was "really" there is unknown, but the court sided with the accused).

I am sure that this is not the only case. CDR data is an excellent tool in the hands of an operative, but it is unreliable as an evidence base.

Conclusion
What conclusions can be drawn from this article? Now that almost everyone has a personal smartphone or at least a push-button phone, everyone leaves a "digital footprint". This trail contains much more information, and getting to it is much easier than many realize. To get all the information of interest, the police need only one clue, which can be the hardware identifier of the criminal's personal smartphone, even if he has never used the personal device for criminal purposes. Getting such a lead is the result of a routine analysis of the logs of mobile operators. Special equipment is not needed, conspiracy theory is not needed, everything happens and is much simpler and more interesting. Instead of chases and shootings. Desk work with an analytical program, a simple database, or even with printouts.

xakep.ru
 

Methods of work of special services to determine the location via mobile communications in the course of the investigation.​


GYAgMAIsUus.jpg


Hello, guys!
There are a huge number of myths and conjectures about how exactly they can find an anonymous number of an anonymous mobile phone. We know the truth and now we will share it.

There are three common versions: determine the source of the radio signal, calculate with special equipment at the base stations of the cellular network and calculate through various hidden capabilities, supposedly specially available in each phone.

I took part in the real investigation of the real case, where the criminal was identified by his mobile phone. And I will say the following: the first version contains a little truth, but the main method of capturing has nothing to do with all three.

Generally speaking, investigators and criminologists use cool special equipment and expensive equipment only in the cinema. In reality, the main tool of the investigator is his head and pieces of paper. And the main method - the language will not turn to say "deduction" - let's call it "search for patterns" or "statistics". And then there is such a thing as time.

Time is always against anonymity: we do something too on time, and something not at all on time. And if somewhere there are logs of our affairs with time stamps, we cannot hide. And logs in mobile communications are kept for each byte. Further details.

How do you calculate who works with the left SIM card?

You will not believe: on the "leading" phone - your real one. After carefully reading the next paragraph, you will understand how easy, simple and fast everything is. In the description, the term "switching on" is used - this is the moment when the "anonymous" device went online. So let's go, let's look at different situations.

ap2wpEtcv_4.jpg


Situation one

You are using an "anonymous" mobile phone, and the real one is nearby and switched on. Investigators request the logs of the entire cell in which the "anonymous" apparatus operates (worked). That's all they need to figure out you (and not only "hot on the trail", but also in a week, a month, slowly, in the armchair of their office with a cup of coffee). They make recursive selections for inclusion intervals and see who else was in the cell except for the "anonymous" device.

For example, in one cell there were 1000 more phones on. The next time you turn on 500 of those that were the first time. At the next - 20 of those who were for the first and second time. Most often, it is possible to find exactly a pair of phones from the logs of three or four inclusions that do not leave the cell. Less often, more inclusions are required: in this case, you can try to break through the history by the numbers of the sets of matches, as well as their owners. If this is a 90-year-old granny of which she has had a number for 10 years and she has not left the apartment for 5 years, then, obviously, the option disappears.

Thus, the investigators quickly enough go to the real phone number, one call history on which will reveal all the cards. Often, the special services are lucky with 2 switches: quickly examine and discard hundreds of numbers - it's only a matter of the number of employees. It even happens that the real number is reached from the first and only switch on of the "anonymous" one! Don't believe me? But in vain. The dynamics in the cell, the behavior of other devices, weekdays / holidays can significantly simplify the work of the security forces. While the "anonymous" mobile phone is working, all the others can leave the cell, except for yours (well, the rest of the people took it and moved somewhere) or make outgoing calls, send SMS. Now is the time when every minute is without a mobile phone. And it scares you: you cannot simultaneously make outgoing calls from two phones. So while you "work" with "

Uj1vI89aycA.jpg


Example

You surf the Internet "anonymously" and then they call you on your real phone. You start talking and your internet data traffic drops for a statistically different time from the time between average page loads. Matching all calls in the cell for an exact match with a traffic failure is a matter of seconds - and your number was found. It may be, of course, that you just went to the toilet, but it is not difficult to check whether the required number is "found". And what if they call you twice?

The criminal turned on the device, sent an SMS demanding a ransom, turned it off. A day later he turned it on, called to discuss the terms of the ransom, turned it off. The third time I turned it on - I told the meeting place and time, turned it off. We examined the logs for three "inclusions" - who at that moment was in the cell all three times. From the second "reconciliation" there are four numbers left, from the third - one.

Situation two

You use an "anonymous" mobile phone, and turn off the real one prudently in advance. Incredibly, you only made things easier for the investigators. They will just see who disconnected - it was disconnected (the phone transmits a disconnection signal to the network), and did not leave the network shortly before the "anonymous" one appeared. We can safely say that there will be only a few such in the cell, or even you are the only one. To clarify the data, you can compare who turned on after the "anonist" was turned off. And also to break through on grannies and others. As you can see, turning off this device while using the "left" only worsens anonymity.

PfD_X7BOh5s.jpg


Situation three

You leave the real phone at home on, and you yourself go to another cell and only there you turn on the "anonymous" one. Thinking a tricky plan? But nifiga. Three factors still give out your real device. Firstly, the same scheme is worked out as in the first situation, only not one cell at a time, but several cells. First, one at a time, then the neighboring ones, and so on until it comes to comparing the cell of the "anonymous" with the hundredth of the present. Secondly, and most importantly: your device is at home without an owner and cannot answer calls. Therefore, sooner or later there will be missed ones, which are also visible in the logs. It is only necessary to compare on which device the anonymous "inclusion" was missed at all times.

Do you think many of the subscribers do not answer the phone all the time just at the time when you leave anonymous? Nobody but your real phone! In addition, this method helps well in general search: investigators can very quickly call the numbers, which remains after comparing the cell logs. And if the phone is not taken - as a suspect. Thirdly, you cannot leave this device anywhere - every time in a different place. Most likely he is at your home. That is, in one place for each inclusion. This can be used to construct an additional sample for the filter: how many of the same devices were in the same cell. In general, all this will lead to a quick, albeit slightly less rapid than in previous cases, access to the real number.

3IzdsjLLgbQ.jpg


Situation four

You turn off your real phone at home, and you yourself go to another cell and only there you turn on the "anonymous" one. See situation # 3 + situation # 2

It turns out that the whole scheme works on the fact that several inclusions are made from one number. That is, if you leave the number only once and then throw out your SIM card and phone, it will be impossible to find it? This will only help if the "case" is yours at one time and there were no other similar cases and will not be. Changing numbers will not make it difficult to find a real phone. For example, in the same example about blackmail: how can changing the number help - after all, calls are made to the victim of the same one.

Investigators will simply punch not on one number 3 inclusions, but three inclusions of different numbers. Similarly, "dark deals" on the Internet - numbers are easily combined in a common "case". Let's say more - frequent change of numbers only worsen the security. investigators will receive groups of numbers and can easily punch, for example, where the SIM cards are from. And catch you red-handed during the purchase of new ones or contact the "seller" who will make a "robot" or merge the number from which you called him. Anonymity is not a lack of identification data. This simply cannot be in the modern world. Anonymity is a good imitation of an ordinary, but not real, person.

c2ITwupSf80.jpg


What will the secret services give a real phone number?
We have considered how easy and simple it is to "break through" the real number of the suspect by his "anonymous" one. But what will info give about a real phone? Yes, everything, except for information on whom the number is issued.

Investigators will see who you called and there are probably many of them who know you personally. They will see who contributed to the account and how. Most likely, there are payments from a real card through an ATM or from a real WebMoney wallet, etc. That is, in fact, you sailed.

2A6fHfayed0.jpg


How is mobile phone bearing?
A task force with a hand-held direction finder moves to the site in the area of operation of the cell in which the suspect's phone is located. This is not a screen with a dot, as shown in the films, but a simple radio receiver with an arrow that shows the signal strength and an antenna in the shape of the letter H, the letter Z, a tricky tube or a hyperbolic / parabolic dish (often several antennas are included in the kit for different operating conditions. The base station has information on exactly what frequency the sought apparatus is currently operating on. Cop tunes the receiver to this frequency, turns the antenna around him and looks at the arrow. From where the signal is strongest, it goes there. He enters the staircase, climbs the stairs and measures the signal. In this way he finds the required floor, then an apartment and that's it, "anonymity" is over. In the case we observed, the time from the entrance of the "gazelle" of operas to the exit under the white pens was 25 minutes. Considering how many of them were spent on recommendations "open, for we will open anyway", fees and withdrawal of the suspect, you can estimate how many, among dozens of houses, hundreds of entrances and thousands of apartments, they found the right one.

Fo7AozKZ3uM.jpg


So what should you do? Is anonymity a myth?
Above, we examined in detail that having a real personal mobile phone, we will never be anonymous, even from a newly purchased new phone and a SIM card just bought in the doorway without registration. As we said, accessible anonymity is a good imitation of an ordinary, but not real, person. And the absence of personality in general in our modern informational realities is simply impossible. After all, here you are, the person, sitting right here and reading this article.

Real hackers, whose freedom, and perhaps life, depends on anonymity, do not use mobile phones in everyday life. They don't use it at all. Only one-time calls, skype, etc. And they have no "everyday" life. Eternal darkness, nothingness. There are no friends, no relatives, no habits and "favorite" places. That's what anonymity is. But, in fact, there is a full-fledged other life, other friends and other "places" on the Web. And, often, not only not worse, but also better than in real life. So it's not all that sad. Just not like most. However, this is no longer "anonymity".

7_NnY2jFUaw.jpg


You have a name, albeit a nickname, but you are known by it, you have Internet friends and places where you can be found on the net. You can even be "punished" even without a trip to Siberia. Thus, it is easy to understand that not only anonymity is conditional, but also freedom, and “crime” and “laws” are not the same, but are relative to society. And "societies" are different.

By learning a little about how investigators work, you can take steps to improve security on a case-by-case basis. For example, in situation # 3, you can set an answering machine on a real phone or ask a friend to answer if they call. Register a real phone to a real grandmother to pass the "granny filter". Try to randomly combine situations, leave your phone in different places, etc. This will somewhat complicate the work of investigators, but it will also complicate your "dark activities".

Conclusion: What we have in the end. Modern methods of work and tracing have advanced significantly. But this does not mean that they are omnipotent. From a wide variety of news and educational resources, we are carefully instilled with the fear of the inevitability of being caught. They talk about the all-seeing eye. But think for yourself ... Does the modern bourgeois media do and write something without profit, not for money? Maybe we are specially instilled with fear as part of a comprehensive propaganda work in favor of the authorities?

In fact, the operative, having not received significant information from cameras or from billing data via mobile communication, puts the daddy with the case on the back burner. In 90% of cases, he will not even run around the entire area and conduct a survey of probable witnesses because he is overwhelmed with cases for the very least. First of all, such an operative will try to fuse the victim altogether. And only in the case of resonance, or when the big bump is affected, it will give it acceleration.

This article is presented for your information. We do not call anyone to unlawful actions.
 
Now I will continue.
Let's play cop.

f2473072ffb44af653c77.png

So that's it. You are a cop. You were told that you need to figure out the person. They gave everything they could to the swindler.

1. You look at the ip and serial numbers.
It turns out that this is a deed. (Here he may already be dead and may try to track where the money came in the end, more on that later)

2. The RDP is not dead.
You need to see who connected to it. Logs cleared, cookies deleted. (It remains to track the money).

3. Down did not clear the logs and did not delete the cookies.
They go to the serial number of your computer and the IP from which you connected. They pierce the computer. While they are collecting information, they are punching the IP. They understand that this is a VPN service. If this is not a public service, then it will not give out your ip. If the public issues. But even the shadow VPN will give out your ip, as it will be under pressure. But it will take time. 2-6 months. From the situation. At this time, they will pierce the computer, realize that it is from the Russian ruins and may already curtail the investigation.

4. Do not turn off.
They have a computer and an ip. The case is transferred to Interpol, sent to your country. Fuss with papers begins. Everything. They are looking for you in your country.

5. Requests are made to the IP provider.
They knock you out if they are issued for you. You cunt. Congratulations. If not, the game continues.

6. IP and modem for the left people.
They start looking at the logs from your modem and SIM card in it. Here's the fun part. By this time, the minimum will have passed. Minimum. 3-4 months. This data may no longer exist.

7. Everything remains.
They look at the tower and the honeycomb. They find your phone. You cunt. They do not find it. They will be checking the area. And try to find you with evidence.

8. If you have already changed your home.
Moved to another apartment or another city, which is better. That's all. You can write "ACAB" in the apartment where you lived with a marker, which is visible in ultraviolet light, like an Easter egg. And they'll have to start over

9. They fucked in the mouth to engage in such an investigation and went the other way.
Where did the bucks come in the end? Here you need to use the services of cashiers and communicate with them only with complete anonymity. After all the machinations, the money should be withdrawn to the left card, from which the drop will be removed, which does not fuck you in your soul. If there is a lot of money, then also, only through left-wing firms.

Eventually. You are completely anonymous. If you change an apartment every three months and / or a city every six months.
Click to expand...

But if you think that such an investigation will be arranged especially for you ... Why would you be so honored? And there is also a court. More evidence. And the judge will be in the United States, where the lawyer and the jury decide. In our country, they will want to and the innocent will be imprisoned. There is no. Well, not that often. So you can even go out dry when found.

Read again what they need to do. And where their tracks will break off. Plus all this for a thousand or fifteen hundred bucks? Do not make me laugh.
 
How to stay anonymous. How special services work
Not all the secrets are revealed here, but for a general idea of the work of specialists, you can read and remember something for yourself.

Mobile phone number
This is a sensor that constantly collects information regardless of the phone's operating mode. It can be in standby or talk mode. Mobile operators log all your actions and store them for a certain period of time (at least 6 months). Thus, contact numbers, full name of the owner, duration of calls, turning the phone on and off, SMS content, Internet usage, movement, use of different SIM cards and devices fall into the hands of operators.

How do I stay anonymous?
Opt out of using mobile operators or not at all. The fact is that all information about the SIM card is available to anyone for a certain amount. This means that if you know your phone number or full name, you can get a full release, including your current location and movement over the past 6 months. The operators ' employees sell this information. At the end of the article, we will analyze what services are provided on shadow forums and how much it costs. First, let's understand the terminology and debunk popular myths.

Basic terms

Cellular Base Station (BS)
This is a tower with antennas, which is responsible for receiving and transmitting a signal from one subscriber to another. The coverage radius is from 0.5 to 10 kilometers.

Honeycomb
This is the BS coverage area. Each cell has a unique CI (Cell ID) identifier. The operator can get information about all subscribers who are in the same cell.

IMEI
A long row of digits serves as a unique identifier that the mobile operator recognizes the phone and registers its appearance on the network. You can use this number to determine the country of the device manufacturer. There are also global blacklists where stolen or illegally obtained devices are added.

SIM card
This is a contact smart card with its own processor, capable of registering in the mobile network. Simka is able to find the nearest transmitting station and store information: numbers, SMS messages, and other data.

Direction finding
This is a service that detects the location of the radiation source. The direction finder program or device detects the location of a mobile phone by using the SIM card number.

Umbrella
The breakdown type, which contains information on the 5 nearest subscribers by the phone number of interest.

Flash
Instant determination of the subscriber's location, with an indication on the map or address.

Analysis of popular myths

#1: If you use the old Siemens, they won't be able to detect me.
Each device is connected to the base station with the strongest signal when connected to the network. After that, the operator has enough data to determine the location and get other information, regardless of the brand and model of the phone. Also, each device has an IMEI, which is also logged by mobile operators. Accordingly, you can determine which SIM cards were connected to the network with the same IMEI.

#2: If you buy a SIM card with the left passport, they won't find me.
When searching for phone numbers, they request information for the entire cell(base station coverage area). This information is stored for at least 6 months. The first action of comrade Major is to determine the nearest 5 subscribers to the phone. And then cut off and collect information along the chain. If you use a personal phone number together with a drop number, then it is easiest to determine it. After all, a few samples from the cell will show that this phone was always as close as possible, although others constantly changed their position.

#3: If you turn off your real phone, but use a phone + SIM card issued for a drop, then I will not be detected.
Switching off and connecting to the base station is also logged. In this way, you can track whether the primary phone number is turned on and off, as well as the anonymous phone number. For example, a very obvious situation will occur if the logs show that a fake phone was used immediately after the real phone was turned off. Such actions, judging by the logs, were repeated several times. This way, you can determine the real owner.

#4: Using different SIM cards will allow me to resolve all issues with anonymity.
First, if we are talking about different SIM cards, then you also need to use devices with different IMEIs. After all, if this condition is not met, then it all comes down to just searching for a specific IMEI. Again, the nearest other phone numbers, receiving a printout of calls and contacts, allows you to get to services or other subscribers who were nearby, and then to the real owner.

#5: When your phone is turned off, it can transmit coordinates. To avoid this, remove the battery. Phones with built-in non-removable batteries appeared at the request of the special services.
Another myth that is shown in hundreds of movies. In fact, after the phone is turned off, it does not interact with the base stations in any way. The situation is similar if you switch your phone to airplane mode. At this point, all receivers and transmitters are turned off. Another issue is that the operator still has the data and locations of the last calls. And if you have been calling from the same place for 10 years, and then suddenly decided to turn off the phone and remove the battery, then this will not help in any way.

How do special services work?
Special services in normal mode can get information about which devices and SIM cards are located in the area under consideration without a request to the operators. A sample of a month or a couple of weeks will allow you to filter out local residents, those who are constantly in the area. Even at the sampling stage, you can analyze the information and get the full name of the owner or the immediate environment through which you can deanonymize the suspect. So most of the options are cut off and only "potential" ones remain.

There are various possible options, but one of the technical possible ones is this. A task force with a manual direction finder is moved to the location of the cell where the suspect's phone is located. This is a simple radio receiver with an arrow that shows the signal strength and an antenna in the shape of the letter H, letter W, tricky tube or hyperbolic / parabolic dish (often several antennas are included for different operating conditions). The base station has information about the exact frequency that the desired device is currently operating on.

How much do lookup services cost on forums?
The range of services on the forums is quite large. There are also quite a few sellers who provide such services. There is a choice among all popular operators. The only thing that is different is the price. For example, the cheapest price list for Beeline services. The largest price list for Yota services. This is a small favor for subscribers of this operator.

It is important to understand about location detection. It all depends on the number of BS around. If there are 5-6 of them, then the signal can be received up to the level of the entrance or house. The distance to each BS allows you to accurately determine the location of the subscriber. If 1-2, then the approximate location will be around 100-200 meters.

Conclusion
Mobile operators have a huge amount of information about their subscribers. You can easily buy it on shady forums. Thus, you will receive information about your movement, contact numbers, SMS messages, turning the device on and off, as well as other information. This is a big leak, which can lead to de-anonymization and obtaining a sufficient amount of information about the subscriber.
 
You must log in or register to reply here.

Similar threads

Cloned Boy
How the secret services are watching you
Replies
0
Views
396
Cloned Boy
Cloned Boy
Mutt
Is Telegram Spying on You? The Truth About Anonymity and How to Protect Your Data!
Replies
0
Views
337
Mutt
Mutt
Man
How to Catch Criminals Using Phones
Replies
0
Views
251
Man
Man
Cloned Boy
HOW WE ARE SURVEILLED: Calls, WhatsApp, Telegram, apps, cameras on the street
Replies
0
Views
385
Cloned Boy
Cloned Boy
Cloned Boy
Your phone is spying on you! How does the FSB conduct surveillance?
Replies
0
Views
402
Cloned Boy
Cloned Boy
Back
Top