Confessions of a Professional Hacker: Can the CIA or other Intelligence Agencies Track My Every Move
Welcome back my aspiring cyberwarrior and others interested in cybersecurity!
When people find out I am a professional hacker, one of the most common questions they ask is, "Can the CIA (or other intelligence agency) track my every move?" The short answer is Yes!, they can track your every move if you have a cellphone AND the interested party (CIA or other intelligence agency) has your phone's unique IMEI number.
Let's look at how they do this and what you can do to make their job much harder.
The IMEI or the International Mobile Equipment Identity number is unique to each phone and can not be altered. If the CIA or other intelligence agency knows this number of your phone, they can track your movements by tracking your phone. This number is available to them by subpoena, search warrant or US Patriot Act provisions.
The IMEI is stamped on your phone and when you open the phone you can find it like below.
In addition, you can find the IMEI under settings of your phone. It is different places in different phones, but look for something such as "About Phone" like below.
It is also possible to track a phone and its user by its IMSI (International Mobile Subscriber Identity) number of the phone. Fortunately, this IMSI can be changed out by changing out the SIM (Subscriber Identification Module) card.
IMSI numbers are broadcast by your phone when its sends a beacon to connect to the cell tower. It is possible for anyone with the right equipment to intercept and read those IMSI numbers.
Every time a cell phone attempts to connect, it pings the cell towers in the area to determine which is closest. Every cell phone or other device connecting to the cellular network (such as iPads) does this. Every time a cellphone pings a tower, the phone's IMSI, IMEI numbers as well as the the location of the cell tower is stored in the carrier's database.
By triangulating (multiple towers are used to track the phone's location by measuring the time delay that a signal takes to return back to the towers from the phone) between the pings to the towers in the area, the location of the phone can be determined within 50-500 meters, depending upon the concentration of cell towers. The closer the cell towers are together, such as in an big city, the more precise the data on the location of the phone. In urban areas, your location can be narrowed down to within 50 meters.
Although not a method of tracking but rather of eavesdropping, stingrays are one of the tools intelligence agencies and law enforcement use to listen to cellphones. A stingray is just a compact, mobile cell tower. Law enforcement and intelligence agencies can simply move one into your neighborhood. Your phone will then connect to the closest cell tower. The stingray looks and acts just like a cell tower so you phone connects to it without asking further questions. Once your cell phone connects to the cellular network, the owner of the stingray has access to all the calls and data leaving your phone. For more on stingrays, see my article here.
In the US and other countries (they are banned in the EU), you can buy an inexpensive, limited-feature, pre-paid phone at a local retailer without having to register your name. In this way, it is very difficult for intelligence agencies to connect the phone and its unique IMEI to your identity. To take further precautions, the phone should be purchased with cash so that no credit/debit card trail remains.
When purchasing a burner phone, make certain that you are NOT carrying your other phone with you. Your other phone is tracking all your movements. If you are carrying your that phone, you are creating a record of your visit to the "burner phone" retailer linking you to the purchase and the IMEI of the burner phone thereby frustrating your attempts to remain anonymous.
The CIA, any intelligence agency or law enforcement can track your every move very precisely by tracking the cell towers your phone pings before it connects. All this data is stored in the phone carrier's database and can be accessed by these agencies. The burner phone is probably to best way to frustrate this type of tracking but make certain to take the precautions described above.