Fugitive Recovery Network (FRN)
https://ftp.fugitiverecovery.com/forum/

Cell Pings & Triangulations, how do they work? truth/myths
https://ftp.fugitiverecovery.com/forum/viewtopic.php?f=13&t=13874
Page 1 of 1

Author:  bondkeeper [ Fri 21 Sep 2012 12:27 ]
Post subject:  Cell Pings & Triangulations, how do they work? truth/myths

It seems there is a lot of open discussion here about cellphone pings and triangulation, do they work, how accurate are they etc. I'm going to start with some overview of how it works, it's accuracy level, laws surrounding it etc. and hopefully create a dialog of questions surrounding it. First i'll note that I don't build cellular networks, so there may be portions of this that might be slightly off, but should be a good overview.

What are they?

Due to 911 laws all newer cellphones have GPS's on board, which not only helps with your favorite mapping applications, and fun applications like foursquare etc. but also provides 911 an essential feature. In the case of an emergency they can ping your phone and have the GPS coordinates of your phone reported back to them.

Not all 911 centers have integrated this type of functionality, and the data/service is provided by the cellular carrier of the phone.

In cases where the GPS cannot get a signal, or phones without GPS they have to take the analog approach, most data applications will do this as well when the GPS option is turned off. While you're driving around you are being handed off to new cellphone towers that are within range so that the cellular provider knows which tower to send call data to in order to communicate with your phone.

So your phone is always broadcasting out and locating towers nearby (this is also why your battery dies in low coverage zones, the constant hunt for a tower). The delay of responses from your phone and signal quality can determine how close you are to a given tower, which could cover several square miles. So on analog phones or in cases where the GPS cannot get a signal or is otherwise inoperable it will revert to this, it will try to use 3 towers to triangulate your position. This method is the least accurate.

Even your GPS based on where you are, and it's ability to see any of the 27 GPS satellites (well 24 active, 3 backups) that orbit the earth can make the accuracy very good, or very bad. GPS also works off triangulation

When looking at a GPS coordinate (latitude and longitude), there are a lot of details here i won't step into but time effects the location, as well as how close to one of the poles you are. But for our purposes we'll assume it's the same. The number of decimal places is how accurate the location is. For example no decimal place could be off by up to 111km, 8 decimal places would get you down to within 1mm.

So the coordinates for Tampa, FL are 27.9472° N, 82.4586° W which is accurate up to roughly 11m, but if i were to give you the coordinates 27.94727360° N, 82.45864938° W this is accurate down to the mm. I wouldn't bother mapping these, the tampa one i looked up, but the detailed one is just made up somewhere in tampa :)

Who can do them?
This information has to be obtained from the cellphone carrier of the phone being pinged, and requires a warrant, or 911. Previously there were services that offered this that purchased the data from the cellphone carriers, and resold it, but H.R. 4709 The Telephone Records and Privacy Protection Act of 2006 was signed by President Bush in January 2007 making the sale, transfer, and even possession of this type of information illegal.

There are also a number of other bills limiting the scope that even law enforcement can use this data, and the need for a warrant. Senate Bill 1212, the Geolocation Privacy and Surveillance (GPS) Act being one of them.

Other methods?
Well many times posting tweets, facebook messages, or even taking pictures on your mobile device can include geographical locations if enabled by the user. Android phones you could build your own app that reports back a location when asked, or notifies you if the defendant crosses a boundary, but this would be something they'd voluntarily place on their phone and enable, or that you'd have to extract from the images, unless the site shows you the metadata.

But what about all the sites selling ping services?
To be honest, I don't know what data it is that they are selling, being that it's illegal to do so, and you cannot get the data from the cellular provider without being law enforcement, and obtaining a warrant. It's quite possible that some of these companies are frauds, it's possible they are selling stale data, it's possible they have law enforcement connections, it's even possible they pay big bucks to cellular providers to break laws.

What does this all mean for me?
Well, it means that if you're hunting for cellphone ping services you're probably likely to be defrauded, either by it being a scam, or being sold stale data. I've never heard of anyone having good experiences with these. If the company is getting up to date information, they are probably doing it illegally, or through some legal loophole that will soon be closed.

If any of you know of another way, or state laws, or loopholes that still allow for the sale of this type of information please let me know, i'd be happy to redact some of my statements, but to the best of my knowledge there is no legal way to obtain this data without being law enforcement and having a warrant, or the defendant voluntarily placing an application on their phone.

Author:  SnoWolf [ Fri 21 Sep 2012 16:23 ]
Post subject:  Re: Cell Pings & Triangulations, how do they work? truth/myt

Great information. Thank you.

Author:  Reinere [ Fri 21 Sep 2012 20:38 ]
Post subject:  Re: Cell Pings & Triangulations, how do they work? truth/myt

This should be put in faq, very useful info. Thanks alot.

Btw Erik, you know much about metadata?

Author:  bondkeeper [ Fri 21 Sep 2012 21:55 ]
Post subject:  Re: Cell Pings & Triangulations, how do they work? truth/myt

Yeah, metadata itself is a pretty generic term in the computer fields, it just refers to data to describe other data. When used in terms of uploaded photos etc. What i'm referring to is actually the EXIF data contained within the image.

There is a portion of the file itself that can store data, for example the jpg/jpeg format has application segments. Most cameras store additional data in the EXIF format in this location, it contains various additional metadata about the image, date/time it was taken, geolocation attributes, exposure time etc. There are various pieces of software that will allow you to look at this data.

A note about this though is some sites that host images will strip these segments before storing the file because they are not needed to render the image.

Other fun stuff inside images
Another fun note is, these segments of the image format can be used for Steganography, you could hide additional files, or encrypted messages within this area, and send a friend a file, and unless they are told, or use software to view these segments they'd never know it's there. Another common way people tackle steganography in images is by actually hiding it within the pixels of the image itself.

I won't go too much into binary logic etc, but most people when they talk low level tech refer to 1's and 0's, well that's because much of the underlying logic is done in binary, or base 2, we use the base 10 number system daily. You can checkout google/wikipedia for more info on binary/base2. But i'm going to generalize to help give you an idea how it works.

The least significant bit(s) of the image are changed, to hold the data itself, and because these are not the significant ones used for the color it's hardly noticeable in the color etc of the picture, and to extract it the program on the decryption side just removes all but these bits.

What do I mean by least significant bit, well in terms of base10 which we use. if you were to have $10,000,025 in the bank you would probably just tell me $10 million. At this level the $25 makes no difference, it's hardly noticeable. This is an over generalization for an easier explanation. In binary the least significant bit actually determines if the number is even/odd.

So in terms of the image, if i were to change the last couple bits of a pixel it might adjust the color very slightly, but not enough to be noticed.

Author:  Reinere [ Sat 22 Sep 2012 00:37 ]
Post subject:  Re: Cell Pings & Triangulations, how do they work? truth/myt

ahh, EXIF data. Now its all making sense.

I was thinking "what the hell would metadata have to do with this?" as my idea of metadata is purely web based.

I have extracted EXIF from photo's before to get the location the picture was taken.

I have yet to actually implement this as I have not been in the field yet.

But thank you for the explanation.

Author:  bondkeeper [ Sat 22 Sep 2012 06:15 ]
Post subject:  Re: Cell Pings & Triangulations, how do they work? truth/myt

Yeah, I've been in the web space of programming for a long time, metadata is commonly used in the web. Through various meta tags at the top of the page for browsers/search engines to inspect, as well as microdata within the content itself, that other sites/applications can extract and use, like contact information.

Page 1 of 1 All times are UTC - 8 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/