Have you ever wondered how much mobile networks differ in the accuracy with which they can determine your location? Or whether the police can get an archive of your old SMS messages from your telco? Now you can learn facts like these from a manual written by the US Federal Bureau of Investigations (FBI). Their 139-page Cellular Analysis & Geo-Location Field Resource Guide has been leaked to a website that specializes in ‘liberating government documents’. Presumably the FBI cannot complain too much, because they marked the document as unclassified, which makes me believe the FBI should rethink their standards. Much of the information would be useful to sophisticated criminals wanting to understand how to evade detection. I also dread to think of the consequences if somebody fooled a telco into sharing data by using the guide to mimic requests issued by the FBI.
The document was written for the FBI’s Cellular Analysis Survey Team (CAST) in March 2019. I would be surprised if very much of the detail about US networks has changed in the interim, even with the advent of 5G, though readers should be mindful that T-Mobile and Sprint were separate businesses when the guide was written. The FBI staff associated with CAST is smaller than you might think, with five Supervisory Special Agents based at headquarters and 15 Special Agents embedded in other field offices. A further 50 agents around the USA have been certified as competent to give testimony on the use of telecoms network data. From the guide we can glean the following juicy information:
- The FBI routinely asks for 60 days of CDRs in order to analyze the user’s typical behavior and movements.
- Verizon can only grant access to a subscriber’s voicemails by changing the user passcode, as would be noticed by the subscriber. Other networks can share voicemails without alerting the target.
- Verizon is best able to share the content of text messages, having stored every SMS sent during the last 7 days. T-Mobile cannot share the content of any SMS messages sent on its network.
- T-Mobile and AT&T generally provide the best information about a phone’s location.
- If you wanted all records for all activity pertaining to a particular base station, then Sprint provides the longest history, at 18 months, whilst AT&T offers the shortest, at just 60 days.
- AT&T can provide CDRs for wearables.
- FBI agents are warned that Google will notify its users of any FBI information requests except for a few special cases.
- Example CDR reports included in the guide usually redact a few digits from phone numbers, IMEIs etc, but at least one suspect’s MSISDN was reproduced in full.
- The FBI does a lot of their CDR analysis in Excel.
Checking the content of the document also led me to learn another telling fact: the law enforcement portal containing maps of base stations and other valuable data uses SMS messages for two-factor authentication, despite the FBI recommending that businesses should consider using more robust factors than SMS.
The FBI’s Cellular Analysis & Geo-Location Field Resource Guide can be found on the website of Property of the People; click here to read or download.