Bounty Hunters Can Get Phone Locations for $300

AlphaAtlas

[H]ard|Gawd
Staff member
Joined
Mar 3, 2018
Messages
1,713
Motherboard just posted an article claiming that T-Mobile, Sprint, and AT&T are selling customer data that ultimately allows individuals to geolocate U.S. phones with nothing but a phone number. Journalist Joseph Cox gave a phone number and $300 to a "bounty hunter," and quickly got a Google Maps screenshot with a relatively accurate location of the phone back. Apparently, major telecommunication providers are selling geolocation "services" to a number of private companies. and those services end up being resold on the black market without their knowledge.

The bounty hunter did this all without deploying a hacking tool or having any previous knowledge of the phone's whereabouts. Instead, the tracking tool relies on real-time location data sold to bounty hunters that ultimately originated from the telcos themselves, including T-Mobile, AT&T, and Sprint, a Motherboard investigation has found. These surveillance capabilities are sometimes sold through word-of-mouth networks.... In the case of the phone we tracked, six different entities had potential access to the phone's data. T-Mobile shares location data with an aggregator called Zumigo, which shares information with Microbilt. Microbilt shared that data with a customer using its mobile phone tracking product. The bounty hunter then shared this information with a bail industry source, who shared it with Motherboard.
 
It doesn't even have to come from the providers. Companies that have people using apps with location services turned on could, or will be doing the same thing. It's not as sure a thing as getting the data directly from the providers, but if you aggregate the data from enough location based apps, it'll add up to a lot.


That gives me an idea ...... I should set up an app/service that acts as a location proxy. Your cell phones network/app based data goes through my service and I wash out your location data and replace it with conflicting data to spoof a false location.

Let's see how this works, your app sends it's location out, but I intercept it, I keep your location data but wrap it in a fictitious identity which is based to the app service, the app service returns the information related to the valid location data, which I reassemble properly to send back to you. It looks clean when you get it. Then I resend new requests to the app service with your real identity and a false location just to muddy the waters.

Something along those lines might work.
 
It doesn't even have to come from the providers. Companies that have people using apps with location services turned on could, or will be doing the same thing. It's not as sure a thing as getting the data directly from the providers, but if you aggregate the data from enough location based apps, it'll add up to a lot.


That gives me an idea ...... I should set up an app/service that acts as a location proxy. Your cell phones network/app based data goes through my service and I wash out your location data and replace it with conflicting data to spoof a false location.

Let's see how this works, your app sends it's location out, but I intercept it, I keep your location data but wrap it in a fictitious identity which is based to the app service, the app service returns the information related to the valid location data, which I reassemble properly to send back to you. It looks clean when you get it. Then I resend new requests to the app service with your real identity and a false location just to muddy the waters.

Something along those lines might work.

Not sure that would work on Android/iOS without root access. VPN apps on Android seem to struggle with that too.

There is some kind of geolocation spoofing option in Android's developer options though, IIRC.
 
It doesn't even have to come from the providers. Companies that have people using apps with location services turned on could, or will be doing the same thing. It's not as sure a thing as getting the data directly from the providers, but if you aggregate the data from enough location based apps, it'll add up to a lot.


That gives me an idea ...... I should set up an app/service that acts as a location proxy. Your cell phones network/app based data goes through my service and I wash out your location data and replace it with conflicting data to spoof a false location.

Let's see how this works, your app sends it's location out, but I intercept it, I keep your location data but wrap it in a fictitious identity which is based to the app service, the app service returns the information related to the valid location data, which I reassemble properly to send back to you. It looks clean when you get it. Then I resend new requests to the app service with your real identity and a false location just to muddy the waters.

Something along those lines might work.


Something like this actually exists, for Android users. There are several spoofers that handle location info and can feed that info to other apps etc. Most either replace the data with nothing (as if the app had no location data to provide), some allow you to put in a fixed location, and others intentionally misreport randomly with lots of garbage -though appearing viable, depending on heuristic selection - data simply to clutter things up. The most reputable and performant are all open source so you can be sure there isn't some intermediary who's just slurping down your data along the way. Some functionality can be done without rooting through the use of a local app that sets itself up as a VPN (similar to ad-blocking tools like Blokada), but if you are rooted you have much more power and control.

Regardless of the technical feasibility, this just proves we need tough regulations on the telecoms themselves who once again prove themselves incapable of acting for the users' benefit, but also on all the secondary and tertiary companies that accrue, analyze, and sell this data or services. This should also be the case for all location data gleaned by phone apps or other services, but we need to make sure to specifically clip the wings of the telecom providers so they cannot share customer information for ANY reason, aside from a legitimate and public court order. What apps are allowed to do/keep/sell/use in the first place needs a total rework from the ground up, but at least you can tell people can avoid using certain or even most apps if they wish. If your mobile telecom is tracking you via SIM and tower triangulation on their hardware for instance, there's no way to get around that and still use a mobile device at all.
 
This is why I laugh about Apple touting how secure it is... even if you want to believe that, Apple isn't the only thing that's giving away all your information.
 
Something like this actually exists, for Android users. There are several spoofers that handle location info and can feed that info to other apps etc. Most either replace the data with nothing (as if the app had no location data to provide), some allow you to put in a fixed location, and others intentionally misreport randomly with lots of garbage -though appearing viable, depending on heuristic selection - data simply to clutter things up. The most reputable and performant are all open source so you can be sure there isn't some intermediary who's just slurping down your data along the way. Some functionality can be done without rooting through the use of a local app that sets itself up as a VPN (similar to ad-blocking tools like Blokada), but if you are rooted you have much more power and control.

Regardless of the technical feasibility, this just proves we need tough regulations on the telecoms themselves who once again prove themselves incapable of acting for the users' benefit, but also on all the secondary and tertiary companies that accrue, analyze, and sell this data or services. This should also be the case for all location data gleaned by phone apps or other services, but we need to make sure to specifically clip the wings of the telecom providers so they cannot share customer information for ANY reason, aside from a legitimate and public court order. What apps are allowed to do/keep/sell/use in the first place needs a total rework from the ground up, but at least you can tell people can avoid using certain or even most apps if they wish. If your mobile telecom is tracking you via SIM and tower triangulation on their hardware for instance, there's no way to get around that and still use a mobile device at all.


Well, the Federal Trade Act and the Federal Communications Act and probably the Federal Online Privacy Act all need a solid rewrite.

But that's not going to happen because the current majority of the House is too damned busy trying to stop the President from building that wall.

On a bright note, Federal Revenues are up due to lower spending.
 
well, well, uh i mean what do you got to hide? im not doing anything illegal, i dont care!
nothingToHide.jpg
 
This ought to be illegal without a warrant.

You didn't read the article did you? The issue isn't the bondsman who do have a legal right to track people down...it is the bondsman who are abusing their privldeges for personal profit. This is no different than a cop using is squad car to get around waiting for a red right.
 
You didn't read the article did you? The issue isn't the bondsman who do have a legal right to track people down...it is the bondsman who are abusing their privldeges for personal profit. This is no different than a cop using is squad car to get around waiting for a red right.

The whole bond system is so completely fucked up, abused and uncontrolled that the whole thing should just be gotten rid of.

No one but an actual officer of the peace should ever hunt down and arrest someone. Police? FBI? U.S. Marshall service? Sure.

Bounty hunters? Fuck em. A manhunt with a profit incentive ought to be illegal.
 
I agree with that as well, and the simple removal of cash bond (of which many nations and many learned individuals and organizations have found through study is a flawed, harmful system in and of itself and has no business in any society seeking justice; no more than debtors prisons of old) will eliminate the need for the entire unnecessary, exploitative ecosystems that spring up in its wake and thus their abuses as well.

However, the real crux of the issue is that the telecoms and/or app location data was shared in the first place to the point it could be acquired by many layers of others, including the bondsman. Even if we for the sake of argument accept the idea of the bondsman/bounty hunter, if the data was curated properly it should have not been available on some 3rd party for pay service. Rather, they would have gone to a court, shown their license and reason to be working on this particular case, and then validated to be read in on whatever data was lawfully attained from the filed warrant.
 
I had a long time friend that started working for an Israeli (surprise, surprise) company that poses for a virtual operator (mvno) to get into the global network, but actually specializes in finding and tracking people all over the planet. Several months after he got the gig, he started bragging how he managed to get from a few hundred thousands people to millions in just a few months.

I am no longer friends with this person.
 
Handy to know. If you go on the run, leave your phone behind.

Must admit I'm aware that I would at least turn mine off but does it still 'ping' even if switched off?
 
The whole bond system is so completely fucked up, abused and uncontrolled that the whole thing should just be gotten rid of.

No one but an actual officer of the peace should ever hunt down and arrest someone. Police? FBI? U.S. Marshall service? Sure.

Bounty hunters? Fuck em. A manhunt with a profit incentive ought to be illegal.

You aren't being honest. Cops are paid bounty hunters as well, they just paid if they only do their job "half right" or "not at all". Cops aren't all perfect either..there are shit bags there too. So lets use your logic and throw them out as well, who needs cops. As for throwing out the whole bond system that is equally as foolish. At that point you have two choices either let everyone out on their own recognizance or nobody out if we are being as black/white with your logic. Stay angry...it works well at doing nothing at all.
 
Well, the Federal Trade Act and the Federal Communications Act and probably the Federal Online Privacy Act all need a solid rewrite.

But that's not going to happen because the current majority of the House is too damned busy trying to stop the President from building that wall.

On a bright note, Federal Revenues are up due to lower spending.

Federal revenues have hit record highs every year forever. It has nothing to do with lower spending.

https://taxfoundation.org/federal-tax-revenue-source-1934-2018/
 
Nobody is forcing you to use a cell phone or enable location tracking.
 
Nobody is forcing you to use a cell phone or enable location tracking.

Nobody is forcing you to have a tv or running water either but life really sux without it. Why does it always seem the government is not protecting our privacy and doing nothing or the opposite?
 
Nobody is forcing you to use a cell phone or enable location tracking.

Hey I agree, but there have been articles accusing some of phone manufacturers and software companies of keeping location on when the phone shows it's off. Also, almost every app that uses tracking has some type of built in "feature" to fool the user into turning the tracking back on, and they are relentless about it until the user just finally gives up and agrees.
 
Reducing spending does not increase revenue.
See the post above please.

And when you collect X dollars in taxes and the government shuts down and stops spending as much as was forcast, it means an increase in money because you didn't spend what you collected. But to get back on point, it was a fucking joke ffs.

Why you guys so serious yesterday? Afraid someone's going to sneak up on you and build a wall or something? :ROFLMAO:
 
This kind of terrifies me..I uh..I uh...I may have more than one Ex with some umm lets just call it "issues".
 
You aren't being honest. Cops are paid bounty hunters as well, they just paid if they only do their job "half right" or "not at all". Cops aren't all perfect either..there are shit bags there too. So lets use your logic and throw them out as well, who needs cops. As for throwing out the whole bond system that is equally as foolish. At that point you have two choices either let everyone out on their own recognizance or nobody out if we are being as black/white with your logic. Stay angry...it works well at doing nothing at all.

Cops are not perfect, but at least there is a system of control. They aren't just some guy doing his own thing. They are accountable to the police department, which is accountable to elected officials chosen by the people.

Nothing is perfect. That doesn't mean we should never have anything at all, or should never strive to make anything better.
 
............... A manhunt with a profit incentive ought to be illegal.

I don't know enough about what bounty hunters can and can't do in pursuit of capturing their targets. I don't know what laws regarding privacy, and other rights issues that they can get around that a cop can't, if any. And I don't know what recourse or methods of address a person has against a bounty hunter versus a cop as an agent of the Law and the Government.

I'd have to see these issues laid out side by side with everything on the table to understand if it's fundamentally bad/wrong or if it simply needs reform.
 
See the post above please.

And when you collect X dollars in taxes and the government shuts down and stops spending as much as was forcast, it means an increase in money because you didn't spend what you collected. But to get back on point, it was a fucking joke ffs.

Why you guys so serious yesterday? Afraid someone's going to sneak up on you and build a wall or something? :ROFLMAO:

I just figured you didn't know what the word revenue means.

I do understand what you're getting at though.
 
I just figured you didn't know what the word revenue means.

I do understand what you're getting at though.


I know what the word revenue means, just not that particular in how I use it.

All the moneys "made" by the government is revenue. So if the government isn't spending that revenue, then they have more of it laying around ..... revenue that is.
 
Back
Top