Crocodile Hunter

Crocodile Hunter is a project developed by Electronic Frontier Foundation (EFF) whose objective is to propose a workflow to detect IMSI-Catchers operating on 4G / LTE networks. Some of the premises of this project are:

1. Collect the messages transmitted by the cellular antennas to analyze them, infer the antennas’ geographical location, and review any other irregular activity.

2. Improve the sensor analysis coverage and quality through a portable design, enabling its use by people inside small vehicles or even walking.

3. Analyze irregular antennas within the same device, requiring considerable computing power but making the monitoring and coverage adjustment process more flexible.

Methodology

Depending on the local context, and with the help of either collaborators or LCOs (Local Coordinating Organizations) in Latin America, we have put into practice what the Crocodile Hunter project team of the Electronic Frontier Foundation has previously tested experimentally in cities from the USA.

In an approximate period ranging from 60 to 90 days, the local coordinating organizations collected data by touring their city after following these steps:

1. Acquire a computer with a Linux operating system.

2. Purchase a radio with 4G / LT monitoring capabilities.

3. Purchase a GPS unit.

For greater portability, a variant is proposed that uses a Raspberry Pi 4 to host the sensor software.

Figure 1 Sensor configuration built for the Crocodile Hunter project

Note: In the sensor configuration using Raspberry Pi as a computer to run the Crocodile Hunter code, a variant can be considered in which a power bank replaces the charger with a USB-C cable or even a 12V car adapter to USB with whatever cable is necessary to power the Raspberry Pi through the USB-C port.

¿How does it work?

The Crocodile Hunter sensor collects raw data from the antennas. It is worth mentioning:

1. The mobile provider identification.
2. The country of operation.
3. The signal strength data.

With this information, some anomalies are searched, such as unknown countries or operation providers in the area, unknown antennas by cellular network data collection services, or contradictions in the location of the antennas (located in places far from what is expected or that “change” position in time).

Recently, support has been added to send the collected information to a central server to aggregate data from several sensors and improve the data’s quality. There is coverage made by several devices or sensors in the same geographical area.

For more information about Crocodile Hunter, we can visit the official repository. To understand how its creators propose the operation of telephone surveillance technologies using IMSI-Catchers, we can also consult the publication Gotta Catch ‘Em All.