Comment by jacquesm
5 months ago
Sure, so now you are at the front door of a quad of four 300 apartment highrises. What is your next move?
5 months ago
Sure, so now you are at the front door of a quad of four 300 apartment highrises. What is your next move?
A portable spectrum analyzer. A high concentration of phones like this would light up the spectrum when used with a directional wand.
Portable spectrum analyzers are regularly used to identify interference in urban environments. Even a damaged cable coax line on the street can interfere with cellular signals.
With 5g and beamforming and mimo and decent bts software(Ericsson or Hua) you can pinpoint the given phone very accurately (within 20m in urban settings) - without any triangulation, as you know the cell tower sector :) Guess what: you can also measure the azimuth within 0.1 degree, so you could have SOME data at where to look.
FYI: That was available back in 2022 as standard. Now it could be even better. :P
I've already narrowed it down to four buildings for you, so we can consider that all of those methods worked. What is your next move?
I'm not saying it can't be done, clearly it can be done otherwise this article wouldn't exist. But it is not quite as easy as pointing a magic wand (aka an antenna) at a highrise and saying '14th floor, apartment on the North-West corner', though that would obviously make for good cinema.
> I've already narrowed it down to four buildings for you, so we can consider that all of those methods worked. What is your next move?
Subpoena the power, water & gas company, and look at apartments that have unusual power usage, coupled with almost zero water & gas usage. Especially look at apartments that don't have a spike in power usage in the morning & evening that corresponds to people having a regular commute.
I'm not sure how much power this equipment draws at idle - I'm assuming it's more idle at night, no need to send scammy SMS messages at 3am Eastern - but I'd wager you could track that.
Granted, it's not fast, but depending on how quickly the companies bend over backward for such a request & how good your interns are at using Excel, you might be able to get this done before sundown.
1 reply →
There used to be a thing called Waterwitch in the NSA ANT catalog. Would that help?
1 reply →
If even a fraction of those antennas are transmitting at any given time, which you can arrange simply by having the network poll them, all you need to do is wander up and down the hall with a TinySA or something similar. It will be almost ridiculously obvious where all the RF racket is coming from.
Even before doing that, a handheld Yagi in the parking lot will easily narrow it down to a couple of floors in a specific quadrant of the building.
Kill the power and see what happens