Senator Wyden Asks DHS To Look Into Cell Tower Spoofer Use By Foreign Entities In Washington DC
from the why-hasn't-the-homeland-security-agency-looked-into-this-already? dept
A few years back, news broke about the apparent existence of stationary cell tower spoofers in the Washington DC area. While some could conceivably have been operated by local law enforcement, the location of the fake cell towers suggested they might be the work of foreign actors.
Continuing a sort of cross-country tour to detect phony cell towers, also known as interceptors or IMSI catchers, researchers associated with the security firm ESD America have detected 15 of the covert devices in Washington D.C., plus three more in nearby Virginia.
The company used their ultrasecure CryptoPhone 500 to search for the interceptors, which can compromise phones through baseband hardware and are believed to have a range of roughly 1 mile. ESD America’s phones allegedly detected telltale signs of call interception in the vicinity of the White House, the Russian Embassy, the Supreme Court, the Department of Commerce, and the Russell Senate Office Building, among other landmark buildings.
Since then, not much has changed. Or if it has, no updates have been issued. Apparently, the fake cell towers are still there and in use, unmolested by local law enforcement or federal agencies. Ron Wyden would like someone to do something about it and has sent a letter [PDF] to DHS Under Secretary Christopher Krebs, asking the agency to look into it.
In 2014, security researchers reported that they detected a number of IMSI catchers in the National Capital Region, which they suggested may have been operated by foreign governments. The Federal Communications Commission (FCC) subsequently established a task force to investigate the threat posed by foreign governments and criminals using IMSI catcher technology. Unfortunately, the FCC has yet to issue any public findings or guidance since then.
Whether foreign intelligence services and criminals are using IMSI catchers to spy on senior members of the US. government is undoubtedly a question worth answering. Foreign government surveillance of senior American political and business leaders would obviously pose a significant threat to our country’s national and economic security.
Wyden would like to know if the DHS has seen any firsthand evidence of these tower spoofers and if it has provided any of this info to Congressional committees. He also wants to know if the DHS has the technology to detect and locate these IMSI catchers and, if not, wants to know what it needs to begin the hunt for foreign surveillance devices.
Certainly the DHS has the tech to do its own cell tower spoofing. A recent FOIA request by Buzzfeed found the DHS has been deploying Stingray devices about once a day for the last three years. A cell tower spoofer isn’t the best tool for detecting other cell tower spoofers, but it could turn into a DC-based Spy vs. Spy operation, with the DHS running its equipment to locate
competitors’ foreign-owned equipment, with the inherent escalation that scenario implies.
The thing about cell tower spoofers is they can be used to intercept communications. That functionality is available, although we have yet to see (acknowledged) use of Stingray devices to eavesdrop here in the US. The tacit agreement to limit Stingray use to locating cell phones is not without its own issues, but there’s no agreement, unspoken or otherwise, limiting foreign entities from intercepting phones calls and text messages with their devices. (Undoubtedly, any cell tower “listening posts” deployed by the US in other countries would be similarly unaffected by voluntary limitations on domestic deployment.)
If answers are given to Wyden, it’s highly doubtful we’ll see them. US agencies are still completely uncomfortable discussing their own tower spoofers. Evidence of communications interception by foreign agencies will likely be buried under black ink and discussed behind closed doors.