DHS Says Rogue Stingrays Are In Use In Washington, DC; Also Says It Hasn't Done Anything About It
from the plotting-a-course-for-too-little,-too-late dept
In 2014, security researchers discovered a number of cell tower spoofers in operation in the DC area. Some may have been linked to US government agencies, but there was a good chance some were operated by foreign entities. This discovery was published and a whole lot of nothing happened.
Three years later, Senator Ron Wyden followed up on the issue. He sent a letter to the DHS asking if it was aware of these rogue Stingray-type devices and what is was doing about it. As was noted in the letter, the FCC had opened an inquiry into the matter, but nothing had ever come of it. As the agency tasked directly with defending the security of the homeland, Wyden wanted to know if anyone at the DHS was looking into the unidentified cell tower spoofers.
The DHS has responded to Wyden’s queries, as the Associated Press reports. But a response is not the same as actual answers. The DHS appears to have very few of those.
The agency’s response, obtained by The Associated Press from Wyden’s office, suggests little has been done about such equipment, known popularly as Stingrays after a brand common among U.S. police departments. The Federal Communications Commission, which regulates the nation’s airwaves, formed a task force on the subject four years ago, but it never produced a report and no longer meets regularly.
The DHS pointed out that its own investigation, which detected several devices during a 90-day trial using ESD America equipment, had dead-ended, supposedly because of a lack of funding
[Christopher] Krebs, the top official in the department’s National Protection and Programs Directorate, noted in the letter that DHS lacks the equipment and funding to detect Stingrays even though their use by foreign governments “may threaten U.S. national and economic security.”
The answers [PDF] are all of the “we saw something and said something” variety. Fine for what it is, but does nothing to move things forward. Whatever “anomalous activity” the DHS saw during its trial was passed on to other agencies, which have not forwarded anything to Wyden or numerous Congressional committees concerned with national security, airwave regulation, and oversight.
According to the AP report, security experts are pretty sure every foreign embassy has a cell tower spoofer in use. Whether they limit themselves to call data — as our government agencies do — is another matter. Stingray devices are capable of intercepting communications and deploying malware. Since embassies function as tiny foreign countries on host’s soil, there’s a good chance those deploying cell tower spoofers aren’t all that concerned with following US law when putting these to use.
Unfortunately, we’re no closer to solid answers than we were last winter… or, indeed, four years ago, when the initial report triggered an FCC investigation. Of course, we may never get to see the full answer. One possible reason for this lack of investigatory movement is this practice isn’t limited to foreign entities in the US. We absolutely deploy the same hardware in any country we have an embassy, in addition to all the countries in which we maintain a military presence. No one wants to talk about our own actions overseas, much less possibly expose local law enforcement’s routine use of Stingray devices. For now, all we have is a tepid admission that Stingrays our government doesn’t own are in operation in Washington, DC. But that’s all we need to know, apparently. Unfortunately, that’s possibly all our national security oversight entities know either.
Filed Under: dhs, imsi catcher, ron wyden, stingray, surveillance, washington dc
Comments on “DHS Says Rogue Stingrays Are In Use In Washington, DC; Also Says It Hasn't Done Anything About It”
"anomalous activity"! out_of_the_blue's gonna be all over this!
out_of_the_blue just hates anomalies
So, apparently it is not illegal to run Rogue Stingrays.
Can I buy one on Amazon? There are so many things I could do with it.
Re: Re:
One can buy OpenBTS-compatible hardware on Ebay…
If you want a real stingray, you’ll probably want to pretend to be a police department and get in on some government/military-surplus auctions.
Backdoors
Security backdoors used by Our government can be used by every other government on the planet. Something these anti-encryption hawks will never address.
Once Stingray devices became available of course foreign embassies set them up.
Since we don’t really have any checks against their use, nothing is limiting stingray use to embassy grounds – they could put them in cars and drive around the city, who would know?
Since embassies function as tiny foreign countries on host’s soil, there’s a good chance those deploying cell tower spoofers aren’t all that concerned with following US law when putting these to use.
But US law says that it’s perfectly OK to demand data held entirely within a foreign country, and also says that it’s perfectly OK to use stingrays to obtain data. So whether they are concerned with US law or not, they’re still following it.
A couple points in this..
1 in the idea of ‘man in the middle’ attacks, they receive the signal but dont resend it..which is EASY, as a radio signal goes EVERYWHERE,, its not a straight line..
2. YOU phone is NOT encoded After it sends a signal..really it isnt.. There is no button to ENCODE on your phone.. And if you had this ability the amount of time needed to ENCODE, SEND, DECODE would make this a long phone call. There is compression After it gets to the Celltower, but there isnt Much from the Phone to the Tower.
3. Spoofing, and Receiving and SENDING a signal, is a neat trick,but also allows OTHERS to track the signal you are sending.. Once you know allthe Cell towers signals in an area, you can pickup and Notice any Different signals..
So why is this so hard, unless the Vehicle is moving around, and you need a few police cars to track it??
Re: A couple points in this..
Re: Re: A couple points in this..
Digital data needs to be encoded for radio transmission, and modern cellular data is always encrypted. There are 3 known ways to break it:
Those last 2 ways make everyone unsafe, but can in theory be prevented.
So many ways this is sadly funny
I’ll probably miss a few, but –
Re: So many ways this is sadly funny
Sadly, computer security really is this terrible. Look at the security bugs in any software over a year old, then tell me the current software is secure.
Re: Re: So many ways this is sadly funny
Not to mention that infrastructure tends to be older because of expense. Utilities would rather keep it as long as possible until either it becomes something to compete upon or replacing becomes cheaper.
Stingray fowarding
No need to forward if all one is looking for is SS7 stuff.
The call or text may fail, but the user will retry.
But, with 3 stingrays, one can triangulate user location.
I’m sure many have seen call setup fail on their cell phone, but if they move a mile or two, the problem magically disappears.
We have existing technology to solve this. Just make every phone verify an anonymous certificate handshake before allowing a full connection.
The phone should verify that the cell tower they are connected to belongs to their carrier network or roaming-partner.
Re: Re:
On 3G networks, they do. Most phones will fall back to a vulnerable 2G network if 3G is disrupted, and that’s one way stingrays are suspected to work. If your phone lets you turn off 2G, do it. It’s said that newer hardware can break 3G but there’s not a lot of detail. Interested people should grab a software-radio and head to Washington DC.
That makes things harder. Who gets to be a roaming partner, how does the main carrier prevent them doing bad things and how should the key management work?