DHS Says Rogue Stingrays Are In Use In Washington, DC; Also Says It Hasn't Done Anything About It

from the plotting-a-course-for-too-little,-too-late dept

In 2014, security researchers discovered a number of cell tower spoofers in operation in the DC area. Some may have been linked to US government agencies, but there was a good chance some were operated by foreign entities. This discovery was published and a whole lot of nothing happened.

Three years later, Senator Ron Wyden followed up on the issue. He sent a letter to the DHS asking if it was aware of these rogue Stingray-type devices and what is was doing about it. As was noted in the letter, the FCC had opened an inquiry into the matter, but nothing had ever come of it. As the agency tasked directly with defending the security of the homeland, Wyden wanted to know if anyone at the DHS was looking into the unidentified cell tower spoofers.

The DHS has responded to Wyden's queries, as the Associated Press reports. But a response is not the same as actual answers. The DHS appears to have very few of those.

The agency’s response, obtained by The Associated Press from Wyden’s office, suggests little has been done about such equipment, known popularly as Stingrays after a brand common among U.S. police departments. The Federal Communications Commission, which regulates the nation’s airwaves, formed a task force on the subject four years ago, but it never produced a report and no longer meets regularly.

The DHS pointed out that its own investigation, which detected several devices during a 90-day trial using ESD America equipment, had dead-ended, supposedly because of a lack of funding

[Christopher] Krebs, the top official in the department’s National Protection and Programs Directorate, noted in the letter that DHS lacks the equipment and funding to detect Stingrays even though their use by foreign governments “may threaten U.S. national and economic security.”

The answers [PDF] are all of the "we saw something and said something" variety. Fine for what it is, but does nothing to move things forward. Whatever "anomalous activity" the DHS saw during its trial was passed on to other agencies, which have not forwarded anything to Wyden or numerous Congressional committees concerned with national security, airwave regulation, and oversight.

According to the AP report, security experts are pretty sure every foreign embassy has a cell tower spoofer in use. Whether they limit themselves to call data -- as our government agencies do -- is another matter. Stingray devices are capable of intercepting communications and deploying malware. Since embassies function as tiny foreign countries on host's soil, there's a good chance those deploying cell tower spoofers aren't all that concerned with following US law when putting these to use.

Unfortunately, we're no closer to solid answers than we were last winter… or, indeed, four years ago, when the initial report triggered an FCC investigation. Of course, we may never get to see the full answer. One possible reason for this lack of investigatory movement is this practice isn't limited to foreign entities in the US. We absolutely deploy the same hardware in any country we have an embassy, in addition to all the countries in which we maintain a military presence. No one wants to talk about our own actions overseas, much less possibly expose local law enforcement's routine use of Stingray devices. For now, all we have is a tepid admission that Stingrays our government doesn't own are in operation in Washington, DC. But that's all we need to know, apparently. Unfortunately, that's possibly all our national security oversight entities know either.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: dhs, imsi catcher, ron wyden, stingray, surveillance, washington dc

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    ECA (profile), 5 Apr 2018 @ 11:12am

    A couple points in this..

    1 in the idea of 'man in the middle' attacks, they receive the signal but dont resend it..which is EASY, as a radio signal goes EVERYWHERE,, its not a straight line..
    2. YOU phone is NOT encoded After it sends a signal..really it isnt.. There is no button to ENCODE on your phone.. And if you had this ability the amount of time needed to ENCODE, SEND, DECODE would make this a long phone call. There is compression After it gets to the Celltower, but there isnt Much from the Phone to the Tower.
    3. Spoofing, and Receiving and SENDING a signal, is a neat trick,but also allows OTHERS to track the signal you are sending.. Once you know allthe Cell towers signals in an area, you can pickup and Notice any Different signals..\

    So why is this so hard, unless the Vehicle is moving around, and you need a few police cars to track it??

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.