Hold the phone: Mystery fake cell towers spotted slurping comms around Washington DC

US Homeland Security says it detected 'anomalous' spy kit

The US Department of Homeland Security (DHS) says it has detected strange fake cellphone towers – known as IMSI catchers – in America's capital.

These devices, which can masquerade as real phone masts to track people's movements and potentially eavesdrop on calls and texts, represent a real and growing security risk, the agency said.

And whoever is operating them in Washington DC is, we're told, a mystery to Uncle Sam's g-men.

DHS official Christopher Krebs dropped this mild bombshell in a a March 26 letter sent to Senator Ron Wyden (D-OR), a memo that was made public this week.

On November 17 last year, Wyden sent several questions to Homeland Security about whether it had any evidence of foreign IMSI catchers operating in the Washington DC area.

International Mobile Subscriber Identity (IMSI) catchers, such as Harris Corporation's StingRay, are devices that pretend to be cell towers in order to collect device identifiers (metadata) and potentially communication data – some devices can force phones to downgrade to 2G mode to make content interception easier. Security researchers have demonstrated that texts and calls can be collected using this type of gear.

They're used around the country by the cops and Feds, but concern has been growing that they're also used for eavesdropping by foreign spies, private miscreants, and other malicious parties.


In answer to Wyden's query, the DHS said its National Protections and Programs Directorate (NPPD) "has observed anomalous activity in the National Capital that appears to be consistent with International Mobile Subscriber Identity (IMSI) catchers."

But beyond that, NPPD hasn't yet identified specific devices nor attributed their use to specific entities. The agency says it has made other federal agencies aware of its findings.

The Federal Communications Commission has been aware of the issue since at least 2014 when it formed a task force to crack down on unauthorized use of cell tower simulators. The escalating concerns about unknown parties eavesdropping on public and government communications suggest the FCC inquiry hasn't accomplished much.

Senator Wyden also asked whether the DHS has the capability to detect 4G/LTE IMSI catchers, capable of surveilling recent model phones.

The NPPD responded that it's not aware how it would detect such technology and that if detection tech exists, the DHS would require funding for software, hardware, and personnel to do so.

According to the American Civil Liberties Union, 73 agencies in 25 states and the District of Columbia own IMSI catchers, though the advocacy organization suggests the devices may be more widespread because government agencies often conceal such purchases.

As for the number of devices operated by foreign spies and the like, that's still being worked out. ®

Similar topics

Other stories you might like

  • It's the flu season – FluBot, that is: Surge of info-stealing Android malware detected

    And a bunch of bank-account-raiding trojans also identified

    FluBot, a family of Android malware, is circulating again via SMS messaging, according to authorities in Finland.

    The Nordic country's National Cyber Security Center (NCSC-FI) lately warned that scam messages written in Finnish are being sent in the hope that recipients will click the included link to a website that requests permission to install an application that's malicious.

    "The messages are written in Finnish," the NCSC-FI explained. "They are written without Scandinavian letters (å, ä and ö) and include, for example, the characters +, /, &, % and @ in illogical places in the text to make it more difficult for telecommunications operators to filter the messages. The theme of the text may be that the recipient has received a voicemail message or a message from their mobile operator."

    Continue reading
  • AsmREPL: Wing your way through x86-64 assembly language

    Assemblers unite

    Ruby developer and internet japester Aaron Patterson has published a REPL for 64-bit x86 assembly language, enabling interactive coding in the lowest-level language of all.

    REPL stands for "read-evaluate-print loop", and REPLs were first seen in Lisp development environments such as Lisp Machines. They allow incremental development: programmers can write code on the fly, entering expressions or blocks of code, having them evaluated – executed – immediately, and the results printed out. This was viable because of the way Lisp blurred the lines between interpreted and compiled languages; these days, they're a standard feature of most scripting languages.

    Patterson has previously offered ground-breaking developer productivity enhancements such as an analogue terminal bell and performance-enhancing firmware for the Stack Overflow keyboard. This only has Ctrl, C, and V keys for extra-easy copy-pasting, but Patterson's firmware removes the tedious need to hold control.

    Continue reading
  • Microsoft adds Buy Now, Pay Later financing option to Edge – and everyone hates it

    There's always Use Another Browser

    As the festive season approaches, Microsoft has decided to add "Buy Now, Pay Later" financing options to its Edge browser in the US.

    The feature turned up in recent weeks, first in beta and canary before it was made available "by default" to all users of Microsoft Edge version 96.

    The Buy Now Pay Later (BNPL) option pops up at the browser level (rather than on checkout at an ecommerce site) and permits users to split any purchase between $35 and $1,000 made via Edge into four instalments spread over six weeks.

    Continue reading

Biting the hand that feeds IT © 1998–2021