For the first time, the US government has publicly acknowledged the existence in Washington of what appear to be rogue devices that foreign spies and criminals could be using to track individual mobile phones and intercept calls and messages.
The use of what are known as mobile phone-site simulators by foreign powers has long been a concern, but American intelligence and law enforcement agencies — which use such eavesdropping equipment themselves — have been silent on the issue until now.
In a March 26 letter to Oregon Senator Ron Wyden, the Department of Homeland Security (DHS) acknowledged that last year it identified suspected unauthorised mobile-site simulators in the nation’s capital.
The agency said it had not determined the type of devices in use or who might have been operating them. Nor did it say how many it detected or where.
The devices work by tricking mobile devices into locking onto them instead of legitimate cell towers, revealing the exact location of a particular phone. More sophisticated versions can eavesdrop on calls by forcing phones to step down to older, unencrypted 2G wireless technology. Some attempt to plant malware.
They can cost anywhere from $US1000 to about $US200,000. They are commonly the size of a briefcase; some are as small as a mobile phone. They can be placed in a car next to a government building. The most powerful can be deployed in low-flying aircraft.
Thousands of members of the military, the NSA, the CIA, the FBI and the rest of the national-security apparatus live and work in the Washington area. The surveillance-savvy among them encrypt their phone and data communications and employ electronic countermeasures. But unsuspecting citizens could fall prey.
Wyden, a Democrat, wrote to the DHS in November requesting information about unauthorised use of the mobile-site simulators.
The reply from DHS official Christopher Krebs noted that DHS had observed “anomalous activity” consistent with Stingrays in the Washington area.
A DHS official who spoke on condition of anonymity because the letter has not been publicly released added that the devices were detected in a 90-day trial that began in January 2017 with equipment from a Las Vegas-based DHS contractor, ESD America .
Krebs, the top official in the department’s National Protection and Programs Directorate, noted in the letter that DHS lacks the equipment and funding to detect Stingrays even though their use by foreign governments “may threaten U.S. national and economic security.” The department did report its findings to “federal partners” Krebs did not name. That presumably includes the FBI.
The CEO of ESD America, Les Goldsmith, said his company has a relationship with DHS but would not comment further.
Legislators have been raising alarms about the use of Stingrays in the capital since at least 2014, when Goldsmith and other security-company researchers conducted public sweeps that located suspected unauthorised devices near the White House, the Supreme Court, the Commerce Department and the Pentagon, among other locations.
The executive branch, however, has shied away from even discussing the subject.
Aaron Turner, president of the mobile security consultancy Integricell, was among the experts who conducted the 2014 sweeps, in part to try to drum up business. Little has changed since, he said.
Like other major world capitals, he said, Washington is awash in unauthorised interception devices. Foreign embassies have free rein because they are on sovereign soil.
Every embassy “worth their salt” has a mobile tower simulator installed, Turner said. They use them “to track interesting people that come toward their embassies.” The Russians’ equipment is so powerful it can track targets more than kilometre away, he said.
Shutting down rogue Stingrays is an expensive proposition that would require wireless network upgrades the industry has been loath to pay for, security experts say. It could also lead to conflict with US intelligence and law enforcement.
In addition to federal agencies, police departments use them in at least 25 states and the District of Columbia, according to the American Civil Liberties Union.
Wyden said in a statement Tuesday that “leaving security to the phone companies has proven to be disastrous.” He added that the FCC has refused to hold the industry accountable “despite repeated warnings and clear evidence that our phone networks are being exploited by foreign governments and hackers.”
“To the extent that there is a major problem here, it’s largely due to the FCC not doing its job,” said Laura Moy of the Center on Privacy and Technology at Georgetown University. The agency, she said, should be requiring wireless carriers to protect their networks from such security threats and “ensuring that anyone transmitting over licensed spectrum actually has a license to do it.”
FCC spokesman Neil Grace, however, said the agency’s only role is “certifying” such devices to ensure they don’t interfere with other wireless communications, much the way it does with phones and Wi-Fi routers.