Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

DC “Awash” With Cellphone Spying Devices

April 9, 2018

The Washington Post reported on April 3^rd that, for the first time, the U.S. government has publicly acknowledged the existence in Washington of what appear to be stingrays that foreign spies and criminals could be using to track individual cellphones and intercept calls and messages.

The use of cellphone-site simulators by foreign powers has long been suspected, but American intelligence and law enforcement agencies — which use such eavesdropping equipment themselves — have not spoken about this problem until now.

In a March 26 letter to Oregon Sen. Ron Wyden, the Department of Homeland Security admitted that last year it identified suspected unauthorized cell-site simulators in the nation's capital. The agency said it had not determined the type of devices in use or who might have been operating them. Nor did it say how many it detected or where. But little appears to have been done to counter the use of the stingrays, which operate by tricking mobile devices into locking onto them instead of legitimate cell towers, revealing the exact location of a particular cellphone. More sophisticated versions can eavesdrop on calls by forcing phones to drop down to older, unencrypted 2G wireless technology. As an added 'bonus', some attempt to plant malware.

Stingrays cost anywhere from $1,000 to $200,000. They are often the size of a briefcase; some are as little as a cellphone. They can be put in a car next to a government building. The most powerful can be used in low-flying aircraft.

Those who work for the military, the NSA, CIA, FBI and other entities encrypt their phone and data communications and employ electronic countermeasures. But the communications of other citizens could be compromised.

The devices were apparently detected in a 90-day trial that began in January 2017 with equipment from a Las Vegas-based DHS contractor, ESD America. It appears that the Department of Homeland Security lacks the equipment and funding to detect stingrays even though their use by foreign governments "may threaten U.S. national and economic security."

Aaron Turner, president of the mobile security consultancy Integricell, said that, like other foreign cities, Washington is awash in unauthorized interception devices. Foreign embassies have particular liberties because they are on sovereign soil. Every embassy "worth their salt" has a cell tower simulator installed, Turner said. They use them "to track interesting people that come toward their embassies." The Russians' equipment is so powerful it can track targets a mile away, he said.

Shutting down rogue stingrays is an expensive proposition that would require wireless network upgrades the industry has been reluctant to pay for, security experts say. It could also lead to conflict with U.S. intelligence and law enforcement. And the federal government has been largely silent on this threat.

In addition to federal agencies, police departments use stingrays in at least 25 states and the District of Columbia, according to the American Civil Liberties Union.

Wyden said in a statement on April 3^rd that "leaving security to the phone companies has proven to be disastrous." He added that the FCC has refused to hold the industry accountable "despite repeated warnings and clear evidence that our phone networks are being exploited by foreign governments and hackers."

"To the extent that there is a major problem here, it's largely due to the FCC not doing its job," said Laura Moy of the Center on Privacy and Technology at Georgetown University. The agency, she said, should be requiring wireless carriers to protect their networks from such security threats and "ensuring that anyone transmitting over licensed spectrum actually has a license to do it."

The FCC disagrees. FCC spokesman Neil Grace said the agency's only role is "certifying" such devices to ensure they don't interfere with other wireless communications, much the way it does with phones and Wi-Fi routers.

Hat tip to Jim Calloway, who asked for John's advice. John says, "Anything that does end-to-end encryption (e.g. Signal, FaceTime, WhatsApp, Blackphone, etc.) is safe. However, your location can still be determined even using end-to-end encryption."

Scary how little the government does to protect the privacy of its citizens.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

DC “Awash” With Cellphone Spying Devices

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer