The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Spies Are Spying in Washington

by Dennis Fisher on Friday April 6, 2018

Contact Us
Free Demo
Chat

The Department of Homeland Security said it found evidence of unauthorized Stingray devices carrying out unauthorized surveillance in Washington D.C.

In a weird twist, it seems that there are foreign spies spying in Washington, D.C.

The Department of Homeland Security has confirmed in a letter to Sen. Ron Wyden that its technical experts have seen evidence that malicious actors are using IMSI catchers to monitor mobile phone communications in and around Washington. The admission came in response to questions Wyden, a senior member of the Senate Select Committee on Intelligence, sent to DHS last fall, asking whether DHS knew of such activity around the city, and if so whether it could detect the use of the IMSI catchers. The answers to those questions are yes and no, respectively.

IMSI (International Mobile Subscriber Identity) catchers, also known as cell-site simulators or by the brand name StingRay, are specialized devices designed to emulate a cell tower. They’re meant to entice mobile devices into connecting to them rather than a legitimate cell tower, allowing the operator to monitor the communications to and from any connected devices. Law enforcement and other government agencies have been using IMSI catchers for many years, a practice that has been highly controversial in the security and privacy communities, mainly for their ability to sweep up the communications of many people who are unrelated to a given investigation.

Now, DHS is admitting that there are rogue IMSI catchers in use in the Washington area, as well as in other cities around the country. Rogue in this context likely means owned and operated by a foreign government.

“The Department of Homeland Security (DHS) National Protection and Programs Directorate (NPPD) has observed anomalous activity in the National Capital Region (NCR) that appears to be consistent with International Mobile Subscriber Identity (IMSI) catchers. NPPD has not validated or attributed such activity to specific entities or devices,” the letter to Wyden, which was first reported on by the Associated Press, says.

“NPPD believes the use of these devices by malicious actors to track and monitor cellular users would be unlawful and threaten the security of communications, resulting in safety, economic, and privacy risks. NPPD agrees that the use of IMSI catchers by foreign governments may threaten U.S. national and economic security.”

It should not come as even a mild surprise that foreign intelligence agencies are employing IMSI catchers. This is how espionage works. Intelligence agencies will use whatever means they have at their disposal to get the information they want. Human intelligence, signals intelligence, electronic surveillance, offensive cyber operations all are pieces of the modern intel portfolio.

And, the fact that foreign powers likely are running StingRays in Washington isn’t a new revelation. In 2014 privacy researcher Ashkan Soltani rode through the streets of D.C. with Aaron Turner, a security expert and CEO of Integricell, as Turner used a specially outfitted cell phone to find IMSI catchers throughout the city. And they found plenty. What’s disconcerting about the recent DHS confirmation is that the agency said it doesn’t have way to find IMSI catchers itself.

“NPPD is not aware of any current DHS technical capability to detect IMSI catchers,” the letter says.

If DHS doesn’t have the ability to detect these devices--which foreign actors clearly know now--then this is a small glimpse into our pwned future.

Tags: Security News, Privacy, Mobile Security

Dennis Fisher

Dennis Fisher is editor-in-chief at Duo Security. He is an award-winning technology journalist who has specialized in covering information security and privacy for the last 15 years. Prior to joining Duo, he was one of the founding editors of On the Wire, Threatpost and previously covered security for TechTarget and eWeek.