It’s rumored that the U.S. intelligence community has commissioned The Eagles to rewrite some of their famous lyrics to serve as a deterrent to Russia and China. The hope is that this new song will stop the apparently unabated espionage activities occurring in the National Capital Region, known as the NCR. It’s called “You Can’t Hide Your Spyin’ Eyes.”
Concerns about enhanced technical espionage have circulated for a long time. A very provocative technology, currently being used by law enforcement and our military, is a cell-site simulator. Known as an IMSI-catcher, or commercially as a Stingray, it’s a box about the size of an oversized pair of sneakers.
IMSI stands for International Mobile Subscriber Identity. This is how the Global System for Mobile Communications (GSM) finds you, regardless of country, and delivers a call to you or allows you to make one to a destination of your choice. Several reports surfaced in 2017 that showed the Department of Homeland Security was worried about IMSI catchers.
In a Nov. 17, 2017, letter, Sen. Ron Wyden (D-Ore.) asked the DHS National Protection and Programs Directorate if there was any evidence of foreign IMSI catchers operating in the National Capital Region. A pilot study had been conducted from January to November of the same year. The short answer was yes. The longer, typical government response was:
“The Department of Homeland Security’s (DHS) National Protection and Programs Directorate (NPPD) has observed anomalous activity in the National Capital Region (NCR) that appears to be consistent with International Mobile Subscriber Identity (IMSI) catchers. NPPD has not validated or attributed such activity to specific entities or devices. This information was reported to our Federal partners at the time it was observed.”
Now that it’s been established that nefarious electronic hijinks abound in the NCR, surely there must be a way to find it and stop it. Right? The short answer is no. The government answer is even more terrifying:
“NPPD is not aware of any current DHS technical capability to detect IMSI catchers. To support such a capability, DHS would require funding to procure, deploy, operate and maintain the capability, which includes the cost of hardware, software, and labor.”
The previous statement might make you think this is a newly discovered problem of which DHS is just becoming aware. But our Canadian neighbors found the same activity near their Parliament in 2017. In 2014, the Harvard Journal of Law and Technology said that “Hostile foreign intelligence services can and, almost certainly, are using the technology in this country for espionage.”
About two weeks ago, the Senate passed a spending bill that included language directing the Pentagon to divulge the use of IMSI catchers near U.S. bases and facilities. It’s not the first time the use of electronics has caused security concerns. A 20-year-old Australian student discovered the location of several military bases overseas by simply looking at the heatmap posted by Strava of running routes that had been shared.
You’d have to go back almost another 20 years to find when the threat of IMSI catchers became a real issue. The notorious hacker Kevin Mitnick was captured in 1996 using the same technology DHS is worried about in 2018. The hacking victim who helped the FBI track Mitnick down — Tsutomu Shimomura — was very well acquainted with the technology.
“Later that night, the FBI radio surveillance team from Quantico, Virginia, arrived at the Sprint cellular telephone switch office. The team talked to me a little about the technology they had toted along in the station wagon, especially something called a cell-site simulator, which was packed in a large travel case. The simulator was a technician’s device normally used for testing cell phones, but it could also be used to page Mitnick’s cell phone without ringing it, as long as he had the phone turned on but not in use. The phone would then act as a transmitter that they could home in on with a Triggerfish cellular radio direction-finding system that they were using.”
This wasn’t Shimomura’s first brush with cell phones. In 1993, in front of a congressional oversight committee, he showed how easy it was to use a software hack to listen in on the calls of nearby cellular phones. The problem isn’t new. In fact, it’s quite old.
If you take DHS’s response at face value, it appears NPPD does not have its own technical capability. If DHS has no organic ability, how did it detect anything in the first place? With a little help from other solutions. Project Overwatch, for example.
According to the RSA presentation, “Project Overwatch has been a multinational effort between USA, Germany, and Australia to create a solution leveraging GSMK’s patented Baseband Firewall technology.” This began six years ago.
In February 2017, at the RSA Security Conference in San Francisco, a demonstration of Project Overwatch showed the detection of rogue IMSI catchers — the same technology DHS used, but did not disclose, in its letter to Sen. Wyden.
The warnings were there. The threat was there. Six years ago, we worked with our allies to develop a solution to counter this growing form of technical espionage. So why is Congress just now worried about this?
It’s inconceivable that this electronic eavesdropping that targeted the White House, Congress, our federal law enforcement and intelligence agencies, and who knows what else, should have gone on for this long without a warning to the relevant oversight committees. And the public.
When it comes to our national security, no one should be allowed to, as The Eagles might say, “Take It Easy.”
Morgan Wright is an expert on cybersecurity strategy, cyberterrorism, identity theft and privacy. Previously Morgan was a senior advisor in the U.S. State Department Antiterrorism Assistance Program and senior law enforcement advisor for the 2012 Republican National Convention. Follow him on Twitter @morganwright_us.