DHS Says Rogue Stingrays Are In Use In Washington, DC; Also Says It Hasn't Done Anything About It

from the plotting-a-course-for-too-little,-too-late dept

In 2014, security researchers discovered a number of cell tower spoofers in operation in the DC area. Some may have been linked to US government agencies, but there was a good chance some were operated by foreign entities. This discovery was published and a whole lot of nothing happened.

Three years later, Senator Ron Wyden followed up on the issue. He sent a letter to the DHS asking if it was aware of these rogue Stingray-type devices and what is was doing about it. As was noted in the letter, the FCC had opened an inquiry into the matter, but nothing had ever come of it. As the agency tasked directly with defending the security of the homeland, Wyden wanted to know if anyone at the DHS was looking into the unidentified cell tower spoofers.

The DHS has responded to Wyden's queries, as the Associated Press reports. But a response is not the same as actual answers. The DHS appears to have very few of those.

The agency’s response, obtained by The Associated Press from Wyden’s office, suggests little has been done about such equipment, known popularly as Stingrays after a brand common among U.S. police departments. The Federal Communications Commission, which regulates the nation’s airwaves, formed a task force on the subject four years ago, but it never produced a report and no longer meets regularly.

The DHS pointed out that its own investigation, which detected several devices during a 90-day trial using ESD America equipment, had dead-ended, supposedly because of a lack of funding

[Christopher] Krebs, the top official in the department’s National Protection and Programs Directorate, noted in the letter that DHS lacks the equipment and funding to detect Stingrays even though their use by foreign governments “may threaten U.S. national and economic security.”

The answers [PDF] are all of the "we saw something and said something" variety. Fine for what it is, but does nothing to move things forward. Whatever "anomalous activity" the DHS saw during its trial was passed on to other agencies, which have not forwarded anything to Wyden or numerous Congressional committees concerned with national security, airwave regulation, and oversight.

According to the AP report, security experts are pretty sure every foreign embassy has a cell tower spoofer in use. Whether they limit themselves to call data -- as our government agencies do -- is another matter. Stingray devices are capable of intercepting communications and deploying malware. Since embassies function as tiny foreign countries on host's soil, there's a good chance those deploying cell tower spoofers aren't all that concerned with following US law when putting these to use.

Unfortunately, we're no closer to solid answers than we were last winter… or, indeed, four years ago, when the initial report triggered an FCC investigation. Of course, we may never get to see the full answer. One possible reason for this lack of investigatory movement is this practice isn't limited to foreign entities in the US. We absolutely deploy the same hardware in any country we have an embassy, in addition to all the countries in which we maintain a military presence. No one wants to talk about our own actions overseas, much less possibly expose local law enforcement's routine use of Stingray devices. For now, all we have is a tepid admission that Stingrays our government doesn't own are in operation in Washington, DC. But that's all we need to know, apparently. Unfortunately, that's possibly all our national security oversight entities know either.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: dhs, imsi catcher, ron wyden, stingray, surveillance, washington dc


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 5 Apr 2018 @ 9:46am

    "anomalous activity"! out_of_the_blue's gonna be all over this!

    out_of_the_blue just hates anomalies

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Apr 2018 @ 10:23am

    So, apparently it is not illegal to run Rogue Stingrays.

    Can I buy one on Amazon? There are so many things I could do with it.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Apr 2018 @ 10:46am

      Re:

      Can I buy one on Amazon?

      One can buy OpenBTS-compatible hardware on Ebay...

      If you want a real stingray, you'll probably want to pretend to be a police department and get in on some government/military-surplus auctions.

      link to this | view in chronology ]

  • icon
    Gary (profile), 5 Apr 2018 @ 10:28am

    Backdoors

    Security backdoors used by Our government can be used by every other government on the planet. Something these anti-encryption hawks will never address.
    Once Stingray devices became available of course foreign embassies set them up.
    Since we don't really have any checks against their use, nothing is limiting stingray use to embassy grounds - they could put them in cars and drive around the city, who would know?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Apr 2018 @ 10:41am

    Since embassies function as tiny foreign countries on host's soil, there's a good chance those deploying cell tower spoofers aren't all that concerned with following US law when putting these to use.

    But US law says that it's perfectly OK to demand data held entirely within a foreign country, and also says that it's perfectly OK to use stingrays to obtain data. So whether they are concerned with US law or not, they're still following it.

    link to this | view in chronology ]

  • icon
    ECA (profile), 5 Apr 2018 @ 11:12am

    A couple points in this..

    1 in the idea of 'man in the middle' attacks, they receive the signal but dont resend it..which is EASY, as a radio signal goes EVERYWHERE,, its not a straight line..
    2. YOU phone is NOT encoded After it sends a signal..really it isnt.. There is no button to ENCODE on your phone.. And if you had this ability the amount of time needed to ENCODE, SEND, DECODE would make this a long phone call. There is compression After it gets to the Celltower, but there isnt Much from the Phone to the Tower.
    3. Spoofing, and Receiving and SENDING a signal, is a neat trick,but also allows OTHERS to track the signal you are sending.. Once you know allthe Cell towers signals in an area, you can pickup and Notice any Different signals..\

    So why is this so hard, unless the Vehicle is moving around, and you need a few police cars to track it??

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Apr 2018 @ 11:26am

      Re: A couple points in this..

      >in the idea of 'man in the middle' attacks, they receive the signal but dont resend it

      No, they absolutely resend a signal. Otherwise what's the point? You get way more information letting someone talk than forcing their call to drop.

      >There is no button to ENCODE on your phone.

      Encoding is not encryption, anyway. Compression might stop a casual observer, but not a determined foreign power.

      >And if you had this ability the amount of time needed to ENCODE, SEND, DECODE would make this a long phone call.

      I don't think modern hardware would incur a noticeable delay.

      >So why is this so hard, unless the Vehicle is moving around

      What vehicle? I think they're staying in the embassies to do this, unless they want to violate US law by doing it on US soil. (And sure, they'd have diplomatic immunity, but they'd likely be expelled from the country and cause an "incident".)

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 5 Apr 2018 @ 12:42pm

        Re: Re: A couple points in this..

        Encoding is not encryption, anyway.

        Digital data needs to be encoded for radio transmission, and modern cellular data is always encrypted. There are 3 known ways to break it:

        • Get the telco to provide the key or the data.
        • Block the modern protocols and hope the phone downgrades to weak encryption.
        • Exploit some vulnerability in the phone.

        Those last 2 ways make everyone unsafe, but can in theory be prevented.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Apr 2018 @ 12:38pm

    So many ways this is sadly funny

    I'll probably miss a few, but -

    • First, of course there are unauthorized Stingrays in Washington. Law enforcement hates getting judicial approval for cell tower spoofing, and when they seek approval at all, they do their best to do it in a way that the judge doesn't actually understand what he/she is approving, so those are effectively unauthorized even if there's technically a signed "pen register/trap&trace" order somewhere. If the judge didn't understand what the approval authorizes, it's not really an authorization, much as the DOJ would like you to believe otherwise. (Sadly, many courts fall for the DOJ's interpretation on this point.)
    • Wait, you mean these Stingrays weren't even authorized by a deceived judge? OK, so they really are unauthorized. But it still shouldn't be a big deal, because at this point the telephone companies have had decades to improve their security. With the disgustingly fast turnover in the cell phone world, anything built before Stingrays became news would have long since been retired. Only devices willfully broken by design could still be a problem at this point.
    • Wait, cellphones that fall for these spoofers are still standard issue? What kind of idiots do we have running the industry? Oh well, at least all the people with "important" jobs will know to go get a specialty phone that resists this stuff. Only us mere private citizens get screwed.
    • Wait, what do you mean people with security-sensitive work still get the known-broken devices? Don't their procurement people care at all? Well, at least we can be sure that the Federal government will investigate and terminate these unauthorized spoofers. No one messes with the Feds and gets away with it.
    • Wait, what do you mean DHS stopped investigating what is likely a serious security problem over a supposed lack of funding? When has funding deprivation ever stopped DHS from doing something it really really wanted to do, but couldn't quite get authorized? It's almost like the Department of Homeland Security is intentionally allowing a serious ongoing security problem. Even if they can't legally stop these devices (due to the embassy's diplomatic status), they could at least try to figure out whether these are embassies spying on each other, friendly embassies spying on the US, or not-so-friendly embassies spying on the US. Who knows, maybe they'd even catch the (gasp) Russian embassy spying on the US. That'd be a major scandal!

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Apr 2018 @ 1:10pm

      Re: So many ways this is sadly funny

      But it still shouldn't be a big deal, because at this point the telephone companies have had decades to improve their security. With the disgustingly fast turnover in the cell phone world, anything built before Stingrays became news would have long since been retired. Only devices willfully broken by design could still be a problem at this point.

      Sadly, computer security really is this terrible. Look at the security bugs in any software over a year old, then tell me the current software is secure.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 5 Apr 2018 @ 5:32pm

        Re: Re: So many ways this is sadly funny

        Not to mention that infrastructure tends to be older because of expense. Utilities would rather keep it as long as possible until either it becomes something to compete upon or replacing becomes cheaper.

        link to this | view in chronology ]

  • identicon
    SpaceLifeForm, 5 Apr 2018 @ 2:39pm

    Stingray fowarding

    No need to forward if all one is looking for is SS7 stuff.

    The call or text may fail, but the user will retry.

    But, with 3 stingrays, one can triangulate user location.

    I'm sure many have seen call setup fail on their cell phone, but if they move a mile or two, the problem magically disappears.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Apr 2018 @ 3:38pm

    We have existing technology to solve this. Just make every phone verify an anonymous certificate handshake before allowing a full connection.

    The phone should verify that the cell tower they are connected to belongs to their carrier network or roaming-partner.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Apr 2018 @ 6:49pm

      Re:

      The phone should verify that the cell tower they are connected to belongs to their carrier network

      On 3G networks, they do. Most phones will fall back to a vulnerable 2G network if 3G is disrupted, and that's one way stingrays are suspected to work. If your phone lets you turn off 2G, do it. It's said that newer hardware can break 3G but there's not a lot of detail. Interested people should grab a software-radio and head to Washington DC.

      or roaming-partner.

      That makes things harder. Who gets to be a roaming partner, how does the main carrier prevent them doing bad things and how should the key management work?

      link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.