DHS Says Rogue Stingrays Are In Use In Washington, DC; Also Says It Hasn't Done Anything About It
from the plotting-a-course-for-too-little,-too-late dept
In 2014, security researchers discovered a number of cell tower spoofers in operation in the DC area. Some may have been linked to US government agencies, but there was a good chance some were operated by foreign entities. This discovery was published and a whole lot of nothing happened.
Three years later, Senator Ron Wyden followed up on the issue. He sent a letter to the DHS asking if it was aware of these rogue Stingray-type devices and what is was doing about it. As was noted in the letter, the FCC had opened an inquiry into the matter, but nothing had ever come of it. As the agency tasked directly with defending the security of the homeland, Wyden wanted to know if anyone at the DHS was looking into the unidentified cell tower spoofers.
The DHS has responded to Wyden's queries, as the Associated Press reports. But a response is not the same as actual answers. The DHS appears to have very few of those.
The agency’s response, obtained by The Associated Press from Wyden’s office, suggests little has been done about such equipment, known popularly as Stingrays after a brand common among U.S. police departments. The Federal Communications Commission, which regulates the nation’s airwaves, formed a task force on the subject four years ago, but it never produced a report and no longer meets regularly.
The DHS pointed out that its own investigation, which detected several devices during a 90-day trial using ESD America equipment, had dead-ended, supposedly because of a lack of funding
[Christopher] Krebs, the top official in the department’s National Protection and Programs Directorate, noted in the letter that DHS lacks the equipment and funding to detect Stingrays even though their use by foreign governments “may threaten U.S. national and economic security.”
The answers [PDF] are all of the "we saw something and said something" variety. Fine for what it is, but does nothing to move things forward. Whatever "anomalous activity" the DHS saw during its trial was passed on to other agencies, which have not forwarded anything to Wyden or numerous Congressional committees concerned with national security, airwave regulation, and oversight.
According to the AP report, security experts are pretty sure every foreign embassy has a cell tower spoofer in use. Whether they limit themselves to call data -- as our government agencies do -- is another matter. Stingray devices are capable of intercepting communications and deploying malware. Since embassies function as tiny foreign countries on host's soil, there's a good chance those deploying cell tower spoofers aren't all that concerned with following US law when putting these to use.
Unfortunately, we're no closer to solid answers than we were last winter… or, indeed, four years ago, when the initial report triggered an FCC investigation. Of course, we may never get to see the full answer. One possible reason for this lack of investigatory movement is this practice isn't limited to foreign entities in the US. We absolutely deploy the same hardware in any country we have an embassy, in addition to all the countries in which we maintain a military presence. No one wants to talk about our own actions overseas, much less possibly expose local law enforcement's routine use of Stingray devices. For now, all we have is a tepid admission that Stingrays our government doesn't own are in operation in Washington, DC. But that's all we need to know, apparently. Unfortunately, that's possibly all our national security oversight entities know either.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: dhs, imsi catcher, ron wyden, stingray, surveillance, washington dc
Reader Comments
Subscribe: RSS
View by: Time | Thread
"anomalous activity"! out_of_the_blue's gonna be all over this!
[ link to this | view in chronology ]
Can I buy one on Amazon? There are so many things I could do with it.
[ link to this | view in chronology ]
Re:
One can buy OpenBTS-compatible hardware on Ebay...
If you want a real stingray, you'll probably want to pretend to be a police department and get in on some government/military-surplus auctions.
[ link to this | view in chronology ]
Backdoors
Once Stingray devices became available of course foreign embassies set them up.
Since we don't really have any checks against their use, nothing is limiting stingray use to embassy grounds - they could put them in cars and drive around the city, who would know?
[ link to this | view in chronology ]
Since embassies function as tiny foreign countries on host's soil, there's a good chance those deploying cell tower spoofers aren't all that concerned with following US law when putting these to use.
But US law says that it's perfectly OK to demand data held entirely within a foreign country, and also says that it's perfectly OK to use stingrays to obtain data. So whether they are concerned with US law or not, they're still following it.
[ link to this | view in chronology ]
A couple points in this..
2. YOU phone is NOT encoded After it sends a signal..really it isnt.. There is no button to ENCODE on your phone.. And if you had this ability the amount of time needed to ENCODE, SEND, DECODE would make this a long phone call. There is compression After it gets to the Celltower, but there isnt Much from the Phone to the Tower.
3. Spoofing, and Receiving and SENDING a signal, is a neat trick,but also allows OTHERS to track the signal you are sending.. Once you know allthe Cell towers signals in an area, you can pickup and Notice any Different signals..\
So why is this so hard, unless the Vehicle is moving around, and you need a few police cars to track it??
[ link to this | view in chronology ]
Re: A couple points in this..
No, they absolutely resend a signal. Otherwise what's the point? You get way more information letting someone talk than forcing their call to drop.
>There is no button to ENCODE on your phone.
Encoding is not encryption, anyway. Compression might stop a casual observer, but not a determined foreign power.
>And if you had this ability the amount of time needed to ENCODE, SEND, DECODE would make this a long phone call.
I don't think modern hardware would incur a noticeable delay.
>So why is this so hard, unless the Vehicle is moving around
What vehicle? I think they're staying in the embassies to do this, unless they want to violate US law by doing it on US soil. (And sure, they'd have diplomatic immunity, but they'd likely be expelled from the country and cause an "incident".)
[ link to this | view in chronology ]
Re: Re: A couple points in this..
Digital data needs to be encoded for radio transmission, and modern cellular data is always encrypted. There are 3 known ways to break it:
Those last 2 ways make everyone unsafe, but can in theory be prevented.
[ link to this | view in chronology ]
So many ways this is sadly funny
I'll probably miss a few, but -
[ link to this | view in chronology ]
Re: So many ways this is sadly funny
Sadly, computer security really is this terrible. Look at the security bugs in any software over a year old, then tell me the current software is secure.
[ link to this | view in chronology ]
Re: Re: So many ways this is sadly funny
[ link to this | view in chronology ]
Stingray fowarding
The call or text may fail, but the user will retry.
But, with 3 stingrays, one can triangulate user location.
I'm sure many have seen call setup fail on their cell phone, but if they move a mile or two, the problem magically disappears.
[ link to this | view in chronology ]
The phone should verify that the cell tower they are connected to belongs to their carrier network or roaming-partner.
[ link to this | view in chronology ]
Re:
On 3G networks, they do. Most phones will fall back to a vulnerable 2G network if 3G is disrupted, and that's one way stingrays are suspected to work. If your phone lets you turn off 2G, do it. It's said that newer hardware can break 3G but there's not a lot of detail. Interested people should grab a software-radio and head to Washington DC.
That makes things harder. Who gets to be a roaming partner, how does the main carrier prevent them doing bad things and how should the key management work?
[ link to this | view in chronology ]