DHS May Have Identified Foreign Spying Efforts In Washington D.C.

DHS May Have Identified Foreign Spying Efforts In Washington D.C.

American media revealed earlier this week that the Department of Homeland Security (DHS)  acknowledged the presence of what appears to be unauthorized mobile surveillance devices in various locations throughout the U.S., including the Washington, D.C. area.

These reports were first brought to the attention of lawmakers by DHS’s National Protection and Programs Directorate (NPPD) in a letter to Congress in late March. The letter said the department has observed “anomalous activity” in or near the nation’s capital that “appears to be consistent” with surveillance devices, which are also called international mobile subscriber identity (IMSI) catchers, often generically called Stingrays after the popular model of the device produced by Harris Corp. At the conclusion of the letter, NPPD reaffirms that the use of IMSI catchers is highly regulated by the federal government and their use in tracking cellular device users is “unlawful” and carries with it threats to “the security of communications” and “resulting safety, economic,and privacy risks.”   

IMSI catchers take advantage of the fact that every mobile phone has embedded within it the requirement to optimize its reception. Thus they are always seeking out cellular base stations to boost their signals. If there is more than one base station of the subscribed network operator accessible, it will always choose the one with the strongest signal. Catchers work by digitally masquerading as a powerful data base station, causing every mobile phone of the simulated network operator within a defined radius to log in. With the help of a special identity request aimed at devices, catchers can force cell phones to transmit their communications through them, thus intercepting any data emanating from the device.

IMSI catchers essentially employ a version of what’s referred to in cyber security-talk as a man-in-the-middle (MITM) attack, in which an attacker intercepts and or alters communications between two parties. When it comes to MITM attacks against computers, criminals usually have to accomplish some form of hacking breach into the medium being used by their victims, such as a WiFi router. IMSI catchers are unique as they are more or less waiting for their victims to find them. From an intelligence tradecraft perspective, this means that a savvy agent could identify a specific location saturated with high-value data transfers and communications and set up shop with a catcher. This is why it is particularly disconcerting when we hear about IMSI catcher activity in a place like Washington D.C.: it is highly indicative of foreign espionage activity. Senator Ron Wyden, (D-Oregon) highlighted this real concern in his response letter to DHS stating that “foreign government surveillance of senior American political and business leaders would obviously pose a significant threat to our country’s national and economic security.”  

These findings will undoubtedly reinforce the current trend of government security-motivated crackdown on technology. Over the past several months there have been several high profile instances of federal agencies regulating the use of programs and devices seen as posing a threat to data and communications security. Take the Kaspersky ban from September 2017, when the Department of Homeland Security (DHS) prohibited federal agencies and departments from using software produced by Russian firm Kaspersky Lab, out of fears the programs were being used to redirect data from government servers. Similar governmental efforts have occurred recently regarding Chinese communications companies being granted licensing in the U.S., such as the push to block China-based mobile giant Huawei from operating in America, and pressure on US companies to sever ties with other Chinese telecommunication companies.

We should hope that this pattern of policy decisions continue in a balanced way, mitigated by a generous helping of prudence.