DHS observes possible cellphone-site simulators in Washington area

DHS admits it can't detect the devices used to intercept cell phones calls.

April 3, 2018, 7:38 PM

The U.S. government is publicly acknowledging for the first time that it picked up on what appears to be unusual and unauthorized surveillance activity in the nation’s capital last year from cellphone-site simulators – devices that can be used to intercept calls and text messages covertly.

But the Department of Homeland Security says it had not determined the type of any devices possibly used or who might have used them, although it says their use by "foreign governments may threaten U.S. national and economic security."

The agency also did not say how or where any devices might have been used, admitting only that 'anomalous activity" observed "appears to be consistent" with the cellphone-site simulators and that it's "not aware of any current DHS technical ability to detect" them.

The activity was reported to a federal partner agency at the time it occurred, the DHS noted.

Democratic Sen. Ron Wyden of Oregon first raised the alarm in a letter to the Department of Homeland Security last November, seeking answers on the possibility of foreign intelligence services and criminals using the devices to spy on senior members of the U.S. government.

The surveillance technology, also referred to as International Mobile Subscriber Identity catchers or “Stingrays,” can be used to impersonate cell phone towers to locate and identify nearby phones.

This means a mobile phone can be tricked into locking onto the surveillance device instead of a legitimate cell tower, thus revealing the exact location of a particular cellphone.

In a March 26 letter responding to Wyden’s questions, the agency acknowledged it had detected anomalous surveillance activity in the nation’s capital and other major cities that appeared to be consistent with IMSI catchers.

Christopher Krebs, the top official in the department’s National Protection and Programs Directorate, also admitted in his letter to Wyden that the agency does not have the technical capability to detect the surveillance devices, before calling the malicious use of the devices a “real and growing risk.”

The devices are used in the U.S. by local and federal law enforcement and intelligence agencies in 25 states including the District of Columbia, according to the American Civil Liberties Union.

While it is illegal to use the devices for commercial purposes, anyone can build a similar device using parts bought online for under $2,000, according to congressional sources.

The agency warned if the devices were used by “malicious actors” to track and monitor cell-phone users, it would be unlawful and could threaten Americans’ privacy.

ABC News has reached out to the Federal Communications Commission and DHS for comment.

Krebs noted in his response to Wyden that the FCC has authorized the use of the devices to federal, state, and local public safety and law enforcement officials only.

And any use of these devices “by malicious actors to track and monitor cellular users is unlawful and threatens the security of communications…”

“Leaving security to the phone companies has proven to be disastrous and shows yet again why it is critically important to protect strong encryption to safeguard Americans’ private information,” Wyden said in a statement to ABC News on Tuesday.

“Despite repeated warnings and clear evidence that our phone networks are being exploited by foreign governments and hackers, FCC Chairman Pai has refused to hold the industry accountable and instead is prioritizing the interests of his wireless carrier friends over the security of Americans’ communications,” Wyden said.