The U.S. government is publicly acknowledging for the first time that it picked up on what appears to be unusual and unauthorized surveillance activity in the nation’s capital last year from cellphone-site simulators – devices that can be used to intercept calls and text messages covertly.
The agency also did not say how or where any devices might have been used, admitting only that 'anomalous activity" observed "appears to be consistent" with the cellphone-site simulators and that it's "not aware of any current DHS technical ability to detect" them.
The activity was reported to a federal partner agency at the time it occurred, the DHS noted.
The surveillance technology, also referred to as International Mobile Subscriber Identity catchers or “Stingrays,” can be used to impersonate cell phone towers to locate and identify nearby phones.
This means a mobile phone can be tricked into locking onto the surveillance device instead of a legitimate cell tower, thus revealing the exact location of a particular cellphone.
In a March 26 letter responding to Wyden’s questions, the agency acknowledged it had detected anomalous surveillance activity in the nation’s capital and other major cities that appeared to be consistent with IMSI catchers.
Christopher Krebs, the top official in the department’s National Protection and Programs Directorate, also admitted in his letter to Wyden that the agency does not have the technical capability to detect the surveillance devices, before calling the malicious use of the devices a “real and growing risk.”
While it is illegal to use the devices for commercial purposes, anyone can build a similar device using parts bought online for under $2,000, according to congressional sources.
The agency warned if the devices were used by “malicious actors” to track and monitor cell-phone users, it would be unlawful and could threaten Americans’ privacy.
Krebs noted in his response to Wyden that the FCC has authorized the use of the devices to federal, state, and local public safety and law enforcement officials only.
And any use of these devices “by malicious actors to track and monitor cellular users is unlawful and threatens the security of communications…”
“Leaving security to the phone companies has proven to be disastrous and shows yet again why it is critically important to protect strong encryption to safeguard Americans’ private information,” Wyden said in a statement to ABC News on Tuesday.
“Despite repeated warnings and clear evidence that our phone networks are being exploited by foreign governments and hackers, FCC Chairman Pai has refused to hold the industry accountable and instead is prioritizing the interests of his wireless carrier friends over the security of Americans’ communications,” Wyden said.