back to article Secret Service, ICE break the law over and over with fake cell tower spying

The US Secret Service and Immigration and Customs Enforcement (ICE) agencies have failed to follow the law and official policy regarding the use of cell-site simulators, according to a government audit. Cell-site simulators (CSS), also known as Stingrays or IMSI Catchers, are devices that serve as decoy cell towers. They're …

  1. Anonymous Coward
    Anonymous Coward

    Interesting

    I knew these devices existed, this could explain a LOT about the weirdness with phones in some areas I work... A/C because reasons

    1. Anonymous Coward
      Anonymous Coward

      Re: Interesting

      Those devices are also used by spammers: they allow to send mass SMS to all phones that are connected.

      Though I believe that was mostly a 2G flaw that should be on the way out nowadays.

    2. Anonymous Coward
      Anonymous Coward

      Re: Interesting

      It could be that you're just in an area with lots of people experimenting with 5G base stations.

      It's really nice of Vodafone to educate people on how to make their own Stingrays..

      :)

    3. NoneSuch Silver badge
      Joke

      Re: Interesting

      'Murica - Land of the free and the home of the heavily surveilled.

      1. Fred Flintstone Gold badge

        Re: Interesting

        I think your keyboard inserted an extraneous character there.

        It's actually the land of the fee..

  2. Yet Another Anonymous coward Silver badge

    How could they break the law ?

    I am the Law

    1. Lil Endian Silver badge
      Coat

      Re: How could they break the law ?

      Judged Dread-worthy...

      1. Anonymous Coward
        Anonymous Coward

        Re: How could they break the law ?

        Well, they DO have the guns out there..

    2. Anonymous Coward
      Anonymous Coward

      Re: How could they break the law ?

      It's an improvement on the old method of sitting with a handset at the bottom of a telegraph pole and praying that the suspect would get off the phone to his mother, and do something criminal.

      1. Anonymous Coward
        Anonymous Coward

        Re: How could they break the law ?

        Over here in the birthplace of el'reg, there was a miners strike - so naturally the government needed the security services to spy on them.

        Suspecting this, the union leaders had their wives and mothers chat to each other on the phone for hours on end - in the local dialect.

        Tha's gotta think that a bunch of Oxbridge grads at MI5 went mad transcribing that .

        1. Will Godfrey Silver badge
          Happy

          Re: How could they break the law ?

          Something else I was told - don't know it true, but it's believable!

          Saying a long series of words very slowly and clearly to seem like a coded message, but actually random words from a dictionary.

          1. Yet Another Anonymous coward Silver badge

            Re: How could they break the law ?

            So that's why the government sponsored a dictionary of the language https://languagehat.com/pitmatic/

        2. The Oncoming Scorn Silver badge
          Coat

          Re: How could they break the law ?

          "had their wives and mothers chat to each other on the phone for hours on end"

          Like they need any encouragement.

  3. TheInstigator

    So who took a leaf out of whose book?

    I seem to remember China being caught having a fake cell tower near the White House some time back ...

    Or maybe it wasn't China? Or may ICE/HS learnt from China - who knows? Looks like everyone is doing it now!

    1. Strahd Ivarius Silver badge

      Re: So who took a leaf out of whose book?

      it is sooo easy to buy one at AliBaba...

    2. Michael Wojcik Silver badge

      Re: So who took a leaf out of whose book?

      We've known various US law enforcement agencies have been using these for a long time. This report just confirms (again) that a couple of serial offenders are doing so in violation of law and department policy.

  4. longshots

    You're giving us 30 year old news!

    Cell-site simulators (CSS), aka Stingrays or IMSI Catchers are used in mobile networks to identify, track, attack, spam, reconfigure, and eavesdrop on phones.

    The first IMSI Catchers date back as early as 1993.

    EVERY government department using these devices have all, and always, broken the law.

    You can post an article like this every month and just change the initials of the TLA.

    You're giving us 30 year old news!

    1. OhForF' Silver badge

      Re: You're giving us 30 year old news!

      The news part of the article is that an audit done by the DHS Office of the Inspector General confirmed that SS and ICE broke the rules.

      We can still hope for a future article giving us the news that breaking the rules actually had consequences for those doing it - probably 30 more years for that to happen though.

  5. Anonymous Coward
    Anonymous Coward

    Hmmmm

    So how do these fake cell towers identify correctly to the handset ? Presumably there are some keys involved ?

    Since it's possible to see what cell tower you are connected to on your handset, and cross reference it will a list of official towers, then it should be possible to flag up when you are connected to one that isn't in the directory.

    1. Anonymous Coward
      Anonymous Coward

      Re: Hmmmm

      Difficult to whitelist cell towers, is a dynamic environment especially with femtocells that all sorts of customers can acquire and plug into the Internet. OpenCelliD can give you a rough handle on this by looking at locations and identifiers closely.

      On keys, worth noting that all mobile networks currently send the IMSI in the clear, but this may be fixed in 5G - https://trustedconnectivityalliance.org/catch-me-if-you-can-protecting-mobile-subscriber-privacy-in-5g/

    2. Barking mad

      Re: Hmmmm

      Up until 4G, encryption (and therefore authentication) was optional - if the cell tower doesn't insist on it, the phone doesn't. Evil twin Wi-Fi access points operate on the same principle.

  6. An_Old_Dog Silver badge

    Following the Law

    These agencies which employ many lawyers, were confused about the law. Hmmm ...

    1. Jimmy2Cows Silver badge

      Re: Following the Law

      Not confused. Rather, knowing with 100% confidence there will be exactly zero legal repercussions from breaking this law.

  7. Mayday
    Black Helicopters

    Exceptions

    Exceptions include: "the need to protect human life or avert serious injury; the prevention of the imminent destruction of evidence; the hot pursuit of a fleeing felon; or the prevention of escape by a suspect or convicted fugitive from justice."

    So any reason including “because we feel like it” then?

    1. Fred Daggy Silver badge

      Re: Exceptions

      You're not insane, that was my interpretation of the piece too.

      "We will follow these regulations unless it is inconvenient".

  8. Anonymous Coward
    Anonymous Coward

    IMSA catchers

    5 years ago at a DefCon a kid showed me an IMSA catcher app, it list a bunch of details to see what equipment they were, legit or not. There were several in use in the area. Was interesting. Have also seen them used from a small plane circling an area to catch someone. I just take it for granite that no phone call is really secure, always have since we listened in on other people calls in the city as kids on the POTS lines, (I forgot how).

    1. Martin-73 Silver badge

      Re: IMSA catchers

      In the late 90s I caught many many drug deals on analogue cellular networks , as GSM (later retconned to 2G) rolled out, all the contract phones went over to it, leaving analogue for the pay as you go people... they were much favoured by drug dealers as they were cheaper, so could be used as a 'burner'. And they knew full well they could be overheard and nothing could be done, as listening to it was not technically an offence (altho interpretation of the relevent acts of parliament varied per court), actually ACTING on the information you overheard was a crime under both the wireless telegraphy act AND the Telecommunications act... so the police would not have been able to do anything other than arrest ME if i'd reported it to them.

  9. Grinning Bandicoot

    The law is directed at protecting USians. The simple way to avoid the hassle is to have the hyper secret Isle of Manx intelligent forces establish the site. Foreign agents are fair game and the surveillance must closely prosecuted and so what if USians are swept into the counter-surveillance: Its permitted in the law.

    Let no sparrow fall unrecorded Vigilance is the price paid for the security blanket.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like