Mysterious Phony Cell Towers: Who is Spying on You Now?

September 4, 2014

Tags: cell, dea, FBI, interceptor, NSA, stingray
Posted in: Military, Post-Constitution America

A security researcher identified multiple “fake” cell phone towers around the United States, many near military bases, designed to intercept calls and texts without your knowledge, and to potentially inject spyware into your phone by defeating built-in encryption.

The researcher has located a number of towers; what he can’t figure out is who built them and who controls them.

Tech

The basics of the technology are pretty clear: your cell phone is always trying to electronically latch-on to three cell towers. Three means the network can triangulate your phone’s location, and pass you off from one set of towers to the next tower in line as you move around. The phone obviously looks for the strongest tower signal to get you the best reception, those bars. The fake towers, called Interceptors, jump into this dance and hijack your signal for whatever purpose the tower owner would like. The Interceptors then transparently pass your signal on to a real tower so you can complete your call, and you don’t know anything happened.

Because phones use various types of encryption, the Interceptors need to get around that. There are likely complex methods, but why not go old-school and save some time and money? The towers do that by dropping your modern-day 4G or 3G signal, and substituting a near-obsolete 2G signal, which is not encrypted. That is one way researchers can find the Interceptor towers, by identifying a phone using a 2G signal when it should be 4G or 3G.

More Tech

Want more tech? Popular Science magazine has it:

Whether your phone uses Android or iOS, it also has a second operating system that runs on a part of the phone called a baseband processor. The baseband processor functions as a communications middleman between the phone’s main O.S. and the cell towers. And because chip manufacturers jealously guard details about the baseband O.S., it has been too challenging a target for garden-variety hackers.

But for governments or other entities able to afford a price tag of $100,000, high-quality interceptors are quite realistic. Some interceptors are limited, only able to passively listen to either outgoing or incoming calls. But full-featured devices like the VME Dominator, available only to government agencies, not only capture calls and texts, but actively control the phone, sending out spoof texts, for example. Edward Snowden revealed the NSA is capable of an over-the-air attack that tells the phone to fake a shut-down while leaving the microphone running, turning the seemingly deactivated phone into a bug. And various ethical hackers have demonstrated DIY interceptor projects that work well-enough for less than $3,000.

Those VME Dominators are quite a piece of electronics. In addition to ho-hum listening in, they allow for voice manipulation, up or down channel blocking, text intercept and modification, calling and sending texts on behalf of the user, and directional finding of a user. The VME Dominator, its manufacturer Meganet claims, “is far superior to passive systems.”

Stingray

Police departments around the U.S. have been using such tech to spy on, well, everyone with a cell phone. The cops’ devices are called Stingrays, and work off the same 4G-to-2G exploit mentioned above.

The tech does not require a phone’s GPS and was first deployed against America’s enemies in Iraq. Then it came home.

Also available is a version of Stingray that can be worn by a single person like a vest.

Because the antiquated 2G network in the U.S. is due to be retired soon, the Department of Homeland Security is issuing grants to local police agencies to obtain a new, state-of-the-art cell phone tracking system called Hailstorm. The key advantage is Hailstorm will work natively with 4G, rendering current layperson detection methods ineffectual.

Who is Spying On You Now?

The technology is important, but not the real story here. The real question is: who owns those Interceptor towers and who is spying on you?

Is it:

— The NSA? A likely culprit. While post-Patriot Act the NSA can simply dial up your cell provider (Verizon, ATT, etc.) and ask for whatever they want, the towers might be left-overs from an earlier time. The towers do have the advantage of being able to inject spyware. But their biggest advantage is that they bypass the carriers, which keeps the spying much more secret. It also keeps the spying outside any future court systems that might seek to rein in the spooks.

— Local law enforcement? Maybe, but the national placement of the towers, and their proximity in many cases to military bases, smells Federal.

— DEA or FBI? Also likely. Towers could be established in specific locations for specific investigations, hence the less-than-nationwide coverage. One tower was found at a Vegas casino. While the NSA shares information with both the DEA and the FBI, what self-respecting law enforcement agency wouldn’t want its own independent capability?

— The military? Another maybe. The military might want the towers to keep a personal eye on the area around their bases, or to spy on their own personnel to ensure they are not on the phone to Moscow or Beijing.

— Private business? Unlikely, but the towers could be testbeds for new technology to be sold to the government, or perhaps some sort of industrial spying.

The mystery remains!

Copyright © 2020. All rights reserved. The views expressed here are solely those of the author(s) in their private capacity.