US acknowledges potential unauthorized spying devices in DC

US acknowledges potential unauthorized spying devices in DC
© Getty

The Department of Homeland Security (DHS) is acknowledging for the first time that foreign actors or criminals are using eavesdropping devices to track cellphone activity in Washington, D.C., according to a letter obtained by The Hill.

DHS in a letter to Sen. Ron WydenRonald (Ron) Lee WydenPutin summit puts spotlight back on Trump's tax returns Sunk judicial pick spills over into Supreme Court fight House passes measure blocking IRS from revoking churches' tax-exempt status over political activity MORE (D-Ore.) last Monday said they came across unauthorized cell-site simulators in the Washington, D.C., area last year. Such devices, also known as "stingrays," can track a user's location data through their mobile phones and can intercept cellphone calls and messages.

"[T]he National Protection and Programs Directorate (NPPD) has observed anomalous activity in the National Capital Region that appears to be consistent with International Mobile Subscriber Identity (IMSI) catchers," DHS wrote in response to specific questions Wyden sent them last November. It said it is also aware of IMSI use outside the Beltway. 

ADVERTISEMENT

DHS official Christopher Krebs, the top official leading the NPPD, added in a separate letter accompanying his response that such use "of IMSI catchers by malicious actors to track and monitor cellular users is unlawful and threatens the security of communications, resulting in safety, economic and privacy risks."

DHS said they have not determined the users behind such eavesdropping devices, nor the type of devices being used. The agency also did not elaborate on how many devices it unearthed, nor where authorities located them. 

The eavesdropping devices impersonate a legitimate cell tower that can then trick nearby cellphone users into connecting to them, which then gives away one's location data as well as their IMSI number.

The use of eavesdropping tools like the IMSI devices pose a threat to national security, the agency told Wyden, a privacy hawk.

"NPPD agrees that the use of IMSI catchers by foreign governments may threaten U.S. national and economic security," the agency wrote in response.

The Associated Press first reported the letter on Tuesday.

D.C. is a hub for the U.S. intelligence community and others involved with the national security apparatus, including CIA, FBI and National Security Agency personnel who work or live in the nation's capital.

Individuals who have failed to take steps to encrypt their phones could have their communications sent to such eavesdropping simulators. 

While there has long been concern that foreign actors have used such devices, the AP reported the acknowledgement of such findings is the first time the federal government has spoken out on the issue.

The U.S. government has long remained mum on the subject partly because they use such equipment in their own operations.

DHS said it lacks the ability to track the use of the unauthorized simulators.

"NPPD is not aware of any current DHS technical capability to detect IMSI catchers," DHS said, pointing to a need for funding to acquire such a capability.

The Federal Communications Commission (FCC), which monitors the country's airwaves, formed a task force to examine eavesdropping devices in 2014, but it never produced a report on the subject, the AP noted. While the task force doesn’t meet regularly anymore, the commission continues to monitor any developments regarding IMSI devices, an FCC spokesman told The Hill.

Krebs noted in his letter that the FCC in 2011 began signing off on authorized IMSI devices to use U.S. airwaves that met their requirements for controlling radio interference and emissions as the commission does for other devices like cellphones. It does not grant authorizations to use such devices, the FCC spokesman added.

Lawmakers reportedly began voicing concerns about the use of unauthorized eavesdropping devices in 2014, when authorities discovered them.

While DHS mentions that the use of IMSI catchers by foreign governments poses a security risk to the U.S., it notes that NPPD has not "validated or attributed such activity to specific entities or devices." It remains unclear whether the discovered eavesdropping devices could've also been used by U.S. people to spy on fellow U.S. citizens.