Preliminary data from DHS security pilot may suggest widespread hacking

Preliminary data from DHS security pilot may suggest widespread hacking
© Getty Images

A Homeland Security Department pilot program designed to monitor a specific kind of mobile hacking may have discovered consistent attacks around the country. But a source with knowledge of the program says it is too early to make that determination.

The program, dubbed Overwatch, is managed by Homeland Security using the contractor ESD America and is designed to detect what's known as Signalling System 7 (SS7) hacking. 

The Washington Free Beacon reported Thursday evening that "security insiders" noted a spike in SS7 hacking in the Washington, D.C., area detected during the trial was followed by attacks across the country. CBS News later confirmed that with an employee at ESD America, who said the equipment being used in the attack suggests a foreign actor.  

Yet a source familiar with the program cautioned anyone from drawing too many conclusions about surveillance from the raw data. 

"This is a pilot program and the information still needs to be comprehensively analyzed," that source said. 


SS7 hacking takes advantage of the system allowing cellphone networks to communicate with each other. Phone owners use SS7, for example, whenever they roam from one network to another.

In 2014, the German researcher Karsten Nohl discovered that, if a hacker gained access to the SS7 system, that hacker could take advantage of accounts in a variety of ways — including monitoring phone calls or charging calls to someone else's account. 

Even before the Washington Free Beacon report, some lawmakers had taken a keen interest in SS7 hacking. 

Rep. Ted Lieu (D-Calif.) and Sen. Ron WydenRonald (Ron) Lee WydenPlaintiff and defendant from Obergefell v. Hodges unite to oppose Barrett's confirmation Senate Democrats call for ramped up Capitol coronavirus testing House Democrats slam FCC chairman over 'blatant attempt to help' Trump MORE (R-Ore.) sent a letter to Homeland Security Secretary John Kelly on Thursday asking how the DHS planned to address the problem.  

"We suspect that most Americans simply have no idea how easy it is for a relatively sophisticated adversary to track their movements, tap their calls, and hack their smartphones. We are also concerned that the government has not adequately considered the counterintelligence threat posed by SS7-enabled surveillance,” they wrote.

Lieu has taken frequent action on the issue for nearly a year, since he volunteered to have his phone hacked remotely on an episode of "60 Minutes."

In a written statement, Homeland Security acknowledged the Overwatch program without acknowledging the test results. 

"The Overwatch system is part of a 90-day pilot that was initiated on January 18, 2017. The Overwatch System is managed by DHS, through ESD America Inc., a defense and law enforcement technology provider that provides technical security assistance to government and corporate clients," the DHS said.