I'll admit I know next to nothing about cell-phone intercept technology, but this post by Matthew Phelan over on Black Bag is pretty creepy. Which, by the way, if you're not reading him on a regular basis, consider starting.
Les Goldsmith is the CEO of ESD, a defense and law enforcement technology firm based in Las Vegas. They make one of the oldest, most expensive high-security cell phones on the market. And lately, Goldsmith and his CryptoPhone customers have been noticing some pretty ominous, fake cell phone towers across America.
This is the August 2014 map compiled by Goldsmith and ESD's CryptoPhone 500 customers pinpointing the locations of their mysterious "interceptor" tower discoveries.
The interceptors can be as simple as a computer and a radio and, for years now, hackers have been demonstrating methods for putting one together for as little as $3000. But for governments, the actual technology retails at closer to $100,000. The devices work by communicating with a second, proprietary operating system common to all mobile phones and run off the baseband processor: the chip that handles a phone's radio functions.
A telltale sign that the phone is currently being raided by these "over the air" attacks is that it begins communicating to a lower, older generation network, as opposed to the more contemporary and secure networks—but the interceptors Goldsmith has found have proven remarkably good at spoofing higher-level 3G and 4G networks. Using a Samsung Galaxy S4 and an iPhone as a control group, Goldsmith drove his CryptoPhone past an interceptor located near an undisclosed government facility in the Nevada desert. Both commercial phones not only didn't register the attack, but continued to communicate that they were on a 4G network.
"As we drove by, the iPhone showed no difference whatsoever. The Samsung Galaxy S4, the call went from 4G to 3G and back to 4G," he told Popular Science. "The CryptoPhone lit up like a Christmas tree."
Is this a big deal? It sounds like it could be:
"Interceptor use in the U.S. is much higher than people had anticipated," Goldsmith says. "One of our customers took a road trip from Florida to North Carolina and he found 8 different interceptors on that trip. We even found one at South Point Casino in Las Vegas."
Who is running these interceptors and what are they doing with the calls? Goldsmith says we can't be sure, but he has his suspicions
"What we find suspicious is that a lot of these interceptors are right on top of U.S. military bases. So we begin to wonder—are some of them U.S. government interceptors? Or are some of them Chinese interceptors?" says Goldsmith. "Whose interceptor is it? Who are they, that's listening to calls around military bases? Is it just the U.S. military, or are they foreign governments doing it? The point is: we don't really know whose they are."
A native of Australia's Gold Coast, Les Goldsmith founded ESD back in 2005 and according to at least one report in Brisbane's Courier-Mail, sold an earlier version of the firm's CryptoPhone to the Ecuadorian embassy's terminal house guest, Julian Assange.
Skeptics and other casual non-alarmists might be inclined to believe that this whole episode is nothing more than a marketing outing for ESD, so it's worth noting that the FCC announced last month that they're assembling a task force to begin actively pursuing cyber criminal and espionage cases involving interceptors, also known as IMSI catchers or stingrays. Plus, as Goldsmith told the MIT Technology Review this past spring, his company hasn't been able to make these boutique phones fast enough, ever since the NSA scandals erupted last year. At $3500, the phone goes for five times the price of competitors like SGP Technologies' Blackphone; So, they're not exactly sweating it, money-wise.
Even if this were simply some publicity hounding designed to sell ESD hardware, it has already been frankly way more of an entertaining advertisement than those Sprint® "Framily Plan" commercials.
Once the FCC task force gets to the bottom of these interceptors, they really need to find out who's actually responsible for those.
[photo via Angela Grace blog]