back to article You. FCC. Get out there and do something about these mystery bogus cell towers, huff bigwigs

Senior Congressmen have demanded "immediate action" over mysterious fake cell phone towers in Washington DC that they worry could be being operated by foreign governments. House Reps Frank Pallone (D-NJ), Eliot Engel (D-NY) and Bennie Thompson (D-MS) this month sent a letter to Ajit Pai – the head of America's comms watchdog, …

  1. Anonymous Coward
    Anonymous Coward

    Foreign governments ?

    Washington DC that they worry could be being operated by foreign governments.

    I would be more worried that they were being operated by the US government.

    Although if every 3 letter agency in the US is busy spying on every other 3 latter agency - that might be the best solution for everyone

    1. Grikath Silver badge

      Re: Foreign governments ?

      That's the interesting question, isn't it?

      Given how crucial cell towers are for our modern communication network, and (afaik) you still can't park them willy-nilly everywhere... Someone must have known/signed off on them, and someone must have been sleeping at the wheel to have those things appear all over the place. In a nation's capital, no less.

      Lemme get the popcorn... This one is going to be *FUN*....

      1. phuzz Silver badge

        Re: Foreign governments ?

        You can build your own Stingray with a $400 SDR card and Raspberry Pi.

        Then you put it in a serious looking box and sell it to the government/police for a hundred times that.

        There's no need to worry about encryption either. Your new DIY cell tower simply tells every phone that contacts it "I only speak 2G, no encryption, sorry" and mobile phones will drop their encryption to stay compatible. Most phones will give you no indication that this is happening.

        1. Alan Brown Silver badge

          Re: Foreign governments ?

          "Most phones will give you no indication that this is happening."

          This is prevalent enough that there are a couple of apps to warn you when connected to an unencrypted network.

          Of course in some countries, 2G networks were unencrypted by law so that spooks could snoop - and so could everyone else.

        2. This post has been deleted by its author

    2. martinusher Silver badge

      Re: Foreign governments ?

      That super-secret, sold only to government agencies and so on device appeared in a photo recently. It looked definitely old-school, the sort of thing we were making in the later 90s / early 2000s out of a reboxed PC motherboard, some plug in cards and a bit of custom software. (Even the silk-screen looked a bit home-made.) Since the equivalent of IMSI catching for wireless networks is really easy its not beyond the bounds of possibility that someone has put together a DiY IMSI catcher. It doesn't have to be a 'state actor' although that Spy-vs-Spy stuff plays well in the DC universe. Personally I hope its someone who just likes yanking chains -- somehow these abuses of privacy seem perfectly OK when they're being done to us ("We, the People") but when the biter is bit the howls can be heard on the other side of the continent.

      1. JohnFen Silver badge

        Re: Foreign governments ?

        If we're talking about Stingray-type devices, they're not so secret and they're not hard to obtain on the black market.

    3. Voland's right hand Silver badge

      Re: Foreign governments ?

      I would be more worried that they were being operated by the US government.

      Which is the case.

      In order to operate an IMSI catcher and not trigger a whole raft of alerts on the phone you have to integrate into the network. You have to have the correct crypto keys. These in 2G and 3G use symmetric encryption and you have to talk to the mobile network core to fetch them. I forgot what 4G does, but I suspect it is even stricter.

      If a foreign power is successfully operating cell tower infrastructure this means that the networks of one or more mobile operators are hacked completely. The possibility that this has happened is significantly more worrying than the idea of mythical cell towers.

      1. Anonymous Coward
        Anonymous Coward

        Re: Foreign governments ?

        It's not that hard to have phones connect to fake relays - it has been used by crooks in China a few years, to peddle spam SMS to anybody in their vicinity. I did receive some in Beijing, so I can attest it did not trigger any kind of alert on my Android phone that connected to those. As I remember, they were using weak 2G, and 3G was supposed to be immune to that specific, non-state-sponsored attack.

  2. This post has been deleted by its author

    1. JohnFen Silver badge

      Re: What a Complete Mess

      "How soon before this filters down to the criminals ?"

      They've been available to criminals for years now.

      1. JustWondering

        Re: What a Complete Mess

        I believe shadmeister may have been referring to private sector criminals.

      2. Anonymous Coward
        Anonymous Coward

        Re: What a Complete Mess

        "They've been available to criminals for years now."

        Indeed!

        Al Jazeera did an excellent video documentary of just that called "Spy merchants".

        https://www.youtube.com/watch?v=_HA-cEMKCDs

    2. Anonymous Coward
      Anonymous Coward

      Re: What a Complete Mess

      essentially means that this technology is prevalent.

      Technology has been prevalent for more than a decade. I worked in a company which built the predecessor of the femtocell and one of our first customers was HMG. It was if memory serves ~2003.

      In this day and age you can build it in your shed. It is no big deal. It is mass produced - all you need is a different software build for a femtocell.

      Building it is not an issue. Operating it without triggering alerts on the phone is. You have to have access to the mobile network core. You either have to have it negotiated or you have to outright hack it.

      1. This post has been deleted by its author

  3. JohnFen Silver badge

    Wait, what?

    "that they worry could be being operated by foreign governments.'

    Maybe it's just me, but if you find the seat of the federal government riddled with spying apparatus, I don't think that whether or not they're operated by foreign governments should factor into the decision to get rid of them.

    1. Mark 85 Silver badge

      Re: Wait, what?

      Then they need to be gone nation-wide. Seems a very big double standard that it's ok for them to be used... except in DC.

      1. JohnFen Silver badge

        Re: Wait, what?

        I don't see a double-standard here. The position of the government is that they're fine when used according to government rules and procedures. This is just as true in DC as the rest of the nation. This seems to be different, in that these don't appear to be authorized IMSI catchers.

        That said, I do agree with you that they shouldn't be allowed in the first place, whether by the government or not.

  4. YourNameHere

    Trump and republican party only cares

    if it's not Russian. Than they have a problem with them since according to trump and company the Russians are good for us. I remember when the Republicans actually cared about those things.

  5. Mark 85 Silver badge

    So why don't the powers that be (including Congress) put away their shiny cellphones and go back to using landlines? A bit old fashioned I know, but there are such things as encrypted land lines also. Funny this, that even though this has been done for several years elsewhere, the CongressCritters don't like in their backyard. I wonder what they're hiding?

  6. Anonymous Coward
    Anonymous Coward

    Spies, foreign and domestic, could also...

    Spies could also install open Wi-Fi hotspots, with reassuring named SSIDs. Not "FREE WI-FI (FSB)", but more like "AirBNB Guest".

    It'd be fairly cost effective, and wouldn't be in the news like this.

    1. Pascal Monett Silver badge

      Yeah, but you can't intercept a phone call with a WiFi hotspot.

      1. Anonymous Coward
        Anonymous Coward

        You can to intercept vioip with a wi fi hot spot. If you own any part of the network that VoIP goes over you can.

      2. Surreal
        Stop

        Google Fi

        "Your" call may not get intercepted by a WiFi hotspot, but if you use Google Fi as your carrier and don't specifically tell it *not* to connect to J-Random-WiFi it's another story.

        I use Fi for the low-prices and good coverage, but I don't pretend to have "secure comms" (*snort*!)

    2. Alan Brown Silver badge

      Re: Spies, foreign and domestic, could also...

      > more like "AirBNB Guest".

      For shits and giggles, name a P-t-P hotspot "Free Wifi" on an aircraft and by the end of the flight you'll see that every other phone on board has picked up that name.

  7. Marketing Hack Silver badge
    Facepalm

    Another example of collateral damage from permissive attitudes towards surveillance...

    Just like so many of the IT vulnerabilities that sigint agencies horde, this is an example of technology that was supposed to be the sole property of "the good guys" getting into the wild.

    The good news is that the law enforcement that are hoovering up your comms are in turn getting their comms hoovered up, so we're all screwed together.

  8. chivo243 Silver badge

    control people, control

    Since nobody is tracking the implementation of these towers... seems there's a fail some up the control line...

    1. Anonymous Coward
      Anonymous Coward

      Re: control people, control

      They're not necessarily literal towers (and most likely aren't, duh).

      They're probably in the back of an inconspicuous van.

      1. DropBear Silver badge
        Trollface

        An inconspicuous van

        Oh, those should be easy to recognize if you know what to look for - Hollywood taught me all those have a company name that includes two adjacent "O"s painted on their sides in large, friendly letters to mask the holes where you're supposed to stick the binoculars out...

        1. Phukov Andigh Bronze badge

          Re: An inconspicuous van

          I'm more worried about the cardboard doggie treat box with the two convenient adjacent eye holes...

        2. Blofeld's Cat
          Black Helicopters

          Re: An inconspicuous van

          I am told some of these vans can have "Flowers By Irene" written on the side.

  9. Nimby Bronze badge
    Terminator

    Skynet Customer Relations Representative

    Greetings valued customer! We are happy to confirm that at present Skynet has no known operations involving falsified celltower-like services in the Washington DC region. If you would like to report any suspicious activity or provide information, as always, we would be happy to take your call, toll free, at 1-800-WE-HUNT-U so that we may immediately dispatch a representative that is definitely not a machine appearing to be human to collect you ...r information. Thank you for your time, and have a nice day.

  10. drewsup

    Land of the free??

    I would think this would fall under " expected privacy of use" when joining a mobile provider, the fact the FCC is doing nothing tells you it's a US Gov deployed trap. Try setting up a low wattage FM radio station in your house to broadcast your favourites and see how fast an FCC rep knocks on your door, history has proven pretty darn fast!

    The cats out of the bag now, someone created these to law enforcement, and as all technology goes, was available to anyone willing to pay a few years later. Thanks to whoever made this possible :/

  11. Phukov Andigh Bronze badge

    we care about DC but screw the rest of y'all

    but ignored similar complaints made, say from here in California where such sites were popping up and down with near regularity, for years. Law enforcement having convenient information on incidents that occurred and ended within an hour or so, but their evidence somehow started from right before the incident started to occur? as we're to believe that Law Enforcement was aware, mobilized, and got permission to deploy based on some sort of "warnings" so they had intel from the moments first shots were fired?

    Or Occam's Razor, sharply applied-Stingray was ALREADY in place, ALREADY running 24/7 and just needed to go back thru the records to get what was needed?

    Methinks they're just mad that its not "their guy" doing the snooping on congressional misbehavior. They'll have no trouble with it and more surveillance when "their guy" is back in power. Only "justice" in DC is more like "Just Us".

  12. Chairman of the Bored Silver badge

    Some links from you to look at

    Open source 2G and 3G stack: www.openbts.org

    My recommended SDR: https://www.ettus.com/product/details/UB200-KIT

    Suggest getting the GPS disciplined TCXO option, the oscillator built into the B200 is suprisingly crap for a $560 radio. A $400 hackRF board will work but not quite as well.

    Rasberry Pi to drive it will be ok as proof of concept; for real work an old i5 quad core laptop with USB 3.0 and a few GB of RAM is more than adequate.

    Roll your own femto cell, do intercepts of SMS, whatever. Note that rainbow tables for GSM A5/1 crypto are available if you've got a few TB of spinning rust available and feel passive aggressive. Note I do not condone intercept and decrypt of messages not your own, etc, yadda yadda.

    I built a femtocell a couple of years back with openBTS and an Ettus B210 because I needed a comms net in the middle of nowhere and equipping my people with 2G flip phones was the right answer - we had dozens lying around. Total cost was maybe $3k in materials and a man month of labor. Compared to the cost of deploying an APCO P25 radio net, the cost was in the noise.

    Friend of mine teaches high school students about risks of online life and whatnot. She uses a beta version of the UMTS fork of OpenBTS to scare the hell out of the students by sending them uninvited SMS... Displaying all IMSI in range in real time, etc. Good clean fun and (one hopes) makes them think about what they expose online, so to speak. Yes, this IS done with informed consent; she's a white hat.

    Bottom line? This genie won't fit back into the bottle. Not unless we develop truly secure standards and protocols for telephony, and what government wants that???

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019