back to article Stingray phone stalker tech used near White House, SS7 abused to steal US citizens' data – just Friday things

Someone may have spied on smartphones in or near the White House using a fake cellphone tower – and miscreants are said to have abused SS7 weaknesses to swipe US citizens' private information, it emerged this week. On Friday, Senator Ron Wyden (D-OR) revealed a letter he received from the US government's Department of Homeland …

  1. YourNameHere

    Boss said leave it alone.

    Pai was told by his boss not to interfere with any possible independent operation of the Russian National Convention or the National Russian Association.

    1. Anonymous Coward
      Anonymous Coward

      Re: Boss said leave it alone.

      "Boss", singular? The thing about whores ...

      I think I phrased that (im)precisely enough to avoid any possible defamation problems...

      1. a_yank_lurker Silver badge

        Re: Boss said leave it alone.

        @AC - It is vague enough to avoid problems as does not hint who the boss is. Also, snooping on phone conversations in DC would be a smart move for any foreign spookhaus. So identifying who is spying is bit problematic as domestic spying can not be ruled out either.

        1. Voland's right hand Silver badge

          Re: Boss said leave it alone.

          Also, snooping on phone conversations in DC would be a smart move for any foreign spookhaus.

          The issue with that is that in order to actually snoop on conversations and data a Stingray type device needs the cooperation of the telco. It needs to be able to ask the network for encryption keys. Otherwise there will be alerts all over the phone that the network is insecure and some phones may refuse to use the network without an end-user confirmation (OS/Customization dependent).

          If a foreign power has hacked Verizon, ATT or Sprint to the point where it can get crypto keys a Stingray near the White House is the least of the potential worries for USA.

          1. DougS Silver badge

            Re: Boss said leave it alone.

            Wouldn't they be able to get them from a legit cell tower? I would be surprised - genuinely shocked to the point of fainting, actually - if those are even minimally secure against in-person attack. I'll bet it is 100000x harder to get the device key out of an iPhone than it is to get the network key out of a cell tower, because the rest of the telco network has such poor security I can't imagine anyone has paid attention to the physical security of the towers.

            So the spy dresses like a tech, 'services' a tower, and then has what he needs to plop a fake tower near the White House that's able to snoop on Trump's calls. Maybe he uses the secure phone to call North Korea or China, but I'll bet he is using his insecure cell phone to call Hannity to read him a bedtime story, or his other hangers-on, and that's probably where the real juicy details are anyway since he's calling those guys for 'advice' i.e. to tell him what he should do.

            If someone recorded his calls and then released them to embarrass him he'd probably blame it on the FBI like he does everything else.

          2. MacroRodent Silver badge

            Re: Boss said leave it alone.

            > The issue with that is that in order to actually snoop on conversations and data a Stingray type device needs the cooperation of the telco. It needs to be able to ask the network for encryption keys.

            Not necessarily. If I remember some older discussion correctly, the way one type of attack works it convinces the phone only GSM reception is available. This older standard does not have such a great crypto, and it does not authenticate the base station towards the phone. Snoops can thrn siphon traffic, then brute-force it later. Or was it so it can even tell the phone to skip encryption entirely (thanks, France and other countries that insisted on a cryptoless mode in GSM).

            1. Anonymous Coward
              Anonymous Coward

              Re: Boss said leave it alone.

              Perhaps now the fucktards in government might be interested in why enforced backdoors in crypto is a bad idea?

              Nahh, just kidding, they still won't have a clue or give a toss.

          3. phuzz Silver badge

            Re: Boss said leave it alone.

            "It needs to be able to ask the network for encryption keys. Otherwise there will be alerts all over the phone that the network is insecure and some phones may refuse to use the network without an end-user confirmation (OS/Customization dependent)."

            Nope. You do have to make sure your fake cell tower is 'louder' than all the legitimate ones, so that the targets phone opts to use it, but your tower claims to only support 2G (which is trivial to crack), and you can now snoop on the contents of communications to and from the phone.

            As far as I can tell, no current phones warn when they roam to a cell that only has 2G. You can get applications on Android that will warn you, but it's not standard.

            (example)

    2. Ole Juul Silver badge

      Re: Boss said leave it alone.

      Wrong boss. Pai works for Sinclair Broadcasting.

      1. Jan 0
        Coat

        Re: Boss said leave it alone.

        Joke for UK readers only:

        Do Sinclair Broadcasting use matchbox sized transmitters?

  2. Anonymous Coward
    Anonymous Coward

    Presumably this is the reason the US wanted to ban ZTE from building 5G networks, and disabling the NSA's ability to spy on cell networks outside the USA.

    1. Ole Juul Silver badge

      They might indeed give that reason, but I really don't think they even have a clue.

  3. elDog Silver badge

    Remember driving looking for WEP APs? This sounds like a lot more fun!

    So the technology from 20+ years ago now fits on an arduino....

    Not saying that I would condone this, or listening in on someone's conversation in a coffee shop.

  4. Anonymous Coward
    Big Brother

    But how would you tell if a stingray was used in the area, presumably your own connection or a honeypot would loose the known towers id's and could register that fact. but without the stingray doesn't an SS7 access require ISPs co-operation, supposedly they'd log it. you would only know afterwards.

    Stories on 5G in Australia stated that SS7 and Stingrays would not work on 5G. Which if true, presents an interesting situation as the AFP Australian Federal Police originally refused to allow digital mobile phones to be used until mechanisms were in place for them to intercept and to bug them. We had to stick with analog for months longer, but SS7 was in place by then for digital mobiles to work.

    1. Anonymous Coward
      Anonymous Coward

      There are ETSI standards which cover interception of call information up to and including real time voice and data, they're easy to Google and surprisingly easy to read, but to summarise, the functionality is built in to the cell infrastructure and it 'only' takes a request from a duly authorised agency to the cell service provider to get your hands on it.

  5. Pascal Monett Silver badge

    I am still surprised

    Honestly the thing that surprises me the most is the fact that we're all talking about how a Stringray device deployed by an unknown entity was used in proximity to the White House and yet there has not been a massive deployment of police, military, helicopters and SWAT teams to find the perpetrator.

    Seems to me that such a move in a Hollywood film would be the perfect excuse for such an exercise, but in Real Life it's just "well, seems somebody has been spying on comms near our most strategic historical building, let's write a letter to the FCC to complain".

    The Cold War is so last milennium I guess.

    1. Lee D Silver badge

      Re: I am still surprised

      If you're using cell towers to communicate anything even vaguely important without treating it as an untrusted medium, you're a damn idiot.

      For any proper scenario, it really doesn't matter if you broadcast your classified information over the 10 o'clock news. That's PRECISELY what modern encryption is designed for, and to facilitate.

      As such, it should NEVER be a national security issue, and certainly shouldn't be anything even vaguely approaching important for somewhere like the White House. And tapping into SS7 etc. and redirecting people's mobiles to proxy them can be detected quite easily by the companies in question. Has anyone even asked if this is actually done DELIBERATELY to stop, say, terrorist attacks and bombs coordinated over the cellphone network near the White House?

      But if you're that stupid as a secure government entity to just use a commercial network as-is, without bothering to encrypt information over it, then pretty much you've already lost anyway. You may as well just open the doors and let the Kremlin into your files.

      1. John H Woods Silver badge

        Re: I am still surprised

        On the other had I wouldn't be surprised if they are still sending and carrying unencrypted material by post or handler... How long is it since the last load of sensitive documents was accidentally left on a train or in a taxi?

    2. Anonymous Coward
      Anonymous Coward

      Re: I am still surprised

      I find it totally unsurprising. DHS couldn't narrow it to a specific group, but they're not concerned? Meanwhile, the President is using an unsecured personal phone and the tower is near the White House.

      My guess would be that, far from one of the secretive three letter agencies, it's the more secretive ten letter agency: B.O.B.M.U.E.L.L.E.R.

  6. DaemonProcess

    encrypted

    Then I suggest they all start using Whatsapp, if they haven't already.

  7. JLV Silver badge
    Black Helicopters

    Honest question

    If the email server thingy was enough for "lock her up" chanting frenzies, what sentiments does El Trump's usage of insecure phone technology evoke in his thoughtful fans?

    Seriously, we have independent Central Bankers to manage interest rates. How about the US appoints a non-partisan cyber-security assessment department that makes binding decisions as to which communication usage is acceptable practice? If Trump's is, fine. If not, well then, he was elected to do his job correctly, why doesn't he start?

    This would have also resolved the Clinton, and the previous Collin Powell issue too.

  8. Florida1920 Silver badge

    The Russians

    If Trump were in bed with the Russians, using an unsecured phone to chat up his pals at FNC makes perfect sense. Not to say he's deliberately acting against U.S. interests. More likely he's acting in his own. There is some history to support this allegation.

  9. Oh_bollocks

    Send me that SMS 2FA token!

    PSA: SMS two factor authentication is no way to go about securing oneself.

  10. Overflowing Stack

    Stingray? Nah...

    A shark with a laser on its head!

  11. Anonymous Coward
    Anonymous Coward

    Also, snooping on phone conversations in DC would be a smart move for any foreign spookhaus...

    Really ??? Who would do such an A-hole thing ?

    Hopefully it was just the FBI keeping taps on Mr Trump ...and not a foreign nation or even ally spying on the U.S.

  12. P. Lee Silver badge

    DRS?

    Trump Derangement Syndrome?

    Maybe there are lots of other people worth snooping on in the Whitehouse vicinity.

    Most of the honey is close to the queen bee. Only bee-keepers are interested in the queen herself.

  13. GrapeBunch Bronze badge

    Please, no drama, not until you've increased our budget.

    They didn't send in the SWAT team because they like to spread FUD and they're afraid of what they'd find.

    Property of (a corp or a TLA) stamped plainly on the device. The device owners would be wanting to keep up to date on how their investments are panning out. Are a person's words private to the person, or to the party that paid for them? Notwithstanding the result of the American Civil War (1861-1865), I'm not sure what the 21st century answer is.

  14. Anonymous Coward
    Anonymous Coward

    I think they're just pissed because they've realised they're not the only ones listening in to 'private' conversations.

  15. Mahhn

    Who's is it?

    Equipment everywhere and nobody is saying who it belongs to?

    No part numbers to trace, fingerprints, logs or activity of where the data is going?

    Did anyone even look at the equipment?

    My bet is, its a US 3 letter agencies equipment.

  16. Youngone Silver badge

    Someone may have spied on smartphones in or near the White House using a fake cellphone tower

    Good.

  17. Sleep deprived
    Happy

    So long as the Orange Clown's tweets get relayed

    ...nobody will notice the tower is fake.

  18. GnuTzu Bronze badge

    Market Rate

    Anybody know the current offering price for the content of the President's phone conversations?

  19. Dodgy Geezer Silver badge

    Received reports?

    ...The Homeland Security letter indeed said it had received reports of "nefarious" types leveraging SS7...

    That's nothing!! I've received reports of little green men from mars buying up all the petrol and making the price go up..... and lizard-headed aliens taking over the Royal family... and hundreds of terrorist attempts to attack us, all of which have been foiled by our magnificent Homeland Secruity officers who really deserve a raise....

  20. William Higinbotham

    11Year Old

    In the end it will most likely be some smartass 11 year old with embedded micro platform. Want to show his close black web associates his craft :-)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019