Last week, the Department of Homeland Security confirmed for the first time that it is aware of unauthorized cell-site simulators, the surveillance tools often called stingrays or IMSI Catchers, in various parts of Washington DC.
While it's not surprising[1] that foreign intelligence groups or criminal actors would be cell-snooping in the nation's capital, the DHS statement[2] is the first US government acknowledgement that sensitive political communications, not to mention those of anyone in DC, are at risk of interception by devices that are currently unaccounted for. In spite of this step, though, observers find it unlikely that any group will move to defuse the threat in the foreseeable future.
The DHS statement came in the form of a response to senator Ron Wyden, who had inquired about rogue cell-site simulators in a November letter[3]. DHS acting undersecretary Christopher Krebs wrote, "Use of IMSI catchers by malicious actors to track and monitor cellular users is unlawful and threatens the security of communications, resulting in safety, economic, and privacy risks. ... Overall, [DHS's National Protection and Programs Directorate] believes the malicious use of IMSI catchers is a real and growing risk." The agency added that NPPD "has observed anomalous activity in the Nation Capital Region that appears to be consistent with IMSI catchers. NPPD has not validated or attributed such activity to specific entities or devices."
After the DHS admission, three ranking House members sent a letter[4] to the Federal Communications Commission on Thursday, demanding that the FCC "take immediate action under federal law to address the prevalence of what could be hostile, foreign cell-site simulators—or stingrays—surveilling Americans in the nation's Capital." But that seems unlikely, to say the least, thanks to how stingray devices are used—and by whom.