An unusual amount of highly suspicious cellphone activity in the Washington, D.C., region is fueling concerns that a rogue entity is surveying the communications of numerous individuals, likely including U.S. government officials and foreign diplomats, according to documents and conversations with security insiders.
A large spike in suspicious activity on a major U.S. cellular carrier has raised red flags in the Department of Homeland Security and prompted concerns that cellphones in the region are being tracked. Such activity could allow pernicious actors to clone devices and other mobile equipment used by civilians and government insiders.
It remains unclear who is behind the attacks, but the sophistication and amount of time indicates it could be a foreign nation. Mass amounts of location data appear to have been siphoned off by a third party who may have control of entire cell phone towers in the area. This information was compiled by a program that monitors cell towers for anomalies supported by DHS and ESD America and known as ESD Overwatch.
Cell phone information gathered by the program shows major anomalies in the D.C.-area indicating that a third-party is tracking en-masse a large number of cellphones. Such a tactic could be used to clone phones, introduce malware to facilitate spying, and track government phones being used by officials in the area.
"The attack was first seen in D.C. but was later seen on other sensors across the USA," according to one source familiar with the situation. "A sensor located close to the White House and another over near the Pentagon have been part of those that have seen this tracking." The data gathered by the ESD Overwatch program indicates the U.S. cell carrier has experienced "unlawful access to their network for the purpose of large scale subscriber tracking," according to a report prepared by ESD Overwatch, a contractor working on behalf of DHS.
Information gathered by the program shows a massive uptick in efforts to identify and track cellphones. The third-party hacker appears to be identifying phones as they connect with local cellphone towers and recording this information. This method of hacking could permit a malicious actor to track an individual's cellphone and pinpoint phones that may be of importance, such as government entities.
The cellular network involved in the attack is being abused in order to track phones subscribed to the carrier, according to one source familiar with the situation. DHS's Office of Public Affairs confirmed that the ESD Overwatch program has been operating under a 90-day pilot program that began Jan. 18. Before the surveillance program was initiated the federal government did not have a method to detect intrusions of the nature seen over the past several months.
The attack on this network is still underway. An official with ESD Overwatch acknowledged the existence of the DHS program, but would not comment further on the matter. The issue of cellphone vulnerabilities has been a top concern in Congress, where lawmakers petitioned DHS on Wednesday to outline steps the government is taking to prevent foreign governments from performing the type of attacks observed by Overwatch.
"For several years, cyber security experts have repeatedly warned that U.S. cellular communications networks are vulnerable to surveillance by foreign governments, hackers, and criminals exploiting vulnerabilities in Signaling System 7," which is used by cellular phones and text messaging applications, according to a letter set by Sen. Ron Wyden (D., Ore.) and Rep. Ted Lieu (D., Calif.).
"U.S. cellular phones can be tracked, tapped, and hacked — by adversaries thousands of miles away — through SS7-enabled surveillance," the lawmakers write. "We are deeply concerned that the security of America’s telecommunications infrastructure is not getting the attention it deserves." "We suspect that most Americans simply have no idea how easy it is for a relatively sophisticated adversary to track their movements, tap their calls, and hack their smartphones," the lawmakers write.
Concerns continue to mount that the government is not adequately taking steps to secure cellular networks. The lawmakers request that DHS outline specific steps being taken to insulate networks from attacks and ensure that U.S. cell carriers are doing the same.
110 Reykjavik, Iceland