Investigator Says He Found Multiple ‘Fake Cell Towers’ Near White House, Russian Embassy

Think about the phone conversations you’ve had in the last 48 hours. Is there anything personal or sensitive you wouldn’t want a stranger to hear or record?

Now imagine the cell phone conversations that took place about the Islamic State this week between lawmakers, their staff members and anyone who testified on the Hill. Think any sensitive information or key plans were discussed during those phone calls?

An investigator looking into the claims that “fake cell towers” are popping up all over the country says he discovered several active sites just in the last 48 hours within feet of the White House, around the Russian Embassy and covering the Senate buildings where key Islamic State hearings took place this week.

“On Tuesday, I believe it was at the exact time the ISIS hearings were ongoing, we drove by the Senate and our phones were targeted,” Aaron Turner, an expert in mobile security and information protection, told TheBlaze.

ESD maps cell site simulator
(Image source: Intel )

Turner, who is also president of Integricell, a company that specializes in mobile security, discovered the covertly operating “fake cell towers” (which work by tricking your cell phone into thinking it’s connecting to an actual cell tower) simply by driving in an SUV around the city and allowing his cell phone and tracking devices to be pinged by the International Mobile Subscriber Identity catchers.

“Your phone is always looking for all of the cell towers around you, and during one call your cell phone may switch between different towers 10-20 times, but these IMSI catchers intercept your call by making your phone think there is only one tower — their receiver — in the area, and that is never correct,”  Les Goldsmith, President of ESD America, a company that sells phones designed to avoid these trappings, told TheBlaze.

“These towers are tricking your phone into saying ‘I need to talk 9-1-1 information to you,’ but then it doesn’t,” Turner explained.

He said the majority of the rings on the map indicate places where individual cell phone calls will be profiled just by passing through the hot zone, and these were active in the last 24 hours. “They would just look at the phone’s identifier and go ‘Have I seen this phone before before?’ if so then they would take action, if not then they would just keep a record that that phone has driven by that location — it’s the digital version of license plate reading,” he said.

(Image source: Integricell)
(Image source: Integricell)

“In several locations including on Pennsylvania Avenue in downtown D.C. someone is operating a full-blown intercept where whenever you walk past they actually break open your communications and look at what’s going on on the device,” Turner said.

“It happened to me at a location between the 1100 block and the 1400 block of Pennsylvania northwest where someone has been interrogating my phone and breaking open the communication — it happened to me four times in the last 12 hours … we can’t say for sure who it is, but the fact that they are doing that it’s concerning.”

He explained further: Even if an agency had a warrant to track an individual, breaking into their cell phone conversation is definitely off limits. 

“I have a pretty high level of certainty that I don’t have any active warrants out against me, so if it was done legally they would need warrants to break into my communications,” he said. “That means someone is doing it outside of the law, be that a formal intelligence service, a corporate entity conducting industrial espionage here in the area, ugh, who knows.”

As TheBlaze pointed out last month, the “towers” aren’t necessarily large structures that people may think. Instead, the devices are small enough, Turner said, that it could be anyone “sitting up in an apartment building, it could be a device embedded in a copy machine inside of an office, these cell ‘towers’ don’t have to be big, they don’t have to be sitting on top of a roof. They can be embedded in another piece of equipment or be inside of a wall.”

Goldsmith rode along with Turner throughout D.C. and said they spotted active sites in key areas where defense contractors work, and along common traffic chokepoints where the catchers can snag thousands of unknowing drivers chatting away on their cell phones, handsfree or otherwise.

“We had five phones in the car, and we were looking for the three tell-tale signs that they are being intercepted,” Goldsmith explained; those are:

  • Your phone thinks it only has the option to talk to one cell tower
  • The phone is forced from 3G or 4G to 2G service
  • Standard network cyphering is disabled on the phone

“What we found that is definitely of interest is there is interceptor activity right around the Russian embassy, that means it could be on their soil, which means it is capturing subscriber information of everyone that drives by with a cell phone is having their data tracked on the phone,” Goldsmith told TheBlaze.

He also noted it could be outside their grounds, which means another agency is spying on the activities within the embassy.

Turner came to D.C. to test theories thrown out by a ESD, which made recent claims that these kind of “fake cell tower” sites were popping up all over the country to track individuals via their cell phones and even break into their cell conversations without the users having a clue. Turner reached out to the company because he wanted to see for himself whether the claims were true.

“We took him to a test environment where we knew a government interceptor was active, so he could see in real time a capture on the phone,” Goldsmith said.

After seeing what these IMSI catchers could do, Turner set out to gather strict evidence on whether these cell site simulators were as ubiquitous and active as the company claimed.

Turner told TheBlaze what he uncovered in D.C. is prime example of the illegal activity he’s discovered which has actually led him to now partner with ESD in an attempt to protect as many people as possible from snooping spies or warrantless recordings.

Earlier this month TheBlaze covered the ESD Cryptophone, which is designed to block this kind of cell phone interrogation, when the company came out with their initial claims about fake cell towers popping up around the country.

And now they’ve verified their existence in our nation’s capitol. “As a result of these findings and verifications I now want to make (ESD) technology available to other enterprise clients,” Turner said.

Turner said equipment capable of tricking cell phones into thinking they are connecting with a network tower is available for $20,000, but even miscreants with little to no training in digital technology can acquire the same kind of technology for roughly $100,000.

“If you are a skilled operator, you can buy some of the low cost equipment, and you have a background in radio frequency transmission and some understanding of cellular networks … the barrier to entry is very low,” he said.

Follow Elizabeth Kreft (@elizabethakreft) on Twitter. 

 

 

80 Comments