Fake Cell Phone Towers Across the US

Earlier this month, there were a bunch of stories about fake cell phone towers discovered around the US. These seem to be IMSI catchers, like Harris Corporation’s Stingray, and are used to capture location information and potentially phone calls, text messages, and smart-phone Internet traffic. A couple of days ago, the Washington Post ran a story about fake cell phone towers in politically interesting places around Washington DC. In both cases, researchers used security software that’s part of CryptoPhone from the German company GSMK. And in both cases, we don’t know who is running these fake cell phone towers. Is it the US government? A foreign government? Multiple foreign governments? Criminals?

This is the problem with building an infrastructure of surveillance: you can’t regulate who gets to use it. The FBI has been protecting Stingray like it’s an enormous secret, but it’s not a secret anymore. We are all vulnerable to everyone because the NSA wanted us to be vulnerable to them.

We have one infrastructure. We can’t choose a world where the US gets to spy and the Chinese don’t. We get to choose a world where everyone can spy, or a world where no one can spy. We can be secure from everyone, or vulnerable to anyone. And I’m tired of us choosing surveillance over security.

Posted on September 19, 2014 at 6:11 AM • 80 Comments