All of the mysterious cell phone towers in the U.S. can now be pinpointed – But most of them are not the U.S. government’s.
That’s the word from Les Goldsmith, the CEO of ESD America. His company, which made public last year the existence of the interceptors, is today announcing the launch of its real-time Overwatch service for finding the towers.
The company said this is the only known system capable of systematically locating the interceptors.
The towers are called IMSI catchers, for the International Mobile Subscriber Identity that is attached to every cell phone. They mimic legitimate cell towers and reroute nearby cell transmissions through them. But they’re not phone company equipment. ESD said it discovered the IMSI catchers in the course of testing the company’s military-grade secure Cryptophone 500 cell phone.
Initially, the company found 17 towers, which has now increased to 54. Although called a “tower,” an interceptor can also be a listening/call-handling box or suitcase of equipment sitting somewhere. More than a dozen have been detected by ESD near the U.S. Senate and White House.
There has been speculation that the towers are the work of the U.S. government. Goldsmith and other experts have downplayed the possibility that it might be the National Security Agency, since that organization has the ability to go directly to the carriers to tap a line.
VentureBeat has previously reported that Harris Corporation of Melbourne, Florida, a large information technology company that produces secure communications gear for the U.S. military and intelligence community, has manufactured at least some of them. Harris-made devices are called Stingrays.
There have also been reports that some of the interceptors are the work of U.S. law enforcement. But Goldsmith says the interceptors made with domestic U.S. configurations and equipment are “the smallest percentage of the towers.”
“We believe a majority of them are non-U.S. government,” he told me. “Looking at the types, the sophistication, [there are] more foreign than domestic.”
The largest percentage uses open source OpenBTS, he said, suggesting they are laptop devices used by a hobbyist.
But he reported that the next largest group are “commercial-grade from overseas.”
“If you are U.S. [government], you use U.S.-made,” he said, because it is reliable technology. He added that U.S. technology for IMSI catchers shouldn’t be exportable, under International Traffic in Arms Regulations (ITAR).
ESD says it will offer its new interceptor-catching service only to the U.S. government, and to other governments “strictly allied” with the U.S. When it was pointed out to Goldsmith that the ESD website promoting the new service doesn’t mention that, he told me it would be added.
“We want the government to be able to catch” those setting up these towers, he said. If the U.S. and friendly governments don’t want the service, Goldsmith said, “we won’t supply it.” To date, however, he reports that 14 governments have expressed interest.
The interceptor hunting is conducted with ESD-built, briefcase-sized sensing devices that the company deploys in an area. The tech sets up a “firewall” that monitors connections to cell towers from ESD devices. Goldsmith said the service doesn’t monitor individual messages.
Alternatively, regular Samsung Galaxy S3, S4, or S5 smartphones can be specially modified to detect and report back the interceptors’ locations. Cryptophones can also detect the IMSI catchers, but they are not designed to report back the data.
The Federal Communications Commission (FCC) has announced an investigation into the unauthorized use of IMSI catchers.
Last fall, ESD said it was launching a road trip for a specially equipped vehicle and crew to find interceptors in areas that were nominated by members of the general public. But Goldsmith said the road trip was cancelled because of a lack of areas nominated for investigation, although there had been thousands of initial inquiries, and because this new service was about to be offered.