While it has been suspected in the past, the United States government has now acknowledged that there are rogue devices from foreign spies in Washington D.C. that could be tracking cell phones and intercepting messages.
The Associated Press has obtained a letter from the Department of Homeland Security that acknowledges it has identified suspected unauthorized cell-site simulators in the Washington D.C. area. Apparently, these devices have the ability to track location data through personal mobile phones and eavesdrop on calls, as well as messages. The spying devices are usually roughly the size of a briefcase, and they work by tricking mobile phones into connecting with them instead of cell towers.
An anonymous DHS official revealed that the devices were detected in January 2017. According to the AP, "little has been done about such equipment" by the DHS. The Federal Communications Commission did form a task force to combat similar devices four years ago, but it has yet to submit a report, and doesn't meet regularly any more.
The top official in the DHS's National Protection and Programs Directorate, Christopher Krebs, says that the use of these spying devices in Washington “may threaten U.S. national and economic security.” The area is full of government workers, and a compromise of data could have widespread negative effects. Krebs also explains that the DHS lacks the proper equipment and funding to detect the devices, however.
Some legislators in Washington have publicly voiced concerns about spying devices in the capital since 2014, but the executive branch of the government has avoided the subject.
Oregon Senator Ron Wyden released a statement on Tuesday that says, "Leaving security to the phone companies has proven to be disastrous." He notes that the FCC hasn't held the industry accountable "despite repeated warnings and clear evidence that our phone networks are being exploited by foreign governments and hackers."
Wyden's sentiment was echoed by Laura Moy of the Center on Privacy and Technology at Georgetown University. Moy says, "To the extent that there is a major problem here, it’s largely due to the FCC not doing its job." Moy argues that the FCC should require wireless carriers to protect their networks from security threats and “ensure that anyone transmitting over licensed spectrum actually has a license to do it."