An IMSI (International Mobile Subcriber Indentity), or a Stingray as it’s better known, is an interceptive tool used to tap into a mobile device and collect information.
After the 2011 Edward Snowden surveillance leaks, public interest into the matter has increased significantly; top-secret government ventures suddenly become public.
Christopher Weatherhead, a Technology Officer with Privacy International said: “IMSI catchers are an example of exploiting a defect in technology, rather than implementing a fix to secure the technology. Keeping such weaknesses available for exploitation, by not only law enforcement, but also cyber criminals, hackers, and other nefarious actors, means that the security of everyone’s device is decreased, which is arguably not in the public’s interest.”
IMSI catchers act as the ‘middle man’ between an individual and his or her network provider –they intercept a phone without the knowledge of the service provider and, of course, the individual being intercepted.
IMSI catchers were first introduced to the military and eventually used by the police and security authorities. However, the intercepting tools have now become a business venture. Specifically, for technological companies who have the means of production.
Regulation requires firms to only sell an IMSI catcher to the government; this is done to prevent misuse. Ultimately, this has resulted in the black market growing drastically.
Vice UK recently ran a investigative documentary which showcased how easy it is to obtain an IMSI catcher. Their investigator, Ben Bryant, contacted an overseas technology company based in Hong Kong; via Skype.
He then demonstrated how easy it was for any member of the public to obtain one.
Other countries around the world have admitted to using IMSI catchers. Last year, in the US, the Federal Bureau of intelligence admitted to using fake cell phone towers to intercept people’s phones.
Waterhead went on to say: “We see similar arguments starting to be exposed in the case of hacking and encryption particularly with the publication of the draft Investigatory Powers Bill (IPB).
“Encryption, for example, is required to use services such as Gmail and Facebook, and any method of undermining it not only damages the security of a single user, but of all users of such services. This is why companies like Apple are showing such tough stances towards the FBI and their most recent attempts to bypass the security architecture of the iPhone”.
In June of last year Sky News revealed in a collaboration with a German technological company called GSMK Cryptophone that fake towers are operating in the UK.
Bjoern Rupp, the CEO of GSMK said: “The abnormal events that Sky News had encountered can clearly be categorised as strong indicators for the presence of IMSI catchers in multiple locations”.
For those who do not want their phone calls to, potentially, be intercepted, alternatives do exist. GMSK has also produced a highly secure phone that is attracting a large attraction from members of the public.
The GMSK cryptophone 500 is already encrypted, which means that it is immune from an IMSI catcher intercepting it. The phone promises security, keeping the owner in control.
Recently, The Independent revealed that the UK has been sending spying equipment to countries like Saudi Arabia and Egypt. This was only made possible because of recent laws implemented in the UK, granting tech companies to sell the devices abroad; IMSI catchers were among them.
Waterhead concluded: “In the future these requests could be made of any company, and in the UK the public would be unaware of such Government requests due to IPB’s requirement that such requests remain secret. Privacy International remains against Government hacking because it fundamentally weakens the security of the devices and technology that we all rely on and trust.”
Featured image by 1971Marcus via Wikicommons