UK Cops Using Fake Mobile Phone Tower to Intercept Calls, Shut Off Phones

Britain’s largest police force has been using covert surveillance technology that can masquerade as a mobile phone network to intercept communications and unique IDs from phones or even transmit a signal to shut off phones remotely, according to the Guardian.

The system, made by Datong in the United Kingdom, was purchased by the London Metropolitan police, which paid $230,000 to Datong for “ICT hardware” in 2008 and 2009.

The portable device, which is the size of a suitcase, pretends to be a legitimate cell phone tower that emits a signal to dupe thousands of mobile phones in a targeted area. Authorities can then intercept SMS messages, phone calls and phone data, such as unique IMSI and IMEI identity codes that allow authorities to track phone users’ movements in real-time, without having to request location data from a mobile phone carrier.

In the case of intercepted communications, it is not clear whether the network works as a blackhole where intercepted messages go to die, or whether it works as a proper man-in-the-middle attack, by which the fake tower forwards the data to a real tower to provide uninterrupted service for the user.

In addition to intercepting calls and messages, the system can be used to effectively cut off phone communication, such as in a war zone where phones might be used as a trigger for an explosive device, or for crowd control during demonstrations and riots where participants use phones to organize.

The Met police would not provide details to the Guardian about where or when its technology had been used.

According to the company’s web site, Datong “develops intelligence solutions for international military, law enforcement and intelligence agencies for use in all operating environments,” and sells its products in the U.S. as well.

Between 2004 and 2009, Datong won over $1.6 million in contracts with the U.S. Secret Service, Special Operations Command, the Bureau of Immigration and Customs Enforcement and other agencies. In February 2010, the company won a $1.2 million contract to supply tracking and location technology to the U.S. defense industry. It also sells technology to regimes in the Middle East.

A spokesman for the U.S. Secret Service verified to CNET that the agency has done business with Datong, but would not say what sort of technology it bought from the company.

The FBI is known to use a similar technology called Triggerfish, which also pretends to be a legitimate cell tower base station to trick mobile phones into connecting to it. The Triggerfish system, however, collects only location and other identifying information, and does not intercept phone calls, text messages, and other data.

Last year at the DefCon hacker conference in Las Vegas, security researcher Chris Paget demonstrated a low-cost, home-brewed device that mimics the IMSI catchers that U.S. law enforcement agencies use.

The device spoofs a legitimate GSM tower and emits a signal that’s stronger than legitimate towers in the area to entice cell phones to route their outbound calls through the spoofed tower, allowing an attacker to intercept and record calls before they’re routed on their proper way through voice-over-IP.

Photo: zoonabar / Flickr