According to a letter sent to Sen.
"NPPD [National Protection and Programs Directorate] agrees that the use of IMSI catchers by foreign governments may threaten USA national and economic security", the letter said, responding to Senator Wyden, who earlier requested answers from the agency in a letter dated November asking about the presence of IMSI catchers in the U.S. capital. They can also be used to implant malware.
The activity was reported to a federal partner agency at the time it occurred, the DHS noted.
Though the DHS acknowledged that cell-site simulators are suspected to be in use in Washington, the agency provided little else in the way of information about who might be using them or why. "This means that anyone, United States citizens and government officials included, are under threat of tracking by cell-phone site simulators (IMSI catchers) while traveling, and not only at home in DC".
"They are essentially a fake cell tower that tricks phones into connecting to it and can then obtain the phone's location and track the phone's location", said Cooper Quintin, a senior technologist and security researcher at the Electronic Frontier Foundation, a nonprofit digital-rights group based in San Francisco.
DHS "has observed anomalous activity in the National Capital Region (NCR) that appears to be consistent with International Mobile Subscriber Identity (IMSI) catchers", Krebs wrote.
The agency's response, obtained by The Associated Press from Wyden's office, suggests little has been done about such equipment, known popularly as Stingrays after a brand common among USA police departments.
Stopping the illegal use of the technology is another matter.
The agency warned if the devices were used by "malicious actors" to track and monitor cell-phone users, it would be unlawful and could threaten Americans' privacy. The Federal Communications Commission, which regulates the nation's airwaves, formed a task force on the subject four years ago, but it never produced a report and no longer meets regularly.
This has been a hush-hush problem because to fix it is costly, and it could lead to conflict with USA intelligence and law enforcement. In a statement released on Tuesday, Wyden said that "leaving security to the phone companies has proven to be disastrous". He added that the FCC has refused to hold the industry accountable "despite repeated warnings and clear evidence that our phone networks are being exploited by foreign governments and hackers".