Reporters Find 20 IMSI-Catchers in London

An investigation by British news channel Sky News has discovered at least 20 IMSI-catchers currently working in the UK’s capital city. By emulating base stations, these devices snoop on the communications of anyone with a mobile phone that wanders into range and connects with the IMSI-catcher.

It is believed that most, if not all of the IMSI-catchers are being operated by London’s Metropolitan Police Force. The Commissioner of the London Met, Bernard Hogan-Howe, refused to discuss how the devices were being used, saying:

We’re not going to talk about it, because the only people who benefit are the other side, and I see no reason in giving away that sort of thing.

If people imagine that we’ve got the resources to do as much intrusion as they worry about, I would reassure them that it’s impossible.

It is unclear how Hogan-Howe objectively determined what people worry about. If I were working in a London office near one of the IMSI-catchers, then I would be very worried about the scale of information being collected about me. The difficulty of using IMSI-catchers as a device to surveil criminals is that they connect with any phone in range. That will be a large number of people in a densely-packed city like London.

Privacy International, the privacy activist group, has previously complained about the London Met’s refusal to confirm or deny their use of IMSI-catchers. They argue that British legal safeguards to protect the public from overuse of IMSI-catchers are weak compared to those found in the USA and Germany.

However, Sky News rightly point out that they cannot tell who is behind the IMSI-catchers they have detected. The Met are known to have purchased IMSI-catchers in 2009, but the devices detected by Sky News could also belong to foreign spies, naughty private companies, or criminals who want to steal personal data.

Sky News identified the IMSI-catchers over a three-week period, using technology supplied by German secure communications company GMSK Cryptophone. All the logs of their tests have been made publicly available, and can be downloaded from here.

I spoke to Andy Gent of Revector about the use of IMSI-catchers, because his business has developed a networked IMSI grabber solution for use (where appropriate and legal) by mobile operators and governments for the detection and location of GSM equipment. Andy told me:

IMSI grabbers can be used for a variety of legal surveillance applications as well as illegal uses. We have used them in a number of countries for the location of illegal equipment.

IMSI grabbers primarily do what they say, capturing and identifying the IMSIs of SIM cards nearby. They can also be used to record other information such as IMEI and MAC addresses – which of course can be spoofed or changed. Using various techniques they can pinpoint the location of equipment to within a few metres of where a device is transmitting. They can also be used for footfall monitoring.

As Sky News reported, it is true you can buy basic kit for a few thousand dollars to capture data. However, I would question their assertion that they had “found evidence that rogue mobile phone towers, which can listen in on people’s calls without their knowledge, are being operated in the UK”. Listening in to conversations requires more sophisticated devices that can support a ‘man in the middle attack’.

I believe this kind of equipment will be continually enhanced to avoid detection. Already some IMSI-catchers have been improved to avoid this type of detection.

You can find the Sky News story here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.