GOT(IT) #25: Cellphone spying suspected in DC, outgoing White House emails not protected, plus ransomware isn’t dead (yet)

cellphone spying DCNew day of the week for GOT(IT), but this year’s security topics still feel like a spy vs spy strip!

Monday’s the new day for GOT(IT)! In our #25 issue we recap last week’s security stories, with a few cold-war-styled topics like cellphone signal interception, lack of proper security standards in government facilities, and tendencies that were thought dead but continue to pry our systems.

U.S Government Suspects Cellphone Spying in DC

stingray ii use dc washington

The Department of Homeland Security acknowledged in a letter to the Senator Ron Wyden that unauthorized cell-site simulators were suspected and identified in Washington D.C. The operators and their intentions remain unknown.

What could be done with these devices? Well, mobile signals are intercepted by these machine, which simulate legitimate cell towers to trick cellphones into reaching them.

Once this connection is locked, and depending on the device’s version, the operator can track a cellphone’s particular location or eavesdrop calls through insecure 2G signals. Government officials usually utilize secure communication channels, but regular citizens might be both unaware and unprepared for this.

Little has been done to face the issue, and there’s a lack of action due to the complexity of all necessary countermeasures (upgrading all communications is a technical and financial struggle).

What’s more, according to Aaron Turner, president of the mobile security consultancy Integricell and member of the 2014 sweep team that first scanned the issue, most state-related agencies or offices utilize this devices. This could be the reason why regulating both foreign and local use of StingRay II like devices is a tough task, more so if embassies are known for utilizing them. 


Outgoing White House Emails Lack Verification

global cyber alliance

26 email domains utilized by the Executive Office of the President have been tested by the Global Cyber Alliance security group, proving only 8 of them were in compliance with the Department of Homeland Security directive to implement email verification systems (DMARC).

This security protocol DMARC task is to prove an email genuinely is from the White House, to avoid fake messages, phishing campaigns, and misinformation. A key trust barrier any institution benefits from.

Even if 8 domains are using DMARC, 7 of them haven’t set alerts to providers so fake emails are removed from inboxes. Only one of them complies completely with DHS directive. 


Ransomware is Taking Advantage of its Fall


Ransomware isn’t gone at all, but it did go down when attackers found new and trendy ways to scrape the victim’s wallets. However while the public eye transitioned to the latest threats, ransomware such as GandCrab continue their operations, bringing new tricks to the table and experimenting with new tactics during this ‘passing of the guard’.

According to research conducted by the Malwarebytes team, ransomware attacks on the general public plummeted, but organizations are still receiving a great portion of these attacks.

Variants like SamSam are proving that attackers now focus their efforts on bigger organizations, bigger results, and bigger pay-offs. This particular ransomware branch studies vulnerable networks and moves laterally across them to maximize its efforts, winning the Gold Lowell hacking group over $350,000 in only few months.

Even if researchers expect to see these creative branches grow as the year goes by, they don’t see them reaching 2017’s distribution magnitude, with gigantic actors like WannaCry and Locky that are now out of the game.


It’s always a good day to audit your institution’s security protocol enforcement! The tiniest and most simple exploit fix can save you a few headaches. 


Nicolas Poggi

Nicolas Poggi

Nicolas Poggi is the head of mobile research at Prey, Inc., provider of the open source Prey Anti-Theft software protecting eight million mobile devices. Nic’s work explores technology innovations within the mobile marketplace, and their impact upon security. Nic also serves as Prey’s communications manager, overseeing the company’s brand and content creation. Nic is a technology and contemporary culture journalist and author, and before joining Prey held positions as head of indie coverage at TheGameFanatics, and as FM radio host and interviewer at IndieAir.