Preliminary data from DHS security pilot may suggest widespread hacking

Preliminary data from DHS security pilot may suggest widespread hacking
© Getty Images

A Homeland Security Department pilot program designed to monitor a specific kind of mobile hacking may have discovered consistent attacks around the country. But a source with knowledge of the program says it is too early to make that determination.

The program, dubbed Overwatch, is managed by Homeland Security using the contractor ESD America and is designed to detect what's known as Signalling System 7 (SS7) hacking. 

The Washington Free Beacon reported Thursday evening that "security insiders" noted a spike in SS7 hacking in the Washington, D.C., area detected during the trial was followed by attacks across the country. CBS News later confirmed that with an employee at ESD America, who said the equipment being used in the attack suggests a foreign actor.  

Yet a source familiar with the program cautioned anyone from drawing too many conclusions about surveillance from the raw data. 

"This is a pilot program and the information still needs to be comprehensively analyzed," that source said. 

ADVERTISEMENT
SS7 hacking takes advantage of the system allowing cellphone networks to communicate with each other. Phone owners use SS7, for example, whenever they roam from one network to another.

In 2014, the German researcher Karsten Nohl discovered that, if a hacker gained access to the SS7 system, that hacker could take advantage of accounts in a variety of ways — including monitoring phone calls or charging calls to someone else's account. 

Even before the Washington Free Beacon report, some lawmakers had taken a keen interest in SS7 hacking. 

Rep. Ted Lieu (D-Calif.) and Sen. Ron WydenRon WydenTrump's Democratic tax dilemma Senate Dems push Trump admin to protect nursing home residents' right to sue Overnight Finance: Trump-Russia probe reportedly expands to possible financial crimes | Cruel September looms for GOP | Senate clears financial nominees | Mulvaney reverses on debt ceiling MORE (R-Ore.) sent a letter to Homeland Security Secretary John Kelly on Thursday asking how the DHS planned to address the problem.  

"We suspect that most Americans simply have no idea how easy it is for a relatively sophisticated adversary to track their movements, tap their calls, and hack their smartphones. We are also concerned that the government has not adequately considered the counterintelligence threat posed by SS7-enabled surveillance,” they wrote.

Lieu has taken frequent action on the issue for nearly a year, since he volunteered to have his phone hacked remotely on an episode of "60 Minutes."

In a written statement, Homeland Security acknowledged the Overwatch program without acknowledging the test results. 

"The Overwatch system is part of a 90-day pilot that was initiated on January 18, 2017. The Overwatch System is managed by DHS, through ESD America Inc., a defense and law enforcement technology provider that provides technical security assistance to government and corporate clients," the DHS said.