A Homeland Security Department pilot program designed to monitor a specific kind of mobile hacking may have discovered consistent attacks around the country. But a source with knowledge of the program says it is too early to make that determination.
The program, dubbed Overwatch, is managed by Homeland Security using the contractor ESD America and is designed to detect what's known as Signalling System 7 (SS7) hacking.
The Washington Free Beacon reported Thursday evening that "security insiders" noted a spike in SS7 hacking in the Washington, D.C., area detected during the trial was followed by attacks across the country. CBS News later confirmed that with an employee at ESD America, who said the equipment being used in the attack suggests a foreign actor.
Yet a source familiar with the program cautioned anyone from drawing too many conclusions about surveillance from the raw data.
"This is a pilot program and the information still needs to be comprehensively analyzed," that source said.
In 2014, the German researcher Karsten Nohl discovered that, if a hacker gained access to the SS7 system, that hacker could take advantage of accounts in a variety of ways — including monitoring phone calls or charging calls to someone else's account.
Even before the Washington Free Beacon report, some lawmakers had taken a keen interest in SS7 hacking.
Rep. Ted Lieu (D-Calif.) and Sen. Ron WydenRon WydenFive fights for Trump’s first year Wyden pushing to mandate 'basic cybersecurity' for Senate Consumer groups blast DHS head for seeking travelers' social media passwords MORE (R-Ore.) sent a letter to Homeland Security Secretary John Kelly on Thursday asking how the DHS planned to address the problem.
"We suspect that most Americans simply have no idea how easy it is for a relatively sophisticated adversary to track their movements, tap their calls, and hack their smartphones. We are also concerned that the government has not adequately considered the counterintelligence threat posed by SS7-enabled surveillance,” they wrote.
Lieu has taken frequent action on the issue for nearly a year, since he volunteered to have his phone hacked remotely on an episode of "60 Minutes."
In a written statement, Homeland Security acknowledged the Overwatch program without acknowledging the test results.
"The Overwatch system is part of a 90-day pilot that was initiated on January 18, 2017. The Overwatch System is managed by DHS, through ESD America Inc., a defense and law enforcement technology provider that provides technical security assistance to government and corporate clients," the DHS said.