NSA Eavesdrops On In-flight Mobile Calls

Uploaded on 2016-12-21 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

The NSA and its British counterpart GCHQ have an entire program dedicated to intercepting targets in the skies by tracking their mobiles.  

If you’ve been taking your sensitive phone calls at 30,000 feet, well, it’s time to stop. Apparently, the NSA knows about your extremely elaborate privacy workaround, putting your iPhone in the freezer is so 2013, and can hear your calls at cruising altitude just the same.

According to a new joint report from Le Monde and The Intercept on previously unreported content from the Snowden files, the NSA and its British counterpart GCHQ have an entire program dedicated to tracking targets in the skies. 

As airlines back off from formerly strict policies around in-flight mobile use, GCHQ and the NSA have been ready and waiting with their own high-altitude surveillance solution, coming to a commercial airline near you.

According to the report, GCHQ had the process dialed in: “To spy on a telephone, all that was required was that the aircraft be cruising at an altitude above 10,000 feet. Secret aerial stations on the ground could intercept the signal as it transited through a satellite. The simple fact that the telephone was switched on was enough to give away its position; the interception could then be cross-referenced with the list of known passengers on the flight, the flight number, and the airline code to determine the name of the smartphone user.”

Air France appears to be the favorite surveillance target for this particular flavor of spying, but as of 2012, British Airways, Lufthansa, Emirates and more than 20 other commercial airlines were of interest due to easing restrictions around in-flight GSM phone use. The program, code-named “Thieving Magpie,” is detailed in a series of slides on the topic “Using on-board GSM/GPRS services to track targets.”

According to the NSA document obtained by The Intercept, entire flights by carriers Air France and Air Mexico have been designated “possible terrorist targets” for more than a decade. Presumably, the program also surveils private flights, where in-flight calls are commonplace because when you’re rich you can do literally whatever you want.

The newly leaked slides outline real-time tracking abilities, noting how surveillance targets can be intercepted upon arrival at their destination. As a slide titled “Travel Tracking” explains: “We can confirm that targets selectors are on board specific flights in near real time, enabling surveillance or arrest teams to be put in place in advance.”

While tracking targets via mobile signals is nothing new, monitoring them in-flight offers the unique challenge of a literal moving target. Much to the chagrin of the two spy agencies, surveillance targets could blink offline and pop up on another side of the globe if a strategy like the one detailed in this report didn’t fill in the gaps.

TechCrunch

« Making Sense Of Cyber Insurance
What Happened To The Blockchain Revolution? »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

SC Media

SC Media

SC Media arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face.

First National Technology Solutions (FNTS)

First National Technology Solutions (FNTS)

First National Technology Solutions is a leading provider of flexible, customized hosted and remote managed services including IT security and compliance.

Antiy Labs

Antiy Labs

Antiy Labs is a vender of antivirus engine and solution, providing the best-in-breed antivirus engine and next generation antivirus services for confronting PC malware and mobile malware.

ZeroNorth

ZeroNorth

ZeroNorth provides a new approach to improve software and infrastructure security, simplify continuous compliance reporting and to create more cost-effective risk management programs.

Wise-Mon

Wise-Mon

Wise-Mon is expert in its field of network monitoring and control. We give solutions to huge organizations with tens of thousands of ports, as well as small companies with one switch.

Red Piranha

Red Piranha

Red Piranha's Crystal Eye Unified Threat Management Platform is designed for Managed Service Providers and corporations that need extreme security that is both easy to use and affordable.

Port53 Technologies

Port53 Technologies

Port53 Technologies is focused on delivering enterprise-grade, cloud-delivered security solutions that are easy to deploy, simple to manage and extremely effective.

Cohesity

Cohesity

Cohesity radically simplifies the way businesses back up, manage, protect, and extract value from their data—in the data center, at the edge, and in the cloud.

Ministry of Information and Communications (MIC) - Vietnam

Ministry of Information and Communications (MIC) - Vietnam

The Ministry of Information & Communications of Vietnam is the policy making and regulatory body in the field of information technology and national information and and communication infrastructure.

UK Cyber Security Association (UKCSA)

UK Cyber Security Association (UKCSA)

The UK Cyber Security Association (UKCSA) is a membership organisation for individuals and organisations who actively work in the cyber security industry.

CySecK

CySecK

CySecK is a Centre of Excellence in Cybersecurity formed in 2017 by the Government of Karnataka, as part of the Technology Innovation Strategy.

Helix Security Services

Helix Security Services

Helix Security provides IT & information security consultancy to government and businesses across New Zealand.

Exacom

Exacom

Exacom is a leading provider of multimedia logging/recording solutions across public safety, government, DoD, energy, utilities, transportation, and security applications.

VeriBOM

VeriBOM

VeriBOM is a SaaS security and compliance platform that helps protect you and your customers through automation, documentation, and transparency for every software application you build or run.

Liquid C2

Liquid C2

Liquid C2 offers leading solutions to streamline workplace operations, secure cloud storage, rapid data recovery, and scale growth.

CNNECT

CNNECT

CNNECT are specialists in cloud, collaboration and cybersecurity, constantly evolving the way in which we understand, advise and deploy these technologies