NSA Eavesdrops On In-flight Mobile Calls

The NSA and its British counterpart GCHQ have an entire program dedicated to intercepting targets in the skies by tracking their mobiles.  

If you’ve been taking your sensitive phone calls at 30,000 feet, well, it’s time to stop. Apparently, the NSA knows about your extremely elaborate privacy workaround, putting your iPhone in the freezer is so 2013, and can hear your calls at cruising altitude just the same.

According to a new joint report from Le Monde and The Intercept on previously unreported content from the Snowden files, the NSA and its British counterpart GCHQ have an entire program dedicated to tracking targets in the skies. 

As airlines back off from formerly strict policies around in-flight mobile use, GCHQ and the NSA have been ready and waiting with their own high-altitude surveillance solution, coming to a commercial airline near you.

According to the report, GCHQ had the process dialed in: “To spy on a telephone, all that was required was that the aircraft be cruising at an altitude above 10,000 feet. Secret aerial stations on the ground could intercept the signal as it transited through a satellite. The simple fact that the telephone was switched on was enough to give away its position; the interception could then be cross-referenced with the list of known passengers on the flight, the flight number, and the airline code to determine the name of the smartphone user.”

Air France appears to be the favorite surveillance target for this particular flavor of spying, but as of 2012, British Airways, Lufthansa, Emirates and more than 20 other commercial airlines were of interest due to easing restrictions around in-flight GSM phone use. The program, code-named “Thieving Magpie,” is detailed in a series of slides on the topic “Using on-board GSM/GPRS services to track targets.”

According to the NSA document obtained by The Intercept, entire flights by carriers Air France and Air Mexico have been designated “possible terrorist targets” for more than a decade. Presumably, the program also surveils private flights, where in-flight calls are commonplace because when you’re rich you can do literally whatever you want.

The newly leaked slides outline real-time tracking abilities, noting how surveillance targets can be intercepted upon arrival at their destination. As a slide titled “Travel Tracking” explains: “We can confirm that targets selectors are on board specific flights in near real time, enabling surveillance or arrest teams to be put in place in advance.”

While tracking targets via mobile signals is nothing new, monitoring them in-flight offers the unique challenge of a literal moving target. Much to the chagrin of the two spy agencies, surveillance targets could blink offline and pop up on another side of the globe if a strategy like the one detailed in this report didn’t fill in the gaps.

TechCrunch

« Making Sense Of Cyber Insurance
What Happened To The Blockchain Revolution? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Wall Street Technology Association (WSTA)

Wall Street Technology Association (WSTA)

The Wall Street Technology Association (WSTA) provides financial industry technology professionals with forums to learn from and connect with each other.

Red Hat

Red Hat

Red Hat is a leader in open source software development. Our software security team proactively identifies weaknesses before they become problems.

Trust in Digital Life (TDL)

Trust in Digital Life (TDL)

TDL is a membership association comprising companies, SMEs, universities and research institutes who exchange experience and insights to make digital services in Europe trustworthy and safe.

Beazley

Beazley

Beazley are a specialist insurer with three decades of experience in providing clients with the highest standards of underwriting and claims service worldwide.

ICT Reverse

ICT Reverse

ICT Reverse is one of the UK’s leading, fully accredited providers of ICT asset disposal and secure data erasure.

Vanbreda

Vanbreda

Vanbreda Risk & Benefits is the largest independent insurance broker and risk consultant in Belgium and the leading insurance partner in the Benelux.

Ukrainian Academy of Cyber Security (UACS)

Ukrainian Academy of Cyber Security (UACS)

UACS is a professional non-profit public organization established to promote the development of an extensive network and ecosystem of education and training in the field of cyber security.

BreachLock

BreachLock

Breachlock delivers the most comprehensive Penetration Testing as a Service (PtaaS) powered by Certified Hackers and AI.

Toothpic

Toothpic

ToothPic has invented, designed, developed and patented a solution to enable companies to turn every smartphone into a secure key for a user-friendly online authentication.

Cigent Technology

Cigent Technology

Cigent keeps the most valuable asset in your organization safe—your data. Our advanced endpoint and managed network security solutions prevent ransomware and data theft.

FortKnoxster

FortKnoxster

FortKnoxster is a cybersecurity company within the Crypto & FinTech space. Our encryption technologies are blockchain integrated.

Gotham Digital Science (GDS)

Gotham Digital Science (GDS)

Gotham Digital Science is an international security services company specializing in Application and Network Infrastructure security, and Information Security Risk Management.

IPKeys Cyber Partners

IPKeys Cyber Partners

IPKeys Cyber Partners, together with the IPKeys Power Partners unit, provide Cyber Security and CIP Compliance for utilities, grid operators and public safety organization across the USA.

ShieldIO

ShieldIO

ShieldIO Real-Time Homomorphic Encryption™ enables your organization to reach regulatory compliance without compromising data availability.

Forward Global

Forward Global

Forward Global designs and delivers services and technologies to manage digital, economic, and information risks.

SecuRedact

SecuRedact

SecuRedact is an AI-powered tool to detect and pseudonymize personal data in text and images. Fast, local, secure, and free to try.