Possible spying under investigation

False mobile base stations have been discovered in Oslo

Photo: John Erling Blad / Wikimedia Commons Many of the false base stations were found in the vicinity of Stortinget, Norway’s parliament.

Photo: John Erling Blad / Wikimedia Commons
Many of the false base stations were found in the vicinity of Stortinget, Norway’s parliament.

Michael Sandelson
The Foreigner

“We’re taking this very seriously and doing our own analyses,” National Security Authority (NSM) communications director Mona Strøm Arnøy told The Foreigner, Saturday, Dec. 13. She makes her comments following Aftenposten’s revelations that central Oslo-located false mobile base stations have likely been deployed to monitor top politicians and others.

Law enforcement and intelligence agencies use these so-termed IMSI Catchers (International Mobile Subscriber Identity), to eavesdrop on mobile calls and track users’ movements. They are illegal for sale to the general public. Which persons or organizations are behind their use in the Norwegian capital is not yet known.

To carry investigations out, Aftenposten staff employed the German-made CryptoPhone 500 mobile to discover these facilities between Oct. 10 and Nov. 21 this year.

Journalists, who discovered a considerable number of IMSI Catchers in the vicinity of the Parliament and Prime Minister’s Office, made 57 journeys and recorded 50,000 measurements over a 100-kilometer road distance (about 62 miles) in Oslo. They then checked the data for errors such as signal strength, bad or construction-hindered coverage, and uncertain GPS positions. The mobile recorded some 122 “extremely suspicious” incidents, and indicated that suspicious base stations were possibly in the area.

CryptoPhone 500s, highly-encrypted customized Android devices, disguised as a Samsung Galaxy S3s, constantly monitor baseband processor activity. The device, which also detects and informs the user of baseband attacks and initiates automatic countermeasures, offers defense-grade security, according to the manufacturer.

The material journalists found was passed to the Police Security Service (PST), the NSM, the Norwegian Post and Telecommunications Authority (NPT), the Oslo Police, and operators Telenor and Netcom.

They initiated cooperation with British, Czech, and Norwegian research and development company CEPIA Technologies—specialists in Applied Cryptology and High Performance Computing for Governments and research institutions, the firm says—and the Norwegian security company Aeger Group. Both firms then used highly-advanced counterespionage equipment (Falcon II, amongst others) to follow the information up.

Minister of Justice and Public Security Anders Anundsen declares this type of surveillance method is “completely unacceptable.”

“The extent of local surveillance in the [Norwegian] capital that Aftenposten refers to appears to be sizeable and systematized,” he states in an email. “However, we need to know more.”

“The authorities have been, and are aware that we are vulnerable, and that’s why we’ve also taken quite a few precautions when government members talk with each other. Equipment that allows us to discuss sensitive information in a secure manner is then used.”

Norway’s National Security Authority (NSM) submitted its report to the Ministry of Justice, Ministry of Defense, and the Police Security Service (PST), Monday, Dec. 15.

“We have made investigations over several days, using different methods and technical tools. Our main conclusion is that it is likely that the findings Aftenposten has made through their investigations are real,” NSM Director General Kjetil Nilsen said in a statement.

The weekend’s news has also prompted the PST, who has warned mobile subscribers not to reveal confidential information while speaking, to start an investigation.

According to PST press spokesperson Siv Alsen, their investigation is to “examine whether the information that has emerged lately surrounding fake base stations concerns illegal intelligence activities for foreign states’ advantage.”

Who is/are behind the current espionage is still undiscovered. The government’s present mobile data communications encryption is vulnerable.

However, security experts tell The Foreigner that the IMSI catchers used in the capital are likely not the most advanced pieces of equipment, and therefore probably not a high-level threat.

For more on this story, see The Foreigner’s in-depth reporting at theforeigner.no/pages/news/oslo-base-stations-are-likely-to-be-false-norwegian-security-officials-say and theforeigner.no/pages/news/oslo-mobile-espionage-probably-not-high-level-threat.

This article was originally published on The Foreigner. To subscribe to The Foreigner, visit theforeigner.no.

It also appeared in the Dec. 26, 2014, issue of the Norwegian American Weekly.

Norwegian American Logo

The Norwegian American

The Norwegian American is North America's oldest and only Norwegian newspaper, published since May 17, 1889.