Re: ‘Fake’ cellphone towers found in U.S.

coderman coderman at
Tue Sep 2 03:36:08 PDT 2014

On 9/2/14, Cathal Garvey <cathalgarvey at> wrote:
> ...
> Also, that nameless towers are assumed to be government intercepts. I
> can imagine (though I don't know much, if I'm honest) situations in
> which backup towers brought in for events (concerts, public gatherings,
> etc.) might be contracted from third parties and present apparently
> aberrant nomenclature, if any. These backup cells might be brought into
> otherwise quiet areas for normal maintenance, or to back up faulty
> towers, etc.;

a legitimate roaming association when out of normal coverage areas is
different from what could be called an "intercept attack".  that is to
say, actively placing an intercept channel in front of a station when
that station is able to associate with legitimate carrier towers is an
active attack against carrier networks, while a roaming association
when out of range of carrier is a desired function and not malicious.

to complicate matters, a number of years back i reported on active
MitM attacks on 4G networks by interfering with existing associations
to force a roaming hand-off to attacker endpoint.  thus a
determination of what is "normal" perspective to carrier towers
requires a span of time combined with local observation. (snapshots
not sufficient)

also, the new broadband back-haul'ed femtocells that some carriers are
distributing may or may not appear as an impersonating interceptor,
exhibiting the usual properties of a rogue tower while actually being
carrier provisioned capacity.

> ... on the other hand, why would the
> US feds need to roll out a nationwide cell tower network to spy on
> everyone when..they already have one? :)

this is an interesting question.  presumably there are two reasons: a)
that the usual intercepts require judicial approval and logistic
delays, and b) manipulating the local link and signaling channel
affords deep "enabling" of the target via means not cleared to transit
untrusted networks.

fun questions, encourage more research!

More information about the cypherpunks mailing list