Hacker Camp Makes DIY Phones, Is Bombarded by DIY IMSI Catcher

At this year's Electromagnetic Field hacking and culture festival, attendees' badges were fully functioning phones. But hackers gonna hack.

|
Sep 5 2018, 3:00pm

Image: Mitch Altman

Electromagnetic Field (EMF) is a camping festival for hackers, creative types, and generally the all-around curious in an English nature reserve. This year, every attendee was given a special festival badge which doubled as a fully functional, open source phone.

But hackers being hackers, someone at the festival deployed their own surveillance device, a homemade IMSI catcher, extracting sensitive information from attendees’ badges and sending text messages en masse.

“There were spoofed texts being bombarded,” one person who attended EMF last weekend said. Motherboard granted sources for this story anonymity to discuss potentially illegal activity more candidly.

An IMSI catcher, sometimes known under the brand name Stingray, is a piece of tech that pretends to be a cell phone tower, forcing local phones to connect to it. This allows the oft-suitcase sized device to grab SIM cards’ unique IMSI codes, geolocate devices, and provide other surveillance capabilities. Typically law enforcement or other government bodies use such tech; their sale is often regulated, but it’s perfectly possible to make your own with available hardware and open source software. IMSI catchers exist for phones on GSM networks as well as 3G and 4G.

And the EMF badge is really no different from phones an IMSI catcher may normally target. Dubbed the TiLDA Mk4, the badge “allows you to make and receive calls, send text messages, and use data anywhere in the world. At camp it’s a fun toy, but when you leave it’s perfect for remote IoT [Internet of Things] connectivity,” a post on the EMF website reads.

Got a tip? You can contact this reporter securely on Signal on +44 20 8133 5190, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

Another attendee provided Motherboard with screenshots of text messages apparently sent by the IMSI catcher.

“Oh noez! You’re connected to an Evil Twin network!” one of the messages reads, before providing the phone’s IMSI. An evil twin network is one that poses as a legitimate data access point but instead uses some form of attack against devices that join it.

“A few of us got it [the messages],” the second attendee said.

Hackers often prop up IMSI catchers at conferences. Scans at DEF CON in Las Vegas previously showed a suspicious spike in the number of alleged cell phone towers along the city’s strip, suggesting some of those are likely rogue towers instead.