Stingray mobile phone surveillance equipment estimated to cost up to £200,000 has been found hidden near the Norwegian parliament, believed to be snooping on legislators.
Following a two week investigation, Norway's Aftenposten newspaper reported to the Norwegian National Security Authority (NSM) that it had discovered IMSI-catchers (International Mobile Subscriber Identity) of a type believed sold by Harris Corporation, located inside fake mobile phone stations near government and parliamentary buildings in Oslo. At least six devices were found, each about the size of a suitcase. Potential targets within a radius of one kilometre of the equipment include the prime minister's office, the ministry of defence, Stortinget (parliament) and the central bank, Norges Bank, ministers, state secretaries, members of parliament, state officials, the American and Israeli embassies as well as many private businesses.
In Norway StingRay technology is only allowed to be operated by law enforcement and intelligence agencies. The transmitters were switched on and were able to register all mobile phones within signal reach.
Hans Christian Pretorius, department head at the Norwegian National Security Authority, was reported by Aftenposten as saying that that the security Agency has started its investigation commenting: “All the data is not ready yet, but we have also found signals from IMSI-catchers in Oslo.”
No attribution has been made, nor any comment whether it is believed to be state actors or not – but it is clearly a well resourced entity with access to sophisticated equipment.
Initially IMSI-catchers only collect data from the sim-card but the intrusion can escalate, as the Aftenposten report explains: The most advanced versions can register several hundred numbers in just a few minutes. Once a mobile phone has been detected by a fake base station, the IMSI-catcher can enter an active mode to eavesdrop on certain conversations. Then it will transmit the conversation to the real GSM-system acting as a ‘man-in-the-middle.
The fake base station can even register SMS-messages and install spyware enabling its operator to switch on the microphone so that the mobile phone can be used to bug rooms and meetings.