Federal agents from the Department of Homeland Security and the Justice Department used “a sophisticated cell phone cloning attack—the details of which remain classified—to intercept protesters’ phone communications” in Portland this summer, Ken Klippenstein reported this week in The Nation. Put aside for the moment that, if the report is true, federal agents conducted sophisticated electronic surveillance against American protesters, an alarming breach of constitutional rights. Do ordinary people have any hope of defending their privacy and freedom of assembly against threats like this?
Yes, they do. Here are two simple things you can do to help mitigate this type of threat:
Without more details, it’s hard to be entirely sure what type of surveillance was used, but The Nation’s mention of “cell phone cloning” makes me think it was a SIM cloning attack. This involves duplicating a small chip used by virtually every cellphone to link itself to its owner’s phone number and account; this small chip is the subscriber identity module, more commonly known as SIM.
Here’s how SIM cloning would work:
SIM cards contain a secret encryption key that is used to encrypt data between the phone and cellphone towers. They’re designed so that this key can be used (like when you receive a text or call someone) but so the key itself can’t be extracted.
But it’s still possible to extract the key from the SIM card, by cracking it. Older SIM cards used a weaker encryption algorithm and could be cracked quickly and easily, but newer SIM cards use stronger encryption and might take days or significantly longer to crack. It’s possible that this is why the details of the type of surveillance used in Portland “remain classified.” Do federal agencies know of a way to quickly extract encryption keys from SIM cards? (On the other hand, it’s also possible that “cell phone cloning” doesn’t describe SIM cloning at all but something else instead, like extracting files from the phone itself instead of data from the SIM card.)
Assuming the feds were able to extract the encryption key from their target’s SIM card, they could give the phone back to their target and then spy on all their target’s SMS text messages and voice calls going forward. To do this, they would have to be physically close to their target, monitoring the radio waves for traffic between their target’s phone and a cell tower. When they see it, they can decrypt this traffic using the key they stole from the SIM card. This would also fit with what the anonymous former intelligence officials told The Nation; they said the surveillance was part of a “Low Level Voice Intercept” operation, a military term describing audio surveillance by monitoring radio waves.
If you were arrested in Portland and you’re worried that federal agents may have cloned your SIM card while you were in custody, it would be prudent to get a new SIM card.
Even if law enforcement agencies don’t clone a target’s SIM card, they could gather quite a bit of information after temporarily confiscating the target’s phone.
They could power off the phone, pop out the SIM card, put it in a separate phone, and then power that phone on. If someone sends the target an SMS message (or texts a group that the target is in), the feds’ phone would receive that message instead of the target’s phone. And if someone called the target’s phone number, the feds’ phone would ring instead. They could also hack their target’s online accounts, so long as those accounts support resetting the password using a phone number.
But, in order to remain stealthy, they would need to power off their phone, put the SIM card back in their target’s phone, and power that phone on again before before returning it, which would restore the original phone’s access to the target’s phone number, and the feds would lose access.
The simplest and best way to protect against SIM cloning attacks, as well as eavesdropping by stingrays, controversial phone surveillance devices that law enforcement has a history of using against protesters, is to stop using SMS and normal phone calls as much as possible. These are not and have never been secure.
Instead, you can avoid most communication surveillance by using an end-to-end encrypted messaging app. The Signal app is a great choice. It’s easy to use and designed to hold as little information about its users as possible. It also lets Android users securely talk with their iPhone compatriots. You can use it for secure text messages, texting groups, and voice and video calls. Here’s a detailed guide to securing Signal.
If you use an iPhone and want to securely talk to other iPhone users, the built-in Messages and FaceTime apps are also encrypted. WhatsApp texts and calls are encrypted too. Though keep in mind that if you use Messages or WhatsApp, your phone may be configured to save unencrypted backups of your text messages to the cloud where law enforcement could access them.
You can’t use an encrypted messaging app all by yourself, so it’s important to get all of your friends and fellow activists to use the same app. The more people you can get to use an encrypted messaging app instead of insecure SMS and voice calls, the better privacy everyone has. (For example, I use Signal to text with my parents, and you should too.)
None of these encrypted messaging apps send data over insecure SMS messages or voice calls, so SIM cloning and stingrays can’t spy on them. Instead they send end-to-end encrypted data over the internet. This also means that the companies that run these services can’t hand over your message history to the cops even if they want to; police would instead need to extract those messages directly from a phone that sent or received them.
Another important consideration is preventing cops from copying messages directly off your phone. To prevent this, make sure your phone is locked with a strong passcode and avoid biometrics (unlocking your phone with your face or fingerprint) — or at least disable biometrics on your phone before you go to a protest. You also might consider bringing a cheap burner phone to a protest and leaving your main phone at home.
Another way to protect against certain forms of mobile phone spying is to lock your SIM card by setting a four- to eight-digit passcode known as a SIM PIN. Each time your phone reboots, you’ll need to enter this PIN if you want SMS, voice calls, and mobile data to work.
If you type the wrong PIN three times, your SIM card will get blocked, and you’ll need to call your phone carrier to receive a Personal Unblocking Key (PUK) to unblock it. If you enter the wrong PUK eight times, the SIM card will permanently disable itself.
With a locked SIM, you’ll still be able to use apps and Wi-Fi but not mobile data or cellphone service. So make sure that you securely record your SIM PIN somewhere safe, such as a password manager like Bitwarden, 1Password, or LastPass, and never try to guess it if you can’t remember it. (You can always click “Cancel” to get into your phone without unlocking your SIM card. From there, open a password manager app to look up your PIN, and then reboot your phone again to enter it correctly. I’ve done this numerous times myself just to be sure.)
If you want to lock your SIM card, first you’ll need to know the default SIM PIN for your cellphone company. For AT&T, Verizon, and Google Fi, it’s 1111; for T-Mobile, Sprint, and Metro, it’s 1234. If you use a different phone carrier, you should be able to search the internet to find it. (I would avoid guessing — if you type the wrong default PIN three times, your SIM card will get blocked.)
Once you know your default PIN, here’s how to you set a new one:
Now if law enforcement gets physical access to your phone, they shouldn’t be able to use your locked SIM card without your PIN. If they guess your PIN incorrectly three times, the SIM card will block itself, and they’d need to convince your cellphone company to hand over the PUK for your SIM card in order to use it. If they guess the wrong PUK too many times, the SIM will permanently disable itself.