NSA Eavesdrops On In-flight Mobile Calls

The NSA and its British counterpart GCHQ have an entire program dedicated to intercepting targets in the skies by tracking their mobiles.  

If you’ve been taking your sensitive phone calls at 30,000 feet, well, it’s time to stop. Apparently, the NSA knows about your extremely elaborate privacy workaround, putting your iPhone in the freezer is so 2013, and can hear your calls at cruising altitude just the same.

According to a new joint report from Le Monde and The Intercept on previously unreported content from the Snowden files, the NSA and its British counterpart GCHQ have an entire program dedicated to tracking targets in the skies. 

As airlines back off from formerly strict policies around in-flight mobile use, GCHQ and the NSA have been ready and waiting with their own high-altitude surveillance solution, coming to a commercial airline near you.

According to the report, GCHQ had the process dialed in: “To spy on a telephone, all that was required was that the aircraft be cruising at an altitude above 10,000 feet. Secret aerial stations on the ground could intercept the signal as it transited through a satellite. The simple fact that the telephone was switched on was enough to give away its position; the interception could then be cross-referenced with the list of known passengers on the flight, the flight number, and the airline code to determine the name of the smartphone user.”

Air France appears to be the favorite surveillance target for this particular flavor of spying, but as of 2012, British Airways, Lufthansa, Emirates and more than 20 other commercial airlines were of interest due to easing restrictions around in-flight GSM phone use. The program, code-named “Thieving Magpie,” is detailed in a series of slides on the topic “Using on-board GSM/GPRS services to track targets.”

According to the NSA document obtained by The Intercept, entire flights by carriers Air France and Air Mexico have been designated “possible terrorist targets” for more than a decade. Presumably, the program also surveils private flights, where in-flight calls are commonplace because when you’re rich you can do literally whatever you want.

The newly leaked slides outline real-time tracking abilities, noting how surveillance targets can be intercepted upon arrival at their destination. As a slide titled “Travel Tracking” explains: “We can confirm that targets selectors are on board specific flights in near real time, enabling surveillance or arrest teams to be put in place in advance.”

While tracking targets via mobile signals is nothing new, monitoring them in-flight offers the unique challenge of a literal moving target. Much to the chagrin of the two spy agencies, surveillance targets could blink offline and pop up on another side of the globe if a strategy like the one detailed in this report didn’t fill in the gaps.

TechCrunch

« Making Sense Of Cyber Insurance
What Happened To The Blockchain Revolution? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

FireEye

FireEye

FireEye delivers unmatched detection, protection and response technology through an extensible and flexible cloud-based XDR platform.

IoTium

IoTium

Secure Cloud Managed Software Defined IoT Networks. IoTium simplifies establishing and managing secure network infrastructure for Industrial IoT.

BaseN

BaseN

BaseN is a full stack IoT Operator. We control the full value chain in order to provide ultimate scalability, fault tolerance and security to our customers.

Workz Group

Workz Group

Workz connects and protects mobile subscribers of today and tomorrow by providing secure removable or embedded SIMs and remote provisioning solutions for consumer, M2M and IOT devices.

Quantea

Quantea

Our multi-patented solutions - QP Series Network Analytics Accelerator appliance and PureInsight Analytics Software Suite allows you to capture, analyze, store, replay, network traffic data.

Naoris

Naoris

Naoris is the world’s first holistic blockchain-based cybersecurity ecosystem, bringing a game-changing solution to address 35 years of industry similar practice.

SecuLetter

SecuLetter

SecuLetter is able to detect unknown attacks with hybrid approaches, static and dynamic analysis.

FutureCon Events

FutureCon Events

FutureCon produces cutting edge events aimed for Senior Level Professionals working in the security community, bringing together the best minds in the industry for a unique cybersecurity event.

Stratus Cyber

Stratus Cyber

Stratus Cyber is a premier Cyber Security company specializing in Managed Security Services. Our services include Blockchain Security, Pentesting, and Compliance Assessments.

Authomize

Authomize

Authomize aggregates identities and authorization mechanisms from any applications around your hybrid environment into one unified platform so you can easily and rapidly manage and secure all users.

Softcat

Softcat

Softcat offer a broad portfolio of IT services and solutions covering Hybrid Infrastructure, Cyber Security, Digital Workspace and IT Intelligence.

8com

8com

8com is an established Managed Security Service Provider (MSSP) with over 75 employees and customers in over 40 countries.

Chainguard

Chainguard

Founded by the industry's leading experts on open source software, security and cloud native development, Chainguard are on a mission to make the software supply chain secure by default.

Virtual Infosec Africa (VIA)

Virtual Infosec Africa (VIA)

Virtual InfoSec Africa (VIA) is a wholly-owned Ghanaian company specializing in information security and cybersecurity solutions and services.

Onwardly

Onwardly

For everyday folks tasked with implementing security and privacy. Do it faster with Onwardly - build, launch and scale your cyber resilience program in 30 minutes per week.

Denodo

Denodo

Denodo transforms the way organizations operate by unifying their data assets in real time and making data ubiquitous and secure to all users and business applications.