NSA Eavesdrops On In-flight Mobile Calls

The NSA and its British counterpart GCHQ have an entire program dedicated to intercepting targets in the skies by tracking their mobiles.  

If you’ve been taking your sensitive phone calls at 30,000 feet, well, it’s time to stop. Apparently, the NSA knows about your extremely elaborate privacy workaround, putting your iPhone in the freezer is so 2013, and can hear your calls at cruising altitude just the same.

According to a new joint report from Le Monde and The Intercept on previously unreported content from the Snowden files, the NSA and its British counterpart GCHQ have an entire program dedicated to tracking targets in the skies. 

As airlines back off from formerly strict policies around in-flight mobile use, GCHQ and the NSA have been ready and waiting with their own high-altitude surveillance solution, coming to a commercial airline near you.

According to the report, GCHQ had the process dialed in: “To spy on a telephone, all that was required was that the aircraft be cruising at an altitude above 10,000 feet. Secret aerial stations on the ground could intercept the signal as it transited through a satellite. The simple fact that the telephone was switched on was enough to give away its position; the interception could then be cross-referenced with the list of known passengers on the flight, the flight number, and the airline code to determine the name of the smartphone user.”

Air France appears to be the favorite surveillance target for this particular flavor of spying, but as of 2012, British Airways, Lufthansa, Emirates and more than 20 other commercial airlines were of interest due to easing restrictions around in-flight GSM phone use. The program, code-named “Thieving Magpie,” is detailed in a series of slides on the topic “Using on-board GSM/GPRS services to track targets.”

According to the NSA document obtained by The Intercept, entire flights by carriers Air France and Air Mexico have been designated “possible terrorist targets” for more than a decade. Presumably, the program also surveils private flights, where in-flight calls are commonplace because when you’re rich you can do literally whatever you want.

The newly leaked slides outline real-time tracking abilities, noting how surveillance targets can be intercepted upon arrival at their destination. As a slide titled “Travel Tracking” explains: “We can confirm that targets selectors are on board specific flights in near real time, enabling surveillance or arrest teams to be put in place in advance.”

While tracking targets via mobile signals is nothing new, monitoring them in-flight offers the unique challenge of a literal moving target. Much to the chagrin of the two spy agencies, surveillance targets could blink offline and pop up on another side of the globe if a strategy like the one detailed in this report didn’t fill in the gaps.

TechCrunch

« Making Sense Of Cyber Insurance
What Happened To The Blockchain Revolution? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Norton Rose Fulbright

Norton Rose Fulbright

Norton Rose Fulbright is a global business law firm. Practice areas include Data protection, Privacy and Cybersecurity.

BGD E-GOV CIRT

BGD E-GOV CIRT

BGD e-GOV CIRT's mission is to support government efforts to develop ICT programs by establishing incident management capabilities within Bangladesh.

Picasso

Picasso

The Picasso project is focused on ICT Policy, Research and Innovation for a Smart Society: towards new avenues in EU-US ICT collaboration.

Cyanre

Cyanre

Cyanre delivers state of the art cyber forensic services through software technologies and procedures that exceed conformities of major law enforcement agencies across the globe.

Brighter AI

Brighter AI

Brighter AI empowers companies to use publicly-recorded camera data for analytics & AI while being compliant with increasing data privacy regulations worldwide.

Institute of Informatics and Telematics (IIT)

Institute of Informatics and Telematics (IIT)

IIT carries out activities of research, assessment, technology transfer and training in the field of Information and Communication Technologies and of Computational Sciences.

TechStak

TechStak

TechStak is the easiest way for businesses to find and connect with IT Pros and other technology solution providers in their area.

Cyber Risk Aware

Cyber Risk Aware

Cyber Risk Aware provide a security awareness and phishing simulation platform that focuses on real threats and educates and empowers employees to be the first line of defence.

Stone Forest IT (SFIT)

Stone Forest IT (SFIT)

Stone Forest IT specialises in providing advisory, implementation and managed services for IT infrastructure, IT security solutions, business applications (ERP and CRM) and business analytical tools.

Belcan

Belcan

Belcan is a global supplier of engineering, manufacturing & supply chain, workforce and government IT solutions to customers in the aerospace, defense, automotive, industrial, and private sector.

Alibaba Cloud

Alibaba Cloud

Alibaba Cloud is committed to safeguarding the cloud security for every business by leveraging a comprehensive suite of enterprise security services and products on the platform.

Difenda

Difenda

Difenda Shield is a fully integrated and modular cybersecurity suite that gives your organization the agility it needs to implement a world-class cybersecurity system.

CentriVault

CentriVault

CentriVault is a leading independent provider of Cyber Security and Data protection services to small and medium enterprises (SMEs).

Zeron

Zeron

Zeron build bridges between security teams and top management. Our platform unifies your cyber risk posture seamlessly, encompassing threat insights and quantifiable risk scenarios.

Cloud Software Group

Cloud Software Group

Cloud Software Group provides mission-critical software to enterprises at scale.

Simbian

Simbian

Simbian, with its hardened TrustedLLM system, is the first to accelerate security by empowering every member of a security team from the C-Suite to frontline practitioners.