Fake antennas discovered monitoring cell phones in Nicaragua
Study details irregularities in antennas in Managua, Matagalpa, Jinotega and Estelí, which make it possible to capture citizens’ cell phone information
HAVANA TIMES – The defiant gaze of the late Venezuelan caudillo Hugo Chávez rises in a luminous sculpture in the traffic circle that bears his name in a well-known spot in Managua, where a popular shopping mall converges with the esplanade of the historic Loma de Tiscapa, the location of the offices of the High Command of the Nicaraguan Army.
As you walk through this area, in a specific location and without realizing it, all your telephone information, text messages and even your conversations could be captured by the signals emitted by a “fake antenna” operating at this location in the capital, according to an analysis by South Lighthouse –an organization dedicated to researching technologies in the service of human rights– and the Fake Antenna Detection Project (FADe Project) study.
The study, which has also been carried out in other Latin American capitals, focuses on monitoring the use of IMSI-Catcher devices, used for electronic surveillance, and is part of an initiative of the Seaglass team of the University of Washington and the Crocodile Hunter initiative of the Electronic Frontier Foundation, who developed the monitoring and analysis strategy.
IMSI-Catcher devices can read mobile phones
IMSI-Catcher devices act as “fake antennas” that intercept phone signals and capture traffic from mobile devices. This includes regular cell phone calls, the destination or origin of these calls, text messages, SIM card code, phone location and in some cases, direct eavesdropping on phone conversations.
The name IMSI-Catcher refers to the fact that these devices can “catch” the data of people using a mobile line by means of the IMSI (International Mobile Subscriber Identity) code linked to each device’s SIM card.
FADe Project’s monitoring efforts in Latin America focus on the use of IMSI-Catcher devices, and they have carried out the study in the 2G telephone network in the cities of Quito (Ecuador), San Salvador (El Salvador), Bogota (Colombia), Buenos Aires (Argentina), Santiago de Chile (Chile), La Paz (Bolivia), Caracas (Venezuela) and Managua (Nicaragua).
The monitoring also found fake antenna operations in 4G networks, which have greater traffic capacity and range, in Buenos Aires, Santiago de Chile, Bogota, and, curiously, given the cost of IMSI-Catcher device operations for this type of network, in Managua.
In the case of Nicaragua’s 2G network, the FADe Project monitoring detected irregular operations of 23 false antennas, mainly in Managua, and other irregular signals in areas of Matagalpa, Estelí and Jinotega.
The FADe Project monitoring of fake antenna operations in the 4G network in Managua registered 16 irregular signals in five points of the Nicaraguan capital, including the area between Loma de Tiscapa and the Hugo Chávez traffic circle.
Single objective: electronic surveillance
One of the specialists in charge of the FADe Project in Central America –who asked for anonymity because of his links with Nicaragua– explained that the IMSI-Catcher devices have the sole purpose of electronic surveillance.
The specialist stressed that the revelation of the existence of these antennas in Nicaragua does not mean that the FADe Project study is finding that the devices are being operated for espionage work either by the Nicaraguan Army or the National Police controlled by the Daniel Ortega-Rosario Murillo regime. The project’s monitoring is focused on revealing the existence and operation of these devices in Latin American countries.
“What this monitoring registers are the antennas’ configuration parameters. Antennas have more than 300 variable configuration parameters. These parameters are what define how the signal from an antenna will interact with other antennas and how it will interact with devices. What the monitoring registers is that there are parameters that are known to be used by fake antennas to retain a phone longer,” the specialist explained.
During the time that the phone is retained –that is, the time the phone is connected to the signal of this fake antenna– the IMSI-Catcher can access a citizen’s regular cell phone traffic information.
“Once an IMSI-Catcher is connected, the system has the ability to identify the SIM card, listen to phone calls, see what Internet pages you connect to and locate whether you are within range of the antenna,” cites a Washington Post article, which has also reported on the use of these devices and related studies.
“A network of fake antennas –placed in strategic locations in a city– can discover who is entering and exiting on major highways, who just landed on a plane or who is there and what they are saying during a demonstration in the city. This is currently happening in Latin America and is a threat to citizens’ privacy. Governments, whether by action or omission, are being complicit,” adds the article in the U.S. newspaper.
Calls or messages sent and received on third-party messaging applications cannot be scanned because they travel over the Internet.
The irregular signals from fake antennas can use a 2G or 4G network as a transmission path. An IMSI-Catcher configured for a 2G network cannot capture information circulating over the 4G network.
However, in the case of IMSI-Catchers configured for a 4G network, they can monitor the Internet traffic over the mobile network signal of a citizen who is within their coverage range, although they cannot determine the user’s current usage.
The device could register which application the mobile phone is accessing –for example Facebook, WhatsApp, Messenger, Twitter–, but not the use that the phone is making of the application (surfing, calling or chatting), thanks to the security encryption configured in these mobile applications, mainly for the messaging and call functions.
“Fake antenna” signals in Managua
In addition to the vicinity of the Hugo Chávez traffic circle, other “red spots” in the 4G network registered in the FADe Project monitoring are the vicinity of Altos de Motastepe, the Managua International Airport and the Don Bosco Youth Center.
“We can determine that near the signal registered in Altos de Motastepe, the Mechanized Infantry School of the Nicaraguan Army operates. That point is known because when one goes down towards Las Piedrecitas Park, the mobile signal is lost for a few seconds,” explained the FADe Project specialist.
In the monitoring of irregular signals in the 2G network, they were again registered in the area of the Augusto C. Sandino International Airport, as well as at the Roberto Huembes Market bus terminal, the National Autonomous University of Nicaragua (UNAN-Managua), the Judicial Complex of Managua, the Police District One station, the National Penitentiary System “Jorge Navarro”, known as La Modelo, in Tipitapa, and areas near the Multicentro Las Américas shopping mall.
It can be the size of a briefcase and be operated from a house
The cost of an IMSI-Catcher device ranges from the so-called Low Cost devices, which can cost $1,700, up to $5,000, $40,000 and even $200,000. The most popular devices are those resembling a large briefcase, which can be priced at $10,000.
Like any device, the price depends on the quality, range, capacity or brand. All parts have to be imported, although they can be assembled in Nicaragua. They can also be imported fully assembled.
Telcor is aware of “fake antenna” operations
The researcher said that the operations of these “fake antennas” are certainly known by the Nicaraguan Institute of Telecommunications and Post (Telcor), the regulatory entity of telecommunications in Nicaragua, as part of its routine monitoring of the operating antennas of the telephone service provider companies in the country.
“Of course this should be known by Telcor, since as the regulatory entity they have equipment to register irregular signals. For an entity such as Telcor the devices are easily detectable by simply tracking the radioelectric spectrum and determining if there is an antenna that does not belong to any of the accredited operators”, he pointed out.
On January 10, 2022, Telcor was sanctioned by the European Union (EU), along with sanctions against the National Police and the Supreme Electoral Council (CSE). The EU Council indicated in a statement that the sanctions against these entities were due to their involvement in acts of “serious human rights violations, including repression of civil society, support for fraudulent presidential and parliamentary elections, and the undermining of democracy and the rule of law” in Nicaragua.
Telcor requires operators to hand over user information
Law 1042 on Cybercrime, approved by the dictatorship in January 2021, empowers Telcor to order telephone operators to retain information on their users’ communications for up to one year, in case they are required by Telcor, the Ortega regime’s Police, or the Public Prosecutor’s Office.
Experts in digital security explained that by using the infrastructure of telephone operators, a series of additional data can be obtained from users, although these are not declared in the privacy policies of Telcor.
The Cybercrime Law together with Law 1055, known as the Sovereignty Law, have been the main repressive laws used by the regime to imprison and convict opponents, activists, businessmen and journalists.
The deployment of Russian troops in Nicaragua has also been pointed out by security experts and former diplomats as a prelude to the implementation of espionage and counterintelligence operations in the country to support the repressive operations of Daniel Ortega’s and Rosario Murillo’s regime.