IMSI Catchers are devices used by law enforcement, intelligence agencies and criminals to intercept mobile phone traffic and track the location of mobile phones. They are often referred to as Stingrays - the most-common model of IMSI Catcher in the USA.
- 1 Overview
- 2 Technical description of IMSI Catchers' functionality
- 3 UK use of IMSI Catchers
- 4 Use of IMSI Catchers in other countries
- 5 Arguments for and against IMSI Catchers
- 6 Detecting IMSI Catchers and Counter-measures
- 7 IMSI Catchers in culture and media
- 8 Resources
- 9 References
IMSI catchers use vulnerabilities in the physical infrastructure of the mobile telephone network. Mobile phones send out a signal 4-9 times a minute in an attempt to find the strongest connection it can to a nearby mobile phone mast. This happens regardless of whether the user of the phone is actively using it. The phone just has to be turned on. The signal that is sent out includes the phone SIM Card's IMSI - a unique 15 digit number which can often be used to identify the owner of the phone. The signal also includes the phone's IMEI number which is specific to that that phone.
IMSI catchers can collect all the IMSI and IMEIs emitted by phones in a certain area - which can be up to around 10 sq kilometers - to build a database of phones in that location.
They can also emulate a mobile phone tower, making phones in that area connect to it. This is a man-in-the-middle attack. This allows the IMSI Catcher user to intercept the mobile phone traffic, read text messages and emails, and listen to phone calls. They can also stop mobile phones from connecting to the phone network. They can also send SMS messages to specific phones and in bulk in that areaas happened in the protests in Ukraine in January 2014.
IMSI catchers can be suitcase-sized , hand-held or worn as a vest by a person.  Surveillance company GammaGroup have produced models which can be worn on a body. They can be used anywhere and do not need the cooperation or knowledge of the mobile network provider to work.
Technical description of IMSI Catchers' functionality
UK use of IMSI Catchers
British police are very strongly suspected to be using IMSI Catchers. The police will not confirm or deny their use . There is strong evidence of use of IMSI Catchers at protests in London and around Parliament.
Because there is no official confirmation of use of IMSI Catchers in the UK, the best evidence of their use has been gathered, and reported on, by the media.
The Guardian reported in October 2011 that the Metropolitan Police Service was using an IMSI catcher system under the name of "Listed X" which had been procured from Datong plc - a company based in Leeds, West Yorkshire in the UK. Datong plc is now trading as Seven Technologies Group. The report said that the Guardian had seen a document showing that the Metropolitan police had paid Datong £143,455 for "ICT hardware" in 2008/09.
A VICE News report published in January 2016 found that there was a very high likelihood of IMSI Catchers being used at an anti-austerity protest in London and at Parliament. The report included footage of an employee of a company selling IMSI Catchers saying that "Birmingham in the UK", "Thames Valley Police in Oxford", "Merseyside Police in Liverpool" and "Leicester Police" are among his clients. The journalist was also able to arrange the purchase of an IMSI Catcher from a vendor in Hong Kong despite not working for the police or the state. He did not actually follow through with the purchase.
In July 2015, David Davis MP submitted a written question to the Home Office asking:
under what statute and what warranty system the use of IMSI catchers is permitted to intercept communications and communications data.
In reply, Home Office Minister Mike Penning said:
The Wireless Telegraphy Act 2006 makes it an offence for a person to interfere with wireless telegraphy or to use wireless telegraphy with intent to obtain information as to the contents, sender or addressee of a message of which neither he nor a person on whose behalf he is acting is an intended recipient, without lawful authority.
Investigative activity involving interference with property or wireless telegraphy is regulated by the Police Act 1997 and the Intelligence Services Act 1994 which sets out the high level of authorisation required before the police or security and intelligence agencies can undertake such activity. Use of these powers is overseen by the Intelligence Services Commissioner and the Office of Surveillance Commissioners.
Interception of communications in the course of their transmission is governed by the Regulation of Investigatory Powers Act 2000.
The Investigatory Powers Bill was intended to make surveillance law accessible. It is still unclear though how IMSI Catchers are covered in the Bill. The definition of Equipment Interference - commonly referred to as 'hacking' - in the Bill has been said to be broad enough to include IMSI Catchers which are not strictly speaking equipment for hacking .
Freedom of Information Requests
Eric King, then of Privacy International, made a Freedom of Information request in October 2011 to the Metropolitan Police asking them to release information on:
"procedures law enforcement must follow before using "IMSI catchers", "cell site simulators", "virtual base transceiver stations" or "mobile phone jammers" including but not limited to, guides, manuals, policy statements, memoranda and presentations."
"how frequently "IMSI catchers", "cell site simulators", "virtual base transceiver stations" or "mobile phone jammers" have been used by the Metropolitan Police Service, with a breakdown per year."
The Metropolitan Police Service did not release the information on National Security and law enforcement grounds arguing that:
To confirm or deny that this level of policing interest has or has not occurred in any specific area would enable those engaged in criminal activity to identify the focus of policing targets
Use of IMSI Catchers in other countries
German intelligence agencies' use of IMSI Catchers is reported every six months to Parliamentary Control Panel which reports to the Bundestag - the German Parliament.
Arguments for and against IMSI Catchers
IMSI Catchers help law enforcement and intelligence agencies identify criminals and investigate crimes.
Law enforcement should use the tools that are legally available to them to help them to their job. IMSI Catchers are legal so they should be used.
It is very difficult to use IMSI Catchers in a targeted way. When used in public, they collect data about phones belonging to people who are not suspected of any crimes.
Collecting the location and traffic of mobile phones is an unreasonable invasion of the phone owner's right to privacy.
The use of IMSI Catchers in the UK is not confirmed by British police. The lack of transparency means their use is not open to public scrutiny.
The vulnerabilities in the mobile phone network which allow IMSI Catchers to work have not been dealt with. This allows foreign intelligence agencies and criminals to use IMSI-Catchers and similar tools.
IMSI Catchers have been used to create databases of phones belonging to lawful protestors. This has the potential to limit democratic protest and restrict freedom of speech and association.
Detecting IMSI Catchers and Counter-measures
IMSI Catchers in culture and media
Season Three of the Baltimore-based police TV show The Wire featured a "Triggerfish" device - similar to an IMSI Catcher. 
- "Detecting IMSI-catchers and other mobile network attacks". Chaos Computer Club.
- "Someone Sent a Mysterious Mass Text to Protesters in Kiev". Mashable.
- "Cellxion Brochure UGX Series 330". Privacy International.
- "Met police using surveillance system to monitor mobile phones". The Guardian.
- "The body-worn “IMSI catcher” for all your covert phone snooping needs". Ars Technica.
- "Fake mobile phone towers discovered in London: Stingrays come to the UK". Ars Technica.
- "Fake Mobile Phone Towers Operating In The UK". Sky News.
- "Phone Hackers: Britain's Secret Surveillance". VICE News.
- "What the UK’s Proposed Surveillance Law Means for Police Hacking". Vice Motherboard.
- "Behind the curve: When will the UK stop pretending IMSI catchers don't exist?". Privacy International.
- "Baltimore Cops Asked Creators Of 'The Wire' To Keep Cellphone Surveillance Vulnerabilities A Secret". Techdirt.