The revelation of CONFIDENTIAL about the operation in Nicaragua of 39 false antennas for electronic surveillance that allow users to capture private information, in a repressive political and social environment imposed by the Ortega dictatorship, has generated concerns among citizens about how to protect their information against possible eavesdropping or interference by third parties.
The special report of CONFIDENTIALbased on the analysis of the organization South Lighthouse –dedicated to researching technologies at the service of human rights– and the study Fake Antenna Detection Project (FADe Project), detailed the places where these false antennas operate, among which some very popular and crowded stand out, such as the area around the Hugo Chávez roundabout or the International Airportin Managua.
Fake antennas work with gadgets IMSI Catcher, used for electronic surveillance. However, the specialists from the FADe Project clarify that the study does not seek to affirm that the Ortega regime spies on the citizens of Nicaragua.
CONFIDENCIAL consulted specialists in computer security on how to protect your information from this threat. One of the specialists, who requested that his name be omitted due to his ties to Nicaragua, explained that the problem in evading the surveillance of false antennas is that the telephone does not notify when it connects from one antenna to another, so any citizen can be reached by the coverage of an IMSI Catcher without realizing it.
However, it did detail some of the steps that can be taken to prevent your information from being captured, either by inadvertently entering the coverage of a fake antenna or by some type of malicious software that manages to get onto your mobile device.
Recommendations to protect yourself against “false antennas”
- Do not discuss sensitive or sensitive issues through a conventional telephone conversation or in any case, do not fully use the conventional call service.
- If you are going to attend a meeting in which a sensitive or sensitive topic is going to be discussed, leave the phone in another room in a Faraday bag or case in which mobile devices are kept. These bags and cases affect the signals of the devices.
- Use the so-called PIN Lock of the SIM card that allows the mobile device to block access to the SIM card.
- Use strong passwords to access your applications.
- Do not download unknown links, which can be the bridge for malware to reach your device.
- Communicate with apps that encrypt your messages and calls, like Signal or Session. Other messaging apps like WhatsApp and Telegram also offer encryption in their communications.
- Use a VPN (Virtual Portable Network) when you surf the net from your mobile device.
- Use secure mail services such as Protomail, mainly to send links of personal interest or with sensitive information.
- Use a single email account (Gmail for Android or ICloud for Apple) on your device, preferably one that is not personal and only serves to access the phone’s systems. This account must be created in such a way that the citizen is not identified, without using names or other elements that reveal their identity.
- Do not download applications from stores that are not official.
Among the sensitive information that the IMSI Catcher can capture when it is reached in its coverage range is conventional call traffic, destination or origin of these calls, text messages, SIM card code, location of the phone and in some cases, the direct listening to the telephone conversation.
The report of CONFIDENTIAL He explained that these devices cannot access messages or calls made through mobile messaging applications, due to the security encryption they use.
The blogger and specialist in security and digital marketing, Manuel Díaz, wrote an article In the portal Bacchanalian in which he adds some additional tips to evade the information captures of the IMSI Catcher.
Other tips to protect your cell phone
- Turn off the phone or put it in airplane mode. This mainly if you are going to meet to address sensitive or very personal issues.
- Díaz does not recommend the use of applications that claim to report or identify when your mobile device connects to a false antenna. They are not reliable, he assures.
- He insists on using applications with encrypted messaging for all his communications (WhatsApp, Signal or Telegram), instead of using the conventional telephone service.
Finally, the specialist points out a point in his article that must be taken into account with the operations of false antennas, and that is their easy movement.
Although the FADe Project study fails to specify the type of IMSI Catcher devices that are being used in Nicaragua, it is practically a fact that they are of the portable type, the kind that can fit in a briefcase and be deployed on a table from an office or any house.
This means that the coverage points of the false antennas can vary from one time to another, without the users being aware of it. Therefore, the best that can be done is to keep current the recommendations on cybersecurity of the specialists.