Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
A device capable of intercepting phone signals may have been deployed during the 2024 Democratic National Convention (DNC) in Chicago, WIRED has learned, raising critical questions about who authorized its use and for what purpose.
The device, known as a cell site simulator, was identified by the Electronic Frontier Foundation (EFF), a digital rights advocacy organization, after analyzing wireless signal data collected by WIRED during the August incident.
Cell site simulators mimic cell towers to intercept communications, indiscriminately collecting sensitive data such as call metadata, location information, and application traffic from all phones in range. Their use has drawn widespread criticism from privacy advocates and activists, who argue that the technology can be used to surreptitiously monitor protesters and suppress dissent.
The DNC convened amid widespread protests over Israel’s attack on Gaza. while trusted influencers attended exclusive yacht parties and VIP eventsthousands of demonstrators faced heavy law enforcement presenceincluding the US Capitol Police, Secret Service, Homeland Security Investigations, local sheriff’s offices and the Chicago Police Department.
Concerns about potential surveillance prompted WIRED to take action a first-of-its-kind wireless survey to investigate whether mobile site simulators are deployed. Two rooted Android phones and Wi-Fi hotspots running detection software were used by reporters Rayhunter— a tool developed by the EFF to detect data anomalies associated with these devices. WIRED’s reporters covered Chicago’s protests and signals at the event, gathering extensive information during the convention.
Preliminary tests conducted during the DNC did not reveal conclusive evidence of cell-site simulator activity. However, months later, EFF technologists reanalyzed the raw data using improved detection methods. According to Cooper Quintin, EFF’s chief technologist, the Rayhunter tool captures all interactions between devices and cell towers, allowing for deeper analysis as detection methods evolve.
A breakthrough came when EFF technologists applied a new heuristic to investigate situations in which cell towers request IMSI (international mobile subscriber identity) numbers from devices. According to EFF’s analysis, on Aug. 18 — the day before the convention officially began — WIRED reporters on their way to a hotel where Democratic delegates from the US Midwest were staying suddenly switched to a new tower. This tower asked for the device’s IMSI and then immediately disconnected – a sequence consistent with how the mobile site simulator works.
“It’s very suspicious behavior that normal towers don’t exhibit,” Quintin said. He notes that the EFF typically only observes similar patterns during simulated and controlled attacks. “This is not 100 percent irrefutable truth, but it is strong evidence that a mobile site simulator has been deployed. We don’t know who was responsible – it could have been the US government, foreign actors, or some other entity.
Under Illinois law, law enforcement agencies must obtain a warrant to deploy mobile site simulators. Similarly, federal agents, including those from the Department of Homeland Security, must serve warrants unless there is an immediate threat to national security. However, the 2023 DHS Inspector General report found that both the Secret Service and Homeland Security Investigations did not always comply with these requirements.
