On December 30, 2022, French authorities were conducting a security checkpoint outside of the Strasbourg Saint-Denis metro station in Paris when they stopped a vehicle for a routine check. Upon inspecting the vehicle, officers discovered a suitcase in the backseat that contained wires and antennas, according to the French media outlet el Parisien.
Les policiers ont alors constaté la présence de plusieurs téléphones et d’une installation comprenant des antennes blanches. Une caisse a été trouvée dans le coffre avec un dispositif pouvant faire penser à une bombe. Les services de déminage ont été diligentés sur place ? 2/2 pic.twitter.com/e8isfMMhMy
— Amaury Bucco (@AmauryBucco) December 30, 2022
Bomb squad units, unaware of what the device was at the time, decided to do a controlled detonation to destroy it, believing it was an explosive device. The driver, an unidentified woman, was arrested for being under the influence of narcotics. The vehicle, which was not registered under her name, was confiscated by authorities.
The next day, French journalist Amaury Bucco reported on Twitter that police launched an investigation into the incident because “the box contained professional spy equipment.”
What was the device?
According to the Twitter page Hacker Fantastic, the device was a professional, yet outdated, build to “locate details of equipment and subscribers (IMSI/IMEI) across a large area, a few city blocks at minimum.” IMEI is the International Mobile Subscriber Identity, which is a unique number used to identify a specific user on a cellular network, and IMSI is the International Mobile Station Equipment Identity, which is a unique identifier for cellular and satellite phones. What this means is that the device was intercepting and collecting mobile phone traffic and tracking location data of mobile phone users.
IMSI catcher, dependent on power output this unit could locate details of equipment and subscribers (IMSI/IMEI) across a large area, a few city blocks at minimum. Cost $50-100k & up. pic.twitter.com/99qgNpgSUk
— hackerfantastic.crypto (@hackerfantastic) January 2, 2023
Hacker Fantastic broke down the components of the device in a post, saying that “It’s so beautiful, power modules on top, fans for cooling, what look like modular radio blocks, amp, filter, SDR radio and the icing on the cake is the “decoy” antenna system made to look like a hotspot. Whatever they are hacking with this, someone spent money to build it.”
“The antenna system is either that decoy hotspot or the hotspot is used to control it from another device as it has power and another cable running into it. Either way I’m jelly, someone got busted spying in the field and is now left out in the cold,” they added.
Hacker Fantastic concluded by saying “I’m surprised people still use these antiques in the field, they are effective but very loud and not discrete. It’s 2022, this was peak surveillance tech a decade ago.”
This case is very interesting, as IMSI catchers are typically used by law enforcement (look up Stingrays in the US) and intelligence services to eavesdrop on phone conversations and gather locational data, however, we have seen increased use by criminal organizations in recent years. According to the Congress Oversight Committee on Science, Space, and Technology, criminal groups have largely used the technology to disrupt GPS and cellular networks, but can also be used to collect financial information or information that can be used in blackmail.
It remains unknown whether or not this device was being used for criminal or intelligence purposes. While not near any embassies, the area that the car was located was surrounded by shopping areas, hotels, and restaurants. The entire situation is strange and could lead into a bunch of different rabbit holes depending on motives, but investigators will have an increasingly difficult time now that their main piece of evidence was blown up.
I find this case to be very interesting and unique and will try to provide updates if new information is released.