A device capable of intercepting phone signals may have been deployed during the 2024 Democratic National Convention (DNC) in Chicago, WIRED has learned, raising important questions about who authorized its use and for what purpose. .
The device, known as a cell site simulator, was identified by the Electronic Frontier Foundation (EFF), a digital rights advocacy organization, after analyzing wireless signal data collected by WIRED during the August event.
Cell site simulators mimic cell towers to intercept communications and collect sensitive data such as call metadata, location information, and application traffic from all phones in range. Their use has drawn widespread criticism from privacy advocates and activists, who argue that such technology could be misused to covertly monitor protesters and suppress dissent.
The DNC convened amid widespread protests over Israel’s attack on Gaza. While influential influencers attended exclusive yacht parties and VIP events, thousands of demonstrators were met by a heavy presence of law enforcement, including officers from the United States Capitol, the Secret Service, Homeland Security Investigations, local sheriff’s offices, and the Chicago Police Department. .
Concerns about potential surveillance prompted WIRED to conduct a first-of-its-kind wireless survey to investigate whether cell site simulators are being deployed. Armed with two rooted Android phones and Wi-Fi hotspots running detection software, the reporters used Rayhunter — a tool developed by the EFF to detect data anomalies associated with these devices. WIRED reporters monitored signals from protests and event locations across Chicago, collecting extensive data throughout the convention.
Initial tests performed during the DNC showed no conclusive evidence of cell site simulant activity. However, months later, EFF technologists reanalyzed the raw data using improved detection methods. According to Cooper Quintin, a senior technologist at the EFF, the Rayhunter tool stores all interactions between devices and cell towers, enabling deeper analysis as detection techniques evolve.
The breakthrough came when EFF technologists used a new heuristic to investigate situations where cell towers request IMSI (International Mobile Subscriber Identity) numbers from devices. On Aug. 18 — the day before the convention officially began — a device used by WIRED reporters en route to a hotel where Democratic delegates from midwestern US states were staying suddenly turned into a new tower, according to EFF’s analysis. . That tower requested the device’s IMSI and was then immediately disconnected—a sequence consistent with the operation of a cell site simulator.
“It’s very suspicious behavior that normal towers don’t exhibit,” Quintin says. He notes that the EFF typically observes similar patterns only during simulated and controlled attacks. This truth is not 100% indisputable, but there is strong evidence that a cell site simulator has been deployed. We don’t know who was responsible – it could be the US government, foreign actors, or some other entity.
Under Illinois law, law enforcement agencies must obtain a warrant to deploy cell site simulators. Similarly, federal agents—including those of the Department of Homeland Security—are required to maintain warrants unless there is an immediate threat to national security. However, a 2023 DHS inspector general report found that both the Secret Service and Homeland Security investigations do not always meet these requirements.
