NSA’s Version of a GSM IMSI Catcher CANDYGRAM

This is one of the most non-surprising NSA documents I have seen. This device is named CANDYGRAM and its purpose is to act as an IMSI catcher for GSM cellular networks.


What It Is
CANDYGRAM is a device that mimics a GSM cell tower of a target network. This is basically the same thing as an IMSI catcher but with a few extra bells and whistles. One of the extra features is that it sends out an SMS though the external network to registered watch phones when a target handset enters the base station’s area of influence. CANDYGRAM is capable of operating at 900, 1800, or 1900 MHz. According to the documentation on CANDYGRAM it is also capable of the following: configurable 200 phone number target deck, network auto-configuration, area survey capability, remote operation capability, configurable network emulation, configurable RF power level, multi-units under single C&C, remote restart, remote erasure (not field recoverable). As of when this document was shared with FVEY (6/20/08) I think it was more commonly used than it is today due to the fact that today the NSA can just go to whoever owns the base station of interest and get any data that they want.


What We Can Do
When dealing with regular IMSI catchers there is not much the end user can do. This is mainly because most of the technology (software & hardware) that GSM uses is closed source not open source so it makes it harder to fight an attack like this. Luckily, there are some people who are starting to develop software that can help detect IMSI catchers. This software is a lot of times referred to as an IMSI catcher-catcher or IMSI catcher detector. If you are running Android then there is an app that you can get called the IMSI catcher detector, which can be seen and downloaded at GitHub. If you have an iPhone or some other phone that does not have software available to help detect IMSI catchers then I would recommend either getting a different phone with an open source OS or not worrying about an attack like this from the NSA because it is probably not very common today. With that said the Android IMSI catcher detector still might not work against a CANDYGRAM unit because it is designed by the NSA and is typically used on higher priority targets so it is probably even more difficult to detect.


Thank you all for taking the time to read this post and as always God bless!

The NSA’s original documentation on CANDYGRAM



The following two tabs change content below.
Preston Hood
Hello, my name is Preston Hood. I am the owner of PJHoodsCo, an Information Technology Service Provider (ITSP). I am also a freelance writer and information security researcher.
Preston Hood

Latest posts by Preston Hood (see all)

Categories: Information Technology, IT Security, and Preston Hood.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>