An Espionage Tool Could Be In Your Pocket, Security Experts Warn

Billions of dollars have been spent bolstering national security since the terrorist attacks of Sept. 11, 2001, but government facilities are still vulnerable to espionage and leaks, security experts told the Daily Caller.

The intelligence community (IC) implemented standards in 2010 for sensitive government facilities, noting that “portable electronic devices… can enable hostile attacks” that threaten classified information in government facilities.

However, these sensitive facilities are often not equipped with the proper tools to monitor unauthorized devices, security experts told the Caller.

Retired Senior CIA Executive Rodney Alto spent 35 years in the agency and told the Caller there are a “wide array of actors” trying to obtain sensitive information about U.S. national security.

“Whether that be nation-state actors, terrorist organizations, or criminal organizations, what we’re seeing them do today is exploit all the technology tools that are in front of them to gain access to sensitive conversations,” Alto said.

Alto currently serves as a Senior Advisor for Federal and Security at the radio frequency security company Bastille, according to his LinkedIn.

“And at the top of that list, [it] really starts to become things like cell phones, and how can I exploit a cell phone to allow me to eavesdrop on a sensitive conversation?” Alto continued.

Threat actors affiliated with the Chinese government have compromised telecom provider networks to conduct a cyber espionage campaign. Network defenders should read new guidance from the #FBI and our partners to harden their systems against this activity: https://t.co/yzh7NedOAe pic.twitter.com/GXsN7lbB0f

— FBI (@FBI) December 3, 2024

Phones have been the targets of espionage operations in recent years.

A Chinese espionage campaign allegedly stole information from potentially more than 1 million American mobile phone customers, sources told ABC News in 2024. U.S. officials deemed it a significant intelligence gathering operation, according to the outlet.

Americans are not the only ones vulnerable to spyware — French President Emmanuel Macron was reportedly targeted for phone hacking software, the BBC reported.

Macron was allegedly a target of the software Pegasus. The spyware was created by the Israeli firm NSO Group and enables users to infect electronic devices.

NSO Group denied allegations of “wrongdoing,” according to the BBC.

Federal agencies like the U.S. Department of Defense (DOD) store and disseminate information in Sensitive Compartmented Information Facilities (SCIFs) and Special Access Program Facilities (SAPFs).

In those facilities, government officials can openly discuss sensitive information and classified communications, sources told the Caller. (RELATED: Cable Companies, Pentagon And Dark Money Clash With Cell Phone Titans Over Cruz-Backed Idea For ‘Big, Beautiful Bill’)

However, Alto estimates that only 10% of the thousands of U.S. government SCIFs and SAPFs are “appropriately detecting unauthorized devices” — even though these facilities publicly display signs prohibiting electronic devices.

Bastille, one of the companies contracted to monitor SCIFs and SAPFs, deploys Wireless Intrusion Detection Systems (WIDS) for 40 federal agencies, Bastille CEO Chris Risley told the Caller.

WIDS detect thousands of devices brought into those facilities each year, he said.

The majority of these instances are not bad actors, but rather employees who accidentally brought their phones into the secure facility, according to the CEO.

It does not take much to compromise a cellular device.

An unsecure app, a sketchy link or even connecting to public Wi-Fi on a personal phone can all expose it to malware, turning the phone into a tool for data exfiltration — otherwise known as data theft — Alto told the Caller. 

“Even well-meaning employees can unknowingly become a source of classified leaks,” Risley told the Caller in a statement. “That’s why real-time wireless monitoring is critical in secure environments.”

Smartphones have built-in microphones and cameras, enabling them to share information through cellular, Wi-Fi and Bluetooth connections, Alto told the Caller.

The signs forbidding electronic devices in SCIFS and SAPFS are insufficient, as they could create the “opportunity for a crime of opportunity,” Risley said.

Risley described the mindset of someone who brings a phone into those facilities, and he said those individuals are not necessarily planning on leaking sensitive information.

“If you know it’s not being monitored, you say, ‘gee, I’d rather keep my cell phone with me in case my wife needs to send me a text or something,’ and people bring them in,” Risley told the Caller.

If someone were tempted to leak sensitive information to a journalist or an adversary, that individual could easily capture information with a phone camera.

A similar incident allegedly occurred at the State Department’s headquarters in Washington, D.C. in February.

Michael Charles Schena, 42, of Alexandria, was arrested on criminal charges related to his alleged participation in a criminal conspiracy to gather, transmit, or lose national defense information.https://t.co/8VPiyEw8QK

— U.S. Attorney EDVA (@EDVAnews) March 7, 2025

Michael Schena, a State Department employee, allegedly used his cell phone to take photos of multiple documents labeled “SECRET” on his computer and brought his phone home, according to a press release by the Department of Justice (DOJ).

His phone was seized by authorities, the DOJ said.

Schena was allegedly providing information to people he met online a few years earlier in exchange for payments, the press release noted.

These occurrences are becoming far more common due to technological advancements, and officials know it’s a problem that needs to be addressed, Alto told the Caller. (RELATED: Trump Pushes $1 Trillion Pentagon Budget)

Security experts warn that cellphones, smartwatches, hearing aids and Wi-Fi-connected printers are also vulnerable to compromise.

These devices can become tools for data exfiltration if they are not properly secured against unauthorized wireless signals.

A 2023 DOD memorandum issued by then-Secretary of Defense Lloyd Austin directed all SCIF and SAPF users to certify compliance with policies banning personal electronic devices.

Lloyd required DOD components to “program for appropriate electronic device detection systems and mitigation measures in all DOD SCIFs and SAPFs” by September 2024, according to the memo.

There are a few barriers to detecting electronic devices in sensitive facilities, however, Alto told the Caller.

Installing and monitoring electronic device detection systems in every SCIF and SAPF requires funding, Alto noted.

“I think it’s a funding issue,” he said. “We, clearly as a government, need to invest funding to better protect our national security spaces or locations where sensitive conversations are occurring.”

However, Alto emphasized the lack of education on the risks of electronic devices as a major factor.

“We need to continue to educate our leadership on the sensitivities revolving around unauthorized electronic devices in sensitive locations and the capacity they have to exploit those environments to acquire and transmit unauthorized data to unauthorized users,” Alto said. (RELATED: Here’s Why Government Officials Use ‘Signal’ To Communicate)

He noted that individuals who break the law must be held accountable.

The 2025 National Defense Authorization Act directed the Secretary of Defense to evaluate the “cybersecurity products and services for mobiles devices” that are used by DOD.

Alto stressed that lawmakers need to ensure there is appropriate funding to protect America’s national security.

“We need direction from Congress,” he said.

“We prioritized, a number of years ago, increasing physical security around government buildings because we were concerned about unauthorized individuals, vehicles, and whatever gaining physical access to a building, which is really important for us to do,” Alto added.

“Today, we live in a world where access is now happening via things like cell phones that can exponentially create enormous harm to national security through the ease of exfiltrating data that they present,” he told the Caller.