[ad_1]
China appears to have used mobile phone networks in the Caribbean to monitor American mobile phone subscribers as part of its spy campaign against Americans, according to a mobile network security expert who has analyzed sensitive signal data.
The findings paint an alarming picture of how China has allegedly exploited decades-long vulnerabilities in the global telecommunications network to route “active” surveillance attacks through telecommunications operators.
The alleged attacks appear to be allowing China to target, trace and intercept the telephone communications of US phone subscribers, according to research and analysis by Gary Miller, a former Washington state-based mobile network security executive.
Miller, who has spent years analyzing mobile threat intelligence reports and observations of signaling traffic between foreign and US mobile operators, said that in some cases China appeared to have used networks in the Caribbean to conduct its surveillance.
At the center of the accusations are claims that China, using a state-controlled mobile operator, is sending signaling messages to American subscribers, usually while traveling abroad.
The signaling messages are commands that telecommunications operators send through the global network, without the user of a mobile phone knowing. They allow operators to locate mobile phones, connect mobile phone users to each other, and assess roaming charges. But some signaling messages can be used for illegitimate purposes, such as tracking, monitoring, or intercepting communications.
US mobile operators can successfully block many of those attempts, but Miller believes the US has not gone far enough to protect mobile phone users, which he believes are unaware of it. unsafe their communications are.
Miller focused his research on messages that he claimed did not appear legitimate, either because they were “unauthorized” by the GSMA, an international standard-setting body for the telecommunications industry, or because the messages were sent from a location. that did not match the a user was traveling.
Miller recently left a job at Mobileum, a mobile security company that tracks and reports on threats to mobile operators, to start Exigent Media, a cyber threat research and media firm. He said he was sharing his findings with The Guardian to help expose “the seriousness of this activity” and to encourage the implementation of more effective security policies and countermeasures.
“Government agencies and Congress have been aware of the vulnerabilities of public mobile networks for years,” he said. “The security recommendations made by our government have not been followed and are not enough to stop the attackers.”
He added: “No one in the industry wants the public to know the severity of ongoing surveillance attacks. I want the public to know. “
At Mobileum, Miller was vice president of network security and risk product solutions, a role he said gave him access to threat intelligence on mobile networks around the world.
Miller said he found that in 2018 China had carried out the largest number of apparent surveillance attacks against US mobile phone subscribers over 3G and 4G networks. He said the vast majority of these apparent attacks were routed through a state telecommunications operator, China Unicom, which it said was most likely targeting a state-sponsored spy campaign.
Overall, Miller said he believed that tens of thousands of US mobile users were affected by the alleged attacks emanating from China between 2018 and 2020.
“Once it reaches the tens of thousands, the attacks qualify as mass surveillance, which is primarily for intelligence gathering and not necessarily targeting high-profile targets. There may be places of interest, and these mainly happen when people are abroad, ”Miller said. In other words, Miller said he believed the messages were indicative of surveillance for mass movement patterns and communication by American travelers.
Miller also found what he called unique cases in which the same mobile phone users who appear to have been attacked through China Unicom also appear to have been simultaneously attacked through two Caribbean carriers: Cable & Wireless Communications (Flow) in Barbados and Bahamas Telecommunications Company (BTC).
The incidents, which occurred dozens of times over a four- to eight-week period, were so unusual that Miller said they were a “strong and clear” indicator that they were coordinated attacks.
At the same time, Miller said that in 2019 most of the apparent attacks against US subscribers over the 3G network emanated from Barbados, while China significantly reduced the volume of messages to US subscribers.
“China reduced attack volumes in 2019, favoring more targeted espionage and probably using proxy networks in the Caribbean to carry out its attacks, having close ties in both trade and investment in technology,” Miller said.
Do you have information on this story? Send an email to [email protected], or (using a non-work phone) use Signal or WhatsApp to send a message to +1 646 886 8761.
It is unclear whether any of the telecoms operators were knowingly involved in allegedly suspicious activity. In a statement, China Unicom said the company “vigorously refutes allegations that China Unicom has participated in active surveillance attacks on US mobile phone subscribers using access to international telecommunications networks.”
Miller said he believed it was possible for a Chinese entity to directly or indirectly lease a network address to Caribbean operators, allowing messages to be coordinated and routed through telecommunications companies in the region without their knowledge. A spokeswoman for Cable & Wireless, which owns Flow in Barbados and BTC, declined to respond to questions from The Guardian.
A spokesman for the Chinese embassy in Washington said: “The Chinese government’s position on cybersecurity is consistent and clear. We firmly oppose and combat cyberattacks of any kind. China is a strong advocate for cybersecurity. “
The Federal Communications Commission, the US telecommunications regulator, issued an order in April warning that it could shut down the US operations of China Unicom and other Chinese-controlled entities. At the time, Ajit Pai, chairman of the FCC, said the commission was concerned about the vulnerability of companies to “control of the Chinese Communist Party.”
China Unicom responded to the FCC, saying that it had a good compliance record and had shown its willingness to cooperate with US law enforcement agencies. In its statement to the Guardian, China Unicom added that its US subsidiary operated ” independently “in the United States and in accordance with US law. “China Unicom (Americas) has never been charged with misconduct and has never been knowingly investigated by any US law enforcement agency,” he said.
“We have an illusion of security when we talk on our cell phones,” said James Lewis, director of the Strategic Technologies Program at the Center for Strategic and International Studies (CSIS). “People don’t realize that we are under a sustained espionage attack on anything that connects to a network, and that this is just another example of a really aggressive and quite sophisticated campaign.”
