China reportedly spies "tens of thousands" of Americans through mobile phones

China reportedly spies "tens of thousands" of Americans through mobile phones

China is using phone companies in the Bahamas and Barbados to spy on "tens of thousands" of U.S. citizens, a cell phone security expert told Britain's Guardian newspaper.

Gary Miller, founder of Exigent Media, a Seattle-area media production company specializing in cybersecurity issues, said, "This attack falls under mass surveillance, which is primarily for intelligence gathering and not necessarily targeting high-profile targets." He stated.

"It's a very large attack," said Gary Miller, founder of Exigent Media, a Seattle-based media production company that specializes in cybersecurity issues, "and it's not necessarily a high-profile target.

Although the Guardian article does not go into technical details, in a two-part report titled "Far from Home" posted on Exigent Media's website, Miller discusses the Signaling System 7 (SS7) telephone signaling network and its successor The report reveals that Miller discusses the exploitation of the Signaling System 7 (SS7) telephony signaling network and its successor, the Diameter signaling protocol.

The report details a "comprehensive vision of foreign surveillance attacks and cyber espionage threat activity against U.S. cell phones."

"Nobody in the [telecom] industry wants the public to know the severity of the ongoing surveillance attacks," Miller, who spent a decade in the mobile security industry, told The Guardian. 'I want the public to know.'

The SS7 system will allow landlines and cell phones around the world to find each other, dial, and send text messages by creating a shared interface between hundreds of independent phone companies around the world.

Because calls to cell phones require geographic location of the phone before a voice connection can be established, SS7 is used to locate the owner of the cell phone and track their movements.

SS7 can also be exploited to silently forward calls and text messages to other numbers without the intended recipient's knowledge.

Access to SS7 is supposed to be strictly controlled, but many state-run telecommunications must comply with authoritarian government requirements, and some in small or poor countries may be tricked or coaxed into providing access to third parties.

"Mobile networks are forwarding millions of attack messages every month," says Part 1 of Exigent's Far from Home report covering 2018 and 2019." A tremendous amount of cyberespionage activity has occurred over the years and continues today."

Normally, we would tell you how to protect yourself from this type of attack, but the fact is that SS7, Diameter, and similar protocols are built into the phone network itself. SS7, Diameter, and similar protocols are built into the phone SS7, Diameter, and similar protocols are built into the telephone network itself.

The only way to avoid being tracked on a cell phone is to turn it off and remove the battery. If the battery cannot be removed, place it in a Faraday bag or, as in the 1998 film "Enemy of the State," in an empty metal foil potato chip bag. (Kaspersky, a Russian information security company, states that the two-bag method is the most effective.)

According to the Exigent report, while many countries, including many U.S. allies, and even some organized crime groups, are using SS7 to passively track individuals, Chinese attackers are actively manipulating SS7 communications on the cell phones of Americans traveling outside the U.S. to better harvest calls and text messages are being better harvested, according to the report.

According to Miller, the majority of the active SS7 surveillance he observed in 2018 (85% according to the Far from Home report) was facilitated through China Unicom, one of three state-owned phone service providers in mainland China.

But he told The Guardian that a much larger share of China's SS7 activity in 2019 was possible through two phone companies in the Americas: Cable & Wireless, which operates in the Caribbean island of Barbados under the brand name Flow, and Bahamas Telecommunications Company (BTC), a joint venture between Cable & Wireless and the Bahamian government.

Cable & Wireless is an American-owned British company operating in Miami. In response to Tom's Guide, a spokesperson for Cable & Wireless stated.

"In all markets where Cable & Wireless Communications and Flow operate, including the Bahamas, we continuously monitor our network and have robust security policies and protocols in place to protect customer data. We take our commitment to data protection seriously and are carefully reviewing the information in the Guardian article."

Telecoms in the English-speaking Caribbean and Bahamas belong to the same telephone numbering and dialing systems as U.S. and Canadian telephone companies,

making them useful to foreign spies targeting the United States. Instead, they can dial the same numbers as any other number in the U.S. or Canada.

The Exigent report suggests that carriers such as Cable and Wireless and Bahamas Telecommunications Company may be unaware of the potential for network abuse by foreign operators.

"In remote island and developing countries, it is common for network operators in those countries to sell the use of their networks by leasing network addresses, called SS7 global titles (GTs)," the report says.

"Through the network connection and use of the foreign operator's GT address, the threat party can access any network with which that operator has a roaming agreement.

Another Guardian article, published the day after reporting Miller's findings, details how a telecommunications company in Guernsey, one of the British Channel Islands, was exploited by a private Israeli intelligence company to access the SS7 network for surveillance purposes It states.

The Channel Islands are a small group of quasi-independent islands off the northern coast of France that are under the jurisdiction of the British monarch but are not part of the United Kingdom.

Exigent's report also details abuses of the SS7 and Diameter systems involving telecom operators in Mexico, Canada, Russia, the European Union, the Palestinian Territories, Switzerland, Hong Kong, African countries, and English-speaking Caribbean islands and territories.

"The implications associated with the threat of active mobile network surveillance in 2020 should be viewed as a troubling sign for U.S. mobile network operators and U.S. policymakers in the future," Part 2 of Exigent's Far from Home report concludes.

"The vulnerabilities are very well known in the mobile carrier industry and among U.S. policymakers, but little action has been taken to limit foreign surveillance activities.

.

Categories