By: Denise Simon | Founders Code
Newsweek reports: A mobile security expert has accused China of exploiting cellphone networks in the Caribbean to conduct “mass surveillance” on Americans.
Gary Miller, a former vice president of network security at California-based analytics company Mobileum, told The Guardian he had amassed evidence of espionage conducted via “decades-old vulnerabilities” in the global telecommunications system.
While not explicitly mentioned in the report, the claims appear to be centered around Signaling System 7 (SS7), a communications protocol that routes calls and data around the world and has long been known to have inherent security weaknesses.
According to Miller, his analysis of “signals data” from the Caribbean has shown China was using a state-controlled mobile operator to “target, track, and intercept phone communications of U.S. phone subscribers,” The Guardian reported.
Miller claimed China appeared to exploit Caribbean operators to conduct surveillance on Americans as they were traveling, alleging that attacks on cell phones between 2018 to 2020 likely affected “tens of thousands” of U.S. mobile users in the region.
“Once you get into the tens of thousands, the attacks qualify as mass surveillance,” the mobile researcher said, noting the tactic is “primarily for intelligence collection and not necessarily targeting high-profile targets.” Miller continued: “It might be that there are locations of interest, and these occur primarily while people are abroad.”
A previous analysis paper covering 2018-2019, also titled Far From Home, contained a series of similar espionage claims about SS7, alleging that “mass surveillance attacks” in 2018 were most prevalent by China and Caribbean mobile networks. More here.
But hold on… it does not stop there… we also have the Channel Islands…
The Bureau: Private intelligence companies are using phone networks based in the Channel Islands to enable surveillance operations to be carried out against people around the world, including British and US citizens, the Bureau of Investigative Journalism can reveal following a joint reporting project with the Guardian.
Leaked data, documents, and interviews with industry insiders who have access to sensitive information suggest that systemic weaknesses in the global telecoms infrastructure, and a particular vulnerability in Jersey and Guernsey, are being exploited by corporate spy businesses.
These businesses take advantage of some of the ways mobile phone networks across the world interact in order to access private information on targets, such as location information or, in more sophisticated applications, the content of calls and messages or other highly sensitive data.
The spy companies see phone operators in the Channel Islands as an especially soft route into the UK, according to industry experts, who say the attacks emanating from the islands appear to be targeted at individuals rather than cases of “mass” surveillance. The Bureau understands that the targets of this surveillance have been spread across the globe, and included US citizens as well as people in Europe and Africa.
Ron Wyden, the Oregon senator and privacy advocate, described the use of foreign telecom assets to spy on people in the US as a national security threat.
“Access into US telephone networks is a privilege,” he said in response to the Bureau’s findings. “Foreign telecom regulators need to police their domestic industry – if they don’t, they risk their country being cut off from US roaming agreements.”
Markéta Gregorová, the European Parliament’s chief negotiator on trade legislation for surveillance technology, called for “immediate regulatory, financial and diplomatic costs on companies and rogue jurisdictions” that enabled these practices.
“Any commercial or governmental entity, foreign or domestic which enables the facilitation of warrantless cyber-attacks on European citizens deserves the full force of our justice system,” she told the Bureau.