Hackers Have Been Stealing User Data From Global Cell Networks Since 2012

from the whoops-a-daisy dept

We've noted for a long time that the wireless industry is prone to being fairly lax on security and consumer privacy. One example is the recent rabbit hole of a scandal related to the industry's treatment of user location data, which carriers have long sold to a wide array of middlemen without much thought as to how this data could be (and routinely is) abused. Another example is the industry's refusal to address the longstanding flaws in Signaling System 7 (SS7, or Common Channel Signalling System 7 in the US), a series of protocols hackers can exploit to track user location, dodge encryption, and even record private conversations.

This week, carriers were once again exposed for not being the shining beacons of security they tend to advertise themselves as. A new report emerged this week showcasing how, for years, hackers have been exploiting substandard security at more than 10 global wireless carriers to obtain massive troves of data on specific targets of interest. Researchers at Boston-based Cybereason, who first discovered the operation, say the hackers exploited a vulnerability on an internet-connected web server to gain a foothold into each cell providers internal network. Once inside, they exploited numerous machines to gain a deeper and deeper access to the cell network:

"You could see straight away that they know what they’re after,” said Amit Serper, head of security research at Cybereason. “They would exploit one machine that was publicly accessible through the internet, dump the credentials from that machine, use the credentials stolen from the first machine and repeat the whole process several times.”

Once the hackers gained access to the domain controller, the hackers had control of the entire network. “Everything is completely owned,” said Serper.

Comforting! Hackers, presumed to likely be state actors pilfering user data invisibly, then extracted gigabytes of data on targets without having to install malware on the target's local phone. It's not clear which state actors were involved; researchers suggest it was either China, or somebody eager to make it appear it was China:

"Cybereason did say it was with “very high probability” that the hackers were backed by a nation state but the researchers were reluctant to definitively pin the blame.

The tools and the techniques — such as the malware used by the hackers — appeared to be “textbook APT 10,” referring to a hacker group believed to be backed by China, but Div said it was either APT 10, “or someone that wants us to go public and say it’s [APT 10]."

So far the researchers say no North American cell providers have been confirmed as targets, but given the stealth nature of the intrusions and how long they were being conducted without detection, that's likely no guarantee intrusions didn't happen all the same. The full report indicates this effort has been underway since at least 2012, again highlighting how global cellular networks may not quite be the bastions of security wireless carriers often profess them to be.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: data, hackers, mobile networks, ss7


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Pixelation, 27 Jun 2019 @ 8:25am

    It appears to possibly be China

    Soo, it's the US. Great job guys! What have those foreign diplomats been discussing?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jun 2019 @ 8:38am

    Are these the guys who exposed various celeb nudes?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 27 Jun 2019 @ 8:51am

    So... not stealing?

    The hackers might have done us a service had they'd stolen the data—then the telcos and intelligence agencies couldn't have accessed them. What the article describes looks more like copying than theft, and while it's not surprising that a reporter would conflate these, I expect Techdirt to know better.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 27 Jun 2019 @ 10:13am

      Re: So... not stealing?

      I guess it depends.
      By their own definitions, yes stealing.
      By that which everyone else uses as definitions, no - not stealing.
      Fake Definitions

      link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 27 Jun 2019 @ 11:19am

    Revelation it was NSA code that was accidentally handed out on fortune cookies in 3....2....

    link to this | view in chronology ]

  • icon
    Gerald Robinson (profile), 28 Jun 2019 @ 3:41am

    SS7

    Back in the day AT&T needed to modernize control of the voice network to keep it functioning. Bell labs invented SS7 and implemented it (back then there was only AT&T)! They were happy with SS7 so they published a complete documentation of it. This led to the phone preaking movement. It's too late to undo this mistake and impossible to fix the system, where AT&T could say "this is SS7 like it or don't do phone business", now no one can say that!

    The 'net had the potential for fixing the problem, instead the Telcos simply built them into the 'net!

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Jun 2019 @ 8:26am

      Re: SS7

      They were happy with SS7 so they published a complete documentation of it. This led to the phone preaking movement.

      What? SS7 nearly killed phreaking, which is believed to have started around 1957. The inband 2600 Hz tone was discovered by accident but the phreaks found the MF tones in the Bell System Technical Journal. SS7 didn't come till 1975.

      link to this | view in chronology ]

  • icon
    Jeffrey Nonken (profile), 28 Jun 2019 @ 1:36pm

    It's obviously either China or somebody else.

    link to this | view in chronology ]

  • icon
    Gerald Robinson (profile), 29 Jun 2019 @ 9:48am

    Blegh! Obviously!

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.