New Report Again Shows Global Telecom Networks Aren't Remotely Secure

from the maybe-we-should-fix-that dept

Last year, when everybody was freaking out over TikTok, we noted that TikTok was likely the least of the internet's security and privacy issues. In part because TikTok wasn't doing anything that wasn't being done by thousands of other app makers, telecoms, data brokers, or adtech companies in a country that can't be bothered to pass even a basic privacy law for the internet era. If we're serious about security and privacy solutions, we need to take a much broader view.

For example, while countless people freaked out about TikTok, none of those same folks seem bothered by the parade of nasty vulnerabilities in the nation's telecom networks, whether we're talking about the SS7 flaw that lets governments and bad actors spy on wireless users around the planet or the constant drumbeat of location data scandals that keep revealing how your granular location data is being sold to any nitwit with a nickel. Or the largely nonexistent privacy and security standards in the internet of broken things. Or the dodgy security in our satellite communications networks.

This week, Crowdstrike drove this myopia home again with a new report showcasing how Chinese hackers have compromised global telecom networks for years. The security firm found that since 2016 or so, a (likely Chinese state backed) hacking organization dubbed "LightBasin" or "UNC1945" targeted global telecom companies and was able to compromise 13 of them since 2019. First accessing an eDNS server through an SSH connection from the network of another compromised company, the hackers were able to obtain a trove of telecom data including subscriber information, call metadata, text messages and more, helping them develop a wide collection of snooping tricks:

"The report lays out how this group has developed highly customized tools and a precise working knowledge of global telecommunications network architectures such that it can emulate network protocols to allow scanning and “to retrieve highly specific information from mobile communication infrastructure.” The nature of the data targeted “aligns with information likely to be of significant interest to signals intelligence operations."

Of course this comes on the heels of a steady parade of other telecom security scandals, ranging from the SS7 flaw we still haven't fully fixed (opening the door to covert surveillance), revelations that most satellite networks have the security of damp cardboard, and recent reports of a company that handles billions of global text messages from carriers all over the world was compromised for years before anybody knew anything about it. Most of these reports come and go quietly without even a tiny fraction of the hysteria we saw aimed at TikTok.

Speaking to the press, Crowdstrike researchers were quick to point out that freaking out about malware and apps doesn't mean much if the underlying telecom infrastructure is compromised (and it very much is):

"People leverage their cellphones like they’re magic,” said Adam Meyers, CrowdStrike’s senior vice president of intelligence. “They don’t think about the fact that there’s this whole infrastructure that makes it work … and that infrastructure is not something that you can take for granted."..."They don’t need to deploy the malware onto your phone if they’re owning the network that your phone is riding on,” he said.

Granted much like everyday infrastructure issues like bridge repair, shoring up overall internet network security isn't a sexy topic that sees much traction. Unless you're a U.S. company lobbyist leveraging Xenophobia to your competitive and political tactical advantage (see the sometimes narrow hysteria surrounding 5G), much of this stuff doesn't see anywhere near the attention it deserves in a press and policy discourse that often couldn't care less.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: privacy, security, ss7, telco equipment, telcos, telecom networks
Companies: crowdstrike