Hackers have been stealing call data from major carriers for years
According to an investigation conducted by US-Israeli security company Cybereason, hackers have broken in to more than 10 cellular networks around the world plundered a massive amount of sensitive data in an extensive operation that could be coordinated by a state power.
The type of data plundered by this hacking group includes call records from cell network providers and geolocation data that can be used to conduct targeted surveillance on individuals. The hackers have systematically broken in to about a dozen global cell networks over the past seven years in that Cybereason has dubbed “Operation Soft Cell’.
Call detail records or CDRs are communication logs generated by the phone provider to connect calls and messages from one user to another. They don’t include recordings of the calls or the written content of messages, but can reveal many intimate details of the targets life and relationships. The US government collects the same type of data on its own citizens via the NSA.
Cybereason’s report details that the hackers first exploited provider’s Internet-connected (i.e. public) web servers to stealing credentials that let them access deeper portions of the provider’s internal network until they could control it entirely.
Why? Cybereason highlighted a few interesting points:
- In one instance the hackers obtained hundreds of gigabytes of data about a small group of about 20 customers of a cellular provider, indicating targeted surveillance of specific people.
- Some targeted networks belong to large providers, but others were smaller companies in “unique and interesting” locations, likely strategic geopolitical points.
- Cybereason has also said that no North American providers have been attacked, to the best of their knowledge, but that the situation is ongoing and that they would not rule it out.
- Finally Cybereason also said that there is a “very high probability” that the hackers are acting on behalf of a nation state, probably China. This is because the hackers has been identified as using the same methods as a hacking group called APT 10, believed to be backed by China
Anyone with even passing familiarity with technology and telecoms will know how rising tensions between the US and China have escalated to a full-on trade with a huge impact on Chinese tech company Huawei and it’s prospects on the world stage.
The Chinese government has long denied allegations of cyber-espionage against US and its allies, but well, that’s the first rule of spy club for any nation. Until we know more about the locations targeted and why US providers were spared, it’s not possible to draw a certain conclusion.