China appears to have used mobile phone networks in the Caribbean to surveil US mobile phone subscribers as part of its espionage campaign against Americans, according to a mobile network security expert who has analyzed sensitive signals data.
The findings paint an alarming picture of how China has allegedly exploited decades-old vulnerabilities in the global telecommunications network to route “active” surveillance attacks through telecoms operators.
The alleged attacks appear to be enabling China to target, track and intercept telephone communications of US phone subscribers, according to research and analysis by Gary Miller, a Washington state-based former mobile network security executive.
In some cases China appeared to have used networks in the Caribbean to conduct its surveillance, Miller said.
At the heart of the allegations are claims that China, using a state-controlled mobile phone operator, is directing signaling messages to US subscribers, usually while they are traveling abroad.
Signaling messages are commands that are sent by a telecoms operators across the global network, unbeknownst to a mobile phone user. They allow operators to locate mobile phones, connect mobile phone users to one another and assess roaming charges.
However, some signaling messages can be used for illegitimate purposes, such as tracking, monitoring, or intercepting communications.
US mobile phone operators can block many such attempts, but Miller believes that the US has not gone far enough to protect mobile phone users, who he believes are not aware of how insecure their communications are.
Miller focused his research on messages that he said did not appear legitimate, either because they were “unauthorized” by the GSMA, an international standard-setting body for the telecommunications industry, or because the messages were sent from a location that did not match where a user was traveling.
“Government agencies and [the US] Congress have been aware of public mobile network vulnerabilities for years,” he said. “Security recommendations made by our government have not been followed and are not sufficient to stop attackers.”
“No one in the industry wants the public to know the severity of ongoing surveillance attacks. I want the public to know about it,” he added.
Miller said that he found that in 2018 China had conducted the highest number of apparent surveillance attacks against US mobile phone subscribers over 3G and 4G networks.
He said the vast majority of these apparent attacks were routed through a state-owned telecoms operator, China Unicom Ltd (中國聯通), which he said pointed in very high likelihood to a state-sponsored espionage campaign.
Overall, Miller said he believed tens of thousands of US mobile users were affected by the alleged attacks emanating from China from 2018 to this year.
“Once you get into the tens of thousands, the attacks qualify as mass surveillance, which is primarily for intelligence collection and not necessarily targeting high-profile targets. It might be that there are locations of interest, and these occur primarily while people are abroad,” Miller said.
Miller said he believed the messages were indicative of surveillance of mass movement patterns and communication of US travelers.
Miller also found what he called unique cases in which the same mobile phone users who appear to have been targeted via China Unicom also appear to have been targeted simultaneously through two Caribbean operators: Cable & Wireless Communications (Flow) in Barbados and Bahamas Telecommunications Co.
The incidences, which occurred dozens of times over a four to eight-week period, were so unusual that Miller said they were a “strong and clear” indicator that these were coordinated attacks.
Miller said that last year most apparent attacks against US subscribers over the 3G network emanated from Barbados, while China significantly reduced the volume of messages to US subscribers.
“China reduced attack volumes in 2019, favoring more targeted espionage and likely using proxy networks in the Caribbean to conduct its attacks, having close ties in both trade and technology investment,” Miller said.
China Unicom said in a statement that it “strongly refutes the allegations that China Unicom has engaged in active surveillance attacks against US mobile phone subscribers using access to international telecommunications networks.”
SECURITY: As China is ‘reshaping’ Hong Kong’s population, Taiwan must raise the eligibility threshold for applications from Hong Kongers, Chiu Chui-cheng said When Hong Kong and Macau citizens apply for residency in Taiwan, it would be under a new category that includes a “national security observation period,” Mainland Affairs Council (MAC) Minister Chiu Chui-cheng (邱垂正) said yesterday. President William Lai (賴清德) on March 13 announced 17 strategies to counter China’s aggression toward Taiwan, including incorporating national security considerations into the review process for residency applications from Hong Kong and Macau citizens. The situation in Hong Kong is constantly changing, Chiu said to media yesterday on the sidelines of the Taipei Technology Run hosted by the Taipei Neihu Technology Park Development Association. With
CARROT AND STICK: While unrelenting in its military threats, China attracted nearly 40,000 Taiwanese to over 400 business events last year Nearly 40,000 Taiwanese last year joined industry events in China, such as conferences and trade fairs, supported by the Chinese government, a study showed yesterday, as Beijing ramps up a charm offensive toward Taipei alongside military pressure. China has long taken a carrot-and-stick approach to Taiwan, threatening it with the prospect of military action while reaching out to those it believes are amenable to Beijing’s point of view. Taiwanese security officials are wary of what they see as Beijing’s influence campaigns to sway public opinion after Taipei and Beijing gradually resumed travel links halted by the COVID-19 pandemic, but the scale of
A US Marine Corps regiment equipped with Naval Strike Missiles (NSM) is set to participate in the upcoming Balikatan 25 exercise in the Luzon Strait, marking the system’s first-ever deployment in the Philippines. US and Philippine officials have separately confirmed that the Navy Marine Expeditionary Ship Interdiction System (NMESIS) — the mobile launch platform for the Naval Strike Missile — would take part in the joint exercise. The missiles are being deployed to “a strategic first island chain chokepoint” in the waters between Taiwan proper and the Philippines, US-based Naval News reported. “The Luzon Strait and Bashi Channel represent a critical access
Pope Francis is be laid to rest on Saturday after lying in state for three days in St Peter’s Basilica, where the faithful are expected to flock to pay their respects to history’s first Latin American pontiff. The cardinals met yesterday in the Vatican’s synod hall to chart the next steps before a conclave begins to choose Francis’ successor, as condolences poured in from around the world. According to current norms, the conclave must begin between May 5 and 10. The cardinals set the funeral for Saturday at 10am in St Peter’s Square, to be celebrated by the dean of the College