Hackers Have Been Stealing User Data From Global Cell Networks Since 2012
from the whoops-a-daisy dept
We’ve noted for a long time that the wireless industry is prone to being fairly lax on security and consumer privacy. One example is the recent rabbit hole of a scandal related to the industry’s treatment of user location data, which carriers have long sold to a wide array of middlemen without much thought as to how this data could be (and routinely is) abused. Another example is the industry’s refusal to address the longstanding flaws in Signaling System 7 (SS7, or Common Channel Signalling System 7 in the US), a series of protocols hackers can exploit to track user location, dodge encryption, and even record private conversations.
This week, carriers were once again exposed for not being the shining beacons of security they tend to advertise themselves as. A new report emerged this week showcasing how, for years, hackers have been exploiting substandard security at more than 10 global wireless carriers to obtain massive troves of data on specific targets of interest. Researchers at Boston-based Cybereason, who first discovered the operation, say the hackers exploited a vulnerability on an internet-connected web server to gain a foothold into each cell providers internal network. Once inside, they exploited numerous machines to gain a deeper and deeper access to the cell network:
“You could see straight away that they know what they?re after,? said Amit Serper, head of security research at Cybereason. ?They would exploit one machine that was publicly accessible through the internet, dump the credentials from that machine, use the credentials stolen from the first machine and repeat the whole process several times.?
Once the hackers gained access to the domain controller, the hackers had control of the entire network. ?Everything is completely owned,? said Serper.
Comforting! Hackers, presumed to likely be state actors pilfering user data invisibly, then extracted gigabytes of data on targets without having to install malware on the target’s local phone. It’s not clear which state actors were involved; researchers suggest it was either China, or somebody eager to make it appear it was China:
“Cybereason did say it was with ?very high probability? that the hackers were backed by a nation state but the researchers were reluctant to definitively pin the blame.
The tools and the techniques ? such as the malware used by the hackers ? appeared to be ?textbook APT 10,? referring to a hacker group believed to be backed by China, but Div said it was either APT 10, ?or someone that wants us to go public and say it?s [APT 10].”
So far the researchers say no North American cell providers have been confirmed as targets, but given the stealth nature of the intrusions and how long they were being conducted without detection, that’s likely no guarantee intrusions didn’t happen all the same. The full report indicates this effort has been underway since at least 2012, again highlighting how global cellular networks may not quite be the bastions of security wireless carriers often profess them to be.