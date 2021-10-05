Hacked Data Exposes Law Enforcement Officers Who Joined Far-Right Oath Keepers Group
Rethinking Facebook: We Need To Make Sure That 'Good For The World' Is More Important Than 'Good For Facebook'

Company That Handles Billions Of Text Messages Quietly Admits It Was Hacked Years Ago

(Mis)Uses of Technology

from the whoops-a-daisy dept

Tue, Oct 5th 2021 6:47amKarl Bode

We've noted for a long time that the wireless industry is prone to being fairly lax on security and consumer privacy. One example is the recent rabbit hole of a scandal related to the industry's treatment of user location data, which carriers have long sold to a wide array of middlemen without much thought as to how this data could be (and routinely is) abused. Another example is the industry's refusal to address the longstanding flaws in Signaling System 7 (SS7, or Common Channel Signaling System 7 in the US), a series of protocols hackers can exploit to track user location, dodge encryption, and even record private conversations.

Now this week, a wireless industry middleman that handles billions of texts every year has acknowledged its security isn't much to write home about either. A company by the name of Syniverse revealed that it was the target of a major attack in a September SEC filing, first noted by Motherboard. The filing reveals that an "individual or organization" gained unauthorized access to the company's databases "on several occasions." That in turn provided the intruder repeated access to the company's Electronic Data Transfer (EDT) environment compromising 235 of its corporate telecom clients.

The scope of the potentially revealed data is, well, massive:

"Syniverse repeatedly declined to answer specific questions from Motherboard about the scale of the breach and what specific data was affected, but according to a person who works at a telephone carrier, whoever hacked Syniverse could have had access to metadata such as length and cost, caller and receiver's numbers, the location of the parties in the call, as well as the content of SMS text messages."

Amazingly enough the hack began in 2016 but was only discovered this year. How much data was accessed? Why did it take so long? Was it a Chinese or Russian sponsored attack? Why was there absolutely no transparency about the breach until now? Why aren't Syniverse or any wireless carriers being clear about what happened? Have government officials been compromised? Have those officials been notified by anybody? Good questions!:

"The information flowing through Syniverse’s systems is espionage gold," Sen. Ron Wyden told Motherboard in an emailed statement. "That this breach went undiscovered for five years raises serious questions about Syniverse’s cybersecurity practices. The FCC needs to get to the bottom of what happened, determine whether Syniverse's cybersecurity practices were negligent, identify whether Syniverse's competitors have experienced similar breaches, and then set mandatory cybersecurity standards for this industry."

Between this and the SS7 flaw alone you have to inherently assume that most global wireless communications has been significantly compromised for a long while in some fashion. And like most hacks, the scale of this will only get worse as time goes by. Security and privacy at massive international scale isn't easy, but these kinds of repeated scandals don't have to happen. They're made immeasurably worse by our lack of even a basic internet-era privacy law, intentionally underfunded and understaffed U.S. privacy regulators, and our failure to hold companies accountable in any meaningful way for repeated and massive screw ups. Mostly because doing any of these things might put a dent in quarterly revenues.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: data breach, hack, privacy, security, ss7, text messages
Companies: syniverse

3 Comments | Leave a Comment

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread



Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Hacked Data Exposes Law Enforcement Officers Who Joined Far-Right Oath Keepers Group
Rethinking Facebook: We Need To Make Sure That 'Good For The World' Is More Important Than 'Good For Facebook'
Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

Introducing the new Techdirt Insider Chat, now hosted on Discord. If you are an Insider with a membership that includes the chat feature and have not yet been invited to join us on Discord, please reach out here.

Loading...
Techdirt Insider Chat

Notice: This version of the Techdirt Insider Chat will soon be removed from the site. We are replacing it with a Discord channel specifically for Insiders.

 
Recent Stories

Tuesday

12:00 Investigation: CBP Targeted Journalists, Illegally Shared Info With Mexico, And Attempted To Cover It All Up (0)
10:54 A New Hope For Moderation And Its Discontents? (0)
10:49 Daily Deal: The JavaScript DOM Game Developer Bundle (0)
09:06 Rethinking Facebook: We Need To Make Sure That 'Good For The World' Is More Important Than 'Good For Facebook' (16)
06:47 Company That Handles Billions Of Text Messages Quietly Admits It Was Hacked Years Ago (3)
03:40 Hacked Data Exposes Law Enforcement Officers Who Joined Far-Right Oath Keepers Group (16)

Monday

19:56 Disney Defeats Lawsuit Brought By Company Owning Evel Knievel's Rights Over 'Toy Story 4' Character (8)
15:37 Tesla 'Self-Driving' NDA Hopes To Hide The Reality Of An Unfinished Product (34)
14:30 Reminder: Our Techdirt Tech Policy Greenhouse Live Workshop Is Happening This Wednesday! (0)
13:43 Right-Wing Commentator Dan Bongino Runs Into Florida Anti-SLAPP Law, Now Owes Daily Beast $32,000 In Legal Fees (11)
More arrow

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.