New technical analysis compiled by a veteran cybersecurity expert previously at Mobileum, a mobile security company whose job it is to track threats to mobile operators, has detailed likely efforts of Chinese intelligence to surveil US mobile phone subscribers using phone networks out of the Caribbean.
Gary Miller, who has since started the cybersecurity company Exigent Media, has alleged and detailed to The Guardian that China is engaged in "active" surveillance attacks through foreign telecoms operators.
The Guardian report offers little to nothing in the way of forensic or technical evidence to back the claims, but is reliant merely on Miller's track record of expertise as an industry insider. There have been similar allegation in the past, particularly a prior similar 2018-2019 report titled Far From Home.
Some of the details of the alleged China snooping are as follows:
"At the heart of the allegations are claims that China, using a state-controlled mobile phone operator, is directing signaling messages to US subscribers, usually while they are travelling abroad.
Signaling messages are commands that are sent by a telecoms operators across the global network, unbeknownst to a mobile phone user. They allow operators to locate mobile phones, connect mobile phone users to one another, and assess roaming charges. But some signaling messages can be used for illegitimate purposes, such as tracking, monitoring, or intercepting communications."
Miller claims that among US telecoms providers it's a bit of an "open secret" but that "No one in the industry wants the public to know the severity of ongoing surveillance attacks."
The findings appear to center on Signaling System 7 (SS7), a communications protocol which routes calls and data around the world. Analysts have long decried its inherent weaknesses and security vulnerabilities.
China's Communist Party (CCP) seems to be implementing a multidimensional strategy in the Caribbean, reaping economic, political and potentially military gains a few miles offshore the United States. https://t.co/cb692ZoyGl— Joaquín Ortega (@ortegabrothers) December 10, 2020
"I want the public to know about it," Miller said. "Once you get into the tens of thousands, the attacks qualify as mass surveillance, which is primarily for intelligence collection and not necessarily targeting high-profile targets," Miller told The Guardian further.
"It might be that there are locations of interest, and these occur primarily while people are abroad," Miller described.
"China reduced attack volumes in 2019, favoring more targeted espionage and likely using proxy networks in the Caribbean to conduct its attacks, having close ties in both trade and technology investment," he alleged further.