China hackers caught stealing call records, text messages around the world

By Caravanserai

A man walks while looking at his cell phone in Sweden's capital, Stockholm, on February 4. [Jonathan Nackstrand/AFP]

A man walks while looking at his cell phone in Sweden's capital, Stockholm, on February 4. [Jonathan Nackstrand/AFP]

A China-linked hacking group has been burrowing into mobile telephone networks around the world, using sophisticated tools to steal call records and text messages, according to CrowdStrike, a US-based cybersecurity company.

CrowdStrike said it identified evidence of at least 13 telecom companies across the world compromised by the hacking group, dubbed LightBasin, dating back to at least 2019.

LightBasin, also publicly known as UNC1945, has been active since at least 2016, CrowdStrike said on its blog October 19.

The hacking group has "extensive knowledge of telecommunications protocols" and leverages sophisticated tools "to retrieve highly specific information from mobile communication infrastructure, such as subscriber information and call metadata".

Prince, a member of the Chinese hacking group Red Hacker Alliance who refused to give his real name, uses his computer at their office in Dongguan, Guangdong province, on August 4, 2020. [Nicolas Asfouri/AFP]

Prince, a member of the Chinese hacking group Red Hacker Alliance who refused to give his real name, uses his computer at their office in Dongguan, Guangdong province, on August 4, 2020. [Nicolas Asfouri/AFP]

People visit a Huawei booth during the Mobile World Congress in Shanghai on February 23. [Hector Retamal/AFP]

People visit a Huawei booth during the Mobile World Congress in Shanghai on February 23. [Hector Retamal/AFP]

CrowdStrike Senior Vice President Adam Meyers said the programmes could retrieve specific data unobtrusively. "I've never seen this degree of purpose-built tools," he told Reuters.

One piece of evidence that suggests the attacks are linked to the Chinese regime is that they used cryptography relying on Pinyin romanisation -- phonetic versions of Chinese language characters -- as well as techniques that echoed previous Chinese government attacks.

"The identification of a Pinyin artefact indicates the developer of this tool has some knowledge of the Chinese language," CrowdStrike said, adding that LigthBasin will continue to target the telecommunications sector.

The company published the technical details of the attacks so that other companies can check for similar intrusions.

The US Cybersecurity and Infrastructure Security Agency (CISA) told Reuters it was aware of the CrowdStrike report and would continue to work closely with US carriers.

"This report reflects the ongoing cybersecurity risks facing organisations large and small and the need to take concerted action," an official said through a spokesperson.

State-sponsored hacking

Telecom firms are often the targets of state-sponsored or protected hacking groups, in particular from China, Russia and Iran, among others.

In recent years hackers have also targeted multinational pharmaceutical giants, universities and research laboratories.

China has become a safe haven for cyber criminals, US officials said in July 2020 after the indictment of two Chinese nationals for seeking to steal COVID-19 vaccine research and hacking hundreds of companies around the world.

"China has now taken its place, alongside Russia, Iran, and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals," US Assistant Attorney General John Demers said in a US Justice Department statement at the time.

The two suspects had been engaged in a computer hacking campaign for the past 10 years, said the Justice Department.

"Targeted industries included, among others, high tech manufacturing; medical device, civil, and industrial engineering; business, educational, and gaming software; solar energy; pharmaceuticals; defence," it said.

"More recently, the defendants probed for vulnerabilities in computer networks of companies developing COVID-19 vaccines, testing technology, and treatments," it said.

In May 2020 the US Federal Bureau of Investigation (FBI) and CISA had warned organisations researching the disease of "likely targeting and network compromise by the People's Republic of China".

Security risks

The proliferation of Chinese-made cell phones and surveillance cameras is another concern.

Lithuania's Defence Ministry last month said public institutions and consumers should be wary of using Chinese phones, warning about possible security flaws and data leaks.

The country's National Cyber Security Centre reported September 22 that it had found "cyber security risks" in two popular Chinese-made phones sold in Europe -- the Xiaomi Mi 10T 5G and the Huawei P40 5G.

In the Xiaomi -- the most popular smartphone in Europe -- it reported finding a built-in censorship tool that can block certain search terms in Chinese and also Latin script.

The blocked terms include "Free Tibet", "Long live Taiwan independence", "democracy movement", "student movement", "dictatorship", and the names of some Western companies and news outlets.

Meanwhile, security analysts in Kazakhstan have sounded the alarm over the use of Chinese-made products in the country's Smart City project, which includes the installation of surveillance cameras on city streets to ensure law and order and compliance with traffic rules.

The concern is that the video surveillance systems introduced in Kazakhstan could be accessed by Chinese authorities.

For example, Nur-Sultan-based Korkem Telecom's technical partner is a Chinese firm, Dahua Technology.

Hikvision, another Chinese manufacturer of surveillance cameras and security equipment, has been operating in Kazakhstan since 2015.

Both Dahua and Hikvision are under US sanctions for facilitating human-rights violations against China's Muslim minorities.

'Big Brother' surveillance

"What science fiction warned about 50 to 100 years ago -- describing totalitarian societies based on surveillance by 'Big Brother' -- has already come true," Andrei Grishin, a spokesman for the Kazakhstan International Bureau for Human Rights and Rule of Law in Almaty, said in December 2019.

In September that year, Reuters, citing unnamed intelligence sources and security experts, reported that hackers working for the Chinese government broke into telecom networks in several countries, including Kazakhstan, to track Uighur travellers in Central and Southeast Asia.

In December 2020, several reports brought to light how Chinese authorities were using technology to track, monitor and detain predominantly Muslim minority groups in the Xinjiang region of China.

A face-recognition software feature devised by technology giant Alibaba showed how clients could detect the faces of Uighurs and other ethnic minorities within images and videos, the surveillance industry publication IPVM and The New York Times reported December 16.

Another Chinese cloud provider, Kingsoft Cloud, also described on its website software that could use an image of a face to evaluate whether a person's race was "Uighur" or "non-Uighur", The New York Times reported.

When asked for comment, both companies quickly deleted mentions of "Uighurs" and "minority detection" from their websites and denied any wrongdoing.

Two other Chinese tech giants, Huawei and Megvii, worked together to test and validate "Uighur alarms", IPVM and the Washington Post reported December 8.

Beijing has increasingly used artificial intelligence-assisted surveillance to monitor the general public and oppress minorities, protesters and others deemed threats to the state, said Maya Wang, a China senior researcher at Human Rights Watch.

Surveillance spending in Xinjiang has risen sharply in recent years, with facial recognition, iris scanners, DNA collection and artificial intelligence deployed across the province in the name of preventing terrorism.

Censorship and propaganda

Beijing has combined surveillance with censorship to silence dissent and scrub the internet of free speech that it deems threatening to authority.

For about a week earlier this year, mainland Chinese and other Chinese-speaking users had rare and unfettered access to the "real" internet in the unfiltered chatrooms of Clubhouse, an exclusive, invitation-only audio app.

The repression of Muslims in Xinjiang, the Tiananmen Square massacre of 1989, the thorny issue of Taiwan and other taboo subjects were all fair game until censors swept in and shut down the app.

When censorship and surveillance are not enough, Chinese authorities have pumped fake news and propaganda into social media networks.

The UK-based Centre for Information Resilience (CIR) this summer uncovered a network of hundreds of fake social media accounts working to distort international perceptions on a variety of important issues, push pro-China narratives and discredit claims critical of Chinese leadership.

The illicit network focuses on distorting hot topics like COVID-19; human rights abuses in Xinjiang; political discord in Hong Kong; overseas conflicts, such as in Afghanistan; and US gun laws, among others, CIR reported August 5.

"The narratives amplified by the accounts are similar to those promoted by Chinese government officials and China state-linked media," it said.

Do you like this article?

0 Comment(s)

Comment Policy * Denotes Required Field 1500 / 1500