A report in the UK Guardian has revealed that China appears to have used mobile phone networks in the Caribbean to surveil US mobile phone subscribers as part of an espionage campaign against Americans.
The claim, The Guardian said, comes from a mobile network security expert who has analysed sensitive signals data.
The findings paint an alarming picture of how China has allegedly exploited decades-old vulnerabilities in the global telecommunications network to route “active” surveillance attacks through telecoms operators.
The alleged attacks appear to be enabling China to target, track, and intercept phone communications of US phone subscribers, outlined research and analysis by Gary Miller, a Washington state-based former mobile network security executive.
Miller, who has spent years analysing mobile threat intelligence reports and observations of signalling traffic between foreign and US mobile operators, said in some cases China appeared to have used networks in the Caribbean to conduct its surveillance.
ALLEGEDLY DIRECTING SIGNAL MESSAGES TO US SUBSCRIBERS
The Guardian stated that, at the heart of the allegations are claims that China, using a state-controlled mobile phone operator, is directing signalling messages to US subscribers, usually while they are travelling abroad.
Signalling messages are commands that are sent by a telecoms operators across the global network without the knowledge of a mobile phone user. They allow operators to locate mobile phones, connect mobile phone users to one another, and assess roaming charges. But some signalling messages can be used for illegitimate purposes, such as tracking, monitoring, or intercepting communications.
The Guardian said US mobile phone operators can successfully block many such attempts, but that Miller believes the US has not gone far enough to protect mobile phone users, who he believes are not aware of how insecure their communications are.
Miller research was focused on messages he said did not appear legitimate, either because they were “unauthorised” by the GSMA, an international standard-setting body for the telecommunications industry, or because the messages were sent from a location that did not match where a user was travelling.
Miller said he was sharing his findings with The Guardian to help expose “the severity of this activity” and to encourage the implementation of more effective countermeasures and security policies.
“Government agencies and Congress have been aware of public mobile network vulnerabilities for years,” he said. “Security recommendations made by our government have not been followed and are not sufficient to stop attackers.”
He added: “No one in the industry wants the public to know the severity of ongoing surveillance attacks. I want the public to know about it.”
The concerns play into those of US Ambassador to Jamaica Donald Tapia, who since assuming office in September 2019 has conducted a crusade against the island’s strengthening relationship with China.
In consistently warning against Jamaica partnering with China in developing its 5G infrastructure, Tapia has threatened possible consequences for endangering America’s 5G security.
“As for consequences, it’s gonna affect banking, any financial transaction from this island,” Tapia had told local media.
“That’s the biggest consequence you have, that your financial institutions and the finance of Jamaica stops… that’s the consequence that you are looking at long term. That’s major.”
Tapia’s stance has brought him into conflict with Jamaican citizens, most notably a controversial Twitter battle that ended with the ambassador being taken to task by Foreign Affairs Minister Kamina Johnson Smith for what were labelled “inappropriate” comments from the US diplomat.
Tapia subsequently apologised for the comments and levelled blame for the posts on an assistant who he promised would be rotated out of the island earlier than planned.
In The Guardian report, Miller said he found that in 2018 China had conducted the highest number of apparent surveillance attacks against US mobile phone subscribers over 3G and 4G networks. He said the vast majority of these apparent attacks were routed through a state-owned telecoms operator, China Unicom, which he said pointed in very high likelihood to a state-sponsored espionage campaign.
Overall, Miller said he believed tens of thousands of US mobile users were affected by the alleged attacks emanating from China from 2018 to 2020.
“Once you get into the tens of thousands, the attacks qualify as mass surveillance, which is primarily for intelligence collection and not necessarily targeting high-profile targets. It might be that there are locations of interest, and these occur primarily while people are abroad,” Miller said. In other words, Miller said he believed the messages were indicative of surveillance of mass movement patterns and communication of US travellers.
Miller also found what he called unique cases in which the same mobile phone users who appear to have been targeted via China Unicom also appear to have been targeted simultaneously through two Caribbean operators: Cable & Wireless Communications (Flow) in Barbados and Bahamas Telecommunications Company (BTC).
The incidents, which occurred dozens of times over a four to eight-week period, were so unusual that Miller said they were a “strong and clear” indicator that these were coordinated attacks.
At the same time, Miller said that in 2019 most apparent attacks against US subscribers over the 3G network emanated from Barbados, while China significantly reduced the volume of messages to US subscribers.
“China reduced attack volumes in 2019, favouring more targeted espionage and likely using proxy networks in the Caribbean to conduct its attacks, having close ties in both trade and technology investment,” Miller said.
CHINA UNICOM ‘REFUTES ALLEGATIONS’
The Guardian said it was not not clear whether any of the telecoms operators would have knowingly been involved in allegedly suspicious activity. In a statement, China Unicom said the company “strongly refutes the allegations that China Unicom has engaged in active surveillance attacks against US mobile phone subscribers using access to international telecommunications networks”.
Miller said he believed it was possible that a China entity directly or indirectly leased a network address from the Caribbean operators, allowing the messages to be coordinated and routed via the region’s telecoms firms without their knowledge.
The Guardian said a spokeswoman for Cable & Wireless, which owns Flow in Barbados and BTC, as well as Jamaica, declined to respond to questions.
A spokesperson for the Chinese embassy in Washington said: “The Chinese government’s position on cybersecurity is consistent and clear. We firmly oppose and combat cyber-attacks of any kind. China is a staunch defender of cybersecurity.”
The Federal Communications Commission, the US telecommunications regulator, in April issued an order warning that it might shut down the US operations of China Unicom and other China-controlled entities. At the time, Ajit Pai, the FCC chairman, said the commission was concerned about the companies’ vulnerability to the “control of the Chinese Communist party”.
China Unicom responded to the FCC, saying it had a good record of compliance and had shown a willingness to cooperate with US law enforcement agencies.
In its statement to The Guardian, China Unicom added that its US subsidiary operated “independently” in the US and in accordance with US laws.
“China Unicom (Americas) has never been accused of misconduct and has never knowingly been the subject of investigation by any US law enforcement agency,” it said.
“We have an illusion of security when we talk on our mobile phones,” James Lewis, the director of the Strategic Technologies Program at the Center for Strategic and International Studies (CSIS), told The Guardian.
“People don’t realise that we are under a sustained espionage attack on anything that connects to a network, and that this is just another example of a really aggressive and pretty sophisticated campaign.”