Former mobile network executive Gary Miller, founder of a cybersecurity startup called Exigent Media, on Tuesday accused China of using mobile phone networks in the Caribbean to conduct surveillance operations against Americans.
Miller detailed the findings of his report on Chinese cell phone espionage in an interview with the UK Guardian:
At the heart of the allegations are claims that China, using a state-controlled mobile phone operator, is directing signaling messages to US subscribers, usually while they are travelling abroad.
Signaling messages are commands that are sent by a telecoms operators across the global network, unbeknownst to a mobile phone user. They allow operators to locate mobile phones, connect mobile phone users to one another, and assess roaming charges. But some signaling messages can be used for illegitimate purposes, such as tracking, monitoring, or intercepting communications.
US mobile phone operators can successfully block many such attempts, but Miller believes the US has not gone far enough to protect mobile phone users, who he believes are not aware of how insecure their communications are.
According to Miller, much of this surveillance was conducted through a company owned by the Chinese government called China Unicom, which denied his allegations in a statement to the Guardian.
“The Chinese government’s position on cybersecurity is consistent and clear. We firmly oppose and combat cyber-attacks of any kind. China is a staunch defender of cybersecurity,” the Chinese embassy in Washington insisted when asked about the report.
Miller said that waves of signaling messages were sent to tens of thousands of American cell phone users in a campaign of indiscriminate “mass surveillance” between 2018 and 2020. China Unicom allegedly used two Caribbean providers, Cable & Wireless Communications of Barbados and Bahamas Telecommunications Company, to bombard American phones with these messages.
“China reduced attack volumes in 2019, favoring more targeted espionage and likely using proxy networks in the Caribbean to conduct its attacks, having close ties in both trade and technology investment,” Miller told the Guardian. He said it was possible the operators of the Caribbean networks were not aware they were being used in this manner.
Miller’s conclusions were based on his analysis of huge volumes of cell phone messaging data. He said he could detect patterns of suspicious activity, like repeated signaling messages sent to the same user repeatedly in an effort to monitor their movements, and messages that had invalid or irrational source and registration information. Sometimes he found the same cell phone user receiving bursts of suspicious messages from both China Unicom and one of the Caribbean mobile networks.
The Guardian noted that the Federal Communications Commission (FCC) said in April that it might shut down China Unicom’s operations in the United States due to suspicions the company was controlled by the Chinese Communist Party (CCP) and could be used for espionage. China Unicom responded that it had done nothing wrong and said its American branch is managed independently of the parent company.
Newsweek observed on Tuesday that security experts have long been concerned about vulnerabilities in a cell phone communications protocol called Signaling System 7 (SS7), a “patchwork system” that allows disparate networks in different countries to communicate with each other so international roaming features on cell phones work properly.
The Department of Homeland Security (DHS) warned in 2017 that SS7 has security flaws and “many foreign vendors appear to be sharing or selling expertise and services that can be used to spy on Americans.” In the same year, independent security analysts warned that SS7 could be exploited to perform the sort of location-tracking surveillance Miller claims was used against Americans by the Chinese Communist Party.
Newsweek reported the telecom industry does not appear to have addressed most of the vulnerabilities outlined in 2017. Miller told the Guardian that the industry does not want customers to know how vulnerable their networks are to surveillance programs, especially the sophisticated operations that can be mounted by national intelligence agencies.
“Government agencies and Congress have been aware of public mobile network vulnerabilities for years. Security recommendations made by our government have not been followed and are not sufficient to stop attackers. No one in the industry wants the public to know the severity of ongoing surveillance attacks. I want the public to know about it,“ he said.