Researchers say in the field of security They have uncovered a large-scale espionage campaign involving the theft of call logs from hacked cell network providers for targeted monitoring of the individuals involved.
Hackers have systematically accessed more than 10 cellular networks around the world so far over the past seven years to get huge amounts of call records – including call times, dates and cellular sites – for at least 20 people.
Researchers at Cybeason, based in Boston, who Discover the process They shared their findings with TechCrunch, saying hackers could trace the physical location of any client to hacked telecoms companies – including spies and politicians – using call records.
Lior Dave, co-founder and chief executive officer of Cybeason, told TechCrunch that it was "broadband" espionage.
Call Detail Records – or CDR – are the crown jewels of any intelligence agency gathering. These call records are very detailed metadata records created by your phone service provider for calling and receiving messages from one person to another. Although they do not include call recordings or message contents, they can provide a detailed look at a person's life. For years, the National Security Agency has been gathering controversial call records for Americans from cell providers AT & T And Verizon (Who owns TechCrunch), though Illegitimate legitimacy.
Cybeason researchers said they first discovered the attacks about a year ago. Before then and since, hackers infiltrated a cell provider one by one for continuous and continuous access to the networks. Their goal, researchers believe, is to get and load records on the target of the MySQL provider database without having to deploy malicious software on each target device.
Dave said the hackers acted unseen in achieving their goals. "They know everything about them without breaking their phones," he said.
The researchers found that hackers entered a cell network by exploiting a vulnerability on an Internet server connected to the Internet to gain a foothold on the provider's internal network. From there, hackers continued to exploit every device they found by stealing credentials to gain deeper access.
"You can immediately see that they know what they're doing," said Amit Cerber, head of Cybeason's security research department. "They will take advantage of one device that was available to the public over the Internet, get rid of credentials for that device, use stolen credentials from the first device and repeat the entire process several times."
Once hackers could access the domain controller, hackers would control the entire network. "Everything is wholly owned," he said.
By accessing the call details records of the cellular service provider, the intruders have compressed the target data and their output – hundreds of hundreds of gigabytes – that reach a large number of records – possibly weeks or months at a time.
"Every single piece of raw data your phone sends and receives from and to the network is there," he said.
"More and more surveys and mapping are being done to better understand the network," said Moore Levy, a researcher at Cyberbeason who discovered and analyzed piracy every time hackers started. The hackers at one point created a virtual private network connection on a server that had compromised the cell provider so they could access the network and capture the place they left easily without having to "reinvent the wheel every time," she said.
The researchers said hackers were faster and more efficient in attacking other networks Because they already have knowledge of similar networks to cell providers.
Div said because the attacks were continuing, the company would not name cellular networks – only some are large providers, and smaller companies in "unique and interesting" locations, each likely to be a strategic target for hackers. Cypereason said it had not yet seen intruders target North American suppliers, but said the situation was still "fluid" and persistent. The company released its findings to alarm the ongoing incursions.
The company did not also name the target individuals. "We started and then stopped," said Div, when the company realized the sensitivity and seriousness of the hackers' process.
Cybreason says it was "with a very high probability" that hackers were supported by a nation-state but researchers were reluctant to pinpoint the blame categorically.
The tools and techniques – such as malware used by hackers – seem to be "APT 10 Book," referring to a group of hackers believed to be supported by China, but Div said it was either APT 10, or anyone who wanted us to publicize and say so [APT 10]"He said.
Relations between the United States and China remain precarious amid a continuing trade dispute with Huawei, China's telecom giant, which the US authorities accuse of being an agent of hacking the Chinese Internet.
Tensions have risen in cyberspace in recent years after the Trump administration China has been accused of violating A bilateral agreement to combat piracy under Obama, signed in 2015, promised the two superpowers not to target the private sector each. Last year, the Ministry of Justice accused two alleged Chinese intruders Accused of breaking To dozens of giants of technology and major industry in the United States.
The Chinese government has long denied allegations of piracy against the West. When contacted before publication, a spokesman for the Chinese Consulate in New York did not comment.