China's mass surveillance has been widely acknowledged by intelligence communities. With the country's advancement in technology, its communist government has broadened its spy network through digital means - mobile apps and hacking tools exploiting vulnerabilities and facial recognition besides conventional methods beyond mainland China. But now, according to a report, China is allegedly spying on American citizens through telephone networks in the Caribbean.
A former mobile network security executive, Gary Miller from Washington, has claimed that China has been allegedly exploiting vulnerabilities in the telephone network to route communications, allowing it to track, intercept and target communications of American mobile phone users. Miller, who was working for mobile security company Mobileum, started his company Exigent Media, a cybersecurity research firm. He said he wanted to expose the "severity of this activity" and help deploy countermeasures.
"No one in the industry wants the public to know the severity of ongoing surveillance attacks. I want the public to know about it," Miller told Guardian.
Tracking Signal
According to Miller, who has years of experience in analyzing mobile threat intelligence and signaling traffic, China had been using telephone networks in the Caribbean to carry out its surveillance operations. China has allegedly been using a state-run mobile phone operator named China Unicom to divert signaling messages to American users, mainly while they travel abroad.
Telecom operators send commands called signaling messages across the global telephone network to help locate mobile phones, establish a connection between two mobile networks and asses roaming charges. However, according to the Guardian report, signaling messages could be used to track, monitor and intercept communication.
During his investigation, Miller searched for signaling messages that did not appear legitimate. A signaling message could be rendered illegitimate if the GSMA, the global standard-setting association of telecom operators, doesn't authorize it or if the sender's location doesn't match with the location that the user was traveling to. Mobile operators could block such spoofing attempts but the analyst said that the American operators were not aware of how insecure their networks were.
"Government agencies and Congress have been aware of public mobile network vulnerabilities for years. Security recommendations made by our government have not been followed and are not sufficient to stop attackers," Miller said.
Caribbean Connection
The surveillance attacks, mostly on 3G and 4G users, were allegedly targeted through Unicom. But interestingly the same numbers also simultaneously appeared on two Caribbean telecom operators – Cable & Wireless Communications (Flow) in Barbados and Bahamas Telecommunications Company (BTC). Such instances were found dozens of times over eight weeks in 2018, making it "strong and clear" that the attacks were coordinated, according to Miller.
Besides that, with Unicom involved in the alleged attacks, it was an indication of state-sponsored espionage by China. According to the report, the number of attacks on U.S. 3G and 4G subscribers was highest in 2018, while in 2019, most of the attacks originated from Barbados. Between 2018 and 2020, tens of thousands of American subscribers were attacked by China.
However, the number of attacks significantly reduced in 2020 in favor of a more sophisticated espionage technique involving proxy networks in the Caribbean. It could be possible due to close technology and trade ties between Caribbean nations and China. But as the number of targets was in tens of thousands, Miller said it should qualify as mass surveillance.
"Once you get into the tens of thousands, the attacks qualify as mass surveillance, which is primarily for intelligence collection and not necessarily targeting high-profile targets. It might be that there are locations of interest, and these occur primarily while people are abroad," said Miller, who accessed the surveillance information during his time as the vice-president of network solutions at Mobileum.
Despite the allegations, without an official investigation, it is difficult to know if Caribbean telecom operators or even Unicom knowingly allowed China to carry out the surveillance activities. But Miller believes that China, through a business entity, leased network addresses from Caribbean telecom operators. It would have allowed them to coordinate the messages and route via the region's operators without knowledge.
Unicom, however, in a statement said it "strongly refutes the allegations that China Unicom has engaged in active surveillance attacks against U.S. mobile phone subscribers using access to international telecommunications networks." And as expected, the Chinese embassy in Washington also denied the allegations. But it should be noted that the U.S. Federal Communications Commission (FCC) in April issued a warning saying that the agency might shut down Unicom and other Chinese telecom operators in the U.S. as they could be manipulated by the Chinese Communist Party.