How a hacker group got hold of calling records and text messages deploying highly sophisticated tools that show signs of originating in China
American cybersecurity company Crowdstrike has reported on Reuters that a hacker group that it dubbed LightBasin has hacked into mobile telephone networks in disparate geographies. CrowdStrike Senior Vice President Adam Meyers said his company gleaned the information by responding to incidents in multiple countries, which he declined to name. He also said that the tools the hackers use can retrieve data unobtrusively.
Although the attacks had connections to China including cryptography relying on Pinyin phonetic versions of Chinese language characters and techniques familiar from previous attacks by the Chinese government, Crowdstrike has cautioned that these shouldn’t be a basis for asserting Beijing’s involvement.
CISA (Cybersecurity and Infrastructure Security Agency) responsible for the security and reliability of communications infrastructure commented that it was aware of the CrowdStrike report. “This report reflects the ongoing cybersecurity risks facing organizations large and small and the need to take concerted action,” a spokesperson said.
Telecoms companies have long been a top target for nation-states such as China, Russia and Iran, but mobile careers and messaging apps have also frequently wrangled with the nation states they are operating in over providing access to information contained in calls and messages. Since 14 October, for example, subscribers of dozens of Telegram channels have been labelled as ‘extremist’ in Belarus and may be considered participating in extremist activity.
But end-to-end encryption adopted by Telegram, Zoom or WhatsApp, which offers the most reliable protection against the interception of messages by third parties while they are travelling between the sender and the recipient, is a two-edged sword. While it can prevent hackers from decrypting information on telecom carrier networks that they’ve breached, it can also bar democratic governments’ law enforcement from accessing the evidence that these messages could supply for criminal activity.
It’s still unclear whether and to what extent subscribers and users in the UK have been affected by the breach discovered by Crowdstrike.