Hackers using telecoms like ‘global spy system’
LONDON — An ambitious group of suspected state-backed hackers has been burrowing into telecommunications companies in order to spy on high-profile targets across the world, a U.S. cybersecurity firm said in a report published Tuesday.
Boston-based Cybereason said the tactic gave hackers sweeping access to VIPs’ call records, location data and device information — effectively turning the targets’ cellular providers against them.
Cybereason Chief Executive Lior Div said because customers weren’t directly targeted, they might never discover that their every movement was being monitored by a hostile power.
The hackers have turned the affected telecoms into “a global surveillance system,” Div said in a telephone interview. “Those individuals don’t know they were hacked — because they weren’t.”
Div, who presented his findings at the Cyber Week conference in Tel Aviv, provided scant details about who was targeted in the hack. He said Cybereason had been called in to help an unidentified cellular provider last year and discovered that the hackers had broken into the firm’s billing server, where call records are logged.
The hackers were using their access to extract the data of “around 20” customers, Div said.
Who those people were he declined to say, describing them as mainly coming from the world of politics and the military. He said the information was so sensitive he would not provide even the vaguest idea of where they or the telecom were located.
“I’m not even going to share the continent,” he said.
Cybereason said the compromise of its customer eventually led it to about 10 other firms that had been hit in a similar way, with hackers stealing data in 100 gigabyte chunks. Div said the hackers even appeared to be tracking non-phone devices, such as cars or smartwatches.
Cybereason said it was in the process of briefing some of the world’s largest telecommunications firms on the development. The GSMA, a group that represents mobile operators worldwide, said in an email it was monitoring the situation.
Cybereason said all the signs point to APT10 — a notorious cyberespionage group that U.S. authorities and digital security experts have tied to the Chinese government.