By examining signals data, the report by Washington-based Exigent Media found that Beijing, working through state-owned telecom operator China Unicom, was the main source of attacks against U.S. mobile users over 3G and 4G networks in 2018.
China exploited notorious network vulnerabilities, which allowed it to track, monitor, interfere, and intercept communications of U.S. phone subscribers while they went abroad. The vulnerabilities are focused around the legacy mobile SS7 signaling system, defined in the report as “a patchwork system enabling network operators around the world to communicate with each other for international roaming services.”
The Chinese cyberattacks centered on tens of thousands of U.S. mobile users from 2018 to 2020, Gary Miller, the report’s author, and a former mobile network security executive, told The Guardian.
“Once you get into the tens of thousands, the attacks qualify as mass surveillance, which is primarily for intelligence collection and not necessarily targeting high-profile targets,” Miller said. “It might be that there are locations of interest, and these occur primarily while people are abroad.”
The fact that the attacks were routed through a state-controlled supervisor indicates a state-sanctioned surveillance campaign, Miller told the outlet.
The analyst also found that in 2018, two Caribbean operators were also involved in a series of attacks on U.S. phone users aimed by China Unicom, implying planning between these networks. The two operators were Cable & Wireless Communications (Flow) in Barbados and the Bahamas Telecommunications Company (BTC).
The report found that from 2019, China's attacks dropped, while those starting from the Caribbean networks spiked — hinting that Beijing was attempting to mask its activities through foreign operators.
“China reduced its attack volumes, favoring more targeted espionage, likely using proxy networks in the Caribbean and Africa to conduct its attacks, having close ties in both trade and technology investment,” the report stated.
Mentioning Beijing’s increased investment in the Caribbean, such as Chinese telecom giant Huawei’s partnership with BTC on the Bahamas’ 4G rollout, the report examined whether this indicated a “strategic signals intelligence cooperation between China and the Caribbean.”
The report added it was likely that Caribbean operators have sold or leased network addresses to Chinese organizations, allowing them to conduct surveillance, most likely without the operators’ knowledge.
Cable & Wireless, the company that owns Flow and BTC, said in an emailed statement to The Epoch Times that it was “carefully reviewing the information in the media reports.”
The company added that it keeps monitoring its networks across all its markets including Barbados and Bahamas and has “robust security policies and protocols in place to protect the data of our customers.”