Saturday, 2 September 2023

Telstra-owned Pacific mobile network likely exploited by spies for hire.

Extract from ABC News

ABC News Homepage


A Telstra-owned mobile phone operator in the Pacific Islands has likely been used by private spy firms to track people on the other side of the world and steal their data, according to expert cybersecurity analysis.

Digicel Pacific's network resources appear to have been exploited to target unsuspecting mobile phone users in Africa in a type of attack that has been used in the past by spy-for-hire operations and state actors, according to analysis by the University of Toronto's Citizen Lab shared with the Organized Crime and Corruption Reporting Project (OCCRP) and the ABC.

The revelations come after Telstra purchased Fiji-based Digicel Pacific in July 2022.

The purchase was backed with more than $2 billion in Australian government financing amid fears that China's government could use the network — which operates in six Pacific countries — to carry out spying in the increasingly contested region.

The Digicel logo with 'better together' underneath and a woman on the right making a love heart with her hands
Digicel Pacific global titles in Fiji, PNG, Tonga, and Vanuatu were used for over 21,000 suspicious queries.(Twitter: Digicel PNG)

But Citizen Lab's analysis suggests that Telstra has had to contend with another security threat on the network: for-profit surveillance companies.

Typically based in the West, such operations market their services to governments as a way to track criminals and terrorists.

Previous reporting, however, has found these services are frequently used to spy on journalists, activists, and political dissidents.

Messages, calls and location can be intercepted

Using data from the Mobile Surveillance Monitor project, Citizen Lab found that actors who are most likely private spies-for-hire have been attacking phones around the world by leasing or otherwise gaining the use of "global titles" belonging to Digicel Pacific.

Global titles are a kind of address on 3G networks, which can be used to send queries to phones connected to mobile providers anywhere on earth, said Gary Miller, a research fellow at Citizen Lab.

These queries can be used to locate a person's phone, or intercept their messages and calls.

"The attacks seen in the data are blatant and clearly malicious," Mr Miller said.

Once spy operations have obtained a global title and registered it on international phone networks, they can run their attacks using free software and hardware that costs as little as $200.

The Citizen Lab data shows that although Digicel global titles were used, attackers bypassed the company's networks.

After OCCRP and the ABC shared Citizen Lab data with Telstra, the company responded by saying it had already terminated most of the Digicel Pacific global title leases.

The company added that it had cancelled an additional lease after it was brought to their attention by reporters.

Telstra "will be exiting the small number of remaining leases by April 2024, or earlier, if investigations reveal they are acting outside of their contractual obligations," it said.

Ongoing abuse of global titles

The abuse of Digicel Pacific global titles dates back to before Telstra's purchase of the network.

It was first uncovered by journalists from Lighthouse Reports, a European investigative newsroom, while reporting on Italian surveillance company Tykelab last year.

A graphic shows a left hand operating a phone behind overlays of blurred, neon green computer coding.
Citizen Lab said there was not enough evidence to pin the attacks on anyone specifically.(Supplied: terovesalainen/Adobe stock)

Digicel Pacific global titles were also found to have been used by a for-profit spying operation run out of Switzerland in a joint investigation by Lighthouse Reports and partners this May.

Last October, Telstra acknowledged that their global titles had been used, but said it had acted to "review and reduce" the leasing out of Digicel Pacific's global titles to third parties.

However, a recent Citizen Lab analysis shows Digicel Pacific's global titles continued to be abused after this point.

Suspicious queries surge after lull

The latest analysis shows that Digicel Pacific global titles from five countries — Fiji, Papua New Guinea, Samoa, Tonga, and Vanuatu — were used to lodge over 21,000 suspicious queries in the 12 months to July this year.

Last October alone saw 9,115 such queries, many of them designed to identify individual phones or to find their location.

After a brief lull, suspicious queries surged again in recent months. Nearly 922 likely attacks were recorded in June and July this year, according to the latest available data.

Mr Miller said more could have been done to thwart this activity.

"It doesn't appear that they've taken the proper steps," he said.

Cancelling the leases is one thing, he said, but the addresses still need to be removed from global networks.

"What should have happened is that all these leased global titles should have been just pulled out. But we didn't see that."

Telstra's acquisition of Digicel Pacific was widely seen as a move to prevent Chinese spying.

Mr Miller said there was not enough data to pin the current attacks on any particular state or actor.

But he said that China has been documented using the type of attacks now being facilitated by the network.

"If it's easy for people to lease global titles, it's just as easy for China as it would be for any other adversary," he said.

The Department of Foreign Affairs and Trade referred reporters' questions to Telstra, but added that the company "brings strong capabilities to the Digicel Pacific business and has the necessary experience and expertise to enhance the security and reliability of Digicel Pacific's networks."

Aubrey Belford is the lead editor for the Pacific for the Organized Crime and Corruption Reporting Project (OCCRP) and co-wrote this story with the ABC's foreign affairs reporter Stephen Dziedzic.

No comments:

Post a Comment