All Phones Hacked

Spies Have It All / POTUS Emergency Alert Spoofing / SpaceX Nets Falling Nosecone With Boat

Photo by Hackriter 🍀 from Pexels
Listen to the author read this article

The argument has been going on for nearly a year. Allegations that our telecommunications infrastructure isn’t safe, either because our own government has overstepped its Constitutional authority or our allies are doing the dirty work for them. And then there are technical alerts about compromises at the hardware and software level; vulnerabilities that should be found before devices ever leave the factory. Further, we find hardware compromises at the chip level with no other purpose but to steal information for a bad actor. Beyond that we struggle with non-nation-state actors who have their own agenda, who group up selling their weaponized blackware services to the highest bidder. It’s exhausting for technologists to know a safe path to navigate away from the dark web.

A few years ago I discovered the zero-trust concept in networking and it has served me well. If we assume everything is hacked, everything is monitored, everything is dangerous, perhaps we can be more careful in the application of technology, depending on it less. By trusting less, we are making our corporate and personal business more resilient.

With all that in mind, I wanted to share an important article with you today from

Zack Whittaker: Hackers are stealing years of call records from hacked cell networks

Security researchers say they have uncovered a massive espionage campaign involving the theft of call records from hacked cell network providers to conduct targeted surveillance on individuals of interest.

The hackers have systematically broken in to more than 10 cell networks around the world to date over the past seven years to obtain massive amounts of call records — including times and dates of calls, and their cell-based locations — on at least 20 individuals.

Researchers at Boston-based Cybereason, who discovered the operation and shared their findings with TechCrunch, said the hackers could track the physical location of any customer of the hacked telcos — including spies and politicians — using the call records.

Lior Div, Cybereason’s co-founder and chief executive, told TechCrunch it’s “massive-scale” espionage.

Call detail records — or CDRs — are the crown jewels of any intelligence agency’s collection efforts. These call records are highly detailed metadata logs generated by a phone provider to connect calls and messages from one person to another. Although they don’t include the recordings of calls or the contents of messages, they can offer detailed insight into a person’s life. The National Security Agency has for years controversially collected the call records of Americans from cell providers like AT&T and Verizon (which owns TechCrunch), despite the questionable legality.

Cybereason researchers said they first detected the attacks about a year ago. Before and since then, the hackers broke into one cell provider after the other to gain continued and persistent access to the networks. Their goal, the researchers believe, is to obtain and download rolling records on the target from the cell provider’s database without having to deploy malware on each target’s device.

Div said the hackers acted invisibly to their targets. “They know everything about them without ever hacking their phone,” he said.

The researchers found the hackers got into one of the cell networks by exploiting a vulnerability on an internet-connected web server to gain a foothold onto the provider’s internal network. From there, the hackers continued to exploit each machine they found by stealing credentials to gain deeper access.

“You could see straight away that they know what they’re after,” said Amit Serper, head of security research at Cybereason. “They would exploit one machine that was publicly accessible through the internet, dump the credentials from that machine, use the credentials stolen from the first machine and repeat the whole process several times.”

Once the hackers gained access to the domain controller, the hackers had control of the entire network. “Everything is completely owned,” said Serper.

The National Security Agency collected 434.2 million phone records on Americans in 2018 as part of the call detail records program, despite controversies of the collection of domestic data. The cell provider hacks discovered by security researchers at Boston-based Cybereason appear to be another nation state collecting data on a handful of targeted individuals. (Image: file photo/Getty Images)

With access to the cell provider’s bank of call detail records, the hackers compressed and exfiltrated a target’s data — some hundreds of gigabytes — amounting to a vast number of records — potentially weeks or months at a time.

“Every single bit of raw data that your phone sends and receives to and from the network is there,” said Serper.

Each time the hackers broke in they would conduct more reconnaissance and network mapping “to get a better understanding of the network,” said Mor Levi, one of the Cybereason researchers who discovered and analyzed the hacking operation. The hackers at one point created a virtual private network connection on one of the cell provider’s compromised servers so they could tunnel into the network and pick up where they left off with ease without having to “reinventing the wheel every time,” she said.

The researchers said the hackers were faster and more efficient in attacking other networks because they already had knowledge of similar cell providers’ networks.

Div said because the attacks were ongoing, the company wouldn’t name the cell networks — only that some are large providers, and the smaller companies are in “unique and interesting” locations, likely each a strategic target for the hackers. Cybereason said it has not yet seen the hackers target North American providers, but said the situation remains “fluid” and ongoing. The company published its findings to sound the alarm over the continued intrusions.

The company also didn’t name the targeted individuals. “We started and then we stopped,” said Div, when the company realized the sensitivity and gravity of the hackers’ operation.

Cybereason did say it was with “very high probability” that the hackers were backed by a nation state but the researchers were reluctant to definitively pin the blame.

The tools and the techniques — such as the malware used by the hackers — appeared to be “textbook APT 10,” referring to a hacker group believed to be backed by China, but Div said it was either APT 10, “or someone that wants us to go public and say it’s [APT 10].”

Relations between the U.S. and China remain fraught amid an ongoing trade dispute involving Huawei, the Chinese telecoms giant accused by U.S. authorities as a proxy for China’s cyberspies.

Tensions have escalated in cyberspace in recent years after the Trump administration accused China of violating an Obama-era bilateral anti-hacking deal, signed in 2015, in which the two superpowers promised not to target each others’ private sector. Last year, the Justice Department indicted two alleged Chinese hackers accused of breaking into dozens of major U.S. tech and industry giants.

The Chinese government has long denied allegations of hacking against the West. When contacted prior to publication, a spokesperson for the Chinese consulate in New York did not comment.

Please have a look at this article at TechCrunch and take some time today to assess what this might mean for you, your family, your government officials and your business. And then let’s make a plan for a future that mitigates this risk.

Emergency Presidential Alerts can be spoofed, researchers warn

Spurred by the panic-inducing fake alarm about an inbound ballistic missile received by Hawaii residents in January 2018, a group of researchers from University of Colorado Boulder wanted to check whether attackers could spoof Presidential Alerts, which are delivered to all capable phones in the United States via the Wireless Emergency Alert (WEA) program.

HelpNet Security explains that 5G will replace the vulnerable standard in this article on their site.

Loren Grush: SpaceX catches rocket nosecone for the first time with giant net-wielding boat

After launching its powerful Falcon Heavy rocket this evening, SpaceX caught part of the vehicle’s nosecone when it fell back to Earth — the first time the company has ever pulled off such a feat. The structure broke away from the rocket in space and parachuted back to the surface, where it then landed on a SpaceX boat outfitted with a giant net.

The successful stunt comes after a year and a half of trying and failing to catch a nosecone after launch. But now that one has been recovered, it’s possible that SpaceX may use the structure again on an upcoming flight instead of building a new one from scratch.

SpaceX continues to break records and rules by thinking up new ways to make recyclable space travel components a reality. Check this story out at The Verge.


Help me out be thumbing this up or giving it claps or telling people or sharing it on social media please…and for goodness sake SUBSCRIBE. It’s free after all.

Buy it here.

Politics may be married to technology and big media, but sometimes individuals can make a difference.

Get “The Dirty Deeds Playbook” today for just $2.99 on Kindle or for a few dollars more in paperback.

This satirical field manual uses fools & fanatics to sew chaos in American elections. Tools & techniques, observations & deception I’ve seen in the process over these past few years.

Support this news aggregation service by checking out my website at today. Links there show all the places you can listen or watch the free podcast.

Also, find out about my other projects, subscribe to my newsletter and alerts, or buy books, advertise and support this project with some merchandise purchases.




Commentary on technology, telecom & security in our information age

Recommended from Medium

Writeup: CSRF where token is not tied to user session @ PortSwigger Academy

Hackers use OpenSea bug to buy precious collectibles at low prices

Advanced PowerUp.ps1 Usage

How to use File Transfer Activity to decrypt a file on Marketing Cloud?

Process to import a encrypt file into Marketing Cloud

The downfall of firewalls

Router Security Analysis

Front of Router

LBank to Launch POVE Demand Deposit with an Annualized Yield of 50%

Haiku #7 Compliance and security

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Weyman Holton

Weyman Holton

author of “The Dirty Deeds Playbook” out now in paperback and on Amazon Kindle.

More from Medium

Serenity Shield — Your Digital Succession Plan

Apple Issues Urgent Security Patches In Response To Active Attacks On Zero-Day Bugs

Cyber attack bee-havior

A honey dipper in a pool of honey on a wood paneled surface sits next to a glass jar of that same honey

Pentesting Deliverables…Ummm Pentest WHA???!!