A report published in The Guardian by cybersecurity expert Gary Miller accuses the Chinese Communist Party (CCP) of using cellphone networks from the Caribbean islands to carry out surveillance operations on U.S. cellphone subscribers.
The report explains how these surveillance operations are carried out through simple signaling transmissions that are part and parcel of how telecommunications operate.
Signaling messages are commands sent by telecommunications operators through the global network, without a cellphone user knowing it. They allow operators to locate cellphones, connect cellphone users, and assess roaming charges. Still, bad actors can use signaling messages for illegitimate purposes, such as tracking, monitoring, or intercepting communications.
According to Miller, “Once you get into the tens of thousands, the attacks qualify as mass surveillance, which is primarily for intelligence collection and not necessarily targeting high-profile targets. It might be that there are locations of interest, and these occur primarily while people are abroad,” Miller said.
He said the vast majority of these apparent attacks were routed through a state-owned telecoms operator, China Unicom, which he said pointed to a very high likelihood of a state-sponsored espionage campaign.
Miller noted data analysis highlighted that an unusual amount of these signals sent to the same U.S. users by China Unicom were also sent from two Caribbean companies, Cable & Wireless Communications (Flow) in Barbados and Bahamas Telecommunications Company (BTC), which is a clear indication of a coordinated surveillance operation.
According to Miller, these Caribbean companies may or may not be aware of this operation.
The Federal Communications Commission (FCC) in April 2020 threatened to close China Unicom’s operations in the United States because of suspicions that the company was controlled by the CCP and could be used for espionage.
Miller said that his intention in publishing the report is to show the public how vulnerable they are to being surveilled, which neither the government nor politicians apparently want people to know about.
“Government agencies and Congress have been aware of public mobile network vulnerabilities for years,” he said. “Security recommendations made by our government have not been followed and are not sufficient to stop attackers.”
He added, “No one in the industry wants the public to know the severity of ongoing surveillance attacks. I want the public to know about it.”
Miller served as vice president of network security and risk products for Mobileum, where, he explains, he gained access to information about threats to telephone networks around the world.
Miller left Mobileum and started his own technology company, Exigent Media, focused on cybersecurity research.
The use of cyberespionage by the CCP is not new to Americans.
In July 2020, the Department of Justice prosecuted two Chinese nationals working for the Guangdong State Security Ministry for conducting an extensive intellectual property theft operation in the United States, including research on the CCP Virus vaccine.