Skip to main content

Hackers steal call records from cell providers in ‘massive-scale’ espionage

Hackers steal call records from cell providers in ‘massive-scale’ espionage


The attackers are believed to be state-backed

Share this story

An image showing a red lock made up of code
Illustration by Alex Castro / The Verge

Hackers have stolen call records from over 10 cell providers worldwide as part of a “massive-scale” espionage attempt against at least 20 individuals, TechCrunch reports. The attack has been dubbed “Operation Softcell” by Cybereason, the security research firm that discovered it. It’s sophisticated enough that the firm believes there’s a “very high probability” it’s state-backed.

The target of the attacks are “call detail records,” which contain detailed metadata on every call made from an individual’s phone, including times, dates, and the cell-based location of the device. The content of calls are not held in these records, but the metadata alone is hugely valuable. If a carrier doesn’t realize that its network has been infiltrated, then the hackers could have access to this data in real time, and individuals would have no way of knowing that their data has been compromised.

“They could shut down the network tomorrow”

Although the attackers have penetrated deeply enough into each service provider that “they could shut down the network tomorrow,” Cybereason’s head of security research, Amit Serper told CNET, their focus seems to be espionage, rather than disruption. The hackers appear to be targeting high profile government and military targets, whose movements and communications will be significantly compromised by the hack. 

The attacks were first discovered a year ago, but go back by as many as seven years. The researchers say the attacks are ongoing, and that the hacker’s servers are still operational.

At least 10 unnamed cell networks across Europe, Asia, Africa, and the Middle East have been hit by the hack, which is not thought to have affected any North American providers. Cybereason says the hackers initially gained access to the networks by finding an exposed server or by using an old vulnerability, before penetrating through the network until they came to the caller data records database. The hackers created privileged accounts in order to easily regain access later, and in one case even set up a VPN connection to easily tunnel back into the network. 

The sophistication of the attacks means that Cybereason believes the group is nation-state backed, and the techniques used match those of APT10, a notorious Chinese hacking group which was charged with stealing data from NASA, IBM, and other US tech companies last year. However, since this group’s tools and methods are now publicly available, the researchers say there’s no definitive proof that the group is behind the attack.

Although no US providers are thought to have been affected by the hack, the discovery of what appears to be a Chinese state-backed hacking attempt is likely to escalate tensions between the US and China. The Trump administration is concerned that China is willing and able to conduct cyber warfare against its enemies, and cited cybersecurity concerns when it placed Huawei on the entities list, over fears that the company could use its network equipment to sneak malware into US networks.