Submitted via IRC for SoyCow1944
Hackers have stolen call records from over 10 cell providers worldwide as part of a "massive-scale" espionage attempt against at least 20 individuals, TechCrunch reports. The attack has been dubbed "Operation Softcell" by Cybereason, the security research firm that discovered it. It's sophisticated enough that the firm believes there's a "very high probability" it's state-backed.
The target of the attacks are "call detail records," which contain detailed metadata on every call made from an individual's phone, including times, dates, and the cell-based location of the device. The content of calls are not held in these records, but the metadata alone is hugely valuable. If a carrier doesn't realize that its network has been infiltrated, then the hackers could have access to this data in real time, and individuals would have no way of knowing that their data has been compromised. ""They could shut down the network tomorrow""
Although the attackers have penetrated deeply enough into each service provider that "they could shut down the network tomorrow," Cybereason's head of security research, Amit Serper told CNET, their focus seems to be espionage, rather than disruption. The hackers appear to be targeting high profile government and military targets, whose movements and communications will be significantly compromised by the hack.
The attacks were first discovered a year ago, but go back by as many as seven years. The researchers say the attacks are ongoing, and that the hacker's servers are still operational.
(Score: 0) by Anonymous Coward on Tuesday June 25 2019, @08:07PM
They're conveniently wired to both sides of the Urals!
(Score: 3, Insightful) by DutchUncle on Tuesday June 25 2019, @08:26PM (1 child)
In the phone industry, the call detail log IS the data - certainly it's the data used to create bills for real money. It's also how law enforcement tracks your contacts. And if you have that information from cellphones in real time, then you can do traffic analysis and localize enough for an attack.
(Score: 3, Insightful) by All Your Lawn Are Belong To Us on Tuesday June 25 2019, @11:19PM
I'd have to disagree, and I think most of the industry would disagree with you as well. The call data is the audio of the conversation. The metadata is the descriptors surrounding that data. And yes, it could be as valuable or more valuable than the audio itself.
This sig for rent.
(Score: 0) by Anonymous Coward on Tuesday June 25 2019, @09:01PM (3 children)
They only want to have what the NSA has access to. Someone else here noted that I'd much rather let a foreign intelligence agency have access to my data - I am unimportant in the global scheme of things. But NSA can share my data with any Federal agency that knows the right way to ask and has a half-assed justification.
(Score: 3, Interesting) by c0lo on Wednesday June 26 2019, @12:51AM (2 children)
How do we know it wasn't NSA in th first place? Maybe they wanted to have this metadata filtered by their targets in real-time (as opposed to searching from zillions of petabytes later).
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by captain normal on Wednesday June 26 2019, @03:07AM (1 child)
For once I have to agree with c0lo. What makes the folks at Cybereason think that it isn't the NSA, or even the providers themselves. The data that Cybereason was able to hack into is exactly the data the providers use to bill customers.
The Musk/Trump interview appears to have been hacked, but not a DDOS hack...more like A Distributed Denial of Reality.
(Score: 2) by c0lo on Wednesday June 26 2019, @03:16AM
Oh, you are so wrong.
In fact, you have to agree most of the time. But I can't fault you, 'cause you just don't know it.
(large grin)
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford