By: Staff Writer
December 25, 2020
Shocking allegations that the telecommunications giant in the Caribbean, Cable & Wireless (C&W), who owns BTC in The Bahamas and Flow in Barbados, may have sold the access to their mobile network to malicious Chinese agents.
Gary Miller, the Washington state-based telecommunications security expert behind the recent claims that Chinese agents have been listening in on American cellular phone calls in the Caribbean through Cable and Wireless entities, told Caribbean Magazine Plus that he believes that the access to the mobile network “may have been sold” to the Chinese, whether advertently or inadvertently.
Mr Miller, just recently earlier in December told the UK’s Guardian that he has been monitoring “signalling” messages between telecoms operators and had noticed distinct hacking patterns emanating from China on American cellular phones through BTC and Flow.
Mr Miller told the Guardian that these signalling messages appeared to be “unauthorised” by the GSMA, an international body that regulates these signals and networks.
Mr Miller explained to us how the Chinese may have done it and said that operators can “sell” access to their networks. He went further: “This is a common practice for many operators around the world and I’m not saying that every operator does it, but I’m saying that there are certain operators, which sell as a part of generating revenue, access to their network. For the purposes of doing legitimate capabilities.”
C&W may have sold access to their network to a malicious Chinese agent whether knowingly or unknowingly as a part of them doing legitimate business.
C&W in a response to questions from Caribbean Magazine Plus said: “It is common practice for telecommunications companies to enter into agreements with other providers in order to facilitate roaming for customers across networks. Across all the markets where Cable & Wireless operates, we continuously monitor our networks and have robust security policies and protocols in place to protect the data of our customers. We take our commitment to data protection seriously and are carefully reviewing the information in the Guardian article.”
The Organisation for Economic Cooperation and Development (OECD) released a paper in 2007 outlining the practice of selling access to networks and essentially said that while the practice is standard, more competition in the sector is needed to secure the equitable access among all operators and create more market access for all.
Mr Miller also agreed that in one instance where selling access to your network to a competitor is valuable when using the current SS7 (Signalling System No. 7) network that C&W uses, is when an operator can “validate a number” when a user is roaming. He also said that the same usefulness of operators using one another’s network is the same feature that provides for the misuse of the network by malicious actors.
The current SS7 model seems to be at the core of the slack telecommunications systems in the C&W network, as the network is outdated by at least 20 years. Large carriers like AT&T have moved into more secure mobile networks like SIP (Session Initiated Protocol), which renders the use of the SS7 appear like smart phones versus the telegraph system.
Back in 2014, Edward Snowden, a U.S. National Security Agency (NSA) employee now living in exile in Russia, leaked classified information to the media about America’s spy network using BTC’s infrastructure in The Bahamas as well as the NSA’s hacking into several other telecommunications systems around the world under a programme called “Operation Mystic” and the SOMALGET programme. A matter that was never fully investigated or concluded by the Bahamian government or the U.S. government.
At that time, Mr Snowden revealed that the hacking into the telecommunications systems in The Bahamas was primarily for the use of the Drug Enforcement Agency (DEA) and their investigation into drug trafficking from The Bahamas into the United States.
However, Mr Snowden revealed that in order to have access to the telecommunications infrastructure, the DEA and NSA needed approval from and cooperation with the government of The Bahamas and the telecommunications provider in order for either agency to have access into the mobile network.
Mr Miller said that while that may be true, in this instance it may have been a simple advertent or inadvertent sale of access to the network by C&W to a Chinese entity, whether directly sold, or re-sold to the Chinese in another arrangement with a third party.
The matter of greater supervision of the telecommunications sector worldwide is at the root of Mr Miller’s coming forward to shed light on these practices and highlight how dangerous it is for telecoms companies to be doing this without proper thought or supervisory regulations that can monitor them. He said, if not, then situations like what he witnessed with the unauthorised signalling from a Chinse source into the C&W network can become more commonplace and the technological knowhow may fall into the hands of drug cartels or international terrorists.