China’s Mass-Surveillance Goes Global: SMS Invasion

By David Fratini on November 1, 2019

Overview:

State-sponsored Chinese hacking group Lotus Blossom (AKA APT41) has infiltrated 4 telecom companies operating in undisclosed locations. The purpose of this infiltration was to expand their Orwellian suppression of “dissident” activity, or anything the Communist Party of China (CCP) finds offensive. The CCP has expanded their oversight outside of the confines of China and is now incorporating foreign infrastructure into their mass surveillance systems, showing a blatant disregard for privacy rights for citizens outside of China.

 

Impact:

China’s increasingly dystopian control methods have disturbing implications for the world. Their monitoring systems are already being exported to countries interested in forcefully controlling populations and obstructing fair democratic practices, such countries range from Ecuador and Venezuela to Zimbabwe and Uzbekistan. The wholesale of these technologies to aspiring autocrats across the globe has been a strong indication of the CCP’s proclivity for expanding their influence and providing a darker alternative to the liberal order and international democratic standards of the post-war era, but these latest hacks shatter any illusions that China is willing to respect international law, or the rights of world citizens. China is now the global leader in quantum research (Whalen, 2019), AI (Webb, 2018), and 5G (Cheng & Feng, 2019),  – technologies which the CCP utilizes to maintain their Big Brother-esque surveillance society.

The data obtained by FireEye shows that the CCP is arbitrarily collecting data on individuals based on a subjective bias against China. Looking at the data, it seems that many individuals monitored by this technology, are not (nor have ever been), Chinese citizens. This can be considered technical oversight, or the willful exploitation of foreign networks to expand surveillance outside of the state – a process that is repeatable throughout the developed world.

Regardless of intent China’s actions constitute activity that would meet with billions of dollars of repercussions if conducted by an accountable entity (such as Facebook and Google are facing in the EU). Not only does this practice infringe on the rights of individuals on a global scale, but it is another step in limiting the already marginal freedoms of Chinese abroad. For those pro-democratic Chinese citizens travelling abroad, escaping the ever present surveillance has become that much harder.

It seems that there is a question that the democratic world must ask itself: Where is the line, and at what cost do we keep moving it to accommodate the CCP’s progressively aggressive transgressions?

 

Methodology:

It is unclear exactly how APT41 was able to infiltrate telecom providers’ servers, however, what is clear is that they utilized a custom malware dubbed “MessageTap”.

MessageTap infected Linux based Short Message Service Center (SMSC) servers, which act as relays for SMS messages, temporarily storing raw SMS data before it is passed along to the intended recipient. MessageTap parses messages travelling through an infected server and selectively copies the information of the sender and messages if certain search criteria are met. Deconstruction of the malware found targeted phrases included the names of CCP leaders. MessageTap also creates a backdoor used to quietly exfiltrate the data it collects.

Targeting criteria also included international mobile subscriber identity (IMSI) and telephone numbers, showing a highly targeted system aimed at international surveillance of persons of interest.

References:

Akita, H. (2019, June 14). China is exporting AI-driven authoritarianism. Retrieved from https://asia.nikkei.com/Spotlight/Comment/China-is-exporting-AI-driven-authoritarianism ANITH. (2019, October 31). Chinese Hackers Compromise Telecom Servers to Spy on SMS Messages. Retrieved from https://anith.com/chinese-hackers-compromise-telecom-servers-to-spy-on-sms-messages/ Armstrong, M. (n.d.). The Latest Destination for China’s High-Tech Social Surveillance? Venezuela. Retrieved from https://slate.com/technology/2018/11/venezuela-china-zte-authoritarian-surveillance-social-control-tech.html Burton, G. (2019, October 31). Chinese hackers brew ‘MessageTap’ malware to creep on world leaders’ texts | TheINQUIRER. Retrieved from https://www.theinquirer.net/inquirer/news/3083290/apt41-intercept-world-leaders-messages Cheng, A., & Feng, E. (2019, October 24). China’s Tech Giant Huawei Spans Much Of The Globe Despite U.S. Efforts To Ban It. Retrieved from https://www.npr.org/2019/10/24/759902041/chinas-tech-giant-huawei-spans-much-of-the-globe-despite-u-s-efforts-to-ban-it Leong, R., Perez, D., & Dean, T. (2019, October 31). MESSAGETAP: Who’s Reading Your Text Messages? Retrieved from https://www.fireeye.com/blog/threat-research/2019/10/messagetap-who-is-reading-your-text-messages.html Mozur, P., Kessel, J., & Chan, M. (2019, April 26). Made in China, Exported to the World: The Surveillance State. Retrieved from https://www.nytimes.com/2019/04/24/technology/ecuador-surveillance-cameras-police-government.html O’Donnell, L. (2019, October 31). China-Linked Hackers Spy on Texts With MessageTap Malware. Retrieved from https://threatpost.com/china-hackers-spy-texts-messagetap-malware/149761/ Webb, A. (2018, August 21). China Is Leading in Artificial Intelligence–and American Businesses Should Take Note. Retrieved from https://www.inc.com/magazine/201809/amy-webb/china-artificial-intelligence.html Whalen, J. (2019, August 18). The quantum revolution is coming, and Chinese scientists are at the forefront. Retrieved from https://www.washingtonpost.com/business/2019/08/18/quantum-revolution-is-coming-chinese-scientists-are-forefront/