According to a report published in TechCrunch, hackers have managed to get hold of call records from over 10 telecommunication service providers worldwide. As per the report, the attack was part of a ‘massive scale’ espionage against at least 20 individuals.
The attack was initially discovered by Cybereason, a security research firm who claims that the nature of the attempt indicates that it is backed by a high-profile state. Dubbed as “Operation Softcell’, the attackers compromised ‘call detail records’ that contains comprehensive metadata of every call made by the individual’s phone. The information also includes the times a call was made, dates, and even the cell-based location of the device.
However, the content of the data is not held in these records. But the metadata itself is highly valuable and can indicate a lot of information regarding the victim. In fact, if the carrier is not aware of the attack, the hackers can access the same data in real time – without alerting the user as well.
The head of security research at Cybereason claims that the attack was not aimed to cause a disruption. Instead, the hackers carried forward the attack to target high profile government and military personals whose privacy was significantly compromised as a result.
Reports by the researching team at Cybereason suggests that the attacks are operational for many years and have targeted around 10 unnamed cell networks across Europe, Asia, Africa, and the Middle East. Surprisingly, no reports of the same attack have been discovered on any North America providers.
In its report, Cybereason team says that the hackers first gain access to the network by finding an exposed server or a known vulnerability after which they penetrated in the network to get hold of the caller data records.
The hackers also create accounts for themselves that help them regain access later.
Cybereason hints that the attacking group can be nation-state backed as the sophisticated techniques used by the hacker match with those of APT 10, a Chinese hacking group that was found to be stealing data from NASA, IBM, and other US-based tech companies last year.
However, Cybereason claims that they cannot be conclusive that the group is behind the attack as their previously used tools and methods are publicly available.
Photo: HYWARDS / Getty Images
Read next: The Passwords of Your Content Management Systems Are Not Secure - Research Proves!
The attack was initially discovered by Cybereason, a security research firm who claims that the nature of the attempt indicates that it is backed by a high-profile state. Dubbed as “Operation Softcell’, the attackers compromised ‘call detail records’ that contains comprehensive metadata of every call made by the individual’s phone. The information also includes the times a call was made, dates, and even the cell-based location of the device.
However, the content of the data is not held in these records. But the metadata itself is highly valuable and can indicate a lot of information regarding the victim. In fact, if the carrier is not aware of the attack, the hackers can access the same data in real time – without alerting the user as well.
The head of security research at Cybereason claims that the attack was not aimed to cause a disruption. Instead, the hackers carried forward the attack to target high profile government and military personals whose privacy was significantly compromised as a result.
Reports by the researching team at Cybereason suggests that the attacks are operational for many years and have targeted around 10 unnamed cell networks across Europe, Asia, Africa, and the Middle East. Surprisingly, no reports of the same attack have been discovered on any North America providers.
In its report, Cybereason team says that the hackers first gain access to the network by finding an exposed server or a known vulnerability after which they penetrated in the network to get hold of the caller data records.
The hackers also create accounts for themselves that help them regain access later.
Cybereason hints that the attacking group can be nation-state backed as the sophisticated techniques used by the hacker match with those of APT 10, a Chinese hacking group that was found to be stealing data from NASA, IBM, and other US-based tech companies last year.
However, Cybereason claims that they cannot be conclusive that the group is behind the attack as their previously used tools and methods are publicly available.
Photo: HYWARDS / Getty Images
Read next: The Passwords of Your Content Management Systems Are Not Secure - Research Proves!
