Spy companies using Channel Islands to track phones globally | Pakistan Today

Spy companies using Channel Islands to track phones globally

LONDON: Private intelligence companies are using phone networks based in the Channel Islands to enable surveillance operations to be carried out against people around the world, including British and US citizens, the Bureau of Investigative Journalism has revealed following a joint reporting project with the Guardian.
Leaked data, documents and interviews with industry insiders who have access to sensitive information suggest that systemic weaknesses in the global telecoms infrastructure, and a particular vulnerability in Jersey and Guernsey, are being exploited by corporate spy businesses.
These businesses take advantage of some of the ways mobile phone networks across the world interact in order to access private information on targets, such as location information or, in more sophisticated applications, the content of calls and messages or other highly sensitive data.
The spy companies see phone operators in the Channel Islands as an especially soft route into the UK, according to industry experts, who say the attacks emanating from the islands appear to be targeted at individuals rather than cases of “mass” surveillance. The Bureau understands that the targets of this surveillance have been spread across the globe, and included US citizens as well as people in Europe and Africa.
Ron Wyden, the Oregon senator and privacy advocate, described the use of foreign telecom assets to spy on people in the US as a national security threat. “Access into US telephone networks is a privilege,” he said in response to the Bureau’s findings. “Foreign telecom regulators need to police their domestic industry – if they don’t, they risk their country being cut off from US roaming agreements.”
Markéta Gregorová, the European Parliament’s chief negotiator on trade legislation for surveillance technology, called for “immediate regulatory, financial and diplomatic costs on companies and rogue jurisdictions” that enabled these practices.
“Any commercial or governmental entity, foreign or domestic which enables the facilitation of warrantless cyber-attacks on European citizens deserves the full force of our justice system,” she told the Bureau.
The investigation has found that private intelligence companies are able to rent access from mobile phone operators and this can then be exploited to allow the tracking of the physical location of users across the world. They are also potentially able to intercept calls and other private data, including bank accounts and emails.
These intrusions, which are very widely exploited, rely on commands designed to help phone operators track their customers’ whereabouts. Such commands, known as “signals”, are sent via a kind of global switchboard for the telecoms industry called SS7. These are vital to the functioning of telecoms networks, and are a routine part of ensuring accurate billing when roaming overseas. But they can also be used by sophisticated state and corporate security agencies for more questionable purposes.
Concerns about SS7 signalling, a communications system dating back to the 1970s, are well established. But little progress has been made in resolving the situation in the past decade. A Whitehall source described the system as “toxic, horrendous – yet one the world relies on,” adding that “it can be abused to geolocate people”. However, securing the system is complex: “if you get it wrong, you disconnect yourself from the rest of the world.”
Security fixes are being implemented in the UK, but up to now there have been concerns that Channel Islands operators have not done so, the source added. The problem can affect phones in the UK and abroad. Telecommunications queries sent from Channel Islands networks to phone numbers in the UK can be treated as domestic, and may evade firewalls put in place to prevent foreign signalling intrusions.
But such messages may also evade detection globally, because by using a +44 country code they appear to be emanating from the UK, generally a well-trusted territory. Although Channel Islands networks share the UK country code they are not covered by UK regulations, opening up a weak link which spy companies can exploit.
Senior British officials have expressed concerns about the security of the Channel Islands’ networks, particularly that some smaller operators across the islands have not plugged well-known vulnerabilities. Sources told the Guardian and the Bureau that some operators, in effect, have leased access to their networks to surveillance businesses, allowing people’s mobile phones to be tracked around the world. Shadow digital minister Chi Onwurah said: “This is a critical situation and it needs fixing urgently. A secure and resilient telecoms network can’t mean only worrying about China and Huawei. Our national security should be the government’s priority and we must act to protect our networks.”