Hackers have stolen years worth of phone records in a “massive espionage campaign”
It’s bad, but it sounds so friggin’ cool.
It’s not every day you get to use a phrase like “massive espionage campaign.”
If you’re covering spy movies, maybe, but tech? The best we get is “hospital robocall crisis” which sounds way cooler than it actually is. Anyways, forgive my overuse of this phrase in the story to follow, as it’s undoubtedly the three coolest words I’ve ever typed in a row.
A group of hackers stole over seven years worth of call records from around the world, according to a report by TechCrunch. The “massive espionage campaign” (yep, still cool) was unearthed by Boston-based research firm Cybereason, which revealed that at least 20 individuals were targeted in a series of hacks that compromised over 10 cell networks.
Cybereason researchers said they first detected the attacks about a year ago. Before and since then, the hackers broke into one cell provider after the other to gain continued and persistent access to the networks. Their goal, the researchers believe, is to obtain and download rolling records on the target from the cell provider’s database without having to deploy malware on each target’s device.
Call records, for those who might not know, are super detailed data logs of our phones which can be used to track everything from messaging history to location
That text you sent to your ex at 3 am? Someone at Verizon knows about it.
The NSA has been (somewhat illegally) collecting most of our call records for years, and if we know anything about our government, it’s that we’re only one click on a phishing email away from all that data falling right into the hackers’ hands.
How did the hackers pull this off?
Worried that your phone might be hacked to track your location, who you call and when? One cyberespionage group has just provided a reminder that hackers don't necessarily even need to reach out to your device to gain that kind of access. https://t.co/xKf1nO0gQ6
— WIRED (@WIRED) June 25, 2019
In the case of this most recent breach (or “massive espionage campaign” if that’s what you prefer to call it), the hackers gained access to the records through an internet-connected web server, then stole credentials from each domain controller before the network could do anything about it.
“You could see straight away that they know what they’re after,” said Amit Serper, head of security research at Cybereason. “They would exploit one machine that was publicly accessible through the internet, dump the credentials from that machine, use the credentials stolen from the first machine and repeat the whole process several times.”
Though Cybereason noted that no North American networks were breached by hackers in the attacks, it did hint that the hackers were more than likely backed by China in response to “an ongoing trade dispute involving Huawei.” Which makes this an international massive espionage campaign, a phrase so cool that you should probably have to be wearing sunglasses to say it.
- The single best piece of smart home tech is definitively this
- Amazon Prime Day 2019 is on the horizon and will last for 48 hours
- Two senators want big tech companies to put an actual price on your data
- This iOS camera app erases any people in the pictures it takes