‘Beijing using Flow to spy on US’

The island’s leading telecommunications provider has been accused of helping China spy on Americans through the use of its mobile phone networks.

Mobile network security expert Gary Miller has told The Guardian that Cable and Wireless Communications (Flow) in Barbados and the Bahamas Telecommunications Company (BTC), allowed China to use its networks to “target, track and intercept phone communications of US phone subscribers”.

In response to requests from Barbados TODAY for confirmation or denial of the report, Liberty Latin America, the parent company of C&W, did not give a definitive response.

The company would only say that “robust security policies” were in place to protect its customers.

“Across all the markets where Flow operates, including Barbados, we continuously monitor our networks and have robust security policies and protocols in place to protect the data of our customers. We take our commitment to data protection seriously and are carefully reviewing the information in the Guardian article,” a brief press statement said.

Miller, a former vice president of network security at California-based analytics company Mobileum, who has spent years analyzing mobile threat intelligence reports and observations of signalling traffic between foreign and US mobile operators, said in some cases China appeared to have used networks in Barbados and the Bahamas to conduct its surveillance.

At the heart of Miller’s research are claims that China, using a state-controlled mobile phone operator – China Unicom – is directing signalling messages to US subscribers, usually while they are travelling abroad.

Signalling messages are commands that are sent by a telecoms operator across the global network, unbeknownst to a mobile phone user. They allow operators to locate mobile phones, connect mobile phone users to one another, and assess roaming charges. But some signalling messages can be used for illegitimate purposes, such as tracking, monitoring, or intercepting communications.

Miller said he was sharing his findings with The Guardian to help expose “the severity of this activity” and to encourage the implementation of more effective countermeasures and security policies.

Miller told the British newspaper: “Government agencies and Congress have been aware of public mobile network vulnerabilities for years. Security recommendations made by our Government have not been followed and are not sufficient to stop attackers.

“No one in the industry wants the public to know the severity of ongoing surveillance attacks. I want the public to know about it.”

At Mobileum, a mobile security company that tracks and reports threats to mobile operators, Miller was vice-president of solutions for network security and risk products, a role he said gave him access to information about threats on mobile networks around the world.

Miller said he found that in 2018 China had conducted the highest number of apparent surveillance attacks against US mobile phone subscribers over 3G and 4G networks. He said the vast majority of these apparent attacks were routed through a state-owned telecoms operator, China Unicom, which he said pointed in very high likelihood to a state-sponsored espionage campaign.

Miller also found what he called unique cases in which the same mobile phone users who appear to have been targeted via China Unicom also appear to have been targeted simultaneously through two Caribbean operators: Cable & Wireless Communications (Flow) in Barbados and Bahamas Telecommunications Company (BTC).

(randybennett@barbadostoday.bb)