Mustafa Ali Noor
According to the Bureau of Investigative Journalism, private intelligence companies are using phone networks based in the Channel Islands to enable surveillance operations to be carried out against people around the world, including British and US citizens.
Leaked data, documents and interviews with industry insiders who have access to sensitive information suggest that systemic weaknesses in the global telecoms infrastructure, and a particular vulnerability in Jersey and Guernsey, are being exploited by corporate spy businesses.
These businesses take advantage of some of the ways mobile phone networks across the world interact in order to access private information on targets, such as location information or, in more sophisticated applications, the content of calls and messages or other highly sensitive data.
The spy companies see phone operators in the Channel Islands as an especially soft route into the UK, according to industry experts, who say the attacks emanating from the islands appear to be targeted at individuals rather than cases of “mass” surveillance. The Bureau understands that the targets of this surveillance have been spread across the globe, and included US citizens as well as people in Europe and Africa.
Markéta Gregorová, the European Parliament’s chief negotiator on trade legislation for surveillance technology, called for “immediate regulatory, financial and diplomatic costs on companies and rogue jurisdictions” that enabled these practices.
“Any commercial or governmental entity, foreign or domestic which enables the facilitation of warrantless cyber-attacks on European citizens deserves the full force of our justice system,” she told the Bureau of Investigative Journalism.
The investigation has found that private intelligence companies are able to rent access from mobile phone operators and this can then be exploited to allow the tracking of the physical location of users across the world. They are also potentially able to intercept calls and other private data, including bank accounts and emails.
These intrusions, which are very widely exploited, rely on commands designed to help phone operators track their customers’ whereabouts. Such commands, known as “signals”, are sent via a kind of global switchboard for the telecoms industry called SS7.
These are vital to the functioning of telecom networks and are a routine part of ensuring accurate billing when roaming overseas. But they can also be used by sophisticated state and corporate security agencies for more questionable purposes.
Concerns about SS7 signaling, a communications system dating back to the 1970s, are well established. But little progress has been made in resolving the situation in the past decade.
A Whitehall source described the system as “toxic, horrendous – yet one the world relies on,” adding that “it can be abused to geolocate people”. However, securing the system is complex: “if you get it wrong, you disconnect yourself from the rest of the world.”
Security fixes are being implemented in the UK, but up to now there have been concerns that Channel Islands operators have not done so, the source added.
The problem can affect phones in the UK and abroad. Telecommunications queries sent from Channel Islands networks to phone numbers in the UK can be treated as domestic and may evade firewalls put in place to prevent foreign signaling intrusions.
But such messages may also evade detection globally, because by using a +44 country code they appear to be emanating from the UK, generally a well-trusted territory. Although Channel Islands networks share the UK country code they are not covered by UK regulations, opening up a weak link that spy companies can exploit.
Senior British officials have expressed concerns about the security of the Channel Islands’ networks, particularly that some smaller operators across the islands have not plugged well-known vulnerabilities. Sources told the Guardian and the Bureau that some operators, in effect, have leased access to their networks to surveillance businesses, allowing people’s mobile phones to be tracked around the world. UK’s shadow digital minister Chi Onwurah said: “This is a critical situation and it needs fixing urgently. A secure and resilient telecoms network can’t mean only worrying about China and Huawei. Our national security should be the government’s priority and we must act to protect our networks.”
Sure Guernsey, one of the Channel Islands telecoms operators identified in this investigation as a transit point for malicious signals, told the Bureau of Investigative Journalism that it “does not lease access directly or knowingly to organizations for the purposes of locating and tracking individuals or for intercepting communications content”. Sure Guernsey acknowledged that network access points could be misused, but said its traffic goes through “UK operators’ firewalls in the same way as any other international operators’ traffic”.
Jersey Airtel, another operator whose network has been identified as having been used for these purposes, said: “We take network and customer security seriously and we do have necessary control measures in place to address and prevent activities that could compromise security.”
A new Telecoms Security Bill, presented to Parliament three weeks ago, aims to strengthen UK networks and safeguard them from these kinds of attacks while raising the costs for non-compliant phone operators. The UK government does not have jurisdiction over the Channel Islands or other offshore British territories, however.
A government spokesperson said in response to the Bureau’s findings that the new bill will mean that “UK network operators must protect themselves from malicious cyber activity, wherever it originates, and there will be tough penalties for operators which do not comply”.
However, British telecom regulators and the security services have almost no powers to enforce against operators in the Channel Islands, beyond what is described as a “nuclear option” to remove their access to the +44 UK country code. Instead, they hope that the Channel Islands can be pressured or encouraged to ensure security measures are increased in line with those planned for the UK.
The spokesperson added: “Channel Islands operators do not automatically have the same security obligations as UK operators, but the self-governing islands have committed to align their forthcoming Telecoms Security Frameworks to the UK’s bill.”
Guernsey’s regulator said operators are obliged “to take reasonable steps to prevent their licensed networks and services from being used in, or in relation to, the commission of offenses” and that the island is “developing frameworks in line with the UK security bill”.
Jersey’s regulator said it supported the island’s government in its commitment to the security of its telecoms networks.
Experts warn that vulnerabilities will remain even after the switch to 5G as long as some networks rely on older 2G and 3G technology.
Acknowledgment: Contents of this report are taken from the published articles by the Bureau of Investigative Journalism. The Bureau is an independent, not-for-profit organization that holds power to account. Founded in 2010 by David and Elaine Potter, it tackles big subjects through deep reporting that uncovers the truth. The Bureau of Investigative Journalism tells the stories that matter.