For background context around telecoms for anyone reading this, there is an underlying difference in how telecoms networks are designed and architected - in the Telco world, links between networks were predicated on trust. Originally, telecoms networks were run by national level quasi-government operators, one per country. You interconnected with other "known entities".
Even now, you likely have 3, 4 or 5 national mobile operators in any one country. They negotiate their own roaming agreements in order for you to get roaming access. It's all driven by these kinds of relationships predicated on trusting other networks.
In IT, we are rapidly moving towards zero trust (due to the internet), but circuit switched (legacy) voice is still all designed to be sent over private circuits between operators who trust each other.
The legacy protocols (see SS7), used to route calls between operators are functional, but also lack access control and authentication, as it's assumed only trusted parties are on the network and able to use them. Those assumptions are no longer valid, and there's a huge challenge in dealing with this - hence SMS and call interception and rerouting attacks to steal 2FA tokens etc.
My assumption is that all intelligence services in all countries would love to have access to fully compromised networks. They spend all their time thinking about how to access information, so they would be fairly incompetent not to consider this.
Does that mean that all systems are compromised? No, because there are risks associated with tapping in to these systems. Partly it depends on if they have access to the systems, but mostly on the possible blow-back if they get caught.
Example: Swedens FRA (NSA equivalent) could in theory ask Ericsson (a Swedish company), to install a backdoor. But, Sweden has a fairly free press, and there are good chances that someone would leak this information. If it got leaked it would be a major scandal that could go as far as toppling the government and destroy one of Swedens most important export companies. Its very risky, and its a risk no one wants to take, so the parts made in sweden are probably not compromised.
China, on the other hand has almost no risks associated with adding backdoor. No free press, hard suppression of whistle blowers, and since most foreign intelligence services already assume the equipment is compromised, there is no real reputational damage either. I assume they are all compromised, why wouldn't they be?
The US is somewhere in between.
Sometimes companies are compromised by intelligence services, but much more often I think its employees. Why try to change Tim Cooks stance on privacy, when all you need to do is find one Apple employee, willing to take a sack of money to "do their country a great service"?
> Does that mean that all systems are compromised? No, because there are risks associated with tapping in to these systems. Partly it depends on if they have access to the systems, but mostly on the possible blow-back if they get caught.
Isn’t it common knowledge that the US and China is spying on everyone? The main difference is that China is not a military ally, and its government spying, which is unfettered, supports its private enterprise that is government financed and owned.
US govt spying is unfettered. US corporate spying far more restricted because US businesses are bound by Federal and State laws, and it’s not centrally coordinated, instead US businesses are autonomous entities. And though US corporate spying on customers is rampant, it is also transparently written into usage contracts. US corporate spying is obviously for profit, and since the US and Europe are strategically tied through NATO, it’s not on the same threat level. China and its axis ally Russia, clearly bump up against the West because our political systems are fundamentally opposite, democratic vs autocratic.
What this translates to is Chinese investors are agressively running around buying into key strategic businesses, advised by data gathering in coordination with its government, with a view to maintaining control, which reflects how the country is managed itself.
American investors are running around buying/competing against business in coordination with data rich parent company entities, with a view to making money. But because it’s a democratic country where laws preserve autonomy even against the government, it’s a free for all and anyone can play, even Chinese owned American companies. Which is a reflection of how the US is managed itself.
This is also how Europe is managed, so I do believe Chinese control of telcos is a bigger threat to Europe’s way of life.
this isn't how any of this works. we're talking about ISP's & Telco networks not some data-center at FAANG.
- no need for backdoors since Huawei, Ericsson & Nokia are full to the brim with bugdoors (Huawei tops the chart here since many years already and as anyone involved in Inter-Operability-Testing (IOT) at the NEV will confirm).
- no need for "compromising networks" when you have the actual vendor (Huawei, Nokia, Ericsson often their subcontractors) sitting totally legally in your ISP's network and being paid for responding to the alarms raised and escalated by O&M.
- even the attacks against 3/4/5G become academic in the discussion of nation state threat actors when they can operate and exploit simply as an insider of the system. These weaknesses (as outrageous as they are) are useful but it's a different threat model
Nobody needs backdoors when there are quite complete legal interception features regulated into core systems. Plus everything is IP these days, so tapping a call is trivial. It just can't really be done towards outside the telco network without anyone noticing, the world isn't a hacker movie...
After Watergate in the 1970s a huge debate broke out in the US about spying and surveillance. The compromise they reached is that non US citizens are not covered by the Constitution.
I think you're giving the US and it's people too much credit. Ultimately America will do whatever it must to maintain it's superpower status.
Any country that is serious about cyber security needs to develop and maintain its own communication network.
> there are risks associated with tapping in to these systems
Which is why the intelligence services never do the hacking themselves. Instead, they buy the data off the "dark web", from the hackers whole stole and the information brokers who trade in it. If they have to do that, that is. In the US at least, agencies can just buy data on the open market. Supposedly "anonymized", but I'm pretty sure everyone reading this knows that protection is flimsy.
There’s a clear bias in your thinking against the US and for Sweden. Any of the points you bring up could equally apply to both places, but you come out bring the negative against one and the positive against the other.
Bart Gellman's book says that Snowden warned him not to be the only person in possession of the leaked data prior to publication, as the US intelligence community would kill him (Gellman) instantly to prevent the publication of the information contained therein.
This was the biggest takeaway from the book, for me: the US military will assassinate US citizens (journalists!) in the middle of New York City without due process or a trial to prevent them from carrying out journalism.
We expect this kind of cloak and dagger shit from the CIA, but it pays to think about it in clear terms: the US military can and will assassinate US citizens engaging in constitutionally protected activity in the middle of Manhattan with no consequences whatsoever.
> Since the early 2000s at least, most billing has been outsourced. This works by sending all Call Detail Records (CDRs) to a third party, often from Israel or China.
This is quite misleadingly written: telcos are not shipping reams of CDRs to some cubicle farm in Haifa or Chongqing.
Yes, almost every telco outsources its billing software to other companies, notably Amdocs (founded in Israel, now HQ's in the US). However, billing info is some of the most sensitive data a telco has for both privacy and commercial reasons, so that software always runs in a closed environment from where it cannot dial home. Historically that's been on-prem, it's slowly moving to the Cloud but even there it's going to be firewalled off very carefully.
Let's not oversell the fact that Amdocs' official HQ is in the US: It's an Israeli company through and through. It did more development in the US back in 2001 than it does now: Today, their US footprint is mostly customer sites. And you will find people brought in from Israel everywhere. It's always been bad enough that managers that don't speak Hebrew knew they were always at a disadvantage. Your best bet for saying it's not an Israeli company is to say that a whole lot of R&D is being done in other countries with cheaper labor.
While it's true that the installations are on-prem (having been to quite a few of those), Amdocs business model isn't about dropping code and going away: They are so embedded with your typical deployment that there's plenty of opportunity to exfiltrate data. Sending every CDR to Haifa? Probably not: The Sysadmins on your typical large telco are iffy, but not that iffy.
And carefully firewalled? The talent was never great, and the security practices were never all that serious: I've been handed production shells that I had no business having, because it was convenient at the time. Once again, I'd say that the best argument to claim that there's no data exfiltration is that the people writing the code aren't good enough to do this under the customer's nose.
This aligns with my experience working at IBM. I knew Vodafone was a big customer, but I found the extent of that relationship peculiar; in presentations given by senior engineers it came across that IBM seemed to running the core parts of their network. That can sometimes mean Vodafone engineers are barely allowed to touch anything without an IBM contractor on site. It got me thinking; who and what is really running these telecom networks and are they not much more than a branding exercise.
In the past I worked at a mid level 4G provider in the US who had to deal with the larger providers on a regular basis. I was always astounded at how little they knew about their own networks.
Regarding the articles statement of providers wanting an "all-in-one" solution, I have seen that in person, where management forced it, found it was horrible and then gave in and let us build the mixed vendor solution that worked well. I've personally mixed enode-b's from 2 different vendors to 3 different vendors SGW's and a different vendors PGW with no issues.
The "One Throat To Choke" idea doesn't work if your business depends on that throat to operate so you end up with the vendor calling the shots instead of the business.
On the whole, the technical standards should allow the kind of interoperability you described. That's the kind of fun real-world engineering that techies love. The bean-counters don't, because it's more devices needing support packages, it's more suppliers on the books, and ultimately it's probably (slightly) less profit than buying a single box.
I've seen big household name operators in Europe stop even pretending they're doing the work, and straight up pass on contact details and a mobile number for the person at their tier-1 vendor partner, so you can liaise directly with them.
It seems in these "5G" days even more than before, operators are retreating into the business of connectivity service, and leaving more and more for their vendor partners to do. When you're not even hiding the fact to a client that they may as well speak directly to the vendor, that says it all(!)
> We recently asked a large European service provider why only part of their customers get IPv6 service, and how they pick which parts do or do not get such service. They could not tell us, and informed us they too would like to know
woah. as a EU citizen, i'm terrified. i wanted to say surprised, but after a moment's thought, turns out it's only a moderate misalignment of expectations.
I retired in 2012, but at that time my employer had completely subcontracted the operation and maintenance
of its mobile network to Ericsson, Huawei and Nokia.
It was in France.
Once I asked for a one day snapshot of all mobile data for a cooperative R&D project. The saga went on for months with repeated requests at various hierarchical levels, but to no avail.
It's not that they refused, but I guess that the guys in charge simply were unable to get the requested information from the subcontractors.
>> In reality, most service providers have not been operating on this model for decades. Driven by balance-sheet mechanics and consultants, service providers have been highly incentivised to outsource anything that could possibly be outsourced, and then some.
>> In a modern telecommunications service provider, new equipment is deployed, configured, maintained and often financed by the vendor. Just to let that sink in, Huawei (and their close partners) already run and directly operate the mobile telecommunication infrastructure for over 100 million European subscribers.
I think it's quite a safe bet that no operator in China went that way by buying and outsourcing from/to Western companies.
It's nearly impossible for telecom to deploy/configure/maintain their networks by themselves due to the scale. For example, I just googled, AT&T seems to have 67000 towers/macro cell sites. Let's say they want to update all of them to install modern 5G equipment. In many cases this equipment may come from different vendors and to deploy it might be multi-day job. Of the top of my head, about 20% of site visits fail due to various reasons (with good percent of them failing even before starting due to scheduling issues, sickness, not delivered at time equipment, etc) .
How much time and people it will take to AT&T to do all the work on it sown ?
> One even went so far as to state during an all-hands meeting with technical staff that ‘running a communication network’ was by no means a core competence for them.
This is an outraging but very widely spread phenomenon. No industry is spared from the MBA hawks. Everything now is rent-seeking and moat building. Innovation has been packaged away and can only happen when the market makers say it can.
- Stop working for them, and start working for companies that favor engineering expertise
- As a consumer, advertise the good companies and call bullshit on the bad ones
- Raise awareness about these practices among your elected political representatives and their constituencies
If all of their skilled engineers leave, the bad company cannot run only on the basis of MBAs juggling balance sheets. Unfortunately most of my fellow engineers are far more likely to sit around blaming “the MBAs” over drinks than take any of the above actions.
Just another instance of how Harvard Business School completely f*ing up things.
Future historians will have trouble understanding how we let MBAs destroy our civilization.
Related: This white paper was published within the last 2 weeks relating to "5G Network Slicing"
Quote from the author:
“Currently, the impact on real-world applications of this network slicing attack is only limited by the number of slices live in 5G networks globally. The risks, if this fundamental vulnerability in the design of 5G standards had gone undiscovered, are significant. Having brought this to the industry’s attention through the appropriate forums and processes, we are glad to be working with the operator and standards communities to highlight this issue and promote best practice going forward.”
Cynical me certainly can believe all this. But on the other hand, I’m wary of just reinforcing what I believe anyway.
How trustworthy is this? There seems to be a lot of inside information, where did they get it from? Does anyone have corroborating links? All article links are either general, or US specific.
Much of this is fairly widely known in the telecoms sector, and is "open secrets".
The sector is a pretty "closed shop" though, full of trade secrets and "proprietary" things. Underneath it all though, actually it's fairly simple once you get your head around it.
If you work closely with an operator, even as a client, you'll see examples of this - the number of people brought to meetings from the vendor, versus from the operator. Who answers the questions.
Hi - author here. By all means ask around. I can only tell you that I've received may corroborating anecdotes over the past year. Many telcos even assumed I was writing about them specifically, when I wasn't! I also have a second post that has some more logos and names where I based this article on -> https://berthub.eu/articles/posts/how-tech-loses-out/
The reality is even worse. The article depicts the operators as middle-men piggybacking on the tech expertise of vendors like Ericsson or Nokia. Unfortunately, the vendors are subject to exactly the same pressures.
The whole industry is in a deepening downward spiral. Outsourcing and subcontracting is rampant, layoffs left, right and center. The combination of non-functional requirements that would make even senior FAANG fellows dizzy - left to be done by stressed out graying veterans or naive greenhorns, who leave the industry after 2-3 years for 50-100% raises elsewhere for the same skillset. Due to the monopsony power of the large operators, the vendors barely break even on their deliveries. There's no institutional knowledge buildup, nobody to take up the baton after the veterans retire, the vendors gave up pretending they care about being a nice place to work. If you're a techie, stay away from the telecom industry.
It’s public knowledge that most telcos don’t actually run their own network. That also make the whole fear regarding back door in Huawei equipment at little strange, it seems mostly political.
I’ve pointed it out in previous discussion that China doesn’t need back doors to western 4G/5G infrastructure, because it’s their people operating it.
But as with much other technologi our politicians are ignorant and forgetful.
> In a modern telecommunications service provider, new equipment is deployed, configured, maintained and often financed by the vendor. Just to let that sink in, Huawei (and their close partners) already run and directly operate the mobile telecommunication infrastructure for over 100 million European subscribers.
> The host service provider often has no detailed insight in what is going on, and would have a hard time figuring this out through their remaining staff. Rampant outsourcing has meant that most local expertise has also left the company, willingly or unwillingly.
100% reflects my experience working in Huawei BR a few years ago. Carriers are mostly customer facing companies and very limited technically.
Our customer (million + subscribers BR carrier) often hadn't the slightest idea how their own network was built and worked.
Banning Huawei is absolutely impossible, at least in Brazil.
>> In a modern telecommunications service provider, new equipment is deployed, configured, maintained and often financed by the vendor
If you think this is bad in some place like the UK, you should see how ISPs and mobile network operators are set up in some countries in the developing world, where the vendor has fully captured the Telco as basically a hostage to its technical services.
This is what happens when you have a mixture of institutional corruption, kickbacks and bribes, lack of local technical resources to develop a domestic network engineering talent pool, and a vendor that knows how weak the client entity's negotiating position is.
This is my experience interacting with mobile telcos as well.
Even to get some simple logs from a base station you need to either ask an Ericsson engineer or, worse, wait for the Telco employee with the relevant knowledge to find time to do it. Telco employees with such knowledge are very few compared to the amount of workload they have to do, so it is hard to get them to dedicate time to help you.
Ehm. You all are aware that 5G was created with the expectation that in the future all networks (and core functions) will be cloud-based? The last remaining HW will be the physical antenna and some PA/LNA and some local signal processing. You connect fiber to that and everything else is a operator-as-a-service model - running on AWS/Azure/GCP.
Steel production capability is considered strategically important in case we go to war, and it has been so since World War II. Steps have been taken to retain domestic production capacity for this reason. Until we have a planet of one people and one nation, we’re stuck thinking this way about things that are critically important, should we find ourselves at war with a former partner.
Tech sovereignty has become such a thing. And the bad news is that we have lost. I’ll leave others to debate why, but we can’t manufacture our own chips, we cant make our own telco networks, and the cloud systems that provide back end services are almost lost.
The state of play here is dire for the US and it’s strategic partners. I’d say that surveillance is less worrying than the simple fact that a potential future adversary has an off switch for these things that they can toggle at will: no more chips, no more telco products and no more cloud services - now, let’s have that South China Sea conversation one more time...
There is an amazing amount of FUD in this article. I have worked in the telco industry for the better part of 30 years, and am back on it now after a 5-year hiatus in cloud computing.
Before I "left" there was certainly a trend towards outsourcing and large "swaps" of radio gear (Nortel-Ericsson in my case, and Motorola-Huwawei at a direct competitor, to quote only two examples), but there was no way in $UNDERWORLD that we would let a vendor have direct access to our gear unsupervised (be it Cisco, Ericsson, whatever). Remote troubleshooting was possible, but usually via jump boxes and VNC (only very seldom we would let anyone VPN in, and even then it was only to sub-sections of the network). Nothing left our O&M network. Nothing came in, either, because upgrades were rolled out from internal servers.
And it is still very much the same thing today. Although there are outsourcers and vendors who work alongside core staff in my telco customers (like myself now), we don't have access to anything but lab or dev environments, and even then mostly with MFA and very stringent limitations.
Outsourced staff _does_ do field service of various kinds, and they do have access to base stations, DSLAMs and various other physical infrastructure, but that's usually done with (usually much cheaper) local technicians and not vendor staff. There are certifications for those.
The reality is that most telco services are being "automated out" and moved to virtualized stacks that are easier to manage. And yes, VoIP on the core (no more SS7 if anyone can help it) and Kubernetes everywhere...
But what I found to be really weird was the notion of outsourcing billing. Besides being a GDPR nightmare (and I'm in Europe, like the author, so I find it doubly unsettling), that was only done "off-prem" when all companies involved were in the same group (which was customary when fixed and mobile operators were separate). These days billing is, comparatively, greatly simplified (thanks to flat fees, real-time billing systems for prepaid and streamlined bundles), so the only data that actually leaves the BSS core goes to the (smaller and smaller) printing facilities.
So I would take it all with a massive dollop of salt.
I wonder if it really matters if networks are insecure. I generally connect to the internet via whatever hotspot is available or 4G if not with no expectation that it's fully secure. That's what https and other encryption is for. And I don't generally have anything to hide - there are a bunch of tools like tor and VPNs for people who do. That's probably the way forward - secure tech on your device rather than trusting to the kindness of strangers.
Talking of phone network security one thing that does piss me off is my phone company just transferred my phone number of 10 years to fraudsters who presumably called customer support with some sob story. You'd think they could have some standards to stop that like at least sending an email to your usual address saying "There's been transfer request - you good?"
Ok, but what about SMS, MMS, phone calls, getting your approximate position, ...?
What if they decided to shut down the whole network because of some reason? Then https wont help you.
I worked for a bunch of years in biggest Israeli company that is selling OSS/BSS and related outsourcing services to telecoms (those who can afford it's solutions), and had some first hand experience with them
>Since the early 2000s at least, most billing has been outsourced. This works by sending all Call Detail Records (CDRs) to a third party, often from Israel or China. A CDR stores who called whom and for how long. More data might be attached, for example the location of the customer, or where the customer was roaming abroad etc.
Don't know about software from China, but the one that we sold doesn't send anything back to Israel. There are a lot of rules and restrictions upon CDRs and we had a bunch of training with regards to it. Everything is running on client site, usually on hardware deployed by us at their data centers and managed by dedicated team of people who relocate to live next to the client in order to provide 24/7 support of the systems on site
>Typical service providers have hundreds of thousands of network elements. Surprisingly perhaps, many of these are actually maintained manually (!). Thousands of networking engineers labour to keep all this infrastructure operating well.
This is a mix of half-truths and lies.
None of the operators have thousands of people to manually configure day-to-day network stuff. Operators have rather sophisticated automation systems (aka OSS) that deal with provision and configuration of everything in their networks. Or almost everything. Any given operator whose life span is a decade or two today has a boatload of equipment (thousands of different types of hardware from same amount of vendors). In many cases this equipment was bought and deployed 10 or 20+ years ago. Companies that made it do not exist for many years. This hardware can't be replaced with anything, because nobody does this type of systems anyway. Those systems tend to have proprietary interfaces and in many cases can be managed only through Element Manager which can be managed only manually through some ancient windows or java application.
>Meanwhile, modern large scale internet companies (like Google, Netflix, Facebook) have automated all such maintenance. Automation in this context means that no configuration states are edited manually but instead, entire networks get provisioned and configured from central templates.
>With such automation, small teams of engineers can control and operate vast networks with relative ease - especially if good use is made of continuous integration and real life testing.
I also worked for a while in one of FAANGS. They have it easy: all the hardware with modern with nice interfaces. You can actually automate it. Also their networks are much-much smaller compared to mid-sized telecom, much simpler and much more homogeneous.
Automation that FAANG I worked for was a joke compared to automation systems that run telecom networks. My job was near network engineering team and during conversations they admitted that what they have is crap. I believe that at one point of time they considered to buy telecom level OSS system but bailed out because they couldn't get a source code .
[+] [-] g_p|5 years ago|reply
Even now, you likely have 3, 4 or 5 national mobile operators in any one country. They negotiate their own roaming agreements in order for you to get roaming access. It's all driven by these kinds of relationships predicated on trusting other networks.
In IT, we are rapidly moving towards zero trust (due to the internet), but circuit switched (legacy) voice is still all designed to be sent over private circuits between operators who trust each other.
The legacy protocols (see SS7), used to route calls between operators are functional, but also lack access control and authentication, as it's assumed only trusted parties are on the network and able to use them. Those assumptions are no longer valid, and there's a huge challenge in dealing with this - hence SMS and call interception and rerouting attacks to steal 2FA tokens etc.
[+] [-] quelsolaar|5 years ago|reply
Does that mean that all systems are compromised? No, because there are risks associated with tapping in to these systems. Partly it depends on if they have access to the systems, but mostly on the possible blow-back if they get caught.
Example: Swedens FRA (NSA equivalent) could in theory ask Ericsson (a Swedish company), to install a backdoor. But, Sweden has a fairly free press, and there are good chances that someone would leak this information. If it got leaked it would be a major scandal that could go as far as toppling the government and destroy one of Swedens most important export companies. Its very risky, and its a risk no one wants to take, so the parts made in sweden are probably not compromised.
China, on the other hand has almost no risks associated with adding backdoor. No free press, hard suppression of whistle blowers, and since most foreign intelligence services already assume the equipment is compromised, there is no real reputational damage either. I assume they are all compromised, why wouldn't they be?
The US is somewhere in between.
Sometimes companies are compromised by intelligence services, but much more often I think its employees. Why try to change Tim Cooks stance on privacy, when all you need to do is find one Apple employee, willing to take a sack of money to "do their country a great service"?
[+] [-] riazrizvi|5 years ago|reply
Isn’t it common knowledge that the US and China is spying on everyone? The main difference is that China is not a military ally, and its government spying, which is unfettered, supports its private enterprise that is government financed and owned. US govt spying is unfettered. US corporate spying far more restricted because US businesses are bound by Federal and State laws, and it’s not centrally coordinated, instead US businesses are autonomous entities. And though US corporate spying on customers is rampant, it is also transparently written into usage contracts. US corporate spying is obviously for profit, and since the US and Europe are strategically tied through NATO, it’s not on the same threat level. China and its axis ally Russia, clearly bump up against the West because our political systems are fundamentally opposite, democratic vs autocratic.
What this translates to is Chinese investors are agressively running around buying into key strategic businesses, advised by data gathering in coordination with its government, with a view to maintaining control, which reflects how the country is managed itself.
American investors are running around buying/competing against business in coordination with data rich parent company entities, with a view to making money. But because it’s a democratic country where laws preserve autonomy even against the government, it’s a free for all and anyone can play, even Chinese owned American companies. Which is a reflection of how the US is managed itself.
This is also how Europe is managed, so I do believe Chinese control of telcos is a bigger threat to Europe’s way of life.
[+] [-] 1cvmask|5 years ago|reply
“There is a root backdoor in the telnetd of Ericssons AXE backdoor”
https://www.schneier.com/blog/archives/2006/03/more_on_greek...
https://www.schneier.com/blog/archives/2020/04/another_story...
The article in Dutch on Philips Telecommuncations (which became Lucent later on):
https://www.volkskrant.nl/nieuws-achtergrond/nederland-luist...
https://www.schneier.com/blog/archives/2007/07/story_of_the_...
https://www.schneier.com/blog/archives/2006/02/phone_tapping...
https://theintercept.com/2015/09/28/death-athens-rogue-nsa-o...
https://www.theguardian.com/commentisfree/2015/sep/30/athens...
and all time favorite:
https://en.wikipedia.org/wiki/Crypto_AG
[+] [-] DyslexicAtheist|5 years ago|reply
- no need for backdoors since Huawei, Ericsson & Nokia are full to the brim with bugdoors (Huawei tops the chart here since many years already and as anyone involved in Inter-Operability-Testing (IOT) at the NEV will confirm).
- no need for "compromising networks" when you have the actual vendor (Huawei, Nokia, Ericsson often their subcontractors) sitting totally legally in your ISP's network and being paid for responding to the alarms raised and escalated by O&M.
- even the attacks against 3/4/5G become academic in the discussion of nation state threat actors when they can operate and exploit simply as an insider of the system. These weaknesses (as outrageous as they are) are useful but it's a different threat model
[+] [-] rcarmo|5 years ago|reply
[+] [-] ng55QPSK|5 years ago|reply
And for US, google Cloud Act.
[+] [-] secondcoming|5 years ago|reply
[0] https://www.vpro.nl/argos/lees/onderwerpen/cryptoleaks/2020/...
[1] https://www.ceesjansen.nl/en/cryptography/
[2] https://www.tandfonline.com/doi/full/10.1080/02684527.2020.1...
[+] [-] MomoXenosaga|5 years ago|reply
Any country that is serious about cyber security needs to develop and maintain its own communication network.
[+] [-] the-dude|5 years ago|reply
[0] https://www.bbc.com/news/world-europe-32542140
[+] [-] mr_toad|5 years ago|reply
If this became known the subjects of interest would stop using those networks. Only the low level criminals would be dumb enough to get caught.
[+] [-] cratermoon|5 years ago|reply
Which is why the intelligence services never do the hacking themselves. Instead, they buy the data off the "dark web", from the hackers whole stole and the information brokers who trade in it. If they have to do that, that is. In the US at least, agencies can just buy data on the open market. Supposedly "anonymized", but I'm pretty sure everyone reading this knows that protection is flimsy.
[+] [-] marsven_422|5 years ago|reply
That's so wrong it hurts! All our press are dependent on government "presstöd" aka handouts.
[+] [-] adammenges|5 years ago|reply
[+] [-] sneak|5 years ago|reply
Bart Gellman's book says that Snowden warned him not to be the only person in possession of the leaked data prior to publication, as the US intelligence community would kill him (Gellman) instantly to prevent the publication of the information contained therein.
This was the biggest takeaway from the book, for me: the US military will assassinate US citizens (journalists!) in the middle of New York City without due process or a trial to prevent them from carrying out journalism.
We expect this kind of cloak and dagger shit from the CIA, but it pays to think about it in clear terms: the US military can and will assassinate US citizens engaging in constitutionally protected activity in the middle of Manhattan with no consequences whatsoever.
[+] [-] Clewza313|5 years ago|reply
This is quite misleadingly written: telcos are not shipping reams of CDRs to some cubicle farm in Haifa or Chongqing.
Yes, almost every telco outsources its billing software to other companies, notably Amdocs (founded in Israel, now HQ's in the US). However, billing info is some of the most sensitive data a telco has for both privacy and commercial reasons, so that software always runs in a closed environment from where it cannot dial home. Historically that's been on-prem, it's slowly moving to the Cloud but even there it's going to be firewalled off very carefully.
[+] [-] Thr0wawayDocs|5 years ago|reply
While it's true that the installations are on-prem (having been to quite a few of those), Amdocs business model isn't about dropping code and going away: They are so embedded with your typical deployment that there's plenty of opportunity to exfiltrate data. Sending every CDR to Haifa? Probably not: The Sysadmins on your typical large telco are iffy, but not that iffy.
And carefully firewalled? The talent was never great, and the security practices were never all that serious: I've been handed production shells that I had no business having, because it was convenient at the time. Once again, I'd say that the best argument to claim that there's no data exfiltration is that the people writing the code aren't good enough to do this under the customer's nose.
[+] [-] sgt101|5 years ago|reply
[+] [-] waheoo|5 years ago|reply
[+] [-] krona|5 years ago|reply
[+] [-] kanisae|5 years ago|reply
Regarding the articles statement of providers wanting an "all-in-one" solution, I have seen that in person, where management forced it, found it was horrible and then gave in and let us build the mixed vendor solution that worked well. I've personally mixed enode-b's from 2 different vendors to 3 different vendors SGW's and a different vendors PGW with no issues.
The "One Throat To Choke" idea doesn't work if your business depends on that throat to operate so you end up with the vendor calling the shots instead of the business.
[+] [-] sgt101|5 years ago|reply
but it sounds soooooo good in meetings !
[+] [-] g_p|5 years ago|reply
On the whole, the technical standards should allow the kind of interoperability you described. That's the kind of fun real-world engineering that techies love. The bean-counters don't, because it's more devices needing support packages, it's more suppliers on the books, and ultimately it's probably (slightly) less profit than buying a single box.
I've seen big household name operators in Europe stop even pretending they're doing the work, and straight up pass on contact details and a mobile number for the person at their tier-1 vendor partner, so you can liaise directly with them.
It seems in these "5G" days even more than before, operators are retreating into the business of connectivity service, and leaving more and more for their vendor partners to do. When you're not even hiding the fact to a client that they may as well speak directly to the vendor, that says it all(!)
[+] [-] baq|5 years ago|reply
woah. as a EU citizen, i'm terrified. i wanted to say surprised, but after a moment's thought, turns out it's only a moderate misalignment of expectations.
[+] [-] JPLeRouzic|5 years ago|reply
Once I asked for a one day snapshot of all mobile data for a cooperative R&D project. The saga went on for months with repeated requests at various hierarchical levels, but to no avail.
It's not that they refused, but I guess that the guys in charge simply were unable to get the requested information from the subcontractors.
[+] [-] iagovar|5 years ago|reply
Of course I work for a subcontractor too.
[+] [-] one2three4|5 years ago|reply
>> In reality, most service providers have not been operating on this model for decades. Driven by balance-sheet mechanics and consultants, service providers have been highly incentivised to outsource anything that could possibly be outsourced, and then some.
>> In a modern telecommunications service provider, new equipment is deployed, configured, maintained and often financed by the vendor. Just to let that sink in, Huawei (and their close partners) already run and directly operate the mobile telecommunication infrastructure for over 100 million European subscribers.
I think it's quite a safe bet that no operator in China went that way by buying and outsourcing from/to Western companies.
[+] [-] dragonelite|5 years ago|reply
[+] [-] SSLy|5 years ago|reply
[+] [-] tguvot|5 years ago|reply
How much time and people it will take to AT&T to do all the work on it sown ?
[+] [-] BenoitP|5 years ago|reply
This is an outraging but very widely spread phenomenon. No industry is spared from the MBA hawks. Everything now is rent-seeking and moat building. Innovation has been packaged away and can only happen when the market makers say it can.
What can an engineer do about that?
[+] [-] quadrifoliate|5 years ago|reply
Lots!
- Name the companies in question
- Stop working for them, and start working for companies that favor engineering expertise
- As a consumer, advertise the good companies and call bullshit on the bad ones
- Raise awareness about these practices among your elected political representatives and their constituencies
If all of their skilled engineers leave, the bad company cannot run only on the basis of MBAs juggling balance sheets. Unfortunately most of my fellow engineers are far more likely to sit around blaming “the MBAs” over drinks than take any of the above actions.
[+] [-] elzbardico|5 years ago|reply
[+] [-] not1ofU|5 years ago|reply
Quote from the author: “Currently, the impact on real-world applications of this network slicing attack is only limited by the number of slices live in 5G networks globally. The risks, if this fundamental vulnerability in the design of 5G standards had gone undiscovered, are significant. Having brought this to the industry’s attention through the appropriate forums and processes, we are glad to be working with the operator and standards communities to highlight this issue and promote best practice going forward.”
PDF can be downloaded from here: https://info.adaptivemobile.com/5g-network-slicing-security
[+] [-] Semaphor|5 years ago|reply
How trustworthy is this? There seems to be a lot of inside information, where did they get it from? Does anyone have corroborating links? All article links are either general, or US specific.
[+] [-] g_p|5 years ago|reply
The sector is a pretty "closed shop" though, full of trade secrets and "proprietary" things. Underneath it all though, actually it's fairly simple once you get your head around it.
If you work closely with an operator, even as a client, you'll see examples of this - the number of people brought to meetings from the vendor, versus from the operator. Who answers the questions.
For a public example, see the Telefonica O2 outage in the UK (and Japan, I believe) due to an Ericsson certificate outage, and how much of a role Ericsson played in this. (https://www.theregister.com/2018/12/06/ericsson_o2_telefonic...)
Press releases also give bits and pieces away:
https://www.ericsson.com/en/press-releases/2019/11/orange-op...
https://www.mobileeurope.co.uk/press-wire/9588-three-uk-join...
Although they might not give the level of detail you're looking for, it should hopefully corroborate things.
[+] [-] ahubert|5 years ago|reply
[+] [-] throwaway-8c93|5 years ago|reply
The whole industry is in a deepening downward spiral. Outsourcing and subcontracting is rampant, layoffs left, right and center. The combination of non-functional requirements that would make even senior FAANG fellows dizzy - left to be done by stressed out graying veterans or naive greenhorns, who leave the industry after 2-3 years for 50-100% raises elsewhere for the same skillset. Due to the monopsony power of the large operators, the vendors barely break even on their deliveries. There's no institutional knowledge buildup, nobody to take up the baton after the veterans retire, the vendors gave up pretending they care about being a nice place to work. If you're a techie, stay away from the telecom industry.
[+] [-] mrweasel|5 years ago|reply
I’ve pointed it out in previous discussion that China doesn’t need back doors to western 4G/5G infrastructure, because it’s their people operating it.
But as with much other technologi our politicians are ignorant and forgetful.
[+] [-] carlosf|5 years ago|reply
> The host service provider often has no detailed insight in what is going on, and would have a hard time figuring this out through their remaining staff. Rampant outsourcing has meant that most local expertise has also left the company, willingly or unwillingly.
100% reflects my experience working in Huawei BR a few years ago. Carriers are mostly customer facing companies and very limited technically.
Our customer (million + subscribers BR carrier) often hadn't the slightest idea how their own network was built and worked.
Banning Huawei is absolutely impossible, at least in Brazil.
[+] [-] walrus01|5 years ago|reply
If you think this is bad in some place like the UK, you should see how ISPs and mobile network operators are set up in some countries in the developing world, where the vendor has fully captured the Telco as basically a hostage to its technical services.
This is what happens when you have a mixture of institutional corruption, kickbacks and bribes, lack of local technical resources to develop a domestic network engineering talent pool, and a vendor that knows how weak the client entity's negotiating position is.
[+] [-] Foivos|5 years ago|reply
Even to get some simple logs from a base station you need to either ask an Ericsson engineer or, worse, wait for the Telco employee with the relevant knowledge to find time to do it. Telco employees with such knowledge are very few compared to the amount of workload they have to do, so it is hard to get them to dedicate time to help you.
[+] [-] ng55QPSK|5 years ago|reply
[+] [-] lifeisstillgood|5 years ago|reply
the only light point in an otherwise depressing read
[+] [-] mmaunder|5 years ago|reply
Tech sovereignty has become such a thing. And the bad news is that we have lost. I’ll leave others to debate why, but we can’t manufacture our own chips, we cant make our own telco networks, and the cloud systems that provide back end services are almost lost.
The state of play here is dire for the US and it’s strategic partners. I’d say that surveillance is less worrying than the simple fact that a potential future adversary has an off switch for these things that they can toggle at will: no more chips, no more telco products and no more cloud services - now, let’s have that South China Sea conversation one more time...
[+] [-] rcarmo|5 years ago|reply
Before I "left" there was certainly a trend towards outsourcing and large "swaps" of radio gear (Nortel-Ericsson in my case, and Motorola-Huwawei at a direct competitor, to quote only two examples), but there was no way in $UNDERWORLD that we would let a vendor have direct access to our gear unsupervised (be it Cisco, Ericsson, whatever). Remote troubleshooting was possible, but usually via jump boxes and VNC (only very seldom we would let anyone VPN in, and even then it was only to sub-sections of the network). Nothing left our O&M network. Nothing came in, either, because upgrades were rolled out from internal servers.
And it is still very much the same thing today. Although there are outsourcers and vendors who work alongside core staff in my telco customers (like myself now), we don't have access to anything but lab or dev environments, and even then mostly with MFA and very stringent limitations.
Outsourced staff _does_ do field service of various kinds, and they do have access to base stations, DSLAMs and various other physical infrastructure, but that's usually done with (usually much cheaper) local technicians and not vendor staff. There are certifications for those.
The reality is that most telco services are being "automated out" and moved to virtualized stacks that are easier to manage. And yes, VoIP on the core (no more SS7 if anyone can help it) and Kubernetes everywhere...
But what I found to be really weird was the notion of outsourcing billing. Besides being a GDPR nightmare (and I'm in Europe, like the author, so I find it doubly unsettling), that was only done "off-prem" when all companies involved were in the same group (which was customary when fixed and mobile operators were separate). These days billing is, comparatively, greatly simplified (thanks to flat fees, real-time billing systems for prepaid and streamlined bundles), so the only data that actually leaves the BSS core goes to the (smaller and smaller) printing facilities.
So I would take it all with a massive dollop of salt.
[+] [-] tim333|5 years ago|reply
Talking of phone network security one thing that does piss me off is my phone company just transferred my phone number of 10 years to fraudsters who presumably called customer support with some sob story. You'd think they could have some standards to stop that like at least sending an email to your usual address saying "There's been transfer request - you good?"
[+] [-] spixy|5 years ago|reply
[+] [-] tguvot|5 years ago|reply
>Since the early 2000s at least, most billing has been outsourced. This works by sending all Call Detail Records (CDRs) to a third party, often from Israel or China. A CDR stores who called whom and for how long. More data might be attached, for example the location of the customer, or where the customer was roaming abroad etc.
Don't know about software from China, but the one that we sold doesn't send anything back to Israel. There are a lot of rules and restrictions upon CDRs and we had a bunch of training with regards to it. Everything is running on client site, usually on hardware deployed by us at their data centers and managed by dedicated team of people who relocate to live next to the client in order to provide 24/7 support of the systems on site
>Typical service providers have hundreds of thousands of network elements. Surprisingly perhaps, many of these are actually maintained manually (!). Thousands of networking engineers labour to keep all this infrastructure operating well.
This is a mix of half-truths and lies.
None of the operators have thousands of people to manually configure day-to-day network stuff. Operators have rather sophisticated automation systems (aka OSS) that deal with provision and configuration of everything in their networks. Or almost everything. Any given operator whose life span is a decade or two today has a boatload of equipment (thousands of different types of hardware from same amount of vendors). In many cases this equipment was bought and deployed 10 or 20+ years ago. Companies that made it do not exist for many years. This hardware can't be replaced with anything, because nobody does this type of systems anyway. Those systems tend to have proprietary interfaces and in many cases can be managed only through Element Manager which can be managed only manually through some ancient windows or java application.
>Meanwhile, modern large scale internet companies (like Google, Netflix, Facebook) have automated all such maintenance. Automation in this context means that no configuration states are edited manually but instead, entire networks get provisioned and configured from central templates.
>With such automation, small teams of engineers can control and operate vast networks with relative ease - especially if good use is made of continuous integration and real life testing.
I also worked for a while in one of FAANGS. They have it easy: all the hardware with modern with nice interfaces. You can actually automate it. Also their networks are much-much smaller compared to mid-sized telecom, much simpler and much more homogeneous. Automation that FAANG I worked for was a joke compared to automation systems that run telecom networks. My job was near network engineering team and during conversations they admitted that what they have is crap. I believe that at one point of time they considered to buy telecom level OSS system but bailed out because they couldn't get a source code .
[+] [-] SSLy|5 years ago|reply