Login
iscover
BlackBerry’s VP of Secure Communications unpacks current Chinese telecommunications espionage campaigns, and what China’s next level of grey zone escalation may look like.
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
Defence Connect: We’re curious about what you're seeing at the moment when it comes to the actions of Chinese hackers and Chinese threat groups and the fact that they're targeting the smartphones of politicians, particularly in the United States – that seems pretty brazen. What do you think they are trying to achieve, and how are they going about it?
David Wiseman: This is actually, in my view, an extremely differentiated and serious attack that they’ve got underway.
I think the key to this is they're not actually attacking the phones – they're attacking the network. According to CISA – that's the US Cyber Security Agency – they've actually embedded malware into all the major telephone networks in the United States: Verizon, T Mobile, AT&T and auxiliary ones, so it seems. And the latest information is, it seems like they've been in there for over a year, and they're able to actually track specific individual numbers, listen to voice calls, read text messages.
So what do I think they're doing? They seem to – from what's been published so far – they seem to have been, during the election period, targeting senior political people, which kind of makes sense, but they also seem to have been really focused on the list of numbers that that the FBI had tapping warrants for – so they're listening in on what the FBI is listening into.
They know that they have, you know, court warrants to tap the numbers for counter-espionage operations. So part of the supposition here is that they're actually trying to find out which of their agents the US is aware of.
That's probably the long-term aspect, but coupled with the nearer term aspect of tracking particular US individuals, in this case, political people. But that could easily be business leaders, military people as well.
We’ve talked before about the importance of metadata, who communicates with whom, and stuff at a high level; I think they're trying to build out those knowledge trees, those communication patterns, and how they are evolving. Who's connected to whom? And particularly when you start to have a change of government, the players change, right?
And then I think the second aspect of it is now not only can they look at that data, but they have actual access to the communications themselves. I think if you're going to monitor communications, if you try to do it at too large a scale, you're going to, you know, your cover is going to get blown pretty fast. So I think that that's why they were pretty selective on who they actually listened to. You don't want to enter too much overhead into the environment.
Defence Connect: We’re talking real grey zone warfare stuff, here, aren’t we?
David Wiseman: Oh, totally.
I mean, countries have, even since there were carrier pigeons, they've tried to intercept communications. The difference here is that now it's more real-time. It's totally real-time. It's combined with some of the stuff we're seeing, like AI processing, where you now have the ability, if you can listen into a voice call, if you can listen into messaging, and you know how people talk to each other, then you can build very convincing deep fakes very quickly.
You can take things like spoofing attacks and you can make them even more effective, because if you and I have been exchanging messages a lot over the past day, you're going to be very open to the idea that I might send you another message, and your guard is going to be down, right? So, unlike the carrier pigeon days, now, they can actually initiate a kind of a real-time reaction, a real-time response from the recipient.
So I think that's a new level in the game.
Defence Connect: How do we go about stopping that kind of network snooping?
David Wiseman: I'm going to talk about from a government perspective, government communications, not every resident.
And I think the key is, one, you have to encrypt those communications. So the data that's come out is with these embedded systems in the networks, if the data is encrypted, they're not able to listen to it or not able to read the messages. So that’s end-to-end encryption, because you have to assume your networks are compromised – whatever you put through there, it's got to be strongly protected.
The second part, though, is this whole metadata topic, because this identity spoofing becomes even more dangerous, and you combine it with AI and deep fakes, and maybe you actually embed that model into the networks. You don't have to send the data home. It becomes harder to detect. So protection of that metadata is probably even more important than protection of an individual communication that you have with the content and communication.
And then the third, which I've alluded to a couple of times here, is the identity. And how do you really trust identity anymore in this type of environment? You basically need to for official government communications, for sensitive information, and it doesn't have to be secret. It could just be general sensitive information. “Hey, we're planning a meeting on such and such a topic,” and then, if somebody gets that, it seems like it's not that important, but that could actually enable them to then put some additional activities in place to capture more valuable information during that meeting.
I think having kind of a dedicated government communication ban that's going to run through these untrusted public networks is really important, and it's got to be something the government has control over. There's things like WhatsApp and Signal and things like that, but the government doesn't own and control the metadata. The government doesn't own and control the identities, and people can publicly register, so I think it's a combination of that end-to-end encryption, the protection of the metadata so even the carriers can't see it, and the continual validation of identities of the participants in the communications that are key.
But the most important thing is all that needs to be in some type of communication system the government actually has control and sovereignty over.
Defence Connect: Is there another endpoint to this espionage activity? IT sounds like it's all very much reconnaissance and tracking at this point, but what comes next?
David Wiseman: Just on China, because I want to talk about their capabilities, and that's one example.
I think the first level is: collect information, get smarter. Next level up is to use this ability to generate specific outcomes. And here’s a couple of examples of that. One could be leaking information out of context on social media. You take something, let's say that it's a conversation among some government folks, and they're kind of just doing, “what if” type scenarios, and that’s taken out of context, like it’s something that’s really going to happen.
And that really wasn't the discussion; it was “if this occurred, how might we respond?”
Then it could be more like… Imagine a situation where all of a sudden we're going to generate a mass set of text messages, since we're in the network, sent out to the population that says, “hey, there's a bomb coming,” or there's a “shelter in place” warning, because there's this whole new parasite that's out there. You could invoke a public citizen panic type of thing.
To my mind, they’re the typical kind of next-level escalations we might expect.
