Posted on November 2, 2019 at 12:16 PM
By now we have all accepted that states routinely spy on each other and their citizens. Indeed, spying serves to keep adversaries on their toes. It also makes them wary of misbehaving. But that doesn’t mean such spying is liked, even though we have all grown to think of it as an inescapable part of life.
Now, the Chinese government is the latest country to have been caught actively engaged in a spying operation. This happened when eagle-eyed staffers at FireEye Mandiant caught ahold of malware by the innocuous name of MessageTap. This malware served to keep tabs on some individuals the Chinese government deemed to be of great interest to it.
Tapping Into The Message
The MessageTap malware appears to have been created by APT41. It is a 64 bit ELF data miner that was found lodged within a Linux-based Short Message Service Center (SMSC) of an unidentified telecommunications company. The malware taps into the unencrypted messages sent between and among parties and reads this.
The operating principles of the malware are quite simple. First, it learns when text messages are sent. Then it digs through the message information to discover the identity of the sender and the recipient. This involves unearthing the International mobile subscriber identity information, as well as the phone numbers being used.
The MessageTap malware attributed to the Chinese government should not be thought of as a crude instrument that scoops up a large amount of irrelevant data. On the contrary, its makers have endowed it with some ingenious filters. These filters ensure that only messages that meet certain criteria or have specific keywords are captured.
Perhaps the most newsworthy detail of this all is that the filters in question base their search criteria on a couple of files. And inside these files are the identification information of specific people who for one reason or the other are under scrutiny by Chinese intelligence.
Examples of this according to FireEye include leaders of the military, political groups, and intelligence organizations. Other groups that do not see eye to eye with the Chinese government on certain issues also have their personnel covered on the list.
When people who meet the criteria set out in the filter send texts to others, it is saved and later sent to the attackers. Worth noting is that such malware attacks are becoming increasingly common. APT41, for example, appears to be ratcheting up the frequency and sophistication of its attacks. Just this year it is known to have targeted around 4 unrelated telecommunication groups around the world.
Attack And Prosper
Fortunately, some things can be done to prevent or ameliorate attacks like the one detailed above. The most important step is the implementation of encryption technologies by telecommunication groups. Such technologies make any intercepted information unreadable.
And what’s more, any company that regularly outputs sensitive data must have cybersecurity teams on their payroll. These will be tasked with preventing any attack, recognizing one when it does occur and working to inhibit the damage it might cause.