cyber attack Photo:VCG

A report released by a Chinese industry alliance exposed the US intelligent agencies' surveillance and data theft activities targeting global mobile smart terminals and communications. Whether they are high-value targets such as government officials and technical experts or ordinary people, all could potentially become subjects of intelligence-gathering operations by US intelligence agencies, according to the report.

The China Cybersecurity Industry Alliance (CCIA) released a report on Tuesday titled "Mobile Cyberattacks Conducted by US Intelligence Agencies." An expert told the Global Times that the report aggregates analytical research from global security researchers, academic institutions, and international cybersecurity firms, including Chinese cybersecurity companies, on US cyberattack operations. 

When asked to comment on a report released by the China Cybersecurity Industry Alliance disclosing the US cyberattacks, wiretapping and data theft activities targeting global mobile smart terminals, mobile supply chains, operators and others, Chinese Foreign Ministry spokesperson Guo Jiakun said on Tuesday that China has taken note of the relevant report. According to the report, the US government has abused its monopolistic advantage in the upstream of the information technology and production and supply chain to carry out large-scale and prolonged malicious cyber activities on a global scale, targeting cell phones and even the entire ecosystem of the mobile industry, which can be said to be pervasive and omnipresent.

It is worth noting that the report reveals that the US is the main country in the world conducting cyberattacks through supply chain and mobile operators, Guo said. Over the years, the US has been accustomed to playing the trick of "a thief crying 'stop the thief'" on the issue of supply chain security, manipulating double standards, and tirelessly hyping up the so-called 5G supply chain security issue.

Also, it has been working in concert with its own major Internet companies or equipment suppliers to pre-install backdoors in global information equipment products in order to serve its own cyberattack activities. He said that it is believed this report will help the international community recognize the true face of the US.

"We are seriously concerned about the malicious cyber activities of the US side exposed in the report, and urged the US side to immediately stop the relevant actions, especially to stop using the global supply chain to implement malicious cyber activities, and give the world an explanation in a responsible manner," Guo added.

In 11 chapters, the report thoroughly exposes how the US intelligence agencies relentlessly target global mobile smart terminals and communication systems to build comprehensive attack and penetration capabilities. 

They have penetrated every corner of network products such as SIM cards, firmware and operating systems, data interfaces such as USB cables, Wi-Fi, Bluetooth, cellular networks and GPS, the data centers of major internet and IT vendors, and even the entire mobile industry ecosystem, the report revealed.

These intelligence agencies extensively steal personnel data, account credentials, device information, communication links, and geolocation data. These large-scale and long-term eavesdropping and theft activities on global mobile smart terminals have seriously endangered the cybersecurity and national security of countries around the world.

The 2023 Facts and Figures report released by the International Telecommunications Union in November 2023 shows that the mobile phone ownership rate among the global population aged 10 and above is 78 percent, and the coverage of mobile broadband with 3G and above in the total global population is 95 percent.

Compared with traditional PCs, mobile smart terminals such as cell phones have more network security exposure and attackable surfaces, and are also coveted by US intelligence agencies and targeted for key attacks.

The report concludes that US intelligence agencies conduct cyberattacks against mobile phone users by exploiting vulnerabilities in SIM cards, mobile operating systems, and apps, as well as deploying customized Trojans or commercial spyware. Their attack scenarios target mobile terminals, mobile network communication equipment, telecom operators, and other related systems.

Xiao Xinguang, Chairman of the CCIA, said that US attacks exploiting SIM card vulnerabilities enable their attacks to bypass mobile operating systems and device brands. US cyberattacks not only directly target smartphones themselves but also launch pre-positioned strikes against the smartphone supply chain. For instance, by infiltrating SIM card manufacturers to steal encryption keys, US side can rapidly decrypt and reconstruct communication data.

The US has also established attack footholds by targeting operators' network equipment. It developed the "Quantum System" to attack internet-connected devices such as mobile phones and PCs, enabling Trojan injections by introducing temporary data traffic during key targets' online activities. According to an analysis report by cybersecurity vendor Antiy, US side exploited vulnerabilities in the Safari browser through this "Quantum System" to deliver Trojan to specific individuals' iPhones.

The report concludes that whether they are terminal devices or backbone lines, whether they are high-value targets such as technical experts and government officials or ordinary people, they may all become targets of the US intelligence agencies' intelligence activities.

The report specifically exposes the dark practices of US intelligence agencies stealing data from iPhone users. The iOS platform, a mobile operating system developed by Apple, powers devices like iPhones, iPads, and iPod touches. It includes Apple-exclusive features such as iMessage, an instant messaging service developed by Apple that supports sending and receiving texts, images, videos, documents, and more. 

However, such services have become tools exploited by US intelligence agencies. By leveraging vulnerabilities in these services, the agencies send exploit codes to iPhone users through services like iMessage, implanting attack Trojans to achieve long-term data theft from mobile devices.

The report cites a report by cybersecurity company Kaspersky, showing that the "zero-click" attack carried out by US intelligence agencies refers to the fact that the implantation into the targeted mobile device can be completed without any interaction from the mobile phone user during the entire attack process. 

"Zero-click" attacks do not require the user to perform any action on the phone, including clicking a link or opening a file. As long as the mobile phone user receives the relevant content, the malware can be automatically implanted into the mobile phone.

In addition, the US intelligence agencies have further strengthened their surveillance and intelligence acquisition capabilities in the area of mobile networks through the use and control of commercial spyware. For example, through the use of the Israeli spyware "Pegasus," the US has carried out wiretapping on a number of heads of state and political figures, including those of France and Pakistan.

The report also reveals the IRRITANT HORN project, which is part of the US' vast cyber intelligence operations system, and the technology that supports its theft and wiretapping activities on mobile smart terminals around the world. 

In particular, the "Network Tradecraft Advancement Team (NTAT)" established by the intelligence agencies of the Five Eyes countries is looking for ways to enter the servers of mobile application stores, and also targets user data collected by Chinese APP software or internet platforms to realize secondary access. 

For example, a cell phone browser that is widely used in China uploads the user's phone number, SIM card number, and device information to the server. This facilitates the theft of Chinese users' information by the IRRITANT HORN program. 

With regard to the significance of this report, Xiao said that the US intelligence agencies are like a "giant vulture" spying on the world. It has a large number of established cyber-attack teams, a huge support engineering system and a standardized attack equipment arsenal, and relies on systematic operating procedures and manuals to carry out operations, and this "vulture" is still in the process of continuous enhancement and evolution.

"Only by capturing their attack activities and samples, and analyzing their operating mechanisms, can we enhance relevant protection capabilities in a targeted manner. For Chinese cybersecurity technicians, this is not a lonely battle. For a long time, global researchers, academic institutions, and have done a lot of work to uncover the true face of this giant vulture," Xiao said.

This report and the Alliance's report "Review of Cyberattacks from US Intelligence Agencies- Based on Global Cybersecurity Communities' Analyses" released in 2023 have similar purposes, and there is a need for global netizens to have a comprehensive understanding of the threats that the US intelligence agencies pose to the world.