"Key Findings:

- Multi-Vector Surveillance: We identified actors using multiple techniques to track targets by combining 3G and 4G signalling network protocols with direct device exploitation via SMS.
SIM Card Exploitation: One campaign sent a malicious SMS containing hidden SIM card commands to extract location information, attempting to turn the device into a covert tracking beacon.
- Sophisticated and Customized Tooling: Both actors used customized surveillance tooling to spoof operator identities, manipulate signalling protocols, and steer traffic through specific interconnect network paths to evade defenses and mask attribution.
- Global Network Infrastructure: The attacks leveraged identifiers and infrastructure associated with operators worldwide, including networks based in the UK, Israel, China, Thailand, Sweden, Italy, Liechtenstein, Cambodia, Mozambique, Uganda, Rwanda, Poland, Switzerland, Morocco, Namibia, Lesotho, and the self-governing Island of Jersey, demonstrating extensive global reach.
- Persistent Campaign Activity: Telemetry shared by mobile signalling security provider Cellusys reveals that operator identifiers were reused over multiple years, forming consistent clusters that enabled long-running surveillance operations.
- Weak Intercarrier Provider OPSEC: Weak screening of interconnect traffic allowed attackers to route surveillance messages through trusted operator pathways, enabling access to targeted networks."

https://citizenlab.ca/research/uncovering-global-telecom-exploitation-by-covert-surveillance-actors/

#Surveillance #CyberSecurity #BigTelco

In the specific case of Portugal, broadband (both fixed and mobile) is becoming very cheap: 7€ a month for a 500 Mbps connection and 8€ a month for 5G access with 100 GB of data included. Although it could even be cheaper if there were other options for users with less demanding needs...

"By Frontier's own calculations, it could have made an extra $10 billion by investing in fiber rollouts, but it chose not to make that money, because the stock analysts at institutional investment funds would punish any telco that committed to capital expenditures with long-term payouts. Since Frontier's execs were mostly paid in stock, they decided not to risk a drop in their personal net worth, and so they left ten billion on the table and millions of customers stuck on 19th century copper-line infrastructure – technology that dated back to Samuel Morse and the telegraph.

Frontier was especially interested in customers who had no alternatives – no cable or fixed wireless companies that could offer competition for Frontier's own terrible service. These customers were booked as an "asset" and their connections were earmarked for substandard maintenance and slow upgrades. The old Lily Tomlin gag goes, "We don't care, we don't have to, we're the phone company." But Frontier really cared about the customers who had no alternative – they cared about royally fucking those customers.

Ladies and gentlemen, behold the marvel that is the efficient free market!

Municipal fiber is a godsend. It's fast, cheap and reliable, and it is an engine for economic development. Of course, the Trump administration is running away from municipal fiber – indeed, from all fiber – as fast as it can, because every fiber installation competes with Elon Musk's satellite based internet service, Skylink:"

https://pluralistic.net/2025/10/03/we-dont-care-we-dont-have-to/#were-the-phone-company

#USA #Fiber #Broadband #MunicipalFiber #Starlink #Oligopolies #BigTelco

"When the Chinese hacker group known as Salt Typhoon was revealed last fall to have deeply penetrated major US telecommunications companies—ultimately breaching no fewer than nine of the phone carriers and accessing Americans' texts and calls in real time—that hacking campaign was treated as a four-alarm fire by the US government. Yet even after those hackers' high-profile exposure, they've continued their spree of breaking into telecom networks worldwide, including more in the US.

Researchers at cybersecurity firm Recorded Future on Wednesday night revealed in a report that they've seen Salt Typhoon breach five telecoms and internet service providers around the world, as well as more than a dozen universities from Utah to Vietnam, all between December and January. The telecoms include one US internet service provider and telecom firm and another US-based subsidiary of a UK telecom, according to the company's analysts, though they declined to name those victims to WIRED."

https://www.wired.com/story/chinas-salt-typhoon-spies-are-still-hacking-telecoms-now-by-exploiting-cisco-routers/

#CyberSecurity #China #SaltTyphoon #StateHacking #USA #BigTelco #Hacking

"Last week, the Sixth U.S. Circuit Court of Appeals ruled against the FCC, rejecting its authority to classify broadband as a Title II “telecommunications service.” In doing so, the court removed net neutrality protections for all Americans and took away the FCC’s ability to meaningfully regulate internet service providers.

This ruling fundamentally gets wrong the reality of internet service we all live with every day. Nearly 80% of Americans view broadband access to be as important as water and electricity. It is no longer an extra, non-necessary “information service,” as it was seen 40 years ago, but it is a vital medium of communication in everyday life. Business, health services, education, entertainment, our social lives, and more have increasingly moved online. By ruling that broadband “information service” and not a “telecommunications service” this court is saying that the ISPs that control your broadband access will continue to face little to no oversight for their actions.

This is intolerable."

https://www.eff.org/deeplinks/2025/01/sixth-circuit-rules-against-net-neutrality-eff-will-continue-fight

#USA #NetNeutrality #FCC #DigitalDivide #BigTelco

"Having your data tracked in 2025 seems like an inevitability. Regardless of whether you're using an iPhone or Android phone, your carrier is likely gathering all sorts of data about how, where and when you use your cellphone.

Last year T-Mobile quietly began rolling out a new tracking method called "profiling and automated decisions." Spotted by Reddit users and The Mobile Report, the new option is enabled by default. While the company says it isn't using the information it gleans from such tracking today, it could be used later on for "future decisions that produce legal or similarly significant effects about you."

But the self-proclaimed "un-carrier" isn't alone. All three major US wireless providers collect data; here's what they gather and how you can turn it off. It's also worth noting that some of this you should want to keep on, particularly identity verification.

While we're focusing on the three main wireless carriers that make up a bulk of the US wireless market, it is likely smaller providers and even home internet services are engaging in similar collections. Heading to an account's profile or privacy page should help you figure out what is being collected and how you can adjust it.

We recommend checking this regularly just to make sure that you're aware of any changes the carriers may have made or new methods of collection they may have added."

https://www.cnet.com/tech/mobile/data-privacy-your-carrier-knows-a-lot-about-you-heres-how-to-take-back-control/

#USA #BigTelco #Surveillance #Privacy #CyberSecurity #DataProtection

"In her remarks, Neuberger confirmed that nine telecommunications providers were impacted by the breaches, adding one more firm to the eight she acknowledged earlier this month. She noted that guidance was given to key U.S. telecommunications firms early on — a “hunting guide” and a “hardening guide” — that detailed Chinese hacking methods and allowed companies to “look for those techniques in their networks and call for help if they discover it.” This led to the determination that a ninth telco provider had been impacted by the same Salt Typhoon breach, alongside Lumen Technologies, AT&T, Verizon and others.

It’s unclear if the Chinese hackers have been fully evicted from all of the U.S. telecommunications networks. Earlier this month, Neuberger said that none of the providers have managed to oust the Chinese hackers from their networks, an assertion that some of the providers, including Lumen and AT&T, have refuted.

Neuberger explained that once Chinese hackers infiltrated telecommunication networks, they essentially had “broad and full access” to American data, which allowed them to “geolocate millions of individuals” and “record phone calls at will.”"

https://www.politico.com/news/2024/12/27/chinese-hackers-telco-access-00196082

#CyberSecurity #China #SaltTyphoon #USA #BigTelco #StateHacking

Why should tech companies pay for the infrastructure work that #BigTelco companies should be doing? This is just #RentSeeking behavior.

https://www.reuters.com/technology/italy-moves-ensure-big-tech-share-costs-telecom-networks-rollout-2024-10-21/

#Italy #Rentism #BigTech

#USA #China #CyberSecurity #Surveillance #Encryption #BackDoors #BigTelco #Privacy: "That’s right: the path for law enforcement access set up by these companies was apparently compromised and used by China-backed hackers. That path was likely created to facilitate smooth compliance with wrong-headed laws like CALEA, which require telecommunications companies to facilitate “lawful intercepts”—in other words, wiretaps and other orders by law enforcement and national security agencies. While this is a terrible outcome for user privacy, and for U.S. government intelligence and law enforcement, it is not surprising.

The idea that only authorized government agencies would ever use these channels for acquiring user data was always risky and flawed. We’ve seen this before: in a notorious case in 2004 and 2005, more than 100 top officials in the Greek government were illegally surveilled for a period of ten months when unknown parties broke into Greece’s “lawful access” program. In 2024, with growing numbers of sophisticated state-sponsored hacking groups operating, it’s almost inevitable that these types of damaging breaches occur. The system of special law enforcement access that was set up for the “good guys” isn’t making us safer; it’s a dangerous security flaw."

https://www.eff.org/deeplinks/2024/10/salt-typhoon-hack-shows-theres-no-security-backdoor-thats-only-good-guys