Logo of Phnom Penh Post newspaper Phnom Penh Post - Hacks a ‘wakeup call’ to telecom security weaknesses: gov’t



Hacks a ‘wakeup call’ to telecom security weaknesses: gov’t

Ministry of Posts and Telecommunications official Kan Chanmeta speaks to the news media following a meeting on potential hacks of government sites. Supplied
Ministry of Posts and Telecommunications official Kan Chanmeta speaks to the news media following a meeting on potential hacks of government sites. Supplied

Hacks a ‘wakeup call’ to telecom security weaknesses: gov’t

Telecommunications officials have raised the possibility that a series of hacks against government officials and ministries could have been so-called SS7 attacks, a recently discovered hacking method that involves taking over a person’s cellphone number.

At a meeting with Cambodian cell companies on Tuesday, officials said the hacking attempts began last September and intensified in January as the political situation became increasingly tense.

According to telecommunications officials, hackers attempted to take over the websites of the National Election Commission, the Ministry of Rural Development, the Ministry of Posts and Telecommunications, and the Facebook pages of “leaders”, whom it did not identify.

Describing the attacks a “wakeup call”, Ministry of Posts and Telecommunications Secretary of State Kan Chanmeta asked all telecom operators in Cambodia to check their SS7 vulnerabilities “to prove that all are secure”.

Chanmeta stressed that officials were not sure whether the hackers were exploiting the security weakness, but noted that most of the recent attacks involved hacking into text messages – a hallmark of SS7.

Hackers discovered the Signalling System No7 (SS7) vulnerability in 2014. By exploiting the outdated global technology that connects mobile networks, hackers can essentially take over cellphone numbers, allowing them to listen to calls, read text messages and potentially access a user’s social media accounts.

High-profile hacks of government officials, such as the breach of the Facebook messages of lawmaker Hun Many last month and those of the text messages of cabinet ministers and wealthy tycoons last year, have perplexed the government.

Phnom Penh-based cybersecurity consultant Niklas Femerstrand said the fact that the recent hacks centred on hacking into mobile phones points to them being SS7 attacks.

“It’s too widespread and coordinated to be guessed passwords, and Facebook’s password policy doesn’t allow such weak ones,” Femerstrand said.

Because of the sophistication and expense of such hacks, he said the attackers are likely to be a foreign government or a rogue telecommunications company or employee. “Someone can start speculating whether it’s China or Russia or Cambodia itself,” he said. “The list of possible suspects is pretty long with these.”

Both Cellcard and Smart, however, were less certain.

In an email, Soksophany Lim, Cellcard's chief information officer, said he did not believe that recent hacks of “our esteemed public figures” were related to SS7, and said they were more likely to be simple phishing hacks.

At the meeting, Cellcard IT Director Bunnet Som said the ministry should educate users on the dangers of linking their social media accounts to their cellphone numbers rather than pushing telecommunications operators to buy SS7 protection.

“When users understand the issue and are able to prevent the issue in advance, it will be a good solution with a lower cost, rather than . . . buying a solution that is too old or that we need a lot of money to secure,” he said.

Meanwhile, Smart spokesman Jonathan Yap said in an email that such hacks “can be attributable to many reasons”.

However, Yap also noted that Smart parent company Axiata has already deployed SS7 protection measures.

Karsten Nohl, a prominent Berlin-based SS7 expert who was the first to uncover the vulnerability, said government investigators should be able to use process of elimination to figure out whether a hacker exploited SS7.

If the hacked device does not have viruses and the social media account in question was accessed by an unknown device via text message, that lends credibility to the theory that it was an SS7 attack, Nohl said.

In addition to foreign governments, bad actors at telecommunications companies or individual criminal hackers trying to drain peoples’ bank accounts could also be suspects, Nohl said. “There isn’t a clearly defined group of SS7 attackers,” he said.

“The question is was anybody interested in having that kind of access . . . Most likely, they want to know what messages they’re exchanging privately. They may have a public page, but they may be messaging privately.”

Nohl pushed telecommunications companies to install protection against SS7 vulnerabilities, noting that commercially available solutions run in the range of $100,000 to $300,000.

“It’s up to the mobile networks to put in protections,” Nohl said. “Some have already done it, some are trying and some have not even started yet.”

MOST VIEWED

  • Would you like fries with that? US burger chain makes Phnom Penh debut

    California-based The Habit Burger Grill restaurant chain is all set to serve up a delicious array of charbroiled burgers and sides at its newest international location in the centre of Phnom Penh. The Habit is “renowned for its award-winning Charburgers grilled over an open flame,

  • Phnom Penh underpass opens to ease traffic

    Prime Minister Hun Sen has announced a temporary opening of the 488m underpass at the Chaom Chao roundabout in Phnom Penh’s Por Sen Chey district, which was recently completed to connect traffic from National Road 4 to Russian Federation Blvd. The move is to reduce

  • ‘No chance Cambodia booted out of ASEAN’

    A group of former and current Cambodian diplomats on Tuesday fired back at retired Singaporean diplomat Bihalari Kausikan after he proposed that ASEAN dismiss Cambodia and Laos from the bloc. In an open letter, the Cambodian diplomats said Kausikan’s remarks were made from a

  • Woman seeks answers after arrest of American partner

    Filipina Lalaine de Guzman, 48, is demanding answers for the detention of her American partner by Cambodian immigration officers after he was arrested at their home almost 90 days ago. She said without an arrest warrant or proffering any criminal charges, Stephen Sidney Greatsinger, 56, is being detained

  • Banteay Meanchey flood victims receive aid

    Prime Minister Hun Sen on Wednesday provided aid to more than 10,000 families affected by flooding in Banteay Meanchey province’s Mongkol Borei district and offered his condolences to the 18 victims who drowned in the province over the past week. He said flooding had occured in

  • PM urges caution as Polish man tests positive for Covid

    The Ministry of Health on Wednesday reported that a 47-year-old Polish man tested positive for Covid-19 after arriving in Cambodia on Monday. There are a total of six Covid-19 patients currently in the country, all of whom are being treated at the Khmer-Soviet Friendship Hospital