Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label telecoms. Show all posts
telecoms
Cyber Security Elon Musk Internet Service Providers National Security regulatory measures Satellite Starlink telecoms

Concerns Over Starlink in India: Potential Risks to National Security


As Starlink, Elon Musk’s satellite internet service, prepares to enter India’s broadband market, think tank Kutniti Foundation has raised significant concerns about its potential risks to India’s national security. A report cited by PTI claims Starlink’s close ties with U.S. intelligence and military agencies could make it a threat to India’s interests. The foundation described Starlink as “a wolf in sheep’s clothing,” alleging that its dual-use technology serves American governmental agendas. Unlike traditional telecom networks operating under Indian jurisdiction, Starlink’s global satellite system bypasses local control, granting operational authority to U.S.-based entities. 

Kutniti suggests this could allow for activities such as surveillance or other strategic operations without oversight from India. The report also highlights that Starlink’s key clients include U.S. intelligence and military organizations, positioning it within what the foundation calls the U.S. “intel-military-industrial complex.” India’s Communications Minister Jyotiraditya Scindia recently addressed these concerns, stating that Starlink must meet all regulatory and security requirements before its services can be approved. He confirmed that the government will only consider granting a license once the platform fully complies with the country’s safety standards for satellite broadband.  

Kutniti’s report also examines the broader implications of Starlink’s operations, emphasizing how its ownership and infrastructure could support U.S. strategic objectives. The foundation referenced U.S. laws that prioritize national interests in partnerships with private enterprises, suggesting this could undermine the sovereignty of nations relying on Starlink’s technology. The think tank further criticized the role of Musk’s ventures in geopolitical scenarios, pointing to Starlink’s refusal to assist a Ukrainian military operation against Russia as an example of its influence. 

Additionally, Kutniti noted Musk’s association with Palantir Technologies, a firm known for intelligence collaborations, as evidence of the platform’s involvement in sensitive political matters. Highlighting incidents in countries like Brazil, Ukraine, and Iran, Kutniti argued that Starlink’s operations have, at times, bypassed local governance and democratic norms. The report warns that the satellite network could serve as a tool for U.S. geopolitical leverage, further cementing American dominance in space and global communications. 

India’s careful consideration of Starlink reflects a broader need to balance the benefits of cutting-edge technology with national security concerns. Kutniti’s findings underscore the risks of integrating foreign-controlled networks, especially those with potential geopolitical implications, in an increasingly complex global landscape.
Read more »
telecoms
Cybersecurity GPRS roaming networks GTPDOOR Linux Malware malware telecoms

Linux Malware GTPDOOR Exploits GPRS Roaming Networks to Target Telecom Companies

 

Security analysts have uncovered a fresh Linux malware named GTPDOOR, intended for deployment within telecom networks adjacent to GPRS roaming exchanges (GRX). What distinguishes this malware is its utilization of the GPRS Tunnelling Protocol (GTP) for commanding and controlling operations.

GPRS roaming enables subscribers to access their services even outside their home mobile network's coverage area. This is facilitated through a GRX, which facilitates roaming traffic via GTP between the visited and home Public Land Mobile Networks (PLMN). 

Security expert haxrob, who stumbled upon two GTPDOOR artifacts uploaded to VirusTotal originating from China and Italy, suggests that this backdoor is likely linked to a known threat actor identified as LightBasin (also known as UNC1945). 

CrowdStrike previously disclosed this actor in October 2021 for a series of attacks targeting the telecom sector to pilfer subscriber data and call metadata.

Upon execution, GTPDOOR initially alters its process name to '[syslog]', mimicking syslog invoked from the kernel, and opens a raw socket to enable the implant to receive UDP messages through the network interfaces. E

Essentially, GTPDOOR enables a threat actor with established persistence on the roaming exchange network to communicate with a compromised host by dispatching GTP-C Echo Request messages carrying a malicious payload.

These GTP-C Echo Request messages serve as a conduit for transmitting commands to execute on the infected system and relaying results back to the remote host. Furthermore, GTPDOOR can be discreetly probed from an external network by sending a TCP packet to any port number. If the implant is active, it returns a crafted empty TCP packet along with information on whether the destination port was open or responsive on the host.

According to the researcher, GTPDOOR appears tailored to reside on compromised hosts directly linked to the GRX network, which are the systems communicating with other telecommunication operator networks via GRX.
Read more »
Subscribe to: Posts (Atom)