Security Challenges to Telecommunication Networks

2015 INTERNATIONAL CONFERENCE ON CYBERSPACE GOVERNANCE - CYBERABUJA2015

NOVEMBER 4 - 7, 2015

Security Challenges to Telecommunication Networks: An Overview of Threats and Preventive Strategies Agubor C. K., Chukwudebe G. A. and Nosiri, O. C. Department of Electrical and Electronic Engineering Federal University of Technology Owerri, Nigeria.

[email protected]

Abstract - Security challenges to telecommunication networks have been a matter of concern to the international community within the last two decades. Telecommunication infrastructure that provides the necessary backbone for information exchange such as voice, video, data, and Internet connectivity have been found to be particularly vulnerable to various forms of attacks. Some of these attacks could lead to denial of service, loss of integrity and confidentiality of network services. Protecting these networks from attacks is thus an important aspect that cannot be ignored. This paper highlights some of the important security challenges to current telecommunication networks and recommends countermeasures that can be implemented to mitigate not only infrastructural insecurity but also the risk from cyber-attacks. One of which is security by default that aims at designing systems that can repair themselves when breaches are detected. Keywords – cybersecurity; cyberattack; hacking; telecommunication infrastructure; cybercrime.

I.

INTRODUCTION

Telecommunication network worldwide is a mix of both circuit and packet based technology. The Public Switched Telephone Network (PSTN) makes use of circuit-switched technology and is rapidly being replaced by mobile wireless network technology. The wireless network technology is a packet-based switching technology. PSTN infrastructure is made up of digital switches, cables such as coaxial, surface and submarine optic fibre cables for long distance transmission, terrestrial microwave and communication satellite links. This technology was primarily developed as a network for voice signals. The major limitation of this network driven by circuit-switched technology was its inability to handle the ever growing demand for video and data services. The availability of such technologies like digital subscriber line (DSL), Integrated Service Digital Network (ISDN) and Dial-up service for Internet connectivity did not provide the expected solution.

The solution to the high demand for video and data services was provided by the advent of wireless mobile technologies. As a driven packet-based switching technology, it provided the type of network suitable for triple-play communications (i.e. voice, data and video) [1]. This technology unlike the circuit-switched based technology is suitable for the transmission of voice, data and video information. The wireless mobile evolved from 2G for voice and short message services (SMS) to 3G systems with General Packet for Radio Service (GPRS), Enhance Data for Global Evolution (EDGE) and High Speed Packet Access (HSPA) designed for larger volume of data transmission and now to 4G. The 3G and 4G networks are based on the Internet Protocol (IP) and are expected to reshape the current structure of the telecommunication system [2]. Telecommunication networks from a global point of view present a convergence of several technologies – PSTN, 2G, 3G and 4G with vital network components. These components are Access network, Core network, Application and Management Network, Internal and External Networks [3]. The interconnection interface due to this convergence of different technologies exposes the entire network to intruders and increases the potential for attacks caused by virus, worms such as Code-Red, Sasser and malicious software [4]. Such attacks may be from either internal or external sources. In such cases any part of the telecommunication network is vulnerable including the radio path of the access and core networks. Attacks on one telecommunication operator’s network could also spread to multiple networks over the interconnection interfaces [3]. This highlights the possibility of intruders gaining access to their targets irrespective of the geographical location of the remote terminal.

124


In view of the increasing rate of attacks and the impact on the economy whenever it occurs, a review of the prevalent attacks and recommended mitigations for developing countries are presented in this paper.

II.

CLASSIFICATION OF ATTACKS

Attacks related to telecommunication infrastructure may be carried out by various attackers with malicious intent and without any good reason for carrying out such attacks. In some cases their actions may be driven by the desire to cause total communication failure or generate illegal profits. Attacks or threats on telecommunication infrastructure can be classified as shown in Fig. 1. Telecoms Threats/Attacks

Terror attacks

Technological

Criminal

General

Threats

Attacks

Threats

Fig. 1. Classification of threats/attacks on Telecoms assets.

A. Terror Attacks Attacks capable of causing serious disruption of network services can be of any form. One form is as a result of military conflicts. Certain military conflicts lead to the physical destruction of telecommunication installations and is done as a deliberate military strategy especially by terrorists. This is true in regions that have or are still experiencing one form of military conflict or the other. In [5], Nigeria, India, Iraq, Syria, Nepal and Columbia were mentioned as countries that have experienced telecommunication infrastructural destruction due to insurgency or military conflicts. For example, in 2012 alone, Boko Haram (a terror group) in Nigeria destroyed or damaged about 530 base stations and killed staff, causing an estimated $132.5 million in damage. Such funds could have been used to further develop or expand telecommunication networks in Africa’s largest economy. In Afghanistan between 2001 and 2013, at least 300 telecommunication towers were destroyed by the Taliban [5]. In both cases, transmission towers and outdoor equipment were targeted and destroyed. The decision by terrorists to target infrastructure is probably based on the extent to which they perceive the telecommunication operators as undermining their security through call tracing to the benefit of government forces. Also, Maoist a terror group in India has forced mobile service providers to avoid setting up new base stations in remote areas as a result of several attacks in recent years on


telecommunication towers. This has put most parts of the affected areas into a ‘zero-network. In Syria and Iraq, telecommunication towers and other outdoor equipment have been regularly targeted by insurgents. In Nepal, during the ten-year civil war (1999 2009), hundreds of towers and outdoor equipment were attacked and destroyed by Maoists. FARC rebels, another terror group in Colombia have an extended history of destroying telecommunication towers with explosives. It is a deliberate military strategy for rebel or terrorist groups to target and destroy telecoms asset. Their main objective of carrying out such physical destructions of assets is often associated with their potential role in assisting states in tracking terrorist planning and movement [5]. B. Technological Threats Apart from physical attacks leading to the destruction of assets, technological threats can be seen as another form of telecommunication threats. This involves threats ensuing from the technologies themselves. Such threats are mainly associated with the corporate clientele of telecommunication companies. In some cases the threat or attack may lead to large financial losses. An example is a long non-disconnected call. Such a threat is associated with private branch exchanges used by various companies and organizations. In this case what can happen is that a subjectively terminated call may not be properly disconnected by the private branch exchange, or may still be on- hold without the consent or knowledge of the participant [6]. Such a call, because it is not terminated may actually remain “connected” for a number of days. In the event of an international call this could result in a major loss of revenue. C. Criminal Attacks This is another form of attack that involves the use of various technological means for malicious intent. In this case the activities of the players cover the use of various manipulative means to carryout traditional frauds. These types of attacks present a risk for both the telecommunication companies and their customers. Criminal attacks can be classified as shown in Fig. 2.

125


Criminal Attacks Telecommunication cable splicing, PABX hacking, etc.

Computer Related Attacks

Fig. 2. Classification of criminal attacks. Splicing into telecommunication cabling is an act of gaining unauthorized access to telecommunication network. The main purpose of such action is to make illegal connections. This is a problem encountered in regions where PSTN with fixed line network is still operational. Characteristically, fixed line network contains hundreds of kilometres of copper cabling linking the telephone exchanges with the subscribers. This makes it extremely costly and almost physically impossible to reliably and efficiently secure these cables from unwanted and unauthorized interference.


by the supplier or use an inadequate password. Many PABX can and do have administrator access via a data network. The act of taking control of such a branch exchange is a case of traditional computer hacking. In computer-related attacks, the telecommunication infrastructure network be it fixed line, wireless or a mix of both networks provides the platform for the perpetration of this form of attacks via computer links. These attacks are alternatively referred to as computer crime, cyber crime, e-crime, electronic crime, or hi-tech crime [6]. Computer crime is an act performed by a knowledgeable computer user. This crime unlike terror attacks does not lead to physical destruction of infrastructure but involves the stealing of a company's or individual’s private information. The player in this act is sometimes referred to as a hacker. In some cases, this person or group of individuals may be malicious and destroy or otherwise corrupt the computer or data files. Examples of computer crimes are [7]:   

Due to its vulnerability to abuse, criminals mechanically splice into the cabling and are then able to connect and make calls free of charge resulting to high billing of a customer whose line was illegally and unfortunately used. Public phones, where available are frequent targets of these kinds of attacks. In this case the telecommunication operator is at risk due to loss of revenue. In most cases splicing into cabling enables the player to gain access to the network with an intention to commit a more sophisticated criminal act.



Hacking of Private Branch Exchanges (PABX) is a dangerous form of criminality as well. Modern branch exchanges are special communication equipment for private use with a large number of functions. This equipment requires trained service personnel for its administration and allow for remote administrator access over the telephone network. This access for administrative purposes over the telephone is a stumbling block [6], because there are illegal operators who scan telephone number ranges and look for such access.



After locating the access, these operators then try to hack into this access. This is made easier by the fact that many administrators retain the default password pre-set



  

   

Creating Malware - Writing, creating, or distributing malware (e.g. spyware and viruses) Cyber terrorism – Hacking or Computer intrusion, threats and blackmailing of a person or business... Denial of Service Attack - Overloading a system with so many requests so that it cannot serve normal requests. Espionage - Spying on a person or organization’s activities. Harvesting - Collecting accounts or other account related information of other people. Identity theft - Pretending to be someone you are not. Fraud - Manipulating data for the purpose of committing a crime, e.g. changing financial records to enable someone steal or transfer money to an account. Spamming - Distributing unsolicited e-mails to hundreds of different addresses. Intellectual property theft - Stealing of another person’s or companies intellectual property. Wiretapping - Connecting a device to a phone line to enable one listens to or monitors another person’s conversations. Phishing - Deceiving individuals to gain private or personal information about them. Salami slicing - Stealing tiny amounts of money from each financial transaction made. Spoofing - Deceiving a system into thinking you are someone who in reality you are not.

126




Unauthorized access - Gaining access to systems you are no authority or have no permission to access.

D. General Threats/Attacks This involves players like special government agencies. It is a form of hacktivism with nation-state sponsorship [8]. Three different cases used to illustrate the nature of such attacks in [9] are: Case No 1: Government agencies are increasingly attacking telecommunication operators’ infrastructure and applications to establish covert surveillance. Very Advanced Persistent Threats (APT) is used. With APT, sophisticated actors carrying out covert surveillance and can operate undetected for long periods of time. Communication channels targeted for covert surveillance include phone lines, online chat, mobile phone data, etc. Covert surveillance in the form of cyber attack may be between nations. There have been cases where one nation’s cyber-attack prevented another nation’s leaders from communicating on their mobile devices. Case No 2: Given that telecommunication companies control critical infrastructure, any shutdown has great impact on the economy. For example, during severe petroleum product crisis in Nigeria mid-2015, the telecommunication companies were affected because they run on diesel generators, consequently, banks and various organizations could not sustain their regular services. Case No 3: Customer data is another important and high impact target. It is the tradition of Telecommunication organizations to register their numerous customers. By so doing they typically store personal information about all of their customers such as names, addresses and financial data. This sensitive data becomes a compelling target for cyber-criminals or insiders, whose aim may be to steal money, conduct identity theft, blackmail customers, or launch any other form of attack A stolen laptop may not be taken as a serious case. It is one of the several ways of information loss. Of course in every sector, laptops can be lost or stolen. The problem however, tends to be worse in telecommunication sector because their employees often serve customers as part of a call center or help desk function and may have large amounts of sensitive customer data stored in their laptops. The theft of such a piece of equipment may put several individuals or the company at great risk. One critical threat unique to the telecommunications sector is the attack of leased infrastructure equipment,


such as home routers from Internet Service Providers (ISPs). Once the equipment has been compromised, it becomes possible for hackers to steal data, launch other attacks, store infiltrated data, or access expensive services such as international phone calls. In order to avoid upsetting their customers, telecommunication companies generally refund any charge associated with such malicious attacks. This often results to significant loss of revenue to the organization. In Table 1, various forms of attacks or threats and their likely outcomes are summarized. Table I: Threats and likely outcomes [2]. Attacks/Threats Unauthorised physical access to switching equipment, telecommunication cable and other critical network infrastructure, e.g. Authentication Centre (AuC), Home Location Register (HLR) and Visitor Location Register (VLR). Interception of voice traffic due to absence of encryption for speech channels and inadequate authentication in PSTN networks. Use of modified mobile stations to exploit weaknesses in the authentication of messages received over the radio interface. Deployment of malicious applications on devices like smart phones and Tablets. Compromise of the AuC or SIM used for storing the shared secret for the challenge-response mechanism. Intrusions into the operator’s networks

Gaining access to network databases containing customer information.

Outcome Destruction or theft of information and equipment, interception or monitoring of the network traffic.

Unauthorized access telecommunication network traffic.

to

Spoofing of user deregistration and location update requests, leading to unreliable service. Use of these compromised devices to target the operator’s network. Identity theft (intruders masquerading as legitimate users). Unauthorised changes to the users’ service profiles resulting to unreliable service and fraud. Destruction or alteration of personal and confidential data.

III. RECOMMENDATIONS A. Telecommunication Network Security The required technology must be put in place to safeguard critical telecommunication infrastructure and assets. In regions where there are military conflicts with high rate of terror attacks, telecommunication outdoor infrastructure like towers, radio equipment and power generating sets should be sited on safer areas not likely to be attacked by insurgents. This is necessary to avoid physical destruction of installed equipment. It may also be necessary to have mutual agreement between government

127


security agencies and network providers on ways of securing key telecommunication installations. B. Operations Security (OPSEC) OPSEC focuses on preventing the leakage of vital information or security procedures concerning an organization to the outside world. It is concerned with refining operational procedures and workflows to increase the security properties of an organization. For example, an organization may restrict what employees post on their Facebook pages or other social media especially when such issues are about the organization’s security procedures which are not meant for public consumption. C. Security by Default Organizations or companies should develop a systematic method of preventing or fighting attacks in their establishment. Staff should frequently be trained and examined for compliance. Appropriate computer resources should be used to enforce security in a systematic way before they occur. Security by default focuses on three themes [10]:   

Prevention or designing systems that is harder to hack. Resilience or designing systems that can offer secure transactions even after they have been compromised. Regeneration or designing systems that can automatically repair themselves when breaches are detected.

D. Criminalization of Cybercrime In relation to cybercrime, the Cybercrime Convention of the Council of Europe called for eight offenses to be criminalized. These offences are [11]:  Illegal interception  Data interference  System interference  Misuse of devices  Computer-related forgery  Computer-related fraud  Offenses related to child pornography,  Offenses related to infringement of copyright and related rights. Legislation should be given for all these offences where there are none so as to deter prospective criminals. E. Restriction to sensitive areas Telecommunications spaces, pathways and equipment rooms should be secured and treated as restricted zones. Access to these areas should be monitored, controlled and limited to authorized and properly security-cleared persons only. Methods such as installation of Electronic


Access Controls (EAC), mechanical combination locksets or deadbolts, should be used to control access [12]. A list of persons authorized to access these sensitive areas or spaces should be maintained to avoid unauthorized entry. The organization should also maintain a control log for security audit purposes. F. Security infrastructure implementation Important policies and processes adopted by an organization should be supported by a security infrastructure that includes multiple security layers as in “Defense-in-Depth” approach [3]. This strategy allows for different layers of security such that the compromise of one security layer alone does not expose the network to attacks. Some of the security measures that can be deployed across the various layers are:  Interference and tamper-proof cabling infrastructure.  Close Circuit Television (CCTV) and security guards monitoring of the operator’s premises.  Physical access control mechanisms like smartcard and biometric readers.  Firewalls at the network perimeter for publicly accessible systems  Host and network-based Intrusion Detection/Protection Systems (IDPS).  Security Information and Event Management (SIEM) systems for handling of security events and logs that are generated by multiple systems.  Malware management by using antivirus, antispyware technologies on internal systems and mail servers.  Secure application development practices  Carrying out security checks on the telecommunication equipment, perimeters, critical network components and applications.  Encryption and data masking techniques for both data at rest and transit.  Security awareness

IV.

CONCLUSION

Telecommunications infrastructure is a big target for cyber-attacks. This is because they build, control and operate critical networks that are widely used to communicate and store large amounts of sensitive data. Telecommunication network from a global point of view is a mix of both fixed and mobile phone networks which provides the traditional access for computer related crimes or cybercrimes e.g. phishing, hacking, spoofing, etc, to be perpetuated. The attacks may cause damage such as sensitive information being leaked and security documents exposed which may put both individuals and the affected

128



organizations at risk. The paper has suggested some preventive measures that can be implemented as a way of fighting or preventing cybercrime.

REFERENCES [1] M. Sif & L. Newell, Optimizing Broadband Aggregation Networks for Tripple Play Services, Alcatel Telecommunications Review, 4th Quarter, 2004. [2] Convergence and Next Generation Networks, Ministerial Background Report (OECD), 2007. [3] Tata Consultancy Services Limited, 2012. Available from World Wide Web: http://www.tcs.com) [Accessed 11th August, 2015]. [4] J-L. Ronarch. M. See & J. Smith. Security Solutions for a Mobile Enterprise Workforce, Alcatel Telecommunications Review, 1st Quarter 2006. [5], Williswire 2015, Available from World WideWeb:http:/www.willis.com/2014/10/threats-totelecommunications-operators [Accessed 11th August, 2015]. [6] Available from World Wide Web: www.securtyrevue.com [Accessed 5th August,2015]. [7] Computer crime – Available from World Wide Web: www.computerhope.com [Accessed 10th August, 2015]. [8] Cyber in sight, Available from World Wide Web: www.surfacewatchlabs.com [Accessed 5th August, 2015]. [9] Telecoms Cyber intelligence centre. Available from World Wide Web: www.cyberintelligencecentre.com/news/global-cyberexecutive-briefing/telco.aspx [Accessed 5th August, 2015].

[10] H. Shrobe, Available from World Wide Web: www.Cybersecurity@CSAIL): [Accessed 5th August 2015]. [11] B. Fujiwara, “Cyber Security Threats and Countermeasures,” Available from World Wide Web:http://www.gbd-e.org/ig/cs[Accessed 28th August, 2015]. [12] Security Implications of the Integrated Telecommunications Infrastructure, Available from World Wide Web: http://www.tpsgc-pwgsc.gc.ca [Accessed 28th August, 2015].

129