WikiLeaks: How the CIA tracks your exact location

New documents released by WikiLeaks detail how the CIA is able to locate you if you’re using any WiFi-enabled Windows PC or laptop.

The project, known as ELSA, infects a target Windows PC with malware. By using the device’s WiFi chip, the malware scans for all the nearby public WiFi networks and their strengths. This list is then cross-matched with the databases of WiFi networks held by the likes of Google and Microsoft to work out where the person is.

ELSA has likely grown more accurate with time

Where this strategy fails is when an infected PC doesn’t have WiFi or if no public signals are in range. Both of which, in today’s world, are quite unlikely scenarios.

The documents are dated back in 2013 and therefore mention targeting Windows 7 specifically, but it’s believed the method is simple enough that it’s likely the CIA has a variant for every version of the operating system.

After the location data has been generated by the CIA’s malware it’s encrypted and stored in preparation for an agent to decrypt it for use in operations. The documents also detail a removal process to ensure the CIA’s tracks are covered and undetectable.

Where this strategy fails is when an infected PC doesn’t have WiFi

The extent of the malware’s capabilities has not been disclosed but it likely has further control abilities once a PC has been infected. In theory, this could mean even if a WiFi adapter has been disabled it can still be reactivated for scanning.

Exploits hoarded by the NSA and CIA recently leaked and caused havoc across the globe. One exploit, EternalBlue, was used in the WannaCry ransomware which demanded bitcoin payments on infected PCs around the world – including vital health systems in the UK. WannaCry had potential links to North Korea.

For its part, ELSA has likely grown more accurate with time as the WiFi databases held by Google and Microsoft have improved and become more robust since 2013.

What are your thoughts on the latest revelations? Let us know in the comments.

GSMA claims mobile IoT initiative has ‘taken off’ after operator LPWA rollout

Several of the world’s leading mobile operators, including AT&T, China Telecom and Deutsche Telekom, have launched commercial rollouts of low power wide area (LPWA) networks, with the GSMA claiming its Mobile IoT Initiative has been a success.

The list of operators includes AT&T, China Mobile, China Unicom, China Telecom, Deutsche Telekom, Verizon and Vodafone.

The rollout programme is part of the GSMA Mobile IoT Initiative that encourages the market to take on licenced LPWA networks. In China, several key cities have seen the launch of NarrowBand IoT (NB-IoT) by China Mobile and China Unicom, whereas China Telecom deployed NB-IoT networks across the country. Vodafone introduced the NB-IoT in Spain and the Netherlands, with DT launching the technology in multiple German cities along with nationwide rollout in the Netherlands, while AT&T and Verizon have previously announced nationwide launches of LTE-M technology.

“It is clear that the market sees the benefit of adopting solutions that offers flexibility, security, lower costs, and cover all use cases, and we look forward to seeing other operators follow in the near future,” said Alex Sinclair, GSMA chief technology officer.

Along with these deployments, the GSMA also announced that its Mobile IoT Innovators programme, which is designed to encourage the development of new LPWA solutions, has reached over 500 members, underscoring the growth of the wider IoT ecosystem.

Gartner says China is at forefront in development of the LPWA market. According to the US-based research company, China is set to be the one to lead the LPWA markets by 2025, accounting for 486 million of the estimated 3.1 billion connections globally. It is also at the forefront in the global development of mobile IoT in terms of both network launches and a record number of ecosystem developer partners.

As part of the GSMA’s Mobile IoT Innovator community, China also leads the development of new innovative solutions based on Mobile IoT technology. Interestingly, among the 546 global companies currently developing new solutions based on Mobile IoT technology, more than 215 are from China alone.

Why the end of European roaming charges will spur new service innovation

After a protracted regulatory effort, the European Union has finally abolished mobile roaming charges. As of June 15, mobile network operators can no longer charge customers a premium for calling and using data while travelling in any of the 28 EU countries.

This is great news for European consumers, holidaymakers and business travellers who will not have to suffer “bill shock” when they return home. Mobile phone bills loaded with exorbitant roaming charges have a way of making the post-holiday blues worse and sending the corporate accounts department into conniptions. Indeed, EU policymakers have hailed the 10-year project to eliminate roaming charges as a true European success story.

But not everyone is celebrating. Mobile operators and mobile virtual network operators (MVNOs) are not exactly eager to raise a glass to regulatory intervention that directly impacts their revenue. From now on, the bill shock will be all theirs when they stare at the gaping hole in their turnover where roaming income used to be. At one point in the negotiating and lobbying process, the European Telecommunications Network Operators (ETNO) association claimed that abolishing roaming fees could wipe out some €7 billion in revenue across the industry by 2020. The extent of the impact on each operator will vary, of course, but all operators will certainly feel a pinch.

The new rules also come into effect at a time when levels of customer growth at some of Europe’s largest operators have slowed due to highly competitive market conditions. Squeezed by competitive and regulatory pressures, some have little room to manoeuvre. Their options are to find efficiencies to cut costs or raise prices to make up for roaming revenue shortfalls. Alternatively, a much better option is to respond by developing new revenue-generating services.

Operators and MVNOs have known regulated roaming cuts were coming for some time. In fact, they have had two years to prepare for this final phase of implementation. In anticipation, many operators started offering “roam-like-at-home” plans long before they were legally required to, which allowed them to differentiate and steal a march on rivals.

But now that all operators are required to charge the same for mobile services at home and abroad, operators need new ways to differentiate services. Without the worry of incurring roaming charges, subscribers will be more relaxed about using mobile data abroad and not as tempted to turn off data services, which gives operators the perfect opportunity to create compelling data services that their customers will value wherever they roam.

This is a good time for operators to consider IP-based services like Voice over LTE (VoLTE), Video over LTE (ViLTE) and Voice over Wi-Fi (VoWiFi) as part of their Network Functions Virtualization (NFV) strategy. These are essentially voice and video services that run over mobile data or Wi-Fi networks. But when coupled with NFV and cloud-native design principles, they also lay the foundation for other innovative services.

VoLTE and VoWiFi are sound foundations to build upon. VoWiFi ensures that good quality voice services will be available to subscribers even in places where cellular coverage is poor, such as inside homes and office buildings, while VoLTE provides better quality voice services and increases spectrum use efficiency. They are powered by the same core network elements deployed as scalable, cloud-native virtual network functions (VNFs) that allow operators to innovate and launch services quickly.

Once in place, the cloud-native VNFs that underpin VoWiFi and VoLTE services effectively become open platforms for migrating legacy services and creating new services, such as collaborative mobile unified communications for families, prosumers and small business owners. These are typically underserved market segments, but the service creation platforms enable operators to expand offerings to meet their needs. Such offers might include group chat functionality, support for multiple lines or multiple identities (i.e., personal and business) on the same device, or rich messaging services.

Thanks to the end of mobile roaming charges in Europe, the reliable, innovative services that subscribers are accustomed to in their home markets are no longer limited by country borders in Europe. Subscribers will likely use more mobile data services when travelling abroad from now on. When operators create excellent customer experiences, their subscribers will want to have it wherever they go.

By moving to open, programmable, all-IP networks that are built on highly scalable and cost-effective VNFs, operators can rapidly launch new services, increase market share and offset the loss of their roaming revenue.

Murdoch’s Sky takeover bid is referred to competition authorities

Media mogul Rupert Murdoch was dealt a blow today as culture secretary Karen Bradley announces decision to delay his Sky takeover bid and refer it to competition authorities.

Concerns have been raised about Murdoch’s grip on the media and the influence this can have on consumers if the coverage is not impartial or rounded with alternating views. Bradley told the Commons that UK telecoms regulator Ofcom concluded the deal would result in the Murdoch family having "increased influence" over the UK's news agenda and the political process.

Rupert Murdoch's 21st Century Fox is the company putting forward the bid. Fox’s news coverage topped US cable ratings last year for the first time and the company already owns 39 percent of Sky but is now looking for permission to undertake a full takeover.

"On the basis of Ofcom's assessment, I confirm that I am minded to refer to a phase two investigation on the grounds of media plurality," Bradley said.

This isn’t the first time Murdoch has attempted to take over Sky. The previous attempt was abandoned in the wake of the phone hacking scandal which involved publications belonging to Murdoch’s News International company and resulted in the closure of British newspaper News of the World.

Tom Watson, the shadow culture secretary, told the Commons undertakings from the Murdoch family were "not worth the newsprint they are written on" and lessons had not been learned from the phone-hacking scandal. He said it was clear the rules need to be reviewed, and if the current Conservative government won’t do that then “the next Labour government will.”

Bradley intends to submit the proposed takeover to a further 24-week inquiry by the Competition and Markets Authority. The EU Commission, for its part, authorised 21st Century Fox to buy Sky back in April.

What are your thoughts on the proposed takeover? Let us know in the comments.

SK Telecom conducts 5G trials using 3.5GHz technology by Samsung and Nokia

South Korean telecommunications giant SK Telecom has conducted 5G trials using 3.5GHz technology by Samsung and Nokia.

With 29.83 million mobile customers, SK Telecom is the largest operator in the nation. Looking to continue its lead, the operator is hoping to get the jump on its competitors when it comes to 5G deployment.

“With the successful demonstration of 5G communications using the 3.5GHz spectrum, SK Telecom has secured all key technologies for building commercial 5G networks using 3.5GHz and 28GHz frequency bands,” said Park Jin-hyo, Senior Vice President and Head of Network R&D Center of SK Telecom. “We will maintain our leadership in 5G by enhancing our technologies for both above-6GHz and below-6GHz frequencies, while playing an active role in the standardization and commercialization of 5G technologies.”

Samsung was tasked by SK Telecom to develop a 3.5GHz 5G network – comprised of 5G virtualized core, virtualized RAN, Distributed Unit (baseband unit and radio unit) and test device – based on the 3GPP 5G New Radio (5G NR) standards elements.

SK Telecom and Samsung completed their trial at Samsung Electronics’ R&D Center in Suwon, Korea.

“We achieved another milestone today, taking 5G in to the sub-6GHz spectrum for use cases and applications requiring wider area network coverage. The below 6GHz spectrum has been identified by the industry as ideal for enabling 5G services such as autonomous/connected car that require a wider area network,” said Park Dong-soo, Executive Vice President and Head of Global Sales & Marketing Team in Networks Business, Samsung Electronics. “Today’s trial with SK Telecom serves as a significant development in our collaborative efforts to accelerate 5G commercialization.”

In a separate trial, SK Telecom has partnered with Nokia to co-develop 5G base station equipment and test device for the 3.5GHz spectrum and successfully realized Gbps-level throughput during a field trial held near its Bundang Office Building through the application of carrier aggregation techniques to expand bandwidth.

“We are pleased to collaborate with SK Telecom on their journey towards 5G deployment. The 5G technology will enable a number of use cases such as critical machine-type communications, Internet of Things (IoT), Augmented Reality and Virtual Reality. This demonstration on 3.5GHz band is a crucial step in the development of 5G ecosystem as it will enable increased data speeds and comprehensive coverage. Nokia is committed in future technology advancement and our partnership with SK Telecom will accelerate the development of the global 5G ecosystem," said Andrew Cope, head of Nokia Korea.

Next on the agenda for SK Telecom and their partnership with Samsung and Nokia is to further enhance transmission speeds, expand coverage, and improve communication stability while on the move.

What are your thoughts about SK Telecom’s 5G trials using 3.5GHz spectrum? Let us know in the comments.

Leave your appliances behind: How to overcome challenges in moving to a cloud-centric network

Ecosystems, APIs, open source software, agile development, COTS servers, programmable network; these are some of the attributes of the cloud that service providers plan to leverage by using technologies such as software-defined networking (SDN) and network functions virtualization (NFV).

Service providers plan to move from closed appliances to open servers and software components. However, making this move requires a significant change in thinking, acting, and probably choice of suppliers. As a result, some service providers are still stuck operating appliance-based networks, even for innovative services such as software-defined WAN (SD-WAN).

Of course, I'm talking about appliances such as routers, firewalls and network interface devices. However, sophisticated service providers and customers are starting to realize that these network appliances are as out of place in the network as a toaster or blender. They want future-proofing in the form of programmability.

Not everyone is buying into this cloud-centric view of the network. I’ve been talking to a lot of people in major service providers as well as those in suppliers, and I’ve heard quite a few objections to a more open approach. Here are some of the most common, along with my response:

“Appliances are simpler and cheaper”

I hear this one a lot, especially when operators are looking at deploying a new service like SD-WAN. There’s a strong temptation to minimize the risk by going with an all-in-one solution from a single supplier. However, the perception of risk is misleading.

Going with an appliance may reduce some of the immediate risks, but it introduces a much larger future risk: that of having to rip and replace all of the deployed appliances. Doing so expensive, in terms of both money and time. Finally, deploying yet another appliance does not fit with the strategic vision of operators: moving to a programmable, software-centric network. Deploying more appliances is a bad idea on all fronts.

“It’s not an appliance – the design is open”

I often hear this position from suppliers, especially those that have added a computing blade to an appliance. The presence of an embedded processor does open the door to software-based innovation.

However, the design is still proprietary. Designing such a device into the network does not provide the benefits of a truly open and universal platform, such as universal CPE (uCPE).

It’s true that application-specific hardware is needed for certain applications. For example, we at ADVA Optical Networking provide some hybrid devices that combine a server blade with specific features such as low-latency forwarding, precision timing, and encryption. However, we don’t take the position that those features are always needed, and that a hardware-centric platform is the only way to deliver virtualized services. Our view is that you should pick the right tool for each application.

“Servers cost too much and can’t meet my performance requirements”

This objection used to be true, but not anymore. Processors have advanced tremendously in performance and cost, as has the software architecture of NFV. We at ADVA Ensemble have published performance results for software-centric multi-vendor systems that show the suitability of open systems for advanced services.

“It’s open – as long as it all comes from me”

Suppliers don’t actually say this in so many words. In many cases, it’s the bottom line once you get behind the smoke and mirrors of their positioning. They will cite their use of an NFV-based architecture, but then require you to use their pre-approved software or onboarding services. That’s not what operators wanted from NFV.

A much better approach is to embrace openness and multi-vendor solutions. That’s what Verizon did with their uCPE architecture – they insisted on a variety of suppliers, with no supplier providing more than one layer of the solution. In this way, Verizon has ensured the long-term viability of their architecture.

Embrace the future – move to a cloud-centric vision

The only way to achieve your strategic vision of a programmable network and cloud-centric services is to stop wasting time and money on appliances. Technologies like SDN and NFV are here now, and the progress in performance and deployability of uCPE provides a workable deployment model today. Step into the future, and leave your appliances behind.

Exploring the online payment fraud prevention market

The convenience and global reach made possible by online channels has led to the development of a broad set of digital eCommerce services. However, the accessibility of the Internet and the ability to commit fraud remotely creates an environment for cyber criminals to prosper.

Meanwhile, the potential attack surface for miscreants is enormous -- about 94 billion transactions were made for remote goods purchases in 2016, which is only a fraction of the total eCommerce landscape.

That said, advanced security measures are increasingly being implemented to protect against fraud carried out at physical locations. It's for these reasons that fraudsters have developed, and are continually developing, new methods to illegally siphon cash over the Internet.

Online payment protection market development

Juniper Research has found that retailers stand to lose $71 billion globally from fraudulent Card-Not-Present (CNP) transactions over the next five years. Their latest worldwide market study found that a number of factors - such as the shift to EMV cards, delays in 3DS 2.0 (3D-Secure) and click-and-collect fraud - were key drivers behind the rise.

Many merchants still believe that eliminating all fraud is too expensive. Therefore, they've been unprepared to deal with the shift to online fraud following the introduction of EMV (CHIP and signature) payment cards in the United States.

A cost analysis of fraud detection and prevention (FDP) solutions found that in most instances, merchants would receive value from their protection investment. Juniper has urged vendors across the value-chain to increase their efforts in educating merchants on the benefits of FDP.

According to the Juniper assessment, fraudulent CNP physical goods sales will reach $14.8 billion annually in 2022. It argued that click-and-collect services were particularly vulnerable given the lack of a residential delivery address. But retailers are reluctant to impose rigorous ID checks on pick-up for fear of damaging the consumer experience and reducing conversion rates.

Outlook for enhanced protection technology

The research predicted that three key battlegrounds would emerge in the fight against fraud in 2018. It cited machine learning as a key tool in identifying genuine users, while the shift to mobile eCommerce would rely on 3DS 2.0 and biometrics.

"2018 will herald the arrival of new tools in the fight against fraud," said Steffen Sorrell, senior analyst at Juniper Research. "3DS 2.0 will finally begin to rollout and will mark a paradigm shift in terms of merchants and issuers leveraging shared data. We also expect passive biometrics, such as the manner in which a device is handled, to become key in the future."

Arcep says 5G services could be launched in France by 2018

Arcep, the communications regulator in France, has suggested 5G services could launch in France in 2018 after publishing responses to its public consultation.

The authority wishes to begin frequency allocations in the 3.5 GHz and 2.6 GHz bands this year “to satisfy the urgent needs that were expressed regarding fixed superfast internet access and professional mobile radio services.”

Arcep also expressed a desire to ‘immediately’ prepare the launch of 5G mobile networks in the 3.4-3.8 GHz band, making ‘the vast majority’ of the band available to market players.

Going with the public consultation, Arcep will upgrade professional mobile radio (PMR) networks, between the 2.5 and 2.6 GHz, to superfast systems, as well as using a portion of 3.5 GHz band frequencies to upgrade wireless local loop (WLL) networks to superfast.

The list of parties which responded to the consultation represent something of a who’s who of telecoms, from the GSMA, to Ericsson to Huawei, Nokia, and Orange. The latter has been involved with the middle three in trialling 5G technology in France, saying at the time of the Huawei partnership in February that “preparing network evolution from 4G to 5G is key for Orange”, while also being noted by research firm Analysys Mason earlier this month as having a high market share in France but a relatively low rate of customer churn.

Arcep aims to contact each player with a license in the 3.4 to 3.8 GHz band ‘without delay’, and has cited Grenoble, Le Havre, Lille, Lyon, Nantes and Saint Etienne as cities where the initial 5G trials could be undertaken. “Arcep wants to allow any players that so request to be able to conduct 5G trials rapidly,” the regulator wrote.

You can read a synopsis of the consultation here.

Australia joins ‘Five Eyes’ partner UK in calls for weaker encryption

UK Prime Minister Theresa May has been vocal in her calls for weaker encryption, but Australia is adding its voice ahead of a meeting of the ‘Five Eyes’ intelligence alliance.

Taking a similar stance to the UK, Australia wants to clamp down on terrorists using the ‘cyberspace’ for propaganda, recruitment, and organising attacks. Cybersecurity experts have criticised the calls as the deliberate weakening of encryption could leave organisations and individuals more vulnerable to attack from malicious parties.

"The use by terrorists of cyberspace is an issue of critical concern to intelligence and law enforcement agencies," said Australian Attorney-General George Brandis in a statement ahead of the conference. "Australia will lead the discussion of ways to address this issue; in particular the involvement of industry in thwarting the encryption of terrorist messaging."

Australia and the UK are part of the Five Eyes intelligence alliance which also includes the UK, Canada, and New Zealand. Leaders and officials will be heading to Ottawa this week to discuss how intelligence gathering must evolve to deal with modern threats.

The EU is planning to force companies such as Facebook to provide data to law enforcement. 

Last year, the FBI clashed horns with Apple over the agency’s requests for the iPhone manufacturer to unlock the smartphone of San Bernardino terrorist Syed Farook. This is just one example of a case which is driving the argument for tech companies to provide easier access for authorities to conduct surveillance.

"We cannot continue to allow terrorists and extremists to use the internet and the big social media and messaging platforms – most of which are hosted in the United States I should say – to spread their poison," says Australian Prime Minister Malcolm Turnbull. "The rule of law must prevail everywhere online as well as it does today in the analogue, offline world.”

In the face of the global threat of terrorism, Australia and the UK are not the only countries seeking wider surveillance powers and more stringent policing of online content. Across Europe – which has faced many terror attacks – the EU is planning to force companies such as Facebook to provide data to law enforcement. If this is not deemed efficient, it too will call for authorities to have ‘backdoor’ direct access to data for apps which operate in member states.

Back in the UK, telecoms companies already have ‘records available at the click of a mouse,’ according to an investigation by The Guardian. A further draft proposal (PDF) leaked last month to digital activists at the Open Rights Group highlights plans for near real-time access to data “in an intelligible form” without “electronic protection”.

What are your thoughts on the calls for weaker encryption? Let us know in the comments.

Keys to the kingdom: how CSPs can unlock the value of their data

In today’s digital landscape, organisations are increasingly aware that they have huge volumes of data that could deliver value but is often sitting unused. This is particularly true in the context of Communication Service Providers (CSPs); global footprints, constant mergers and acquisitions, and day-to-day operations have led to unprecedented volumes of data, including structured (device, subscriber, network, transaction etc.), open (weather, geography, etc.), and unstructured data (call & messaging content, sensor data, buying behavior, etc.).

Unlocking this data promises huge benefits for CSPs, yet to date, many have struggled to do so. Now is the time to act. As telco business become increasingly commoditised, CSPs need to find new ways to generate revenues and create new services, and data could be the key differentiator that gives them the keys to the kingdom.

Big data opportunities

Managing the huge volumes of complex data is becoming a serious challenge for CSPs. Yet if they are able to leverage customer and network data, they will be able to make better-informed decisions and achieve market prominence through cross-industry offerings. Adopting a data monetisation approach not only helps CSPs get meaningful business insights, but can also help generate new revenue opportunities too, particularly:

  • Enhancing the customer experience and improving ARPU: Leveraging a data monetisation platform, CSPs can employ real-time analytics, providing dynamic customer data, including spend analysis, viewing patterns, personal preferences, geo-location analytics. This lets them understand and build cross sell/up sell opportunities and map customer journeys to provide customised, contextual and tailor-made offers to their customers, thus, improving customer experience as well as ARPU (average revenue per user).
  • Optimising CapEx and OpEx: Data monetisation can also help optimise capital and operational expenditures through efficient management of networks, improving network management, network planning, traffic prioritisation and predictive maintenance. Using this platform, service providers can analyse their network usage and available capacity and either optimise it and onboard either new customers or offer more products/services on the same network.
  • Improving topline revenue: Data can be integrated with cross-vertical industries through digital ecosystems, data aggregation, and third party platforms. Service providers hold a huge amount of customer data, including customer location, usage, devices choices and preferences. They can build a platform for other brands/industries to push services and offerings to their large customer-base.

Getting it right

If it were simple though, then everyone would do it. Big data projects have the ability to spiral out of control if not properly managed, resulting in ever-expanding resource consumption and costs. Therefore if CSPs are serious about capitalising on the data opportunity ahead they need to get control of their data:

  • Align your data strategy: To understand and realise the endless possibilities that data monetisation offers, it is crucial to have an organisational data strategy in place. Organisations need to understand what they want to achieve, how they want to go about it, and where the data is. They need to have their strategy, roadmap and governance structures effectively aligned in order to best use their data.
  • Build a data lake: CSPs need to aggregate their data from various sources (structured and unstructured) to build a suitable data lake, taking into consideration factors such as data integrity, quality, frequency, and correlation to obtain these insights. CSPs then need to expose the API layer to various stakeholders such as suppliers, partners, customers and employees and build innovative services on-top.
  • Monetise data: Working alongside partner channels, CSPs need to provide cross-vertical integration with third party platforms to align their product and services to their end customers.
  • Security: While a data monetisation platform provides numerous opportunities for CSPs to cross-integrate and monetise data, it also raises security/privacy concerns. As real-time customer data is very sensitive, integrating it with third party platforms has the potential to breach regulatory policy around privacy and data usage. Hence, CSPs need to make sure that any data monetisation platform they deploy doesn’t compromise local regulatory standards.

Data plays a critical role in digital transformation and it is now of central importance to the roles of today’s Chief Digital Officers, CMOs and CIOs, as they look to engage with customers more effectively, offer new products and services, while at the same time reduce CapEx/OpEx.

While a number of CSPs have already kicked-off data monetisation initiatives, moving forward more and more will see data monetisation plans as a core strategic initiative and we should expect this trend to gather significant pace in the near future. Those that don’t, could find themselves left out in the data winter.

Do you have any further advice on how CSPs can unlock the value of their data? Let us know in the comments.