ArchiveOODA OriginalSecurity and Resiliency

The New Normal? Unique New Responses to Massive, Global Cyber Theft, Data Breach and Espionage Activities (Part 1 of 3)

In our News Analysis, which is blasted out daily as part of the OODA Loop Daily Pulse Report, we make sure to cover cyber incidents:  ransomware, cryptocurrency theft, major cyber intrusions and data breaches, and cyber-espionage activities between nation-states and unilateral non-state actor attacks, amongst others that make the daily editorial cut.

Recent headlines point to a new ‘right-sizing” in the scale, severity, and/or sophistication of responses (legal, fiduciary, corporate, and citizen-led) to some of the more spectacular cyber incidents of the last few months. Following is a brief breakdown of three big recent headlines.

Syniverse’s marketing video describing the company’s raw SMS global data routing infrastructure

The Syniverse Hack

We first covered the massive Syniverse Hack in early October when the company experienced a market yin and yang: a positive news story that dated back to the August announcement of   “Telecoms firm Syniverse to go public via $2.85 billion blank check deal, followed by the “bad press” revelation that Syniverse, the company that routes billions of text messages, quietly said it was hacked.

If you are not familiar with Syniverse, it is one of those companies that once you know about it, you are shocked they do not get more coverage or attention – and you share it with friends, family, and anyone who will listen.  Company brand awareness aside, you at the very least need to know about the hack of the billions of text messages that the company routes.  Syniverse, described by Vice Cyber as one of the “largest global telecom infrastructure companies that is hugely important behind the scenes,” pushes and pulls a shockingly vast amount of raw SMS data and accompanying metadata between major international players like  AT&T, T-Mobile, Verizon, Vodafone, and China Mobile.

The company processes more than 740 billion text messages every year and has “direct connections” to more than 300 mobile operators around the world, according to its official website.  “In a nutshell, Syniverse may be the most important company you’ve never heard of,” Syniverse CEO Andrew Davis said in a conference call on August 17, according to a transcript of the call filed with the SEC. “We are the trusted neutral intermediary and central nervous system that keeps devices, data traffic, and messages flowing seamlessly and securely across the globe.”

Syniverse is the major global infrastructure exchange hub that enables seamless mobile interoperability for mobile customers between the telecom carriers’ physical infrastructure.  It is B2B and has no end customer touchpoints, which is why you just do not hear about the company.  Unfortunately for them, they have a customer touchpoint now – as the hack hit more than 235 of their clients (some reports say the number is much, much higher) and millions of mobile phone users worldwide.  Suffice it to say, it is never a good thing to impact negatively your customer’s customer on a massive global scale.

When we first reported the story, what was notable was the strange back-to-back timing of the IPO deal and the revelation of the data breach.  The timing of the news was not coincidental at all.  Unlike the usual manner in which we hear about a major data breach (the dataset is made available on a site like WikiLeaks or companies publicly reveal a breach through a press release), Syniverse ‘quietly’ revealed the details of this breach only because of the full disclosure required by the U.S. Securities and Exchange Commission (SEC) filing in the run-up to their IPO.

A Five-year Breach and Billions of Text Messages

According to the SEC filing, Syniverse revealed that an unknown “individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (EDT) environment was compromised for approximately 235 of its customers.”  Further information revealed via the SEC filing:

  • 95 of the top 100 mobile carriers in the world, including the big three in the U.S. and major international carriers such as Telefonica and America Movil, are Syniverse customers;
  • The company discovered the breach in May 2021, but that the hack began in May of 2016.  The system had been penetrated for five years.
  • The company reset all customer passwords as an initial mitigation effort following the hack.

Vice Motherboard also reported that “a former Syniverse employee who worked on the EDT systems told Motherboard that those systems have information on all types of call records…whoever hacked Syniverse could have had access to metadata such as length and cost, caller and receiver’s numbers, the location of the parties in the call, as well as the content of SMS text messages.”

The Potential Class Action Suit by U..S. Cellular Customers

This story was clearly unique and troubling from the start.  The plot thickens, however, as a recent response to the breach by affected cellular users is also remarkable.  In what looks like the beginnings of the type of consumer legal action we may start to see with regularity in the aftermath of a cyber theft incidence and become an incentive structure (at the very least, an initial wake-up call) for other global IT companies to start tightening up their cybersecurity efforts.

The most recent headline about the Syniverse Hack reads US Citizens Sue Company That Processes Billions of Texts For Exposing Their Data and reveals that “a group of three and another group of four cellphone users living across the U.S. filed two lawsuits against Syniverse, accusing it of being negligent in protecting their data, such as call records, call locations, and text messages. Both groups of plaintiffs argue that these lawsuits should be considered a class action including all individuals in the U.S. impacted by the Syniverse data breach.”

Vice Tech Reporter Lorenzo Franceschi-Bicchierai reports “Both lawsuits, one filed on October 5 and the other on October 7, accuse Syniverse of failing to secure sensitive personal data of millions of individuals, according to the complaints. In the second lawsuit, the plaintiffs accused Syniverse of being careless in securing cellphone customers’ data, and failing to notify victims of the data breach.”

According to the plaintiffs in the second complaint:  “Syniverse could have prevented this Data Breach by properly securing and encrypting the [Personal Identifying Information] of Plaintiffs and Class Members. Syniverse’s negligence in safeguarding Plaintiffs’ and Class Members’ PII is bewildering given the repeated warnings and alerts about the need to protect and secure sensitive data. At all relevant times, Syniverse knew, or reasonably should have known, of the importance of safeguarding the PII of Plaintiffs and Class Members.”

In the forthcoming Part II and Part III of this series of posts, we will breakdown a cryptocurrency payout to users after a significant cyber theft – and a Fortune 100 response to a nation-state actors cyber espionage activity, which may represent American tech companies newfound willingness to play the equivalent role for the U.S. government of the pervasive, global non-state actors that execute cyber activity (with plausible deniability) on behalf of nation-states like Russia and North Korea (all with the broad “behavioral latitudes” of the underground economy).

Further Reading

For Part II of this series – The BitMart Cryptocurrency Heist – see The New Normal? Unique New Responses to Massive, Global Cyber Theft, Data Breach and Espionage Activities (Part 2 of 3)

Part III in the series –  The Microsoft NICKEL Domain Seizures

Related Reading:

Black Swans and Gray Rhinos

Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis

Cybersecurity Sensemaking: Strategic intelligence to inform your decisionmaking

The OODA leadership and analysts have decades of experience in understanding and mitigating cybersecurity threats and apply this real-world practitioner knowledge in our research and reporting. This page on the site is a repository of the best of our actionable research as well as a news stream of our daily reporting on cybersecurity threats and mitigation measures. See: Cybersecurity Sensemaking

Corporate Sensemaking: Establishing an Intelligent Enterprise

OODA’s leadership and analysts have decades of direct experience helping organizations improve their ability to make sense of their current environment and assess the best courses of action for success going forward. This includes helping establish competitive intelligence and corporate intelligence capabilities. Our special series on the Intelligent Enterprise highlights research and reports that can accelerate any organization along its journey to optimized intelligence. See: Corporate Sensemaking

Artificial Intelligence Sensemaking: Take advantage of this megatrend for competitive advantage

This page serves as a dynamic resource for OODA Network members looking for Artificial Intelligence information to drive their decision-making process. This includes a special guide for executives seeking to make the most of AI in their enterprise. See: Artificial Intelligence Sensemaking

COVID-19 Sensemaking: What is next for businesses and governments

From the very beginning of the pandemic, we have focused on research on what may come next and what to do about it today. This section of the site captures the best of our reporting plus daily intelligence as well as pointers to reputable information from other sites. See OODA COVID-19 Sensemaking Page.

Space Sensemaking: What does your business need to know now

A dynamic resource for OODA Network members looking for insights into the current and future developments in Space, including a special executive’s guide to space. See: Space Sensemaking

Quantum Computing Sensemaking

OODA is one of the few independent research sources with experience in due diligence on quantum computing and quantum security companies and capabilities. Our practitioner’s lens on insights ensures our research is grounded in reality. See Quantum Computing Sensemaking.

The OODAcast Video and Podcast Series

In 2020, we launched the OODAcast video and podcast series designed to provide you with insightful analysis and intelligence to inform your decision-making process. We do this through a series of expert interviews and topical videos highlighting global technologies such as cybersecurity, AI, quantum computing along with discussions on global risk and opportunity issues. See: The OODAcast

Daniel Pereira

Daniel Pereira

Daniel Pereira is research director at OODA. He is a foresight strategist, creative technologist, and an information communication technology (ICT) and digital media researcher with 20+ years of experience directing public/private partnerships and strategic innovation initiatives.