22 March 2023: War in Ukraine

The conflict in Ukraine has seen mobile phone locations used to identify targets for missile attacks, pleas for satellite dishes from Elon Musk’s Starlink to keep the Ukrainian government connected, rogue operators springing up in occupied areas and the Russian Army relying on simboxes for communication. Expert insight into the security implications for comms providers is provided by Cathal Mc Daid, CTO at Enea AdaptiveMobile Security.

Topical news items are also debated by the show’s three regular presenters, industry analyst Ed Finegold, senior risk executive Lee Scargall, and the Editor of Commsrisk, Eric Priezkalns.

Transcript (auto-generated)

Hello, this is the Communications Risk Show and I'm Eric Priezkalns. Each Wednesday we
talk live to risk experts from around the world of electronic communications, streaming
the show to our website and through LinkedIn and Twitch. We broadcast live so you can also
put your questions to the expert guests. Just type your question or comment into the box
immediately beneath the streaming window on our website at tv.commsrisk.com. Messages
on the website are anonymous, so add your name to the message if you want me to read
it out. We do respect your privacy, which is why we don't collect lots of personal data,
but it is nice to know who's watching, so please include your name if you're not shy.
Today's guest will be Cathal Mc Daid, Chief Technology Officer of Enea AdaptiveMobile
Security. He'll be telling us about the impact that the war in Ukraine has had upon telcos
in the region, how they've been able to keep running during extraordinarily difficult and
dangerous circumstances, and the tricks that have allowed rogue Russian mobile operators
to establish themselves in occupied regions despite international sanctions. But before
we bring on Cathal, let me introduce my co-presenters, Ed Finegold and Lee Scargall. Ed joins us
from Chicago in the USA. He's an author, analyst, and strategic advisor to tech and telecom
businesses. And Lee joins us. He's in Jordan in the Middle East today. He's worked in executive
management and freelance consulting for a wide range of communications providers, not
just in the Middle East, but also in Europe, the Caribbean, and Asia. Welcome, Ed. Welcome,
Lee. It's great to have you back both on the show today. And before we start talking about
the big wide world of communications, I want to talk about what success we've had with
our own communications. Since last week, when we had episode one of the show, there's been
more than 1,500 viewers for episode one of the show. We've smashed the record for the
old show Rag TV, which never quite reached a thousand viewers, even though it was measured
over a two-week period instead of just one week. Any guesses, Ed, Lee, why we've been
able to make this breakthrough in the number of viewers this time around?
It's Lee's good looks without question. That's what it has to be.
No, we had Lee on the show before, so that can't possibly be the reason.
It has to be Ed's good looks.
You don't think it's the scintillating chat and the deep insight that you're both bringing
to the show?
No, let's give you some credit, Eric. I mean, you've been planning this, talking to people
about it, promoting it, getting everybody organized, haranguing us to be ready to be
on, you know, that takes a lot of energy. So it's your credit to you.
Now you make it sound like a setup, like I wanted you to praise me then. It's not because
of that. It's because we're three interesting guys who say it the way we see it. And we
like guests who do that too. And you don't get that anywhere else. Certainly not on the
internet, not even in most live conferences. You don't get people saying the way you say.
So thank you, everybody who's been watching. We really do appreciate the number of viewers
we've had for the show. It's been absolutely fascinating, exciting to see them racking
up. But let's get straight into the topical stuff, because that's what they're watching
for. Amazing story that's come out of the USA. So I don't know if you're going to have
a particular perspective on this, Ed, but I'm also really keen to hear Lee's point of
view on this too, because I'm noticing I feel strongly about it. A defamation lawsuit has
been lodged against a gentleman called David Frankel and his business ZipDX from a telco,
which says he has scared away other carriers from carrying their traffic because of what
they say are unsubstantiated accusations that they've been carrying, handling illegal
robocalls. Now Avid Telecom says the damage to their business is worth multiple millions
of dollars, and their court submission explicitly referred to two carriers, NUSO and Intelliquent,
refusing to carry Avid's traffic as a result of David Frankel's intervention. Let's start
with you, Lee. Let's pick on you first here. Has the FCC walked into a trap by encouraging
carriers to stop doing business with other carriers based on hearsay because neither
the FCC nor prosecutors were able to accumulate hard evidence of law breaking relating to
illegal robocalls? Well, it appears there's a can of worms which has been opened up by
this case, doesn't it? So, you know, if you look at Stair Shaken, it hasn't even been
around for that one either. And now you see these carriers, they're suing third parties
for defamation and loss of earnings. But all I can say is the USA, it's well known for
its litigation culture. So I'm pretty certain this won't be the last lawsuit. But yes, yes
I do. I think the FCC, they've like unwittingly kind of created some intended consequences
here. Ed, what's your point of view from your side of the Atlantic? I mean, there's unfortunately
there's so many things to think about on this case, you know, since I read your article
that have nothing to do with the core problem of robocalling, right? And kind of have everything
to do with the scuttlebutt or gossip or individuals around it and how they behave in US courts.
And one thing that struck me after reading your article was, you know, so someone could
file a defamation suit completely legitimately in a situation like this. Let's be clear about
that. But if we go with, I think the word of your piece and the assumptions behind it,
it's that the defamation suit is effectively like a horizontal attack on a vertical issue,
right? Where the issue was, you know, you're involved in robocalling, you're part of this
problem, let's get at it. And the defense of it was sort of this horizontal, it wasn't
so much a no, we're not robocalling, it's more a how dare you, right? Which in certain
perspectives can I sort of, I think can create a negative connotation of its own, right?
So the whole thing stinks when you look at it from the outside. And again, I think unfortunately,
when you get into that kind of wrangling, what is it? It seems like we're, you have
to, but like you end up focusing on a forum of a lot of people who may be of questionable
ethics arguing with each other about where our line is run, as opposed to solving the
problem that robocalling is victimizing people in the United States.
I want to bring Lee back in on this one, though, because we could pick on the USA, but I don't
think this is a USA-specific problem in the sense that there has always been a problem
in the industry, and it's gotten worse over time, where there is a degree to which everybody
wants to say that they know who the bad actors are. So there's a lot of gossiping, a lot
of rumour-monging, a lot of pointing of fingers when you're talking quietly amongst closed
little cliquey circles, but then actually taking the action against the bad actors is
impossible, or proves to be impossible, because no one can actually deliver solid, hard proof
up to a standard. And then you end up in these ridiculous situations where, surely, Lee,
you've seen this in practice, telcos are chasing each other's tails because they start to almost
like pointing their fingers left and right, backwards towards, he's the bad one, no, he's
the bad one, no, he's the bad one. And of course, a regulator can't possibly tell who's
being honest and who's being truthful, and they agree, it's because there's a lot of
telcos that will point their finger, but they're not 100% clean either.
Yeah, I mean, you can draw a similar parallel to, say, Wangiri, which is something, well,
we all suffer a lot from Wangiri. We all have our suspicions who's doing it, right, but
we just don't have that evidence because they hide behind other carriers, the way it's all
set up, you have carriers connected to carriers, and they don't disclose who's sending them
the traffic. But we all have a pretty good idea, I think, you know, we all mix in the
same circles. We tend to know who these people are, but we just, we can't prove it.
Not being able to prove it. We'll come back to this topic in a moment. First, now here's
a message from our series sponsors, Blue Gem. Blue Gem is a global provider of testing services
for telecoms, government, and software businesses, creating real events like voice data and even
satellite calls using real network devices that allows Blue Gem to give insights into
a number of key areas, such as service assurance, fraud management, billing accuracy, and product
management. Blue Gem are a pioneering company, and they've developed satellite call solutions
to support the growing demand for satellite capacity and transitional services. They can
measure in precise detail how much satellite call usage is consumed and fully reconcile
switching billing records to provide independent test evidence. Fraud management is also one
of Blue Gem's key areas where they can contribute to your business. With Blue Gem, you can detect
different types of bypass fraud, including CLI refiling, OTT, and SIM boxes via Blue
Gem's end-to-end CLI verification service. Test from an expansive range of global network
groups, which include real subscriber SIM cards, PSTN fixed lines, and VoIP to detect
the presence of SIM boxes. So whether you want to ensure your customers are able to
use 5G networks, eSIM, or satellite services, or you want to get CLI verification to tackle
SIM box fraud, then you should call upon the experienced team of specialists at Blue Gem.
Now back to the guys. And, you know, actually, when I was reading through Blue Gem's stuff
there, I was thinking to myself, what you don't tend to get is you don't tend to get
a lot of regulators actually going and checking things in real life. They tend to rely upon
telcos to tell them things when perhaps they could be doing more independent testing as
you could imagine. And I've got comments coming in here about this as we speak here. So Lorenzo
from Subex wants to join in with the conversation. He's saying flash calling is fraud. It is
designed to bypass A2B SMS termination charges. It relies on CLI manipulation and abuses mobile
network operators, signaling resources, security part. There are no real reasons why a CSP
should allow flash calling traffic to be terminated on their network. And Timo once again writes
in cheers from Canada. We're always glad to have Timo watching the show.
So guys, is there an extent to which perhaps, Lee, I'll throw this one to you first. Is
there an extent to which regulators have fallen into a trap where they just rely upon telcos
to tell them what's going on and they don't have any independent source of data themselves?
I have to disagree with that one, Eric. I think that's, in particular in the UK, that
could be the case. However, you know, places around the Middle East, a lot of the regulators
out here, they do their own testing. That's certainly my experience around from this region.
Also as well in Asia as well. I think you've got, it happens in the Philippines as well.
So I don't think that's just the case. I think it just depends on, you know, each country
each to their own. You're quite right. I'm glad you're correct
to me because I was thinking about countries like the USA, but yes, that's a good point.
Ed, perhaps the USA should take a leaf out of the book of some of these other countries
and the regulator, instead of just mandating gathering information, could implement some
systems. I mean, the F.C. spends an absolute fortune on all kinds of subsidised services
and encouraging competition and intervening in the market. Would it not be sensible to
spend a small number, a few million, on perhaps doing some testing of these things to see
who's really doing the fraud and who's not?
Yeah, I mean, so two things. One, I think if you want to talk about having a revamp
of how, probably not every single thing that the FCC does, but some of the things that
impact the most leading edge or the most bleeding in terms of problem right now and taking a
look at are there ways, and look, the Department of Justice has done this with the way that
they do research into cryptocurrency related crimes and use modern tools and modern analytics
to follow blockchain trails and piece things together. And they've done so, come up with
a forensic process using technology for that very effectively. So as in parallel, can you
say, should the FCC be looking at asking the same things? I think they probably should
be. And I would imagine there's someone there who owns an office that says they are. I'm
not that deeply familiar with it these days, honestly. The thing that jumps out at me,
they'll go into your point about whether a regulatory or any agency that's been reporting
data collections dependent on the source. One of the things that this area feels like
there could be an epidemic of is there's a lot of unknown unknowns and we like it that
way. And as soon as someone shines a light on those unknown unknowns, people get very,
very nervous. And there could be nothing afoot, but I bet you there's a lot of carriers
who for the sake of making a buck, have their businesses have grown organically in one way
or another over time. They haven't looked too closely. And now that someone says, Hey,
what about this? Have you looked closely at it? That becomes very scary when it's, Ooh,
I don't know. And I don't necessarily know how to look for it. I don't know if I want
to look for it. And what else does that do? And it might be better to just try to be quiet
about it. And I could see that sort of an epidemic in this area. I think that would
make it. I mean, coming back to David Frankel, and he's a gentleman I've spoken to in person.
What strikes me about the situation, not picking aside on who's right or wrong in this particular
defamation case. But what strikes me about this situation is that we have a situation
where because the FCC doesn't have its own resources to determine the facts, you're effectively
outsourcing to people like David Frankel, the information gathering as to what's happening
on networks, what crime is taking place. In fact, he and his business, ZippedX, are very
unusual status in the sense that they're the only business that's ever offered themselves
up as an alternative to the traceback group that does the work in tracing back these fraudulent
illegal robocalls in the USA. It's a process where nominally, because the way it's set
up, a choice is made each year, and who should be selected for that year to provide that
service, but very clearly was set up with one particular consortium in mind. And he,
perhaps because he sees himself as some kind of crime-fighting figure offered to provide
that service to, he's always been turned down, but it's offered to provide that service to,
and clearly is injecting himself into the conversation by saying he's finding out things
about what's going wrong on networks, crime that's taking place. Now, Lee, I wanted to
bring you up on this, because some of the things that David said, though, I don't necessarily
think are all that correct. And this work causes me worry that the source of information
that we're turning to in the private sector may not always have their own facts straight.
So one of those was that he said to the FCC, and he said this, he said this publicly elsewhere
as well, he told the FCC that you could distinguish calls made by people and calls made by machines
by the average duration of the calls. So just look at the average duration of traffic. And
if the average duration is more than two minutes, well, that's got to be conversational traffic.
And if it's less than two minutes, then you know machines must have gotten involved, because
only when machines get involved, do you start to see such a low average duration of traffic.
Lee, what's your take when you see someone espousing a rule like that?
So I did a bit of research on this Eric, and I actually found, came across this infographic.
Hopefully, Matt's got it on the screen now. Now, what this shows, it's the duration of
voice calls between males, females, their friends, and to the kin, and at different
times of the day. Now, what's actually interesting about this infographic, I think it shows something
that we've all known for a very long time, and that's females really do like to talk,
Oh, steady on. We want to get a broader audience with women as well as men, not enough steady
where you're going now, Lee. Does the data substantiate what you're saying?
So when a female, when she's talking to her friend, right, if it's in the evening, right,
that's by far the highest duration, that's around about nine minutes. Whereas when the
men talk, it doesn't really matter who they're talking to, or any time of the day, it's generally
less than two minutes. So what you're saying is David Frankel, when he says two minutes,
anything less is a machine, men are like machines. If it was a man-only network, we'd all be
considered the same as machines.
Well, by his definition, then yes. So, you know, pretty much half the traffic would be
classed as robo calling when it isn't. However, I can see some kind of logic to what he's
trying to say here. So if you look at, if you take the average of all of the calls that
are made during the day, probably across all the time bands, then yes, probably that is
great for human when they make a call, that's probably more than two minutes. But as I've
just explained, it's not as straightforward as what he claims it to be.
Yeah, it does seem far too simple to me. And I don't think a rule like that is helpful
because even if it was generally true, if you announce that's the rule that you're using
in practice, all that's going to happen is the fraudsters are going to understand what
you're looking for and blend in that illegal traffic with legal traffic, and they're going
to achieve the two minute threshold, and then you're back to where you were when you started.
It's not that difficult to blend illegal traffic with legal traffic. It requires a bit more
effort. And so if they know, if they know that that's what's happening, then they will
then, you know, if they know that's not happening, they won't make the effort. But if they know
it's happening, it's not that hard to make the effort. Now, let's talk about Ed, you're
in the USA. So one of the stories I hear from the US industry insiders is that the public
appears to be appreciating actually that there's been significant improvements in the tackling
of illegal robocalls. And that's why complaints to the FCC have fallen in practice in recent
moments. Does that sound right to you? Is there an impression? I know you can't speak
for everywhere in the USA, but in your part of the USA, in Chicago, is the thing on the
streets of Chicago that robocalls are, are there fewer robocalls than there were in the
No, no, I haven't heard any. I haven't heard fewer complaints from people about, you know,
looking at their phone again, you know, when you're talking to someone, I think smishing
it in my own personal experience. I think the SMS side of it's up a little bit. I was
saying earlier that definitely a correspondence between anytime you see a breach announced
that's related to a brand that you have or have had a subscription with that you're getting
a text that they probably a bunch of them fishing for your account credentials in one
fashion or another. So no, I haven't seen it fade. I think if I could chalk it up to
anything, and we mentioned this in a chat prior to the show, but if I could chalk it
up to anything, you know, there's fads come and go, the United States, it's very fast.
And things capture the public's attention. And I think that there was a brief moment
there where the public started getting a sense that there was a relationship between the
rise in scams, especially around real-time payments, because that hits people where it
hurts, you know, and that there's a relationship with that and robocalling. And there was some
noise being made about regulations related to that on Capitol Hill, especially Elizabeth
Morin spent a lot of time publicizing, you know, this message that banks should be more
liable or put more friction in the process, you know, when it comes to real-time payments
to help, you know, stem the tide of scams and there needs to be more information. So
suddenly there was a lot of attention around that particular set of crimes. But then this
whole other bigger set of crimes happened. And I think that that has probably captured
people's attention even more in the meantime. And I'm talking about FTX and SVB and sort
of all these cons that have come out of Silicon Valley and obviously now affecting the global
financial system. I think those have now captured the public's attention and made robocalling
suddenly less important today. I'll put it that way. That's right.
Yeah, that's a good point. I agree with you. I, when people say that there's been fewer
complaints to the FCC, I think that's them engaging in wishful thinking. Not because
that there are not fewer complaints. I'm sure that the statistics bear out that there's
fewer complaints to the FCC. It's just the case that there's only so many times a human
being is going to complain about something before they give up complaining. You wouldn't
expect the number of complaints to stay steady. So I think the industry is definitely in danger
of telling itself the story it wants to hear here. Anyway, let's get back into the world
of facts. And I want to share with our viewers another one of our recurring weekly features,
the Symmetry Prism Fact of the Week. Each week, we share an interesting fact supplied
by the team at Symmetry Solutions and their Prism fraud intelligence service. This week's
fact is about an explosion in the number of phone numbers being advertised for use with
SMS fraud. Since its inception in 2013, Prism has always provided valuable insights into
the number ranges used for voice fraud. But recently, the Prism team has identified many
more numbers being offered to criminals for use with SMS. Now the team has a database
with 1.8 million numbers specifically offered for crimes using SMS. New numbers are being
captured at the rate of a couple of hundred thousand per month now. So for a limited period,
Symmetry are providing a free trial of their SMS fraud intelligence database to permanent
comms providers. If you want to take advantage of the trial, then learn more from their website,
symmetry solutions.co.uk. That's the message from our sponsors back to the topical chat
recently reported a bit of a change of subject list, but I'm keen to get your view building
up for bringing on Cathal to talk about these issues with state-sponsored interference in
telecoms operators. Recently reported that Deutsche Telekom is going to fulfill a 64
million euro contract with Germany's train system by buying network kit from Huawei,
even though the German state is expected to soon ban Huawei and ZTE equipment from 5G
networks. So we have an interesting situation here where there's this worldwide movement,
but not 100% unanimous support for reducing the amount of exposure of networks to Chinese
network equipment. And yet the Germans, Deutsche Telekom, not a small telecoms company by any
stretch of the imagination, a big player in the industry seems to be quite happy to keep
on buying from Huawei. Lee, to you first, are the Germans soft on telecom security?
Now I don't think they are soft on security, Eric. They're going to ban Huawei and ZTE
shortly, which is the right thing to do. I think the problem here is that Germany's information
security agency, which is known as the BSI, they say they're not aware of any law that
determines railway systems to be critical components. Now, I'd strongly disagree with
that because I think railways should be part of the country's critical national infrastructure.
I mean, it is in the UK. Look, I think this is a good example of where the law in Germany
needs to catch up, right, to protect sectors like railways from cyber security threats.
Ed, your take on this, your reading of the new cold war and its impact on telecoms before
we bring on Cathal to talk a bit more about it.
The thing that actually spins me on this, Eric, is if I think about the way the decision
gets made, right, in this environment, you know, the environment we've had the last five
years, you know, talking national security environment, international security environment,
you know, that the decision is made that made this story a story, right, that Huawei equipment
was put in that position and something that is national infrastructure, I agree with you,
And if I bookend that from a tech market point of view against what's happening with ORAM,
with open RAN, and the intent of creating like an open, you know, richer supply market
for 5G, that's what's mind blowing to me, is to have the degree of lip service towards
fostering that kind of an environment that's, I think, it can be taken to an extreme degree,
but the concept is beneficial to the industry of having a rich supplier market for 5G, right.
But then have the decision land there, given the national, the international security market
is just mind boggling to me, I can't understand how that lands without sort of accusing someone
of doing something really, really untoward.
Yeah, I have to say, I don't entirely agree with Lee here, I think the Germans are soft
on telecom security.
I think you can dress things up in technical standards and the rest of it, but in the end,
commercial decisions are important to where this money go, who you're building up as being
the people you rely on.
We're in the middle of a war over things like silicon chips right now.
We know why we're in the middle of a war on silicon chips.
Why would you then want to take some of your money and hand it to a player on the other
side of it?
We just threw this out, the reason why Russia was prepared to invade Ukraine is because
they have been built up with Western money buying Russian resources, Russian oil, Russian
Why would we want to start pouring money into developing the resources?
The reason why the network manufacturing side of things is in a state is because we have
not been building and making the technology in the West.
We've become dependent upon countries that can start exerting power.
And that's why when we started to panic about things like TikTok now, let's get TikTok off
government phones, we know about, say, whenever you infiltrate any layer of a system, a telecom
system, a communication system, then you're in trouble for the whole thing.
Whether it's Pegasus software where you've got, you know, actually on the app itself
or whether you've got the core of the network infiltrated.
So I disagree with you, Lee.
I think the Germans, they are continuing to just be short term in their business outlook
and are not seeing the world strategically as a series of threat actors that now need
to be handled very differently to the way we've been handling them in the past.
But Eric, just to come back on that, I think BSI, I think they want to ban it.
But the problem is they don't have the legal framework that's that's not in place right
now for them to do it.
They have to change it, obviously.
But how long do you have to go into a cold war before people start waking up?
Anyway, we could go on about this all day before we bring on...
Well, it's a stunning procurement decision.
I agree.
So before we bring on today's guest, Cathal Mc Daid, here's another of our regular weekly
Each week, Jeffrey Ross of Core Authentication Fraud Prevention and Geolocation Specialists,
1Route, will take us around the world in our phone.
I think Katherine may elect Jeffrey's destination this week as it's Katherine's homeland, Ireland.
Roll VT.
Hey, everyone from 1Route.
I'm Jeffrey Ross, and this is the world in your phone.
Let's talk about Ireland.
Known for its gorgeous and diverse landscapes, it's obviously called the Emerald Isle.
Did you know, though, that during the COVID pandemic, about half the population worked
from home?
This obviously put quite the demand on both mobile and fixed line networks.
But in true Irish fashion, they met the needs by investing back into its country's infrastructure
and networks.
Ireland continues to invest heavily into the next generation connectivity, along with fiber
throughout the country.
A fun fact, though, Ireland is home to the headquarters for OneRoute.
Something else that you might find interesting is that Irish pubs are an important part of
its life.
Now, it might be a bit of a stereotype, but a drink is not just a drink.
Instead, it represents an enduring part of the country's culture.
Another thing Ireland's famous for?
Its food.
Now, I can tell you personally, Shepherd's Pie, that's where it's at for me.
Be sure to go to YouTube and subscribe to 1Route to catch up on all of our other videos.
And watch the 1Route Roundup, where we spotlight individuals making a positive difference in
the telecom industry.
Last little fun fact about Ireland, apparently they invented Halloween.
So my kids definitely thank you for that, Ireland.
Eric, over to you.
Now let's introduce today's guest, Cathal Mc Daid, Chief of Technology at Enea AdaptiveMobile Security.
Prior to their acquisition by Enea AdaptiveMobile had already established an impressive
reputation for identifying vulnerabilities exploited by telecoms hackers, including state
Cathal has distinguished himself since the invasion in Ukraine by keeping an incredibly
close eye on the impact of the war on the supply of telecom services to people living
in that region.
Welcome, Cathal.
Thank you for joining us on the show.
It's a pleasure to have you here.
And I can tell you now that your fans have been champing at the bit, waiting for you
to come on the show to tell us about, to expand upon these fantastic articles you've been
writing about the situation in Ukraine.
So we really appreciate you coming on today's show.
At the outset of the war, it seemed like Russia hoped to drive their forces right into Kiev,
take control.
How was it to start with your analysis of what's happened in Ukraine?
How important was it for the Ukrainians to keep their networks functioning at that point
in time?
And how were they able to do that?
How have you been able to keep their networks up and running during all of this situation?
Oh, thanks, Eric.
And thanks for that introduction.
I hope I don't disappoint too many people here.
Yeah, so that's been the focus of a lot of our research over the last year, to understand
the use of telecom networks in Ukraine.
It's not just for its academic uses, we want to take all the learnings from it.
So looking from the outside, clearly, I'm not Ukrainian, I haven't been to Ukraine yet,
I have been invited.
It's really come from, they've taken a variety of decisions, not just recently, but over
the last couple of months, which immediately enabled them to have a lot of resilience.
So I had the privilege about two weeks ago, presenting in Mobile World Congress with one
of the other presenters was a CTO, Kyivstar, one of the Ukrainian operators.
And he was explaining that roughly around October, November last year, they started
preparing a lot, a lot of redundancy, secondary headquarters set up in the West Ukraine, because
they understood that if it was going to be invasion, they have to anticipate all the
possibilities, wouldn't necessarily might be a border skirmish, it might go into much
further in the country.
And as it turned out, those are some very present and quite accurate assumptions.
So what they've done is that they've put in place a whole huge amount of work beforehand,
redundancy in their command and control centers, for the telecoms, building up lists of what
they're required.
And then from my perspective, the really interesting thing is what happened immediately afterwards
and then directly after the war.
So there is a whole series of decisions that not just individual operators in Ukraine,
but whole telecom, Ukrainian telecom community made all the way from small things such as
reallocating frequency bands to allow more coverage, moving up to decisions that they
made to do things like blocking of inbound roamers from Russia and Belarus, which is
a huge decision.
And then to another one, which no country had ever really done before, they enabled
national or emergency roaming throughout the country.
So this allowed every subscriber in Ukraine to actually use, in certain regions initially,
use mobile networks from the other operators.
And so those were like, when you look back at it, like really groundbreaking decisions,
which in my opinion, did not get anywhere near as much recognition as it should have
at the time, because maybe everybody's waiting for the cyber war, but those are big decisions
that enabled them to keep their mobile networks up and functioning.
And then not least again, like I said, the CTO from Cavestar was presenting, the telecom
crews from these operators who were literally risking life and limb to keep their networks
up and running, being in situations that you or I or anybody else who works in telcos will
probably never experience our lifetime to keep their systems up and running.
So those incredible decisions that they've made, incredible acts of bravery at times,
all contribute to having these networks up and functioning and then contributing for
their society.
Would you say that in some ways that they've now established ways in which operators, other
countries, other administrations should look and learn from the experience that if something
happens to them.
So of course, at the outbreak of the war, the Baltic states, which have obviously got
a difficult relationship with Russia, I'm sure we're looking at happening in Ukraine,
but maybe also places like Taiwan, when you look at what's happening with their relationship
with China, do we expect that there will be numerous other telcos and numerous other countries
perhaps learning from the experience and trying to replicate and prepare themselves if needs
be by following the Ukrainian model?
I think if you're working for a regulator and looking at resilience or even telecom
operators and you're not following what's happening in Ukraine, I would say you're not
doing your job because the lessons that I learned there at great cost in many circumstances
are absolutely critical because it is a sad thing to say, but in the middle of a war and
a warfare situation, people find out very quickly what works and what doesn't work.
And so Ukrainians have found out and they've had to then deploy these systems, which then
So let's put some examples.
In many cases, the Ukraine is far advanced, way ahead of most countries and operators.
As I mentioned, like national roaming, if you put that in comparison, after Hurricane
Sandy a number of years ago in the United States, national roaming was only switched
on after several weeks in that area where Ukraine managed to feed on for one country
in those regions much faster.
Many parts of Europe don't even have the legislation in place to enable national roaming or things
like cell broadcast.
I know the UK, they're starting to do some tests with cell broadcast.
Ukraine managed to start to roll out and test and deploy cell broadcast much, much quicker
now it has in advance of many European countries.
And that's not even to speak about things about disabling roaming inbound countries.
How many countries in Europe or in the world today will be able to switch off all inbound
roamers from two of their largest neighbours in a few hours?
I would say many of them would find it very difficult to do.
So the lessons that we learned from Ukraine today will be affecting how we plan and design
mobile networks, I would say, for the next five to 10 years easily.
Or at least how we should be doing it.
If we're not doing it, perhaps we should be learning lessons because obviously we have
problems with network resiliency, as you mentioned, natural disasters, but sometimes there's no
natural disaster.
It's just a man-made disaster takes networks down.
So talking about people not planning for a crisis situation, one of the remarkable things
that seemed to have been occurred, and I'm keen for your take on the true extent of it,
was that the Russian military seemingly didn't have the capacity to stay in contact with
their own troops.
And there were reports that they used SIM boxes to carry some of their military communication
traffic across civilian Ukrainian networks.
How seriously should we take those reports?
And when you first hear it, it sounds incredible and you're somewhat incredulous, but actually
when you think about it and the circumstances that actually arose, it does actually start
to make a bit of sense as to why this bizarre situation would ever arise.
So to step back a moment, as we all know at the start of the war, Russian forces move
very quickly across the border in certain parts of it.
And doing so, there's been many reports in that some situations is that they move so
fast that the communication and military communications wasn't actually set up in parts.
And Russian forces, they have a long history of reusing civilian communications.
For example, in Georgia, in their invasion of Georgia, they did reuse the Georgian mobile
In that circumstance, actually Georgia, what it should have done, but never did, was they
never actually disabled rumors from Russia or Belarus.
So what actually happened was when they moved so far forward, then they would have tried
to use their own mobile devices and their own mobile sims, but they didn't work anymore.
So what they actually had to do is to maintain this communication system, is to use a Ukrainian
Now you may say, is it crazy for a military to use mobile phone at all?
Well, there's also many reports at that time that they found encryption, it was very difficult
for them to set up communications, very difficult then to get communications back to the headquarters.
In many cases, there are a lot of reports of them using apps like telegram and so on.
So let's say they're going to use these systems, what they've tried, what there's also a lot
of reports of them stealing or robbing Ukrainian sim cards.
And as well as that, we know from some comments from the information gold mine, it is the
Chechen General Katerov, where he keeps making these comments he really shouldn't, but he
said that they had a whole collection of Ukrainian sim cards, clean sim cards, which they collected
And they clearly were building up this resources to use it.
But then they have an issue because what has actually happened is that Ukraine has been
essentially monitoring the phone calls, which are going out from new sim cards to ringing
back to Russia.
And you've probably seen these intercepts of some of these terrible conversations, people
talking about war crimes and so on.
So the Russian staff would realize that any phone calls to make in this manner will be
actually intercepted.
So to try to bypass this, the logic is, is that then they were trying to ring up a SimBox,
which is located somewhere in Ukraine, and then that will convert that to IP, can send
it back to Russia.
Again, if you were to start out thinking that the second or as the class of themselves,
the second army in the world will end up using SimBox for military communications, then you'll
be pretty incredulous like I would.
But when you add up the set of circumstances that has happened, it can actually make sense.
So I don't have any reason to disbelieve it.
I'm sure there's more.
I mean, there's a lot of more stories like that might come out, but it's certainly that
was something which when you add up all the circumstances, there's our circumstances guys
It's very, very credible.
I believe.
I want to bring Lee and Ed back into the conversation here.
So what extent have you found, Lee and Ed, that this has changed your perception in terms
of the extent to which telecommunications providers are on the front line?
Have we been complacent about the extent to which these kinds of businesses will be attacked
in the prelude to war, during war, and need to be prepared for the worst all the time?
So I mean, it's communications, right?
It's part of the critical national infrastructure, which we were talking about earlier.
They are.
They need to be protected.
That's the first thing.
But you were talking about business continuity there.
And especially how the regulators, if they're actually watching this and not actually acting
upon it, then, you know, they need to write and that's something which, you know, when
I'm wearing my risk management hat, also, I look at business continuity as well.
And I'm taking away from this personally, myself, I need to go back and we need to start
planning for something like this in its eventuality, because you never know what could happen,
even if it's just a natural disaster, and it's not war.
But yeah, but surely, but I won't bring you in now, Ed, surely, the problem here we have
is that we have a mentality where war is conducted between countries which have borders.
And yet in cyberspace, the borders are not the way we imagined them.
In terms of where the countries are, you can be attacked from anywhere to anywhere.
Now, the US has perhaps been leaders in perhaps taking national security for telecommunications
operators more seriously than most countries.
But with that in mind, Ed, is there still more that needs to be done?
Are we at the right level?
Are we still not preparing ourselves for a war mentality, because networks will come
under attack, whether it's state agents, or criminal agents, or really a blurring of the
Yeah, I mean, what Cathal was saying really strikes me in terms of, you know, Cathal,
you're making the point where, you know, if you're a regulator, and you're not watching
what's happening in Ukraine, you're not, you know, familiar with the actions, the positive
actions they've taken, you know, you're not doing your job, and I think that's a really
good point.
I might even say that probably the job to do is to get together and lay out and ask,
you know, like, Cathal, what does that look like?
So there's a legal framework, there's a tactical framework, there's a red alert, so to speak,
that says, hey, when you hit red alert, here's the five things you should do first, like
some of the blocking that you're talking about, the number blocking, the sim blocking that
you're talking about, Cathal, or whatever those steps are, you know, just trying to
give a playbook for this sort of thing, right, that makes sense.
That's put together by people who understand it and are responsible, right, I mean, ideally,
it feels like that's needed.
And I don't think that there is a lack, in the US at least, of sort of definition, right,
but communications infrastructure is critical.
Broadband infrastructure has been declared critical infrastructure like electricity and
water that was part of the big infrastructure bill that was passed and the broadband act
that went with it, right, so that piece at least is in place in the US, but I think to
Cathal's point, that definition of, okay, well, what is the just-in-case playbook, clearly
it's needed.
And Ukrainians are writing it for us and I hope we pay attention, now apologies to everyone
who's been sending in questions and comments, it's been really difficult for me to keep
up with them, they've been coming in so fast, I'm just going to read out a few very quickly
Any comments on the Russian attack on Vyasat right at the beginning of the war to try to
cripple Ukrainian internet services?
I think, you know, I think you've got the reading of the room in terms of the participants
in this call.
We need to be anticipating this and if I think about the experience in, say, Estonia and
the cyber attacks on Estonia, perhaps the Estonians wouldn't be surprised at what happened
at the start of the war and there's been some complacency in other countries that have chosen
not to be hardening their networks, preparing their networks in anticipation that attacks
can happen at any point in time and I think this links back to what we were saying about
what was happening in Germany, where a degree of naivety is no longer acceptable.
We have to anticipate that attacks could come from any direction in any way and another
comment here that I'm just going to read out, I'm sorry, apologies, don't have time to read
out all of them, are you aware if Ukraine has been using the emergency cell broadcast
to send messages to Russia's troops?
So I wasn't aware of that, sounds like a propaganda gambit to me but a question that I have for
you, Cathal, in terms of propaganda is that the Ukrainian police says they've conducted
raids against SIM farms, which they say were being used to create bogus internet accounts,
messaging accounts, spreading pro-Russian propaganda.
One police announcement referred to raids which captured 300 GSM gateways and 100,000
SIM cards used to run 1.5 million bogus accounts.
I've also heard though some industry insiders questioning why such propaganda would require
the use of SIM farms and therefore effectively questioning whether the Ukrainian police are
being honest in their accounts of what's happening.
Cathal, what's your opinion in terms of the likelihood that SIM cards and SIM boxes are
being used during this war to spread propaganda?
Yeah, it's interesting, I mean I actually showed that video of that amazing, that huge SIM farm
actually in my presentation two weeks ago and the number of SIM cards was staggering.
I think it is plausible and it comes about for a few different reasons.
One, first of all, there's actually I believe 45 SIM farms which were found by Ukrainian
police last year, so that wasn't an isolated one, they're capturing these multiple, multiple
And also if you look back in time, sadly I do, is that even before 2022 there have been
reports of captures of SIM farms multiple times by Ukrainian police.
This is before the resumption of this conflict, so it's not as if these are new things which
have been just advertised during this conflict, this stage of conflict.
It has been talked about for a few years now and anytime I see the scale of these SIM farms
to make some of the SIM farms that we work up against in fraud or SMS or voice fraud
seem quite small by comparison.
So what's been explained to me is the purpose of these SIM farms and I've seen that some
of these are multi operators in Ukraine to collaborate to try to find these, is that
they want the Russians or they want people to sign up for Ukrainian devices so they perceive
as if they are Ukrainians as opposed to Russians and so that then they begin to influence decisions
or they're on Facebook or so on.
So that's the criteria.
I can understand people say what's the point if you just do this from Russia but it's actually
good to use Ukrainian SIMs and if they're trying to do that in Russia with Ukrainian
SIMs then you know there's a whole other set of issues that would be detectable there.
So I don't see any reason why Ukrainians would exaggerate that and also considering this
was happening before the war and announcing this as well was also being used for propaganda.
Again like many other things we'll only get all the facts when the war is over or maybe
possibly many years after it but I wouldn't see any reason why that wouldn't actually
be the case.
And to go back to your point, that person that made a question about propaganda text
messages, yes this does happen on both sides actually but not only using cell broadcasts
which that is one I've heard about but basically Ukrainians have been advertising for the Russian
troops for sending text messages giving them locations to surrender their tanks and there
has been a few occasions where it has actually happened.
It shows you that we have to have a much more sophisticated layered understanding of how
warfare is going to be conducted.
We're not in the middle ages anymore where you just line up a group of men on one side,
a group of men on the other side and they run at each other with sharp objects.
Propaganda war, the war in terms of changing people's feelings about things, the war in
terms of changing the support, the backing in other countries to provide the resources
needed to fight the war, this war is working on so many levels now and yet telecommunications
operators are at the heart of the battleground.
The war is being fought on our networks as well, it's not just in the physical fight
for territory, it's the digital territory, the online territory that's being fought for
Now in terms of the importance of networks, you've written in fact about the philosophy,
the mindset of the Russian forces in terms of how they see the importance of setting
up networks.
So, last year one of your articles, the greatly accelerated speed and the sheer number of
Russian mobile operators deployed in wartime conditions showed the high priority for Russia
to roll out mobile connectivity in a war zone.
This indicates the importance to the Russian telecom networks, to have Russian telecom
networks in these occupied areas, moving beyond the purely civilian nice to have to a necessity.
Why do you interpret, so you're clear about what you see as the importance of networks
in terms of the Russian strategy, but why do you interpret the rollout of Russian operators
in occupied territory being as rapid as you characterise it?
What makes it so surprising that we have Russian networks up and running as quickly as they
How does it compare to say what you would have expected in the past or what's happened
Yeah, so that was trying to make sense of these separatist or illegal Russian operators
that Russia was deploying in occupied southern Ukraine.
So the step back a moment in Crimea when the Russians took over Crimea, it took them about
two years to set up four mobile operators there.
But what's actually happened over in occupied southern Ukraine since the start of 2022,
they've expanded to existing separatist operators, which they set up there many years ago.
And then they set up two new completely ones.
This is over a matter of a couple of months.
So unlike Crimea, which is the middle of a war, they're expanding two operators, setting
up two entirely new ones in the midst of a conflict.
And in some of these places, they now have coverage where they don't have running water
or electricity.
So we talked about critical national infrastructure.
Maybe in the past, telecommons might be seen as maybe not as high in a critical list of
some of those others, but the Russians clearly see it as high, if not highest, because they're
rolling us out in some of these places, which, like I said, doesn't have running water, electricity.
And if you were doing this for civilian purposes, you'd only probably have one operator.
You don't need four operators.
That's more operators than many countries have.
So this is something you're doing in the midst of a war zone, faster than occupying an adjacent
region whereas in peacetime.
And then there's all these reports of the use of mobile networks by Russian units and
so on.
So the conclusion I was taking from it is that these definitely have a dual purpose.
Not only obviously for civilians and for military, but also if the Russians wish to communicate
with collaborators or these officials to put these new state governments in this area,
they need some way to communicate with them as well.
They can't give them military radio.
This marks them out.
So for many, many reasons, they need not one, but four, and also for redundancy.
So now everybody watches everybody.
The Russians also have a form of national emergency roaming between these new operators
that they've set up.
So they've got resilience on one side, they've got multiple operators, and they've got security
that they're trying to reuse each other as well.
So from my perspective, it's also very unusual to say, but yes, I won't say an army matches
as far as its mobile networks, but this is something that's happening in this region.
And in terms of the speed, do you think they've learned from past experience about how to
do this more rapidly?
Yes, I think so.
With some of our research, we could definitely see at least technical connections between
these new separatist operators and what they already had deployed in Crimea.
And I guess, I mean, a lot of people ask questions about where, how to get this equipment in
or how to set up your own mobile operator.
It turns out there's a variety of conflict zones around the world where mobile operators
now come into being, what's happened in Nagorno-Karabakh, it's also happened in places like Libya.
Separatist mobile operators, I'm quite interested in myself, but they do arise a lot more than
you would actually think, but with practice becomes you improve your performance as well.
So this is clearly what's happened here as well.
I think people who are outside of telecoms industry will probably be completely mystified
that there can be such a thing in the world as a rogue phone operator, because you can
call them and they can make calls and they're connected to other phone operators.
Is there any reason to believe that the success in rolling out these Russian operators in
occupied parts of Ukraine is a representation of a failure of Western sanctions?
I wouldn't say so.
It's very hard to police this from all sectors.
And I would imagine a lot of this equipment which has come over has actually came over,
was acquired a lot of it before 2022, before the invasion started.
Now this isn't to say this won't have an effect, material effect, possibly on the Russian operators.
So far what we've seen is that these new separatist operators are primarily 2G and 4G, they're
skipping 3G in many cases, 2G for the range, 4G for the data.
And so if they're maybe cannibalizing this material or maybe acquired from other outside
non-Western sources.
But as we've seen, it can be very difficult to manage the track of all the equipment around
the world.
There's numerous reports of Western chips ending up in devices in use in the war.
And even if it doesn't go to Russia, it can go via countries into via Russia.
So I wouldn't say it's a failure of Western sanctions.
I don't expect that Russia was planning on rolling out these additional mobile operators
if the invasion had gone to plan, they would simply have reused the existing ones, but
then they've had to change their plans.
So this is possibly a plan B or plan C. So it's, again, unexpected, but it's not something
we've seen this extent of before, but we have to recognize it.
Now, Timo from Canada has written in a comment here about the use of Starlink providing internet
service everywhere in Ukraine.
He says they auditioned for the US government and Pentagon as to what a distributed satellite
network can do in real time.
Again, we've been talking here about the rapidity in which a mobile network has been rolled
out is now satellite communications also going to be a game changer for this blurred line
between civilian and military communications in future.
And what's your feeling is about the importance of Starlink in terms of the services provided
by Elon Musk's company to keep the Ukrainians connected.
Is it a lot of hype or did it make a big difference?
Yeah, and this goes to Starlink and Elon Musk, always gets people quite animated.
Look, I won't answer from my perspective, from the Ukrainian side, the Ministry of Digital
Transformation and they've gone on the record as stating that this has made a huge difference,
especially troops on the front line.
And there's been many reports of them using Starlink to communicate back to headquarters
and so on.
And also on the telecom side, many operators now in Ukraine have trialed the use of Starlink
as a form of backhaul.
Again, this is something which hasn't really been done outside, I believe, other than Japan,
but certainly first time in Europe, this form of backhaul when the cables get damaged so
they can just reuse this to get communications back.
So based on what we've seen in Ukraine, it has made a big difference.
But I don't understand why people would think it wouldn't because it's a form of a communication
which doesn't rely on cables, it's got much longer range than telecoms, but it can fit
in different places.
And I do think that the use of Starlink networks as an adjunct is also going to be the future
of how countries will look at the preparation.
You can't rely on having power, Ukraine has big issues for a period of time around Christmas
having power.
You can't rely on having power all the time, you can't rely on having cables undamaged.
So you have to look at all these different methods and that method which has made a difference
to Ukraine.
If I put it this way, would Russia have liked equivalent system, we can be sure that they
And in fact, I just want to bring Lee in here because Lee's got some very strong opinions
about things like submarine cables being cut and the strategic importance of protecting
Lee, do we now expect that we need to start worrying a bit more about satellites being
shot out in the sky?
Yes, I think we should do.
I think you shouldn't really be taking anything off the table these days, Eric.
It's pretty clear is that, you know, the prelude to this is to take over the telecommunications
or to deny, you know, people access to communications.
So yes, I think we have to be very wary of that, Eric.
And Ed, in terms of Starlink, we've seen some manoeuvres by some American politicians to
start saying, we're going to use satellite communications to give people unfettered free.
The word freedom gets used a lot in debates like this.
The freedom of the internet without it being censored in countries like Cuba.
Do you see this, the use of satellites as being a big stick that's going to be used
by countries like the USA in future in order to challenge regimes they don't like?
I mean, I don't know that I can speak to the policy piece and it certainly makes sense
that they might be, put it this way, it certainly makes sense, are going to be used for defence.
And I think the US put its nickel down on that.
I mean, that's why the Space Force was created, as much as it already snickers a little bit
when they hear Space Force.
And effectively, I was speaking with a national security expert who's a mutual friend of ours
just the other day about this very issue.
And he was making the point that effectively what they did was they took the piece of the
Air Force that was responsible for things in space and made it its own force to give
it its own prioritisation because there's definitely an awareness, right, of the communications
landscape, the warfare landscape, things are going to be happening in space.
And for the reasons you're talking about, right, it's not excluding fighters battling
Thai fighters, it's satellite communications, first and foremost.
And I think the other thing I looked at, I'd say quickly, is if you look at the number
of LEO launches in the last handful of years, and those that are already scheduled, I mean,
it just keeps multiplying.
There's more and more birds going up all the time.
And that's why I wonder if the Chinese and the Russians are going to spend more and more
efforts in working out how to disable and to tilt the balance backwards rather than
allow a big, big lead to be established by the strategic competitor.
But I don't think we can answer all those questions.
And I'm so sorry to everybody who submitted a question today, we haven't had time to read
it out.
But obviously, Cathal has been a very popular guest, and he stirred up a lot of interest
and stimulant.
And we've talked about the history of this war, and particularly the communications war
being written after the war is over.
Will you be the one writing it?
Cathal, are you going to keep on writing some more articles for us to keep us up to speed?
Maybe post piece them all together, create an anthology for us afterwards?
And like my marketing department, I'm way behind as it is.
Yes, I mean, we do further research planning to come out.
It's won't answer when it's come out soon.
But yeah, I mean, I hope to keep on track.
I mean, I think everybody should.
And again, like I said, I mean, I'm not Ukrainian, I feel sometimes a bit uncomfortable trying
to tell their story.
But it's a story that until they can or tell it, a story that should be told because they're
doing incredible things.
And it just shows how important the areas that we work in telecoms is.
It's not nice to have, it's critical to have.
I think you're absolutely right, though, I would also say, having somebody who's not
Ukrainian tell the story at least takes away the argument, the criticism that it's a prejudiced
point of view, a partisan point of view, to have somebody who can perhaps look at it independently
and chart, it's also powerful.
So I would keep on doing what you're doing, Cathal, we do appreciate it, the audience
appreciates it.
Thank you very much for joining us on today's show.
Thanks very much.
So that's it for today's show.
Ed Lee and I will return next Wednesday when we'll be discussing security for networked
consumer products with David Rogers MBE, recently reelected chair of the GSMA's Fraud and Security
We'll be live on Wednesday, 29th March at 4pm UK, 6pm Saudi Arabia, 10am US Central
Changes because of daylight savings don't be caught out if you're going to watch us
Why not save the show to your diary by clicking on the link in the Communications Risk Show
webpage so you don't need to worry about time zones, or better still, subscribe to Communications
Risk Show broadcast schedule and have every weekly show uploaded to your diary automatically.
Thanks again to today's guest, Cathal Mc Daid, Chief of Technology at Enea AdaptiveMobile
Thanks also to my wonderful co-presenters, Ed Feingold and Lee Scargall for sharing
the fruits of their experience and to our hardworking producers of the show, James Greenley
and Matt Carter.
You've been watching the Communications Risk Show.
I'm Eric Priezkalns.
You can visit the show's website, tv.commsrisk.com, to replay last week's episode about corruption
and regulation and recordings of all our past interviews.
Or visit our main website at commsrisk.com for news and opinion about risks in the comms
industry and do check out the useful and free resources of the Risk and Assurance Group
from their website at riskandassurancegroup.org.
Thanks for watching today.
We'll see you next Wednesday.