T-Mobile Hacked In Massive Chinese Breach of Telecom Networks

Chinese hackers, reportedly linked to a Chinese intelligence agency, breached T-Mobile as part of a broader cyber-espionage campaign targeting telecom companies to spy on high-value intelligence targets. "T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information," a company spokesperson told the Wall Street Journal. Reuters reports: It was unclear what information, if any, was taken about T-Mobile customers' calls and communications records, according to the report. On Wednesday, The Federal Bureau of Investigation (FBI) and the U.S. cyber watchdog agency CISA said China-linked hackers have intercepted surveillance data intended for American law enforcement agencies after breaking into an unspecified number of telecom companies. Further reading: U.S. Wiretap Systems Targeted in China-Linked Hack

"data intended for American law enforcement"

[kabulykos]

I understand the legal principles that got us here, but it is still fairly amazing to think about how one of our biggest information vulnerabilities as a society comes from this weird game where it's wrong for the government to create or store these monitoring dossiers, but very right for the government to demand private businesses make them so they can sit around pending subpoena.

Re:"data intended for American law enforcement"

[gweihir]

A police-state pretending to not be a police-state will do things like that. But fear not. The illusion that the US is "the land of the free" will soon collapse.

Re: "data intended for American law enforcement"

[Fons_de_spons]

Dramatic Hollywood voice: "It was then that they realized the wall was not built to keep people out of the US, but to keep them in..."
No worries US, these types of disturbers sooner or later hit the ground hard when they stumble over their own feet. It may take a decade and a lot of damage though. Take care!

Re:

[gweihir]

Well, my guess is things will get bad so fast that his own people will have to remove Trump. Best case: He goes into a closed mental institution for the rest of his life. And then it will take a few decades to undo the damage he did.

Backdoors

[GrahamJ]

> China-linked hackers have intercepted surveillance data intended for American law enforcement agencies after breaking into an unspecified number of telecom companies.

Incidentally (and not entirely unrelatedly) this is why encryption back doors are a bad idea.

Re:Backdoors

[drinkypoo]

T-Mobile have always keeping its legs wide open

Every telco in America has been tapped by the feds. Never forget QWest [wikipedia.org].

And people had warned about this possibility

[lamer01]

People with a brain that is

LOL

[nehumanuscrede]

If you only -knew- just how fast American Telecoms are outsourcing their work overseas it would give you pause.

Within my own company, everyone who leaves ( fired, retires, laid off ) is being replaced with contractors. Many
of them sitting in overseas facilities.

They don't need to " hack " anything. When you have employees who are literally making pennies on the dollar
will full root / admin / enable mode access to entire networks, ( including those networks that previously had
restrictions in place that mandated US citizens only out of National Security concerns ) all you have to do is
wave enough money at one of the very underpaid contractors and you'll get access to anything you want.

While a US employee is stil vulnerable to such things, the companies have made it cheaper to go after the
overseas employees since X amount of money goes further overseas than it does in the US.

Re:

[gweihir]

Does not sound like this industry has a future. Reminds me when some european infrastructure providers ran into serious trouble because the situation in Egypt became unstable. Also great way to attack a country by cutting cables on the other side of the world.

Re:

[drinkypoo]

Does not sound like this industry has a future.

It really doesn't. Unlike currency, legacy phone service really can be replaced by the computerized substitute — it's the same thing and has been for ages. And I for one am ready for us to step up to something with cryptography and signatures instead of worthless Caller ID and every conversation being tapped by government.

Re: LOL

[twinirondrives]

I just don't see software based Telecom from from companies like meta, or frontends like discord, outsourcing to entities like for example the free software foundation....?

Re:

[drinkypoo]

Meta I could see going either way, they do a lot of OSS releases.

Discord, no way of course.

But there are several standards already, and there's no reason a soft phone couldn't support multiple standards. Or, for that matter, launch different apps to handle different calls.

Re: LOL

[twinirondrives]

I would never subscribe to that carrier. And i mean never.

Re:

[drinkypoo]

You would never subscribe to a carrier that gave you an IP network? It must suck not having internet access from your phone like they do in the third world.

Re:

[Zontar_Thing_From_Ve]

While a US employee is stil vulnerable to such things, the companies have made it cheaper to go after the overseas employees since X amount of money goes further overseas than it does in the US.

Another reason is that some if not all developing countries have really weak legal systems. I can't imagine anybody actually outsourcing to Russia any more, but the legal system there is extremely corrupt and if a foreign company tried to sue a Russian citizen in a Russian court, it wouldn't be difficult for the citizen to bribe the court to throw out the case. I've heard similar stories about India and how there are never any repercussions for Indian citizens who steal and sell information from foreign

Remember

[dicobalt]

China has agents here in the US that will arrest Chinese nationals. Some are legal and registered, others are illegal.

Chinese intel agency hackers ;)

[Mirnotoriety]

a. What is it about these oriental intelligence agencies that can't disguise the source of the hack?

b. Why didn't they just hire on NSO Group [slashdot.org] to do the hacking.

Re:

[radarskiy]

"can't disguise the source of the hack"

Disguising the source is useful for avoiding punishment or retribution. If you have no fear of negative consequences, then you want everyone to know what you are capable of so then you can just threaten rather than have to actually do the work.

Shocked that it's T-Mobile

[pcaylor]

I lost count at how many data breaches T-Mobile has had. I think it's five in the last two years.

At this point I think they run their backend on an unpatched Windows XP system with no firewall.

On second thought, I take that back. I think an unpatched Windows XP system with no firewall would be more secure than whatever T-Mobile is doing.

Re:

[Zontar_Thing_From_Ve]

I wish I had mod points to give you. I am a T-Mobile customer and I honestly expect that between now and 6 months from now they'll admit that the hackers got every bit of personal information T-Mobile had on their customers.

wait, what?

[cascadingstylesheet]

and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information,

That's an unusual sort of "hacked" ...