China Wiretaps Americans in 'Worst Hack in Our Nation's History'

Longtime Slashdot reader mspohr shares a report from Gizmodo: Hackers for the Chinese government were able to deeply penetrate U.S. telecommunications infrastructure in ways that President Joe Biden's administration hasn't yet acknowledged, according to new reports from the Washington Post and New York Times. The hackers were able to listen to phone calls and read text messages, reportedly exploiting the system U.S. authorities use to wiretap Americans in criminal cases. The worst part? The networks are still compromised and it may take incredibly drastic measures to boot them from U.S. systems.

The hackers behind the infiltration of U.S. telecom infrastructure are known to Western intelligence agencies as Salt Typhoon, and this particular breach of U.S. equipment was first reported in early October by the Wall Street Journal. But Sen. Mark Warner, a Democrat from Virginia, spoke with the Washington Post and New York Times this week to warn the public that this is so much worse than we initially thought, dubbing it "the worst telecom hack in our nation's history." And those articles based on Warner's warnings were published late Thursday.

Hackers weren't able to monitor or intercept anything encrypted, according to the Times, which means that conversations over apps like Signal and Apple's iMessage were probably protected. But end-to-end encryption over texts between Apple devices and Android devices, for instance, aren't encrypted in the same way, meaning they were vulnerable to interception by Salt Typhoon, according to the Times. The details about how the hackers were able to push so deeply into U.S. systems are still scarce, but it has something to do with the ways in which U.S. authorities wiretap suspects in this country with a court order.

So we put holes in our security...

[mspohr]

it has something to do with the ways in which U.S. authorities wiretap suspects in this country with a court order.

Re:

[jhoegl]

Sure, when you program in a back door, and ask a Foreign country to build the things with the back door... you arent really making it a back door, are you?

I have no problem with our government entities blocking VPNs, China, Russia, NK, etc IPs. It is so weird we havent done that yet.

Re:

[MeNeXT]

What? You honestly think you can't route around such blocks?

Re:

[gweihir]

I have no problem with our government entities blocking VPNs, China, Russia, NK, etc IPs. It is so weird we havent done that yet.

Sooo, you want a surveillance state? Good luck with that!

Re:

[burtosis]

it has something to do with the ways in which U.S. authorities wiretap suspects in this country with a court order.

I was wondering why my back door was chaffing, bleeding, and hurting so badly.

Re:

[gweihir]

Yep, such a surprise! No expert could _ever_ have predicted this could help other malicious actors as well! Oh, wait...

Re: So we put holes in our security...

[mspohr]

They now believe the hackers from a group called âoeSalt Typhoon,â closely linked to Chinaâ(TM)s Ministry of State Security, were lurking undetected inside the networks of the biggest American telecommunications firms for more than a year.

They have learned that the Chinese hackers got a nearly complete list of phone numbers the Justice Department monitors in its âoelawful interceptâ system, which places wiretaps on people suspected of committing crimes or spying, usually after a war

Re:

[geekmux]

it has something to do with the ways in which U.S. authorities wiretap suspects in this country with a court order.

An Unconstitutional (meaning illegal, which we forget is the same thing) FISA court, supports the use of illegal surveillance methods (Stingrays) by allowing law enforcement to NOT reveal their illegal “sources and methods” in legal cases where said evidence was blatantly captured illegally.

I’d say it has something to do with America having illegal and Unconstitutional processes in place that “they” wish to keep protected. “Holes” doesn’t even begin to descri

Back door

[XXongo]

So, turns out if you make a back door for the good guys to come in, the bad guys will use it, too.

Seems an obvious corollary, but apparently the US authorities don't think that way.

Re:

[Senshi]

Does any of Taiwan technology comes without backdoor? If not, so then let China to take Taiwan. America could build its own or buy technology from Europe countries. If Taiwans really don't want to lose their homes to China, well boo hoo, they should have thought of how bad idea it is listening to US big tech and government demands for backdoors. They all deserve bad karma for opening a can of worms. With so many hacking going on thru Taiwan technology makes me think Taiwan's independence from China is just

Re:

[gweihir]

Does any of Taiwan technology comes without backdoor?

Not more or less than any US tech. Seriously. Vendors place backdoors to spy on their customers for marketing reasons. Vendor-placed backdoors for actual spying outside of that are so rare that, AFAIK, there is not a single report of them. There are reports of the US NSA placing such backdoors by intercepting equipment during shipping though. If any "Taiwan technology" has a backdoor for regular spying, it may well be NSA-placed.

Re:

[kmoser]

So the backdoor telemetry built into Windows 10 and 11 are entirely for marketing purposes, huh?

Re: Back door

[javaman235]

Oh look, there is a spy balloon from the other side of the world with radio receivers and my coffee pot seems to be uploading audio filesâ¦.

Cmon.

Re:

[Kernel Kurtz]

So, turns out if you make a back door for the good guys to come in, the bad guys will use it, too.

Seems an obvious corollary, but apparently the US authorities don't think that way.

None of them do. They are convinced they are saving the world and are not bright enough to think any deeper. At least now we have a glaring example of "lawful access" actually being a glaring security hole. Next time the director of some western LEO says they need this we'll have an epic example of why they should fuck off and die.

Re:

[gweihir]

Indeed. These people are fanatical and pretty dumb. At the same time they have a deep, deep distrust of freedom, especially when it applies to others. Hence they want everybody under surveillance all the time. The traditional way to implement that was an all-seeing, all-knowing and vengeful "God" that did the surveillance. Of course, that was fake, but people believed it, so it was the next best thing. Now that we can implement universal surveillance, the same assholes desperately want it, especially as the

Re:

[gweihir]

It is also something the actual experts have strongly pointed out since forever. I guess the US "authorities" have quite a few retards with a hard one for spying on citizens.

We're from the government!

[silentbozo]

* knock knock *

"Hi, we're from the government, and we're here to help you!"

* Eyes the red and gold lapel pins with a prominent hammer and sickle. *

"Uh... which government did you say you were from?"

Re:

[gweihir]

You think the US flag is any better? Get real.

Re:

[ArmoredDragon]

You think the US flag is any better?

Yeah. I get that when given the choice, you'd prefer a place like Iran, China or North Korea over the US, but any person well grounded in reality wouldn't.

still compromised

[awwshit]

>All the major U.S. carriers, including AT&T, Verizon, and T-Mobile, were impacted, according to the Post.
>Incredibly, Warner says the hackers are still inside the U.S. system and there’s no obvious way to get them out that doesn’t involve physically replacing old equipment, according to Warner.
>“This is massive, and we have a particularly vulnerable system,” Warner told the Post.

Maybe "All the major U.S. carriers" should check this out:
https://www.cisa.gov/news-even... [cisa.gov]

Re:

[Kernel Kurtz]

How often do you think the government backdoor code gets patched? I'm guessing approximately none of it is OSS.

Will never exist

[RitchCraft]

Online security will never exist as long as governments and corporations are involved, period. Both want to spy for their own benefit. Creepy bastards the whole lot of them.

Re:

[hdyoung]

Hm. Yeah that’s true. Without government or corporate involvement, there would be absolutely zero problems with online security.

Because, there would be no “online”, period.

Re:

[RitchCraft]

Glad you see my point.

Re:

[gweihir]

Actually, the GDPR does reasonably well. Even the really big players get slapped to that they know it. Enforcement is still not what it should be, but the morass of surveillance desires is really deep and I think we are slowly getting there.

"... with a court order"

[evanh]

Yeah, right! Good joke. Rules have no meaning on all sides in this arena.

No-one is responsible

[NotEmmanuelGoldstein]

... drastic measures to boot them ...

How exactly does the US government think it will lock millions of back-doors? It decided long-ago that protecting itself from the people was more important than communication privacy. Nothing undoes that thinking: The US is stuck in a quandary, they can't stop disabling communication privacy and they won't give-up their back-doors. The result is a weakness that can never be fixed.

... our networks are a hodge-podge of old networks.

The failure of the US government to set standards, means there are multiple weaknesses in authentication/encryption/security

Re:

[Admiral Krunch]

How exactly does the US government think it will lock millions of back-doors?

Ah that's the cunningness of the plan. America knew this might be a possibility. And so snuck in hard coded access the government could use to reset and disable the other backdoor if it was ever compromised.
Huh? What do you mean I'm already logged in from somewhere else? D'oh !

Rofl

[dwater]

Yeah, we believe you - NOT.

VAULT-7 guys! You can't believe anything they tell you.

Why name the hackers...

[mingleby]

... ever so slightly interesting names like "Typhoon", etc... Why not name them more aptly? How about "micro-wieners", "scotty-no-mates" or "douche-bags"?

Re:

[Narcocide]

Now here's someone asking the right question. Why, indeed, does it seem more like they're the criminals' marketing department rather than their adversaries?

Re:

[Admiral Krunch]

... ever so slightly interesting names like "Typhoon", etc... Why not name them more aptly? How about "micro-wieners", "scotty-no-mates" or "douche-bags"?

It's more manly to be hacked by a powerful Typhoon, than admit you were bested by a micro wiener.

This is a sign

[FudRucker]

That the USA has the stupidest and mosf corrupt government in the world

Does anyone remember CALEA?

[tyroxy]

That was the Communications Assistance for Law Enforcement Act, passed in 1994 during Bill Clinton's administration. It mandated that US telecom networks be "wiretap ready."

My only hope

[Slashythenkilly]

Is that Winnie the Pooh and the NSA like pictures of my dick

Security messaging

[Hoi Polloi]

I'm going back to writing on paper airplanes and tossing them at the recipient

of course

[sizzlinkitty]

This is the same thing Snowden warned us about in addition to many others. Back doors sued for any reason makes the system weak but that doesn't stop dumb politicians from demanding them. We're going to be in an endless loop until we rid of government of idiots. This isn't going to change anything though, we're caught in the anacyclosis at the precipice of Ochlocracy.

Uh no

[gavron]

Chinese hackers were not able to listen to phone calls.

This is one crap "article".

Sometimes hold the presses and get technical review.