China Wiretaps Americans in 'Worst Hack in Our Nation's History' (gizmodo.com) 60
Longtime Slashdot reader mspohr shares a report from Gizmodo: Hackers for the Chinese government were able to deeply penetrate U.S. telecommunications infrastructure in ways that President Joe Biden's administration hasn't yet acknowledged, according to new reports from the Washington Post and New York Times. The hackers were able to listen to phone calls and read text messages, reportedly exploiting the system U.S. authorities use to wiretap Americans in criminal cases. The worst part? The networks are still compromised and it may take incredibly drastic measures to boot them from U.S. systems.
The hackers behind the infiltration of U.S. telecom infrastructure are known to Western intelligence agencies as Salt Typhoon, and this particular breach of U.S. equipment was first reported in early October by the Wall Street Journal. But Sen. Mark Warner, a Democrat from Virginia, spoke with the Washington Post and New York Times this week to warn the public that this is so much worse than we initially thought, dubbing it "the worst telecom hack in our nation's history." And those articles based on Warner's warnings were published late Thursday.
Hackers weren't able to monitor or intercept anything encrypted, according to the Times, which means that conversations over apps like Signal and Apple's iMessage were probably protected. But end-to-end encryption over texts between Apple devices and Android devices, for instance, aren't encrypted in the same way, meaning they were vulnerable to interception by Salt Typhoon, according to the Times. The details about how the hackers were able to push so deeply into U.S. systems are still scarce, but it has something to do with the ways in which U.S. authorities wiretap suspects in this country with a court order.
The hackers behind the infiltration of U.S. telecom infrastructure are known to Western intelligence agencies as Salt Typhoon, and this particular breach of U.S. equipment was first reported in early October by the Wall Street Journal. But Sen. Mark Warner, a Democrat from Virginia, spoke with the Washington Post and New York Times this week to warn the public that this is so much worse than we initially thought, dubbing it "the worst telecom hack in our nation's history." And those articles based on Warner's warnings were published late Thursday.
Hackers weren't able to monitor or intercept anything encrypted, according to the Times, which means that conversations over apps like Signal and Apple's iMessage were probably protected. But end-to-end encryption over texts between Apple devices and Android devices, for instance, aren't encrypted in the same way, meaning they were vulnerable to interception by Salt Typhoon, according to the Times. The details about how the hackers were able to push so deeply into U.S. systems are still scarce, but it has something to do with the ways in which U.S. authorities wiretap suspects in this country with a court order.
So we put holes in our security... (Score:4, Insightful)
it has something to do with the ways in which U.S. authorities wiretap suspects in this country with a court order.
Re: (Score:3)
I have no problem with our government entities blocking VPNs, China, Russia, NK, etc IPs. It is so weird we havent done that yet.
Re: (Score:2)
What? You honestly think you can't route around such blocks?
Re: (Score:2)
I have no problem with our government entities blocking VPNs, China, Russia, NK, etc IPs. It is so weird we havent done that yet.
Sooo, you want a surveillance state? Good luck with that!
Re: (Score:3)
IP blocking is not going to help. They routinely use compromised systems inside the target country, or in another friendly nation.
Re: (Score:2)
it has something to do with the ways in which U.S. authorities wiretap suspects in this country with a court order.
I was wondering why my back door was chaffing, bleeding, and hurting so badly.
Re: (Score:2)
Yep, such a surprise! No expert could _ever_ have predicted this could help other malicious actors as well! Oh, wait...
Re: So we put holes in our security... (Score:2)
They now believe the hackers from a group called âoeSalt Typhoon,â closely linked to Chinaâ(TM)s Ministry of State Security, were lurking undetected inside the networks of the biggest American telecommunications firms for more than a year.
They have learned that the Chinese hackers got a nearly complete list of phone numbers the Justice Department monitors in its âoelawful interceptâ system, which places wiretaps on people suspected of committing crimes or spying, usually after a war
Re: (Score:2)
it has something to do with the ways in which U.S. authorities wiretap suspects in this country with a court order.
An Unconstitutional (meaning illegal, which we forget is the same thing) FISA court, supports the use of illegal surveillance methods (Stingrays) by allowing law enforcement to NOT reveal their illegal “sources and methods” in legal cases where said evidence was blatantly captured illegally.
I’d say it has something to do with America having illegal and Unconstitutional processes in place that “they” wish to keep protected. “Holes” doesn’t even begin to descri
Back door (Score:2)
Seems an obvious corollary, but apparently the US authorities don't think that way.
Re: (Score:1)
Re: (Score:2)
Does any of Taiwan technology comes without backdoor?
Not more or less than any US tech. Seriously. Vendors place backdoors to spy on their customers for marketing reasons. Vendor-placed backdoors for actual spying outside of that are so rare that, AFAIK, there is not a single report of them. There are reports of the US NSA placing such backdoors by intercepting equipment during shipping though. If any "Taiwan technology" has a backdoor for regular spying, it may well be NSA-placed.
Re: (Score:2)
Re: (Score:2)
Insofar as they are not NSA-mandated, yes.
Re: Back door (Score:2)
Oh look, there is a spy balloon from the other side of the world with radio receivers and my coffee pot seems to be uploading audio filesâ¦.
Cmon.
Re: (Score:3)
So, turns out if you make a back door for the good guys to come in, the bad guys will use it, too.
Seems an obvious corollary, but apparently the US authorities don't think that way.
None of them do. They are convinced they are saving the world and are not bright enough to think any deeper. At least now we have a glaring example of "lawful access" actually being a glaring security hole. Next time the director of some western LEO says they need this we'll have an epic example of why they should fuck off and die.
Re: (Score:2)
Indeed. These people are fanatical and pretty dumb. At the same time they have a deep, deep distrust of freedom, especially when it applies to others. Hence they want everybody under surveillance all the time. The traditional way to implement that was an all-seeing, all-knowing and vengeful "God" that did the surveillance. Of course, that was fake, but people believed it, so it was the next best thing. Now that we can implement universal surveillance, the same assholes desperately want it, especially as the
Re: (Score:2)
It is also something the actual experts have strongly pointed out since forever. I guess the US "authorities" have quite a few retards with a hard one for spying on citizens.
Re: (Score:3)
Not exactly that.
I'd say it's a generalized problem with authoritarians (and athorities in general, since they attract such) that they simply cannot abide being told 'no.'
They varely rarely introspect on themselves about this, and will almost always scream angry denials and post-hoc rationalizations about why and how their latest temper tantrum is not this thing, and how I have it all wrong, but such reactions are very similar to people addicted to pain killers, or performance enhancing drugs.
That out of th
Re: (Score:1)
This no-no has been known for many years already. Whoever put the back-door in should get "it" up their back door.
We're from the government! (Score:5, Funny)
* knock knock *
"Hi, we're from the government, and we're here to help you!"
* Eyes the red and gold lapel pins with a prominent hammer and sickle. *
"Uh... which government did you say you were from?"
Re: (Score:2)
You think the US flag is any better? Get real.
Re: (Score:2)
You think the US flag is any better?
Yeah. I get that when given the choice, you'd prefer a place like Iran, China or North Korea over the US, but any person well grounded in reality wouldn't.
Re: (Score:2)
At least for another 2 months.
still compromised (Score:2)
>All the major U.S. carriers, including AT&T, Verizon, and T-Mobile, were impacted, according to the Post.
>Incredibly, Warner says the hackers are still inside the U.S. system and there’s no obvious way to get them out that doesn’t involve physically replacing old equipment, according to Warner.
>“This is massive, and we have a particularly vulnerable system,” Warner told the Post.
Maybe "All the major U.S. carriers" should check this out:
https://www.cisa.gov/news-even... [cisa.gov]
Re: (Score:2)
Re: (Score:1)
What good will that do?
There was no exploitation of bugs in the software. The Chinese government has the legitimate keys to our kingdom.
That's why it will take "drastic measures to boot them from U.S. systems"
Patches are not drastic.
Removing the key (singular) that all the different US government agencies are using for wiretaps is what is drastic.
Even then, the three letter agencies demanding the back door knew this would be the outcome, and were even told by all the experts that this would be the outcome.
Will never exist (Score:2)
Online security will never exist as long as governments and corporations are involved, period. Both want to spy for their own benefit. Creepy bastards the whole lot of them.
Re: (Score:2)
Because, there would be no “online”, period.
Re: (Score:2)
Glad you see my point.
Re: (Score:2)
Actually, the GDPR does reasonably well. Even the really big players get slapped to that they know it. Enforcement is still not what it should be, but the morass of surveillance desires is really deep and I think we are slowly getting there.
"... with a court order" (Score:2)
Yeah, right! Good joke. Rules have no meaning on all sides in this arena.
No-one is responsible (Score:2)
How exactly does the US government think it will lock millions of back-doors? It decided long-ago that protecting itself from the people was more important than communication privacy. Nothing undoes that thinking: The US is stuck in a quandary, they can't stop disabling communication privacy and they won't give-up their back-doors. The result is a weakness that can never be fixed.
The failure of the US government to set standards, means there are multiple weaknesses in authentication/encryption/security
Re: (Score:2)
How exactly does the US government think it will lock millions of back-doors?
Ah that's the cunningness of the plan. America knew this might be a possibility. And so snuck in hard coded access the government could use to reset and disable the other backdoor if it was ever compromised.
Huh? What do you mean I'm already logged in from somewhere else? D'oh !
Re: (Score:2)
The pragmatic fix is for users to entirely move to end to end encrypted communications. There are no shortage of options these days. It's only SMS messages and phone calls that are insecure by design.
Rofl (Score:2)
Yeah, we believe you - NOT.
VAULT-7 guys! You can't believe anything they tell you.
Why name the hackers... (Score:3, Funny)
Re: (Score:2)
Now here's someone asking the right question. Why, indeed, does it seem more like they're the criminals' marketing department rather than their adversaries?
Re: (Score:3)
... ever so slightly interesting names like "Typhoon", etc... Why not name them more aptly? How about "micro-wieners", "scotty-no-mates" or "douche-bags"?
It's more manly to be hacked by a powerful Typhoon, than admit you were bested by a micro wiener.
Re: (Score:2)
When you hear "we were victims of a sophisticated attack by high tech criminals", read "we didn't change the default password."
This is a sign (Score:1)
Does anyone remember CALEA? (Score:1)
My only hope (Score:2)
Re: (Score:2)
I'm pretty sure that tiger going after the slowest target thing is a myth. Predictors pick a target and stick with that target until they either bring it down or they are too tired to continue.
Security messaging (Score:2)
I'm going back to writing on paper airplanes and tossing them at the recipient
Re: (Score:2)
Or telegram, signal, whatsapp..
There are encrypted options.
of course (Score:2)
This is the same thing Snowden warned us about in addition to many others. Back doors sued for any reason makes the system weak but that doesn't stop dumb politicians from demanding them. We're going to be in an endless loop until we rid of government of idiots. This isn't going to change anything though, we're caught in the anacyclosis at the precipice of Ochlocracy.
Uh no (Score:1)
Chinese hackers were not able to listen to phone calls.
This is one crap "article".
Sometimes hold the presses and get technical review.
Shouldn't be possible (Score:2)
the system U.S. authorities use to wiretap Americans
A fixed, pre-existing wiretap infrastructure simply should not exist. If the police want to fight crime, they can monitor the end-points. It's exactly the same argument that we have, over and over again, about encryption. Transmission infrastructure should be as secure as we can make it. The vast majority of users (individuals and businesses) are not criminals, and hence deserve the protection of a secure infrastructure.
Hackers for the Chinese government :o (Score:2)
So, Americans are under warrantless surveillance (Score:2)
The only difference is, the surveillance isn't carried out by US or US-friendly big tech companies. So it's absolutely outrageous!
In fact, I'm so worked up that I'm headed back home in my GM-monitored to watch the ballgame on my Samsung-monitored smart TV to forget about all that surveillance.