Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Government China United States

China Wiretaps Americans in 'Worst Hack in Our Nation's History' (gizmodo.com) 91

Longtime Slashdot reader mspohr shares a report from Gizmodo: Hackers for the Chinese government were able to deeply penetrate U.S. telecommunications infrastructure in ways that President Joe Biden's administration hasn't yet acknowledged, according to new reports from the Washington Post and New York Times. The hackers were able to listen to phone calls and read text messages, reportedly exploiting the system U.S. authorities use to wiretap Americans in criminal cases. The worst part? The networks are still compromised and it may take incredibly drastic measures to boot them from U.S. systems.

The hackers behind the infiltration of U.S. telecom infrastructure are known to Western intelligence agencies as Salt Typhoon, and this particular breach of U.S. equipment was first reported in early October by the Wall Street Journal. But Sen. Mark Warner, a Democrat from Virginia, spoke with the Washington Post and New York Times this week to warn the public that this is so much worse than we initially thought, dubbing it "the worst telecom hack in our nation's history." And those articles based on Warner's warnings were published late Thursday.

Hackers weren't able to monitor or intercept anything encrypted, according to the Times, which means that conversations over apps like Signal and Apple's iMessage were probably protected. But end-to-end encryption over texts between Apple devices and Android devices, for instance, aren't encrypted in the same way, meaning they were vulnerable to interception by Salt Typhoon, according to the Times. The details about how the hackers were able to push so deeply into U.S. systems are still scarce, but it has something to do with the ways in which U.S. authorities wiretap suspects in this country with a court order.

This discussion has been archived. No new comments can be posted.

China Wiretaps Americans in 'Worst Hack in Our Nation's History'

Comments Filter:
  • by mspohr ( 589790 ) on Friday November 22, 2024 @09:10PM (#64965983)

    it has something to do with the ways in which U.S. authorities wiretap suspects in this country with a court order.

    • by jhoegl ( 638955 ) on Friday November 22, 2024 @09:16PM (#64966001)
      Sure, when you program in a back door, and ask a Foreign country to build the things with the back door... you arent really making it a back door, are you?

      I have no problem with our government entities blocking VPNs, China, Russia, NK, etc IPs. It is so weird we havent done that yet.
      • by MeNeXT ( 200840 )

        What? You honestly think you can't route around such blocks?

      • by gweihir ( 88907 )

        I have no problem with our government entities blocking VPNs, China, Russia, NK, etc IPs. It is so weird we havent done that yet.

        Sooo, you want a surveillance state? Good luck with that!

      • by AmiMoJo ( 196126 ) on Saturday November 23, 2024 @05:24AM (#64966481) Homepage Journal

        IP blocking is not going to help. They routinely use compromised systems inside the target country, or in another friendly nation.

      • I have no problem with our government entities blocking VPNs, China, Russia, NK,

        Geoblocking solves nothing.

        Do you think someone working for China can't rent a local server?

      • by Slayer ( 6656 )

        The problem is not the existence of a back door by itself. Governments have - if enabled by court orders - listened in to their citizens for over hundred years. It was one of the established methods to keep a tap on the mafia, drug cartels and corrupt politicians.

        What has struck here is the acknowledgement by several consecutive US governments, that this kind of access is a tempting target for overseas intelligence services, and that such infrastructure must be kept secure and up to date in this millennium'

    • it has something to do with the ways in which U.S. authorities wiretap suspects in this country with a court order.

      I was wondering why my back door was chaffing, bleeding, and hurting so badly.

      • by Anonymous Coward
        Speaking as one of the Chinese hackers responsible for penetrating your back door: I'm not sorry, but you should get checked for STDs
    • by gweihir ( 88907 )

      Yep, such a surprise! No expert could _ever_ have predicted this could help other malicious actors as well! Oh, wait...

    • They now believe the hackers from a group called âoeSalt Typhoon,â closely linked to Chinaâ(TM)s Ministry of State Security, were lurking undetected inside the networks of the biggest American telecommunications firms for more than a year.

      They have learned that the Chinese hackers got a nearly complete list of phone numbers the Justice Department monitors in its âoelawful interceptâ system, which places wiretaps on people suspected of committing crimes or spying, usually after a war

    • it has something to do with the ways in which U.S. authorities wiretap suspects in this country with a court order.

      An Unconstitutional (meaning illegal, which we forget is the same thing) FISA court, supports the use of illegal surveillance methods (Stingrays) by allowing law enforcement to NOT reveal their illegal “sources and methods” in legal cases where said evidence was blatantly captured illegally.

      I’d say it has something to do with America having illegal and Unconstitutional processes in place that “they” wish to keep protected. “Holes” doesn’t even begin to descri

    • Court orders are simply flouted for political targets. The US phone system is wide open to anyone with half a clue.
      • And in the US, those with a clue are making cell sites that intercept and sift regular, day to day cellphone use in major cities, looking for terrorist info.

        Sting-Ray, other Cell Site Simulators sniff and snarf all day long. Few realize they're being routed through IMSI catchers, which undress all they do, unless with the user has end-to-end encryption.

        Someone from China figured out how to do this through law enforcement backdoors, now law enforcement is mad.

        I do not doubt we (USA) does this across the worl

    • Every time Law Enforcement asks for backdoors, etc, smart people warn about this exact risk. Yet politicians use the 'what about the children' or 'terrorism' bullshit to get this crap passed. When will we learn?
    • Nice try, scary wording for they had log retention for legal reasons, the same as your employer for your work emails, customer transactions etc.

      Until we know more, this is most likely.

  • Back door (Score:5, Informative)

    by XXongo ( 3986865 ) on Friday November 22, 2024 @09:12PM (#64965991) Homepage
    So, turns out if you make a back door for the good guys to come in, the bad guys will use it, too.

    Seems an obvious corollary, but apparently the US authorities don't think that way.

    • Does any of Taiwan technology comes without backdoor? If not, so then let China to take Taiwan. America could build its own or buy technology from Europe countries. If Taiwans really don't want to lose their homes to China, well boo hoo, they should have thought of how bad idea it is listening to US big tech and government demands for backdoors. They all deserve bad karma for opening a can of worms. With so many hacking going on thru Taiwan technology makes me think Taiwan's independence from China is just
      • by gweihir ( 88907 )

        Does any of Taiwan technology comes without backdoor?

        Not more or less than any US tech. Seriously. Vendors place backdoors to spy on their customers for marketing reasons. Vendor-placed backdoors for actual spying outside of that are so rare that, AFAIK, there is not a single report of them. There are reports of the US NSA placing such backdoors by intercepting equipment during shipping though. If any "Taiwan technology" has a backdoor for regular spying, it may well be NSA-placed.

      • those back doors being placed there on the instructions of The USA?
    • Re:Back door (Score:5, Informative)

      by Kernel Kurtz ( 182424 ) on Friday November 22, 2024 @09:46PM (#64966049)

      So, turns out if you make a back door for the good guys to come in, the bad guys will use it, too.

      Seems an obvious corollary, but apparently the US authorities don't think that way.

      None of them do. They are convinced they are saving the world and are not bright enough to think any deeper. At least now we have a glaring example of "lawful access" actually being a glaring security hole. Next time the director of some western LEO says they need this we'll have an epic example of why they should fuck off and die.

      • Re:Back door (Score:4, Insightful)

        by gweihir ( 88907 ) on Friday November 22, 2024 @10:23PM (#64966113)

        Indeed. These people are fanatical and pretty dumb. At the same time they have a deep, deep distrust of freedom, especially when it applies to others. Hence they want everybody under surveillance all the time. The traditional way to implement that was an all-seeing, all-knowing and vengeful "God" that did the surveillance. Of course, that was fake, but people believed it, so it was the next best thing. Now that we can implement universal surveillance, the same assholes desperately want it, especially as the fairy-tale used before is believed by less and less people.

    • by gweihir ( 88907 )

      It is also something the actual experts have strongly pointed out since forever. I guess the US "authorities" have quite a few retards with a hard one for spying on citizens.

      • Re:Back door (Score:5, Interesting)

        by wierd_w ( 1375923 ) on Saturday November 23, 2024 @03:30AM (#64966361)

        Not exactly that.

        I'd say it's a generalized problem with authoritarians (and athorities in general, since they attract such) that they simply cannot abide being told 'no.'

        They varely rarely introspect on themselves about this, and will almost always scream angry denials and post-hoc rationalizations about why and how their latest temper tantrum is not this thing, and how I have it all wrong, but such reactions are very similar to people addicted to pain killers, or performance enhancing drugs.

        That out of the way, the behavior is not a conscious one; again, they dont introspect it at all, and instead just act. However, it very closely appears to follow this pattern:

        Picture an authority or authority figure getting told NO, when they want to do something they ostensibly have control over. [CEO wanting unfettered admin privs in their company's network, for example.] When somebody asserts this 'NO', they take it as an innate attack against that authority; somebody 'thinking they are above the 'actual' authorities' [see again, 'i'm the CEO, and I'M in charge here! I'll fire your bitch ass if you dont give me what I want!' And pals] The very notion that they even *could* be told 'NO', and worse yet, that it could be *enforced*, defacto implies that they are not the highest authority; something or someone has more authority and control than they do, and this causes anger, panic, fear, and resentment basically instantaneously.

        People like us, who understand that certain things are inescapable consequences of actual physical reality, and are things enforced by that reality, can assert 'no, you cant actually do that' to these people, and the meaning of that 'no' is lost. All they see and hear, is 'somebody acting above their station, trying to enforce a different, unwanted policy.' They dont see it as 'no, really, that's a thing that you simply cannot accomplish or have. It's not attainable by anyone. I'm not stopping you, the nature of reality says you genuinely cannot do or have it that way.' You cannot make them see it that way.

        From their perspective, you are simply out to stop them from getting what they want, and are thus an enemy of the state.

        I'd suggest that some healthy introspection on this matter on their part would do wonders, but much like the afore mentioned addicts, they insist that there is nothing wrong, and you are being adversarial to suggest such things.

        You really cannot help such people.

        Actually forming coallitions and agencies to overpower their authority, makes you into the very thing they instinctually label you as, and just reinforces the behavior.

        There are very clear warning signs that you are dealing with such a person/group, and those signs are VERY aparent in how our govt approaches citizen privacy, and digital security. The very EXISTENCE of the FISA court, is a powerful indicator, here.

        They have a belief, and that belief is divorced from actual reality.

        • by gweihir ( 88907 )

          I have had a look into authoritarianism a while ago, and I agree. But I also came to the conclusion that authoritarians have severe learning disability and disability to understand reality, so I like to call them "retards" on occasion. And yes, you cannot help these people. But you can, on occasion, protect others against them.

        • The very notion that they even *could* be told 'NO', and worse yet, that it could be *enforced*, defacto implies that they are not the highest authority; something or someone has more authority and control than they do, and this causes anger, panic, fear, and resentment basically instantaneously.

          You've basically just explained atheism.

          "What?!? There is someone above me, standards from outside myself and my peer group that I must obey?!?"

    • by Tablizer ( 95088 )

      This no-no has been known for many years already. Whoever put the back-door in should get "it" up their back door.

    • by Torodung ( 31985 )

      If I had a penny for everytime this was said on Slashdot, I'd be dead, compressed and buried under 15 tons of pennies.

      AND WE WERE RIGHT, DAMMIT!

      ffs government agencies are dumb

  • by silentbozo ( 542534 ) on Friday November 22, 2024 @09:26PM (#64966021) Journal

    * knock knock *

    "Hi, we're from the government, and we're here to help you!"

    * Eyes the red and gold lapel pins with a prominent hammer and sickle. *

    "Uh... which government did you say you were from?"

  • >All the major U.S. carriers, including AT&T, Verizon, and T-Mobile, were impacted, according to the Post.
    >Incredibly, Warner says the hackers are still inside the U.S. system and there’s no obvious way to get them out that doesn’t involve physically replacing old equipment, according to Warner.
    >“This is massive, and we have a particularly vulnerable system,” Warner told the Post.

    Maybe "All the major U.S. carriers" should check this out:
    https://www.cisa.gov/news-even... [cisa.gov]

    • How often do you think the government backdoor code gets patched? I'm guessing approximately none of it is OSS.
    • by Anonymous Coward

      What good will that do?
      There was no exploitation of bugs in the software. The Chinese government has the legitimate keys to our kingdom.

      That's why it will take "drastic measures to boot them from U.S. systems"
      Patches are not drastic.
      Removing the key (singular) that all the different US government agencies are using for wiretaps is what is drastic.

      Even then, the three letter agencies demanding the back door knew this would be the outcome, and were even told by all the experts that this would be the outcome.

    • by Torodung ( 31985 )

      So hard coded backdoors in firmware then? Great choice!

  • Online security will never exist as long as governments and corporations are involved, period. Both want to spy for their own benefit. Creepy bastards the whole lot of them.

    • Hm. Yeah that’s true. Without government or corporate involvement, there would be absolutely zero problems with online security.

      Because, there would be no “online”, period.
    • by gweihir ( 88907 )

      Actually, the GDPR does reasonably well. Even the really big players get slapped to that they know it. Enforcement is still not what it should be, but the morass of surveillance desires is really deep and I think we are slowly getting there.

  • Yeah, right! Good joke. Rules have no meaning on all sides in this arena.

  • ... drastic measures to boot them ...

    How exactly does the US government think it will lock millions of back-doors? It decided long-ago that protecting itself from the people was more important than communication privacy. Nothing undoes that thinking: The US is stuck in a quandary, they can't stop disabling communication privacy and they won't give-up their back-doors. The result is a weakness that can never be fixed.

    ... our networks are a hodge-podge of old networks.

    The failure of the US government to set standards, means there are multiple weaknesses in authentication/encryption/security

    • How exactly does the US government think it will lock millions of back-doors?

      Ah that's the cunningness of the plan. America knew this might be a possibility. And so snuck in hard coded access the government could use to reset and disable the other backdoor if it was ever compromised.
      Huh? What do you mean I'm already logged in from somewhere else? D'oh !

    • by 1s44c ( 552956 )

      The pragmatic fix is for users to entirely move to end to end encrypted communications. There are no shortage of options these days. It's only SMS messages and phone calls that are insecure by design.

    • The government will issue a memo mandating that telecom change the default password and publish the new password in the memo.
  • by dwater ( 72834 )

    Yeah, we believe you - NOT.

    VAULT-7 guys! You can't believe anything they tell you.

  • by mingleby ( 6527654 ) on Friday November 22, 2024 @10:17PM (#64966097)
    ... ever so slightly interesting names like "Typhoon", etc... Why not name them more aptly? How about "micro-wieners", "scotty-no-mates" or "douche-bags"?
    • Now here's someone asking the right question. Why, indeed, does it seem more like they're the criminals' marketing department rather than their adversaries?

    • ... ever so slightly interesting names like "Typhoon", etc... Why not name them more aptly? How about "micro-wieners", "scotty-no-mates" or "douche-bags"?

      It's more manly to be hacked by a powerful Typhoon, than admit you were bested by a micro wiener.

      • by AmiMoJo ( 196126 )

        When you hear "we were victims of a sophisticated attack by high tech criminals", read "we didn't change the default password."

  • by tyroxy ( 1291304 ) on Friday November 22, 2024 @10:59PM (#64966153)
    That was the Communications Assistance for Law Enforcement Act, passed in 1994 during Bill Clinton's administration. It mandated that US telecom networks be "wiretap ready."
  • Is that Winnie the Pooh and the NSA like pictures of my dick
  • I'm going back to writing on paper airplanes and tossing them at the recipient

    • by 1s44c ( 552956 )

      Or telegram, signal, whatsapp..

      There are encrypted options.

      • by Torodung ( 31985 )

        Whatsapp now asks you to backup your keys on Google. Now you might not do that, but is everyone you're talking to also following suit?

        Do not bother with anything produced by Zuck if you expect privacy. They aren't interested. In this case, they were interested in platform readoption.

  • This is the same thing Snowden warned us about in addition to many others. Back doors sued for any reason makes the system weak but that doesn't stop dumb politicians from demanding them. We're going to be in an endless loop until we rid of government of idiots. This isn't going to change anything though, we're caught in the anacyclosis at the precipice of Ochlocracy.

  • Chinese hackers were not able to listen to phone calls.

    This is one crap "article".

    Sometimes hold the presses and get technical review.

  • by bradley13 ( 1118935 ) on Saturday November 23, 2024 @03:12AM (#64966347) Homepage

    the system U.S. authorities use to wiretap Americans

    A fixed, pre-existing wiretap infrastructure simply should not exist. If the police want to fight crime, they can monitor the end-points. It's exactly the same argument that we have, over and over again, about encryption. Transmission infrastructure should be as secure as we can make it. The vast majority of users (individuals and businesses) are not criminals, and hence deserve the protection of a secure infrastructure.

    • Except, what if you don't know one of the endpoints? I.E. you know the source of drugs but knot where or who it's going to.
  • by Mirnotoriety ( 10462951 ) on Saturday November 23, 2024 @03:22AM (#64966353)
    The details about how the hackers were able to push so deeply into U.S. systems are still scarce, but it has something to do with the” back-doors inserted by the NSA.
  • The only difference is, the surveillance isn't carried out by US or US-friendly big tech companies. So it's absolutely outrageous!

    In fact, I'm so worked up that I'm headed back home in my GM-monitored to watch the ballgame on my Samsung-monitored smart TV to forget about all that surveillance.

  • When the government officials pushed for back doors, there were many experts telling them why it's a moronic idea, specifically telling them this will happen. Yet, they did it anyways. If someone was told their actions will cause harm, they did it anyways, the harm occurred, they should be held responsible for their decisions. Even if there is no criminal liability, the decision makers should be fired and prevented from making any decisions in the future.
  • Your local police department just bought a tank fleet because Mexicans have been spotted in the area, but the True Guardians of Liberty know the real danger is Beijing seeing your cringey flirts with the neighbor's wife. Excuse me for bursting your bubble, Gadsden: Your precious data is everywhere, always has been, and always will be, because you live in a universe of tangible facts. There's no special pocket universe for people who are rilly rilly smaht with teh maths.
  • In the Netherlands, we just let Israel run our wiretap software. Dutch technicians aren't even allowed to examine the hardware. How's that for security, eh?

  • This would explain why all passwords were recently forced reset company wide
    and why damn near every router and switch in every network are moving to 2FA.
    ( Typically SecurID )

    2FA makes scripting a bitch though. . .

"Survey says..." -- Richard Dawson, weenie, on "Family Feud"

Working...