Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
China AT&T Verizon

U.S. Wiretap Systems Targeted in China-Linked Hack (msn.com) 27

"A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers," reports the Wall Street Journal, "potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests.

"For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk." The attackers also had access to other tranches of more generic internet traffic, they said. Verizon Communications, AT&T and Lumen Technologies are among the companies whose networks were breached by the recently discovered intrusion, the people said.

The widespread compromise is considered a potentially catastrophic security breach and was carried out by a sophisticated Chinese hacking group dubbed Salt Typhoon. It appeared to be geared toward intelligence collection, the people said... The surveillance systems believed to be at issue are used to cooperate with requests for domestic information related to criminal and national security investigations. Under federal law, telecommunications and broadband companies must allow authorities to intercept electronic information pursuant to a court order. It couldn't be determined if systems that support foreign intelligence surveillance were also vulnerable in the breach...

The hackers appear to have engaged in a vast collection of internet traffic from internet service providers that count businesses large and small, and millions of Americans, as their customers. Additionally, there are indications that the hacking campaign targeted a small number of service providers outside the U.S., the people said. A person familiar with the attack said the U.S. government considered the intrusions to be historically significant and worrisome... "It will take time to unravel how bad this is, but in the meantime it's the most significant in a long string of wake-up calls that show how the PRC has stepped up their cyber game," said Brandon Wales, former executive director at the Cybersecurity and Infrastructure Security Agency and now a vice president at SentinelOne, referring to the People's Republic of China. "If companies and governments weren't taking this seriously before, they absolutely need to now."

Three weeks ago TechCrunch also reported that the FBI "took control of a botnet made up of hundreds of thousands of internet-connected devices, such as cameras, video recorders, storage devices, and routers, which was run by a Chinese government hacking group, FBI director Christopher Wray and U.S. government agencies revealed Wednesday.
This discussion has been archived. No new comments can be posted.

U.S. Wiretap Systems Targeted in China-Linked Hack

Comments Filter:
  • And about that.. (Score:5, Insightful)

    by Knightman ( 142928 ) on Saturday October 05, 2024 @04:34PM (#64842533)

    Now consider the call for "breaking encryption" so law enforcement can go after criminals and how that power could never be misused.

    This event clearly shows what an utterly stupid idea that is.

  • by hwstar ( 35834 ) on Saturday October 05, 2024 @04:59PM (#64842555)

    Make 'em physically show up to gain access to the switching equupment. This was how it was done with old electro-mechanical switches. A switchman had to be present in the central office to trace a call, add a pen register or tap a telephone conversation. It's too easy for someone to hack into a remote interface such as this, and it makes it to easy for the government to conduct blanket search warrants. https://www.law.cornell.edu/wex/blanket_search_warrant

  • by Anonymous Coward
    Nobody should be tapping anyone's phones in the first place.
  • by PubJeezy ( 10299395 ) on Saturday October 05, 2024 @05:19PM (#64842583)
    If someone has a backdoor, than anyone can have a backdoor. That's just how it works. And I'm not saying that we should be wary of letting the govt backdoor our tech because that's clearly already happened. There are hundreds of "cyber security firms" openly touting their ability to hack every phone on the market and the FBI keeps hiring them and telling us it worked. Digital devices cannot be secured but if the public actually adopted this worldview it would destroy the economy.

    Consumer electronics should not be used to transmit or store sensitive information. Full stop.
  • by N7DR ( 536428 ) on Saturday October 05, 2024 @05:31PM (#64842613) Homepage

    More than two decades ago now, I was privileged to be on a team of security experts that fully defined a system for deploying legal wiretap capability in cable ISPs in a secure manner.

    To the best of my knowledge, not a single ISP deployed what we defined. Instead, they listened to the marketing people from various companies that sold them proprietary equipment.

    The real problem, it seemed to me then, and still seems to me, is that the people in charge of making deployment decisions really don't understand this stuff (a classic statement from one very large ISP at the time: "We don't need more security; we have firewalls") -- instead, they seem only too happy to be wined/dined/golf-gamed into deploying something that any reasonably competent security expert would recognise as, let us say, sub-optimal.

    • ... any reasonably competent security expert ...

      A wire-tap, by definition, exists to abuse the customer. Why spend more money protecting the customer? If that affects the police, that's not the tel-Cos problem, they provided the mandated access, they didn't have to do anything else: A lack of privacy laws, guarantees that.

    • by gweihir ( 88907 )

      The real problem, it seemed to me then, and still seems to me, is that the people in charge of making deployment decisions really don't understand this stuff -- instead, they seem only too happy to be wined/dined/golf-gamed into deploying something that any reasonably competent security expert would recognise as, let us say, sub-optimal.

      Ah, yes? How do you think barely functional trash like Windows/o365 and utter crap like Crowdstrike became so big? Also, still zero liability for the vendors, regardless how extremely they screw up. What do you expect in that situation?

      • The "no-liability" stuff goes way too far. Why do parking garages have zero liability for physical security, the upkeep of the lot or if the building breaks and something falls on my car ?

    • A embedder dev once told me he does not need authentication, they have ssl. I said, "ah, cool, mTLS". He looked at me funny...there was no client certs....

  • There are many reasons they'd want this access, but I think a big one is figuring out which Chinese expats are collaborating with US intelligence.

  • And how did they stay hidden? This needs to be shared.

  • by Turkinolith ( 7180598 ) on Saturday October 05, 2024 @05:58PM (#64842653)
    They left a backdoor for snooping and are surprised when people use it for snooping. REALLY!?
  • by khchung ( 462899 ) on Saturday October 05, 2024 @10:34PM (#64843181) Journal

    Tell me why other countries should not try to spy on it.

  • by gweihir ( 88907 ) on Saturday October 05, 2024 @11:23PM (#64843293)

    Soo, wiretapping systems are so badly secured that they can be hacked from around the globe? Maybe it is a _really_ bad idea having these systems?

  • So, the Chinese don't need Tiktok to record Americans, afterall. They got the goods already, straight from the source. Unbelievable.
  • by tinkerton ( 199273 ) on Sunday October 06, 2024 @03:48AM (#64843457)

    The US insists on putting backdoors in everything - and then lets itself get hacked. Talk about arrogantly getting everything wrong all the time..

  • Who knew a wiretap system connected to the Internet would be targeted for hacking

Promising costs nothing, it's the delivering that kills you.

Working...