17 votes

Chinese government hackers penetrate US internet providers to spy

3 comments

  1. [2]
    skybrian
    (edited )
    Link
    From the article: … I’m guessing that web browser connections and other things tunneled through https are fairly safe since they’re guarded using encryption and certificates? But there are other...

    From the article:

    Chinese government-backed hackers have penetrated deep into U.S. internet service providers in recent months to spy on their users, according to people familiar with the ongoing American response and private security researchers.

    The unusually aggressive and sophisticated attacks include access to at least two major providers with millions of customers as well as to several smaller providers, people familiar with the separate campaigns said.

    In a blog made public Tuesday, Lumen said the hackers used a previously unknown vulnerability, known as a zero-day flaw, in a program made by Versa Networks for managing wide-area networks. Versa acknowledged the critical vulnerability late last week, warning only its direct customers.

    On Monday, the Santa Clara, Calif.-based company published a blog post about the problem, saying that it had issued a patch and that “impacted customers failed to implement system hardening and firewall guidelines.”

    Lumen wrote that it located malware inside ISP routers serving certain groups or individual customers that could intercept passwords from those customers. Lumen said it believed the malicious software was being used by Volt Typhoon.

    In a separate report earlier this month, security company Volexity said it had found another high-end technique in play at a different, unnamed ISP. In that case, it said a Chinese state hacking group distinct from Volt Typhoon was able to get far enough inside the service provider to alter the Domain Name System (DNS) web addresses that users were trying to reach and divert them elsewhere, allowing the hackers to insert back doors for spying.

    I’m guessing that web browser connections and other things tunneled through https are fairly safe since they’re guarded using encryption and certificates? But there are other protocols. And all it takes is someone ignoring the warning when their browser or ssh client says the connection is insecure.

    In any case, not trusting your ISP seems like a good idea.

    6 votes
    1. balooga
      Link Parent
      Even apart from the risk of them getting hacked, it’s never been a good idea to trust your ISP. ISPs have been known to track DNS queries, inject ads into intercepted pages, snitch on torrent...

      Even apart from the risk of them getting hacked, it’s never been a good idea to trust your ISP. ISPs have been known to track DNS queries, inject ads into intercepted pages, snitch on torrent activity, and generally abet the Five Eyes surveillance apparatus as Edward Snowden revealed. You can’t surf without them but neither do you have to give them all your activity on a silver platter. Use a privacy-respecting VPN for everything. Use DNS-over-HTTPS for everything. Use Tor if you’re really paranoid, but those first steps are a good baseline for everybody.

      17 votes