37 votes

Top US senator calls Salt Typhoon ‘worst telecom hack in our nation’s history’

28 comments

  1. [6]
    skybrian
    Link
    From the article: ... ... ... ... ...

    From the article:

    The hackers, part of a group dubbed Salt Typhoon, have been able to listen in on audio calls in real time and have in some cases moved from one telecom network to another, exploiting relationships of “trust,” said Sen. Mark R. Warner (D-Virginia), chairman of the Senate Intelligence Committee and a former telecom venture capitalist. Warner added that intruders are still in the networks.

    Though fewer than 150 victims have been identified and notified by the FBI — most of them in the D.C. region, the records of people those individuals have called or sent text messages to run into the “millions,” he said, “and that number could go up dramatically.”

    ...

    Those details, some previously undisclosed, add to the alarming understanding of the scope of the hack since late September, when the U.S. government, after being alerted by industry, began to grasp its seriousness. “The American people need to know” how serious the intrusion is, Warner said.

    The hackers targeted the phones of Donald Trump and his running mate, Sen. JD Vance of Ohio, as well as people working for the campaign of Vice President Kamala Harris and State Department officials.

    The effort was not directly election-related, Warner noted, as the hackers got into the telecom systems months earlier — in some cases more than a year ago.

    ...

    The networks are still compromised, and booting the hackers out could involve physically replacing “literally thousands and thousands and thousands of pieces of equipment across the country,” specifically outdated routers and switches, Warner said.

    “This is an ongoing effort by China to infiltrate telecom systems around the world, to exfiltrate huge amounts of data,” he said.

    ...

    Hackers have acquired access to the system that logs U.S. law enforcement requests for criminal wiretaps, allowing the Chinese to know who is of interest to authorities. There is no evidence so far that hackers have compromised the collection system itself through which law enforcement listens in on wiretapped calls, said U.S. officials, speaking on the condition of anonymity because of the matter’s sensitivity.

    ...

    The calls on which Chinese hackers were able to listen in were not part of the “lawful intercept,” or wiretap, system, officials said. But hackers also had access unencrypted communications, including text messages. End-to-end encrypted communications such as those on the Signal platform are believed to be protected, officials said.

    ...

    So far, the hack is known to have affected major U.S. firms such as AT&T, Verizon and T-Mobile, U.S. and industry officials said.

    “This is massive, and we have a particularly vulnerable system,” Warner said. “Unlike some of the European countries where you might have a single telco, our networks are a hodgepodge of old networks. ... The big networks are combinations of a whole series of acquisitions, and you have equipment out there that’s so old it’s unpatchable.”

    28 votes
    1. [3]
      CptBluebear
      Link Parent
      What a hack, trying to blame it on this. There are three European countries with a single telco: Andorra, a microstate. Gibraltar, a micro province. Monaco, a microstate. Even the Faroe Islands...

      Unlike some of the European countries where you might have a single telco

      What a hack, trying to blame it on this.

      There are three European countries with a single telco:

      • Andorra, a microstate.
      • Gibraltar, a micro province.
      • Monaco, a microstate.

      Even the Faroe Islands have three.

      The system is a sieve and it's not because it's a hodgepodge of telcos.

      14 votes
      1. [2]
        ahatlikethat
        Link Parent
        Seems like info WaPo should have inserted had they been diligent.

        Seems like info WaPo should have inserted had they been diligent.

        4 votes
        1. CptBluebear
          Link Parent
          Single Google search to verify by the way.

          Single Google search to verify by the way.

          3 votes
    2. [2]
      skybrian
      Link Parent
      This seems like a major news story that I've been sleeping on. But I did share a previous Washington Post article about a similar-sounding hack on August 27: Chinese government hackers penetrate...

      This seems like a major news story that I've been sleeping on. But I did share a previous Washington Post article about a similar-sounding hack on August 27:

      Chinese government hackers penetrate US internet providers to spy

      I'm not sure if it's the same. That article refers to "Volt Typhoon".

      And it seems the Wall Street Journal reported on this on October 5th:

      U.S. Wiretap Systems Targeted in China-Linked Hack - (archive)

      Verizon Communications, AT&T and Lumen Technologies are among the companies whose networks were breached by the recently discovered intrusion, the people said.
      The widespread compromise is considered a potentially catastrophic security breach and was carried out by a sophisticated Chinese hacking group dubbed Salt Typhoon. It appeared to be geared toward intelligence collection, the people said.

      So, I guess, you can assume China is listening to your phone calls now, if they want?

      12 votes
      1. skybrian
        Link Parent
        This article explains a little more about the code names:

        This article explains a little more about the code names:

        There are several "typhoon" threats, the moniker used by Microsoft in order to track different Chinese-backed campaigns based on their tactics and procedures.

        • Salt Typhoon has been active since 2020, according to Microsoft research cited by the Journal.
        • Volt Typhoon has persistently infiltrated U.S. infrastructure, with reports showing that attackers maintained access to critical U.S. systems for "at least five years."
        • Flax Typhoon targets home routers, firewalls, storage devices, and Internet of Things devices like cameras and video recorders and has been active since 2021, according to the Department of Justice.
        14 votes
  2. [12]
    xk3
    Link
    Given that the US doesn't really have separate networks for civilian and military use... this is pretty alarming!

    booting the hackers out could involve physically replacing “literally thousands and thousands and thousands of pieces of equipment across the country,” specifically outdated routers and switches

    Given that the US doesn't really have separate networks for civilian and military use... this is pretty alarming!

    22 votes
    1. Britimmer
      Link Parent
      They do to a point, but expounding on that seems like a poor idea at the present lol. My concern isn't so much the network segregation as it is how many people ignore security for the sake of...

      They do to a point, but expounding on that seems like a poor idea at the present lol.

      My concern isn't so much the network segregation as it is how many people ignore security for the sake of convenience. All the cool guy gear in the world means nothing if no one uses it. (Or if it's so cumbersome they decide they can be secure by "encoding" their conversations. I've seen that from a few folks who were senior enough to know way better)

      17 votes
    2. [10]
      donn
      Link Parent
      I mean as I understand it not really- any serious security is usually done with the assumption that internet communications are compromised. The real issue is how we still don’t have E2EE on calls...

      I mean as I understand it not really- any serious security is usually done with the assumption that internet communications are compromised. The real issue is how we still don’t have E2EE on calls and texts.

      11 votes
      1. [2]
        LookAtTheName
        Link Parent
        Because governments and law enforcement have been fighting against it tooth and nail. https://www.lawfaremedia.org/article/end-to-end-encryption-is-a-critical-national-security-tool...

        Because governments and law enforcement have been fighting against it tooth and nail.
        https://www.lawfaremedia.org/article/end-to-end-encryption-is-a-critical-national-security-tool
        https://www.bbc.com/news/59964656

        20 votes
        1. donn
          Link Parent
          Well, they can reap what they sow then.

          Well, they can reap what they sow then.

          13 votes
      2. [5]
        R3qn65
        Link Parent
        I don't think there's any way to put encryption on gsm calls / SMS messages without fundamentally replacing the protocols entirely. (And to do that is so much work that it's definitely not worth it).

        I don't think there's any way to put encryption on gsm calls / SMS messages without fundamentally replacing the protocols entirely. (And to do that is so much work that it's definitely not worth it).

        3 votes
        1. [4]
          arch
          Link Parent
          RCS is basically achieving encrypted replacement of SMS. iMessage achieved it for text chat with Apple customers a long time ago. The last holdout is Android to iOS RCS, which is rumored to be...

          RCS is basically achieving encrypted replacement of SMS. iMessage achieved it for text chat with Apple customers a long time ago. The last holdout is Android to iOS RCS, which is rumored to be coming in the next year. SMS/MMS will still be available as a backup, of course.

          8 votes
          1. [2]
            LookAtTheName
            Link Parent
            You make it sound like this is Android's fault. It's Apple's, iOS 18 (released in Sept. 2024) is the first time they've implemented it....

            The last holdout is Android to iOS RCS

            You make it sound like this is Android's fault. It's Apple's, iOS 18 (released in Sept. 2024) is the first time they've implemented it.
            https://www.engadget.com/what-is-rcs-and-how-is-it-different-from-sms-and-imessage-202334057.html

            7 votes
            1. arch
              Link Parent
              That wasn't my intention, but I understand how that conclusion could be drawn from my listing Android first in the sentence. Thank you for providing additional context.

              That wasn't my intention, but I understand how that conclusion could be drawn from my listing Android first in the sentence. Thank you for providing additional context.

              4 votes
      3. [2]
        skybrian
        Link Parent
        Don’t we partially have these things? We could use Signal (I have it installed), but mostly we don’t. Also, iMessage is pretty popular and supposedly end-to-end encrypted.

        Don’t we partially have these things? We could use Signal (I have it installed), but mostly we don’t. Also, iMessage is pretty popular and supposedly end-to-end encrypted.

        3 votes
        1. donn
          Link Parent
          iMessage is a big part of the problem, sadly, because 50% of America uses Androids and do not get the automatic upgrade to E2EE-- that, and iMessage may fail and downgrade to non E2EE RCS for any...

          iMessage is a big part of the problem, sadly, because 50% of America uses Androids and do not get the automatic upgrade to E2EE-- that, and iMessage may fail and downgrade to non E2EE RCS for any number of reasons, including your phone being dropped and the SIM card moving out of place for a second.

          There, in my opinion, have to be active campaigns by agencies like the NSA for adoption of things like Signal OR legal requirements to have E2EE RCS on network operators and Apple. Unfortunately, the surveillance state decided that it helps more than it hurts to have things not be encrypted.

          4 votes
  3. [6]
    norb
    Link
    Abusing an intentional "backdoor" setup for law enforcement is not really "hacking." I tend to have an issue with the way the media describes these types of incidents. I get that I am in a...

    Abusing an intentional "backdoor" setup for law enforcement is not really "hacking." I tend to have an issue with the way the media describes these types of incidents. I get that I am in a minority in that I understand these technical concepts and issues better than most but at the same time by reusing terminology across multiple outcomes ("hacking" in and of itself is not good or bad - it can be used for both) muddies the water and makes it harder for regular people to understand the issues at large.

    For example, the phrasing in this particular instance shifts the blame from choices we make as a society (providing backdoors for the "good guys") to an external entity (Chinese "hackers") and makes normal people think that this took some herculean effort when in reality they just stole some credentials to a system to request this type of access, then abused it for their own purposes. The discussion we should be having is if providing this level of access at all is a good thing or not. Instead it'll get spun into a diplomatic issue between the Chinese and the US without any of the underlying discussions about why this could happen in the first place.

    12 votes
    1. Eji1700
      (edited )
      Link Parent
      I'd say it is. Abusing flaws in built in systems is a huge part of hacking. Yes some of it is literal unintentional "hey I found a way to overload the memory here so I and RCE here...", but a lot...

      Abusing an intentional "backdoor" setup for law enforcement is not really "hacking."

      I'd say it is. Abusing flaws in built in systems is a huge part of hacking. Yes some of it is literal unintentional "hey I found a way to overload the memory here so I and RCE here...", but a lot of it stems from stuff like "so this captain crunch whistle emits the right tone to get free long distance" which all stems from abuse of existing protocols.

      13 votes
    2. [4]
      skybrian
      Link Parent
      I don't know how this hack worked. For example, why do they say that many routers will need to be replaced? Do you know of a good explanation?

      I don't know how this hack worked. For example, why do they say that many routers will need to be replaced?

      Do you know of a good explanation?

      4 votes
      1. [2]
        ahatlikethat
        Link Parent
        Looking into it myself, I came across this article from the National Motor Freight Traffic Association, which seems a weird resource but has a very good explanation (and even lists ts sources at...

        Looking into it myself, I came across this article from the National Motor Freight Traffic Association, which seems a weird resource but has a very good explanation (and even lists ts sources at the end).

        7 votes
        1. redbearsam
          Link Parent
          Haha, so bizarre to find such a specific and high quality article on a website so peripherally related. And yet here we are.

          Haha, so bizarre to find such a specific and high quality article on a website so peripherally related. And yet here we are.

          2 votes
      2. xk3
        Link Parent
        Realistically this is because there is a lot of different equipment (model numbers * manufacturers). It is costly to make firmware updates and at some point things become deprecated. For simple...

        why do they say that many routers will need to be replaced

        Realistically this is because there is a lot of different equipment (model numbers * manufacturers). It is costly to make firmware updates and at some point things become deprecated.

        For simple equipment a patch to fix this might be relatively small--certain government agencies might even already have patches for these backdoors but they aren't going to make that information public so we all have to suffer.

        It takes 4-8 hours just to check if a single line (voice-only phoneset + wires) is bugged. So it also might just be the case that it's cheaper to replace it but it still takes time to replace equipment.

        4 votes
  4. TheD00d
    Link
    And this comes on the heels of the new director of Homeland Security wanting to get rid of the US cyber security agencies like CISA and others.. So I see this continuing to be a problem for the...

    And this comes on the heels of the new director of Homeland Security wanting to get rid of the US cyber security agencies like CISA and others.. So I see this continuing to be a problem for the US.

    Related to the article. I'm not surprised. Chinese APTs (advanced persistent threat) groups like targeting both critical and non-critical portions of US companies and networks and will continue to do so. I'm actually part of a civilian IR group who helps small/local infrastructure and other government entities with IR. We have helped a couple of small cities recover from the business end of APTs. Volt Typhoon being one of them and most of IR training relates to how to ID and respond to PRC APTs.

    11 votes
  5. [3]
    iquanyin
    Link
    marco rubio isn’t a “top” anything. i don’t even know what a “top” congress person is. i assume it’s whatever the person using that term thinks it is. few people in congress are tech literate....

    marco rubio isn’t a “top” anything. i don’t even know what a “top” congress person is. i assume it’s whatever the person using that term thinks it is.
    few people in congress are tech literate. most just ju,p on whatever is popular and/or bribes them best.

    8 votes
    1. updawg
      Link Parent
      He's the Vice Chair of the Select Committee on Intelligence. When it comes to Intel, he's a top senator.

      He's the Vice Chair of the Select Committee on Intelligence. When it comes to Intel, he's a top senator.

      5 votes
    2. jredd23
      Link Parent
      Very true, and on top of that some ideas floating around of getting rid of secure comm channels. What a waste land.

      Very true, and on top of that some ideas floating around of getting rid of secure comm channels. What a waste land.

      2 votes