Chinese Hackers Used U.S. Government-Mandated Wiretap Systems
For as long as law enforcement has sought a way to monitor people’s conversations—though they’d only do so with a court order, we’re supposed to believe—privacy experts have warned that building backdoors into communications systems to ease government snooping is dangerous. A recent Chinese incursion into U.S. internet providers using infrastructure created to allow police easy wiretap access offers evidence, and not for the first time, that weakening security for anybody weakens it for everybody.
Subverted Wiretapping Systems
“A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers, potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests,” The Wall Street Journal reported last week. “For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data.”
Among the companies breached by the hacker group, dubbed “Salt Typhoon” by investigators, are Verizon, AT&T, and Lumen Technologies. The group is just one of several linked to the Chinese government that has targeted data and communications systems in the West.
While the Journal report doesn’t specify, Joe Mullin and Cindy Cohn of the Electronic Frontier Foundation (EFF) believe the wiretap-ready systems penetrated by the Chinese hackers were “likely created to facilitate smooth compliance with wrong-headed laws like CALEA.” CALEA, known in full as the Communications Assistance for Law Enforcement Act, dates back to 1994 and “forced telephone companies to redesign their network architectures to make it easier for law enforcement to wiretap digital telephone calls,” according to an EFF guide to the law. A decade later it was expanded to encompass internet service providers, who were targeted by Salt Typhoon.
“That’s right,” comment Mullin and Cohn. “The path for law enforcement access set up by these companies was apparently compromised and used by China-backed hackers.”
Ignored Precedents
This isn’t the first time that CALEA-mandated wiretapping backdoors have been exploited by hackers. As computer security expert Nicholas Weaver pointed out for Lawfare in 2015, “any phone switch sold in the US must include the ability to efficiently tap a large number of calls. And since the US represents such a major market, this means virtually every phone switch sold worldwide contains ‘lawful intercept’ functionality.”
Two decades ago, that mandatory wiretapping capability was subverted by hackers targeting Vodafone Greece. They intercepted phone conversations of the country’s prime minister and high political, law enforcement, and military officials, among others.
Which is to say that nobody appears to have learned anything between the 2004 hacking of government-mandated wiretapping capabilities at a Greek telecom and the 2024 hacking of government-mandated wiretapping capabilities at U.S. internet service providers. Well, unless we’re counting the Chinese hackers. They seem to have learned quite a bit from the earlier experience.
It should be needless to say, but let’s say it anyway: this was all predictable and preventable.
‘The Problem With Backdoors’
“The problem with backdoors is known—any alternate channel devoted to access by one party will undoubtedly be discovered, accessed, and abused by another,” David Ruiz of the internet security firm Malwarebytes Labs wrote in 2019. He noted that cybersecurity researchers had been making that argument for years. They’ve been repeating themselves for years because their warnings appear to fall on deaf ears.
Even some believers in backdoors on specific devices concede that building wiretapping into whole communications systems is too dangerous to contemplate. A 2019 paper from the Carnegie Endowment for Peace’s Encryption Working Group thought “some forms of access to encrypted information, such as access to data at rest on mobile phones, should be further discussed,” but cautioned that compromising the security of what it called “data in motion” (communications networks) “would create a massive target for criminal and foreign intelligence adversaries.”
Such foreign intelligence adversaries, for instance, as hackers sponsored by the Chinese government to penetrate U.S. internet firms.
So, just how dangerous was the Salt Typhoon hack?
‘A Potentially Catastrophic Breach’
“The widespread compromise is considered a potentially catastrophic security breach,” adds The Wall Street Journal. “It appeared to be geared toward intelligence collection.”
China’s state-sponsored hackers are continuously targeting U.S. infrastructure, including water-treatment facilities and the electricity grid. They’ve also penetrated pipeline systems. “The PRC’s targeting of our critical infrastructure is both broad and unrelenting,” FBI Director Christopher Wray warned in April, referring to the People’s Republic of China.
The U.S. Cybersecurity and Infrastructure Security Agency cautions that “PRC state-sponsored cyber actors are seeking to pre-position themselves on information technology (IT) networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.”
And yes, the U.S. government is probably returning the favor by hacking systems in China and elsewhere. But that will be cold comfort if the lights go out here because the feds essentially rolled out the red carpet for foreign infiltration of American networks.
The debate over information security has raged for years with people like Edward Snowden pointing out that law enforcement agencies can’t be trusted with access to our communications, or to abide by the rules that theoretically define when and how they can snoop. Now we know that they aren’t competent custodians of wiretapping systems that privacy advocates warned were open invitations to bad actors.
Salt Typhoon may have done enormous damage to American security by penetrating internet systems relied on by private individuals, businesses, utilities, and government agencies. If it leads to the end of government-mandated backdoors that offer easy access to hackers, some good could come of this.
The post Chinese Hackers Used U.S. Government-Mandated Wiretap Systems appeared first on Reason.com.
Source: https://reason.com/2024/10/11/chinese-hackers-used-u-s-government-mandated-wiretap-systems/
Anyone can join.
Anyone can contribute.
Anyone can become informed about their world.
"United We Stand" Click Here To Create Your Personal Citizen Journalist Account Today, Be Sure To Invite Your Friends.
Before It’s News® is a community of individuals who report on what’s going on around them, from all around the world. Anyone can join. Anyone can contribute. Anyone can become informed about their world. "United We Stand" Click Here To Create Your Personal Citizen Journalist Account Today, Be Sure To Invite Your Friends.
LION'S MANE PRODUCT
Try Our Lion’s Mane WHOLE MIND Nootropic Blend 60 Capsules
Mushrooms are having a moment. One fabulous fungus in particular, lion’s mane, may help improve memory, depression and anxiety symptoms. They are also an excellent source of nutrients that show promise as a therapy for dementia, and other neurodegenerative diseases. If you’re living with anxiety or depression, you may be curious about all the therapy options out there — including the natural ones.Our Lion’s Mane WHOLE MIND Nootropic Blend has been formulated to utilize the potency of Lion’s mane but also include the benefits of four other Highly Beneficial Mushrooms. Synergistically, they work together to Build your health through improving cognitive function and immunity regardless of your age. Our Nootropic not only improves your Cognitive Function and Activates your Immune System, but it benefits growth of Essential Gut Flora, further enhancing your Vitality.
Our Formula includes: Lion’s Mane Mushrooms which Increase Brain Power through nerve growth, lessen anxiety, reduce depression, and improve concentration. Its an excellent adaptogen, promotes sleep and improves immunity. Shiitake Mushrooms which Fight cancer cells and infectious disease, boost the immune system, promotes brain function, and serves as a source of B vitamins. Maitake Mushrooms which regulate blood sugar levels of diabetics, reduce hypertension and boosts the immune system. Reishi Mushrooms which Fight inflammation, liver disease, fatigue, tumor growth and cancer. They Improve skin disorders and soothes digestive problems, stomach ulcers and leaky gut syndrome. Chaga Mushrooms which have anti-aging effects, boost immune function, improve stamina and athletic performance, even act as a natural aphrodisiac, fighting diabetes and improving liver function. Try Our Lion’s Mane WHOLE MIND Nootropic Blend 60 Capsules Today. Be 100% Satisfied or Receive a Full Money Back Guarantee. Order Yours Today by Following This Link.