U.S. telecommunications systems have been so compromised by Chinese hackers that senior government officials have been told to abandon routine phone calls and text messages.
this Cybersecurity and Infrastructure Security Agency issues warning Wednesday saw the most widespread hack ever by Chinese cyber espionage.
The report states that “individuals holding senior government or senior political positions” should “immediately review and apply” best practices regarding the use of mobile devices.
See also: US wants to ban sales of Chinese TP-Link routers: report
The first tip is: “Only use end-to-end encrypted communications.”
End-to-end encryption is a data protection technology designed to make data unreadable by anyone except the sender and recipient. iMessage and the privacy-focused app Signal.
Reuters said that enterprise products that allow end-to-end encryption also include online meetings of Microsoft Teams and Zoom Communications.
Neither regular calls nor text messages are end-to-end encrypted, which means they can be monitored by the phone company, law enforcement, or by hackers who may hack into the phone company's infrastructure.
That's what happened in the case of the cyber espionage group known as Salt Typhoon, a group that U.S. officials say is run by the Chinese government and obtained troves of data about U.S. callers.
Beijing often denies accusations of cyber espionage.
“The largest hacker attack in U.S. history”
But a senior U.S. official said earlier this month that “at least” eight telecommunications and telecommunications infrastructure companies in the United States were attacked by Typhoon Salt hackers and that “a large amount of Americans' metadata” was stolen in surveillance scans.
Democratic Senator Ben Ray Lujan said last week that the intrusions “could represent a The largest telecom hacking attack in our country’s history”.
Family members of US President-elect Trump and officials in Joe Biden's administration is the target.
It's unclear whether U.S. officials have found a way to thwart the hackers' espionage efforts.
Jeff Greene, CISA's executive assistant director for cybersecurity, told reporters on Wednesday that the investigation is still ongoing and that various target agencies and personnel are in different stages of response.
Green said the Salt Typhoon attack “is part of a broader pattern of Chinese activity targeting critical infrastructure.” nickname to track.
“This is an ongoing activity by China that we need to prepare and defend for the long term,” Green said.
“A huge lawsuit against U.S. telecom companies”
Communicating solely through end-to-end encryption has long been a recommendation from digital security experts, such as those from the United States. Electronic Frontier FoundationIts senior technical expert, Cooper Quintin, welcomed the guidance. Still, he said the idea that the government was steering its own officials away from regular phone networks was concerning.
“This is a huge indictment of the telecommunications companies that operate the nation's infrastructure,” he said.
Other recommendations include avoiding the use of one-time password-based texts, such as those often sent by Bank of America to verify logins, and using hardware keys, which can help prevent a password-stealing technique known as phishing.
Tom Hegel, threat researcher at cybersecurity firm Sentinel One Cooper echoed the CISA guidance's endorsement, saying “Chinese actors are not the only ones who continue to collect unsecured communications.”
Spies and hackers of all kinds “will lose valuable access if their targets adopt these security measures,” he said.
- Additional editing and input by Jim Pollard, Reuters
See also
Chinese hackers hacked into U.S. courts to wiretap networks: Wall Street Journal
China behind U.S. online election campaign: Researchers
Chinese hackers target Russian state network, IT companies – BC
Chinese hackers behind malicious cyber operations: Australia
U.S. clears Chinese hackers from Pacific Computer Systems
U.S. says China is using artificial intelligence to boost espionage – Wall Street Journal
China faces WikiLeaks-style crisis from hacker firm data
Amid tariff spat, Trump 'invites China's Xi Jinping to take office'
