What happened

According to available information, a Chinese hacker group Salt Typhoon BleepingComputer writes that it’s reaching out to popular providers like Verizon, AT&T, Lumen Technologies, and others. Criminals gained access to systems used by the U.S. federal government for court-sanctioned wiretapping, Internet traffic monitoring, and other surveillance methods.

The eavesdropping systems required by 30-year-old U.S. federal law are among the most sensitive among telecommunications networks and Internet providers; because it gives select employees virtually unlimited access to information about their customers, including Internet traffic and browsing histories.

Internet security researchers have been sounding the alarm about the risks of legally enforced blackmail for years, knowing that one day it will become a disaster. They say it is technologically impossible to create a “secure backdoor” that attackers cannot use.

Stanford researcher and encryption policy expert Riana Pfefferkorn says the law, passed in 1994, when cell phones were rare and the internet was still in its infancy, is doing more harm than good today: “Instead of protecting you, this system endangers you,” she says.

I think it was absolutely inevitable.
Matt Blaze, a professor at Georgetown Law University and an expert on secure systems, commented on the incident.

Hacking attacks could lead to the theft of a “vast collection of Internet traffic” from US telecommunications and Internet giants, according to reports. CNN and Washington Post They have confirmed their involvement through their sources, and the US government’s investigation is still in its early stages..

The targets of the Chinese campaign are not yet fully known, but the WSJ reported that national security whistleblowers hack considered “potentially catastrophic”. Although there is no confirmation yet, it is stated that Salt Typhoon may have hacked similar organizations in other countries.

About Typhoon Salt

• Salt Typhoon is one of several Chinese-backed hacker organizations believed to be laying the groundwork for devastating cyberattacks in the event of a possible future conflict between China and the United States.
• Group has been operating since at least 2019 and is considered difficult to resist.
• It generally specializes in government agencies and telecommunications companies in the Southeast Asia region.
• Security researchers also found that the threat actor attacked hotels, engineering companies, and law firms in Brazil, Burkina Faso, South Africa, Canada, Israel, France, Guatemala, Lithuania, Saudi Arabia, Taiwan, Thailand, and the United Kingdom.
• Hackers often gain initial access to the target’s network by exploiting various vulnerabilities rather than through phishing or social engineering.

Researchers are still looking for the initial access method used for this new attack. WSJ reports that one possible option is to gain access to Cisco routers responsible for forwarding Internet traffic. However, a Cisco spokesperson told the WSJ that the company is investigating the matter but has not yet received any indication that the company’s network equipment was involved in the breach.

A long viewing history

According to TechCrunch, eavesdropping has become big business, especially after the terrorist attacks of September 11, 2001. Later passage of post-9/11 laws such as the Patriot Act greatly expanded surveillance and intelligence-gathering capabilities in the United States, including on Americans. The Backdoor Act and other surveillance laws gave rise to an entire eavesdropping company during this time. They helped phone and internet companies comply with the law by conducting wiretaps on their behalf.

Exactly how these rules worked in practice and what access the government had to Americans’ private data was kept largely secret until 2013. Former NSA contractor Edward Snowden released thousands of classified US documents, widely revealing the government’s surveillance methods and practices over the last decadeIncluding the massive collection of Americans’ private data.

While much of the Snowden surveillance scandal focused on how the U.S. government and its closest allies collected classified data on targets abroad (including terrorists and hostile government hackers), revelations of U.S. government spying sparked outrage from ordinary citizens and citizens alike. In some cases, the systems of Silicon Valley’s technology giants are being tapped by American special services without their knowledge. Silicon Valley collectively responded, in part leading to a reversal of years of secrecy and general uncertainty surrounding government-sanctioned wiretapping.

In the following years, tech giants began encrypting as much customer data as possible, realizing that a company could not be forced to hand over customer data it did not have access to. So are developers once accused of abetting US surveillance Started publishing “transparency reports”It details how many times companies have had to hand over customer data over a period of time.

While tech companies are starting to lock down their products to prevent third-party spies (and in some cases, even the tech companies themselves) from accessing customer data. phone and internet companies have done little to encrypt phone and internet traffic users. Therefore, much of the Internet and telephone traffic in the United States is subject to eavesdropping under the law.

USA is not alone

But it’s not just the United States that is interested in backdoors and espionage. Some other governments continue to push legislation that weakens, circumvents, or otherwise compromises encryption. European Union member states are seeking to legalize messaging apps that would scan their citizens’ private correspondence for suspected child abuse material. Security experts say this There is no technology that can achieve what the law requires without risking misuse by attackers.

Signal, an encrypted messaging app, has been one of the most vocal critics of encryption backdoors. The company cited China’s recent hacking of US internet providers as the reason for this. Europe’s proposals pose serious threat to cybersecurity.

It’s impossible to create a backdoor that only the “good guys” can use.
Signal president Meredith Whittaker said on the Mastodon page.

What is the result?

So far, the affected companies have not commented on reports of this attack. BleepingComputer writes that it contacted all three, but two refused to talk and the third, Verizon, completely ignored the letter.

Chinese hacking groups are increasingly targeting American and European network devices and Internet service providers in cyberespionage attacks. This is unlikely to stop anytime soon, as conflict between China and the United States continues to escalate.