Chinese hackers have entered several US telecom providers such as AT&T, Verizon and T-Mobile to spy on high US officials, including top tier politicians like Donald Trump and Kamala Harris.
This attack is already described as the worst breach in the US telecommunications history. The FBI detected the attack conducted by a China-affiliated Salt Typhoon group months ago, but the hackers are still inside the system – and have been inside for even over a year.
How did it happen?
Communications Assistance for Law Enforcement Act, or CALEA, came into force in 1994. Also dubbed as the "Digital Telephony Act," it allows US law enforcement agencies to perform what is called lawful interception of communications for targeted surveillance.
In layman’s terms, this is called wiretapping that can be turned on for telephone traffic, broadband connections and Voice over IP (VoIP). For operators to be able to grant such access to officials, there needs to be a way to bypass default protocol or even encrypted traffic. In cybersecurity, this method is called a backdoor.
Why are backdoors a bad idea?
Cybersecurity experts have advised against using backdoors for years, and those warnings have now become a reality. The 30-year birthday present the CALEA act got was far from pleasant, since the Salt Typhoon group exploited the very same wiretapping/lawful interception backdoor to enter sensitive information.
It bears emphasizing that the door was there by design, just waiting to be found by a malicious actor. This is the harsh reality of backdoors: whatever their original intention, someone will eventually exploit that vulnerability – which it really is - if the price is right. Nation-state actors and affiliated hacker groups are patient, meticulous and resourceful, so making their job easier is not a good idea.
Why is this serious?
The wiretap systems host some of the most sensitive information in a telecom or internet provider’s network, often granting nearly unrestricted access to information about their clients, including their internet traffic, phone records, contacts and browsing histories.
Senate Intelligence Committee chairman Mark Warner likened the scale of the intrusion to making prior attacks like Colonial Pipeline and SolarWinds seem minor in comparisons. He commented that ejecting the attackers would require replacing thousands of devices, such as switches and routers, that have the backdoor.
Needless to say, this is requires a huge logistical and financial effort and it takes time remedy. This is why the compromise is so persistent, and communications are and continue to be in jeopardy.
What is the way forward?
As a result, Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI) have published a guide for protecting communications Infrastructure. Recommendations include “to strengthen visibility and harden network devices” as well as “reduce existing vulnerabilities, improve secure configuration habits, and limit potential entry points.”
But even this is a rather limited view.
The true key recommendation is data sovereign, end-to-end encryption
There’s a lesson to be learned here. Encrypted services, such as Signal (not affected by the hack) or Secure Collaboration 2024 by SSH Communications Security (SSH), build a critical layer of protection for communications. Although Signal is secure, it is better suited for personal communication. Secure-aware organizations require an expert solution to protect their mission-critical and sensitive business collaboration needs.
Our Secure Collaboration 2024 includes Salax Secure Mail and Salax Secure Messaging which are purpose built to secure sensitive communications for highly regulated organizations and ensure that:
- Communications are end-to-end encrypted - even up to a quantum-safe level - and don’t leave a trace on public servers;
- You can build completely independent and data sovereign communications channels that not even teleoperators (or us at SSH) can access or decrypt;
- You are in control of the encryption keys that enable e2e encrypted communications;
- Only the intended recipients send messages, communicate, chat, and engage in video conferences;
- There is an audit trail of activities for record-keeping and strong identity authentication for communications.
SalaX Secure Messaging does not depend on centralized servers, but allows communication to be federated, meaning users from different servers can interact seamlessly.
SalaX Secure Messaging solution is developed by SSH Communications Security, using both the Element communications platform and the decentralized Matrix open standard for secure and interoperable communications.
It is the same technology stack as used by the French government, the German Armed Forces (Bundeswehr), NATO ACT, the Swedish Social Insurance Agency, United Nations International Computing Centre and the US Department of Defense. Element was also cited as a Strong Performer in The Forrester Wave for Secure Communications (Q3 2024).
The keys to sensitive information need to be in your organization’s own hands.
