Millions of U.S. Cellphones Could Be Vulnerable to Chinese Government Surveillance (washingtonpost.com)
- Reference: 0175388191
- News link: https://news.slashdot.org/story/24/11/03/1953214/millions-of-us-cellphones-could-be-vulnerable-to-chinese-government-surveillance
- Source link: https://www.washingtonpost.com/opinions/2024/11/02/china-spying-telecom-trump-harris-fbi-cell-phone/
They cite six current or former senior U.S. officials, all of whom were briefed about the attack by the U.S. intelligence community.
> The Chinese hackers, who the United States believes are linked to Beijing's Ministry of State Security, have burrowed inside the private wiretapping and surveillance system that American telecom companies built for the exclusive use of U.S. federal law enforcement agencies — and the U.S. government believes they likely continue to have access to the system .... The U.S. government and the telecom companies that are dealing with the breach have said very little publicly about it since it was first detected in August, leaving the public to rely on details trickling out through leaks...
>
> The so-called lawful-access system breached by the Salt Typhoon hackers was established by telecom carriers after the terrorist attacks of Sept. 11, 2001, to allow federal law enforcement officials to execute legal warrants for records of Americans' phone activity or to wiretap them in real time, depending on the warrant. Many of these cases are authorized under the Foreign Intelligence Surveillance Act (FISA), which is used to investigate foreign spying that involves contact with U.S. citizens. The system is also used for legal wiretaps related to domestic crimes.
>
> It is unknown whether hackers were able to access records about classified wiretapping operations, which could compromise federal criminal investigations and U.S. intelligence operations around the world, multiple officials told me. But they confirmed the [2]previous reporting that hackers were able to both listen in on phone calls and monitor text messages. "Right now, China has the ability to listen to any phone call in the United States, whether you are the president or a regular Joe, it makes no difference," one of the hack victims briefed by the FBI told me. "This has compromised the entire telecommunications infrastructure of this country."
>
> The Wall Street Journal first reported on Oct. 5 that China-based hackers had penetrated the networks of U.S. telecom providers and might have penetrated the system that telecom companies operate to allow lawful [3]access to wiretapping capabilities by federal agencies... [After [4]releasing a short statement, the FBI notified 40 victims of Salt Typhoon, according to multiple officials. The FBI informed one person who had been compromised that the initial group of identified targets included six affiliated with the Trump campaign, this person said, and that the hackers had been monitoring them as recently as last week... "They had live audio from the president, from JD, from Jared," the person told me. "There were no device compromises, these were all real-time interceptions...." [T]he duration of the surveillance is believed to date back to last year.
Several officials told the columnist that the cyberattack also targetted senior U.S. government officials and top business leaders — and that even more compromised targets are being discovered. At this point, "Multiple officials briefed by the investigators told me the U.S. government does not know how many people were targeted, how many were actively surveilled, how long the Chinese hackers have been in the system, or how to get them out."
But the article does include this quote from U.S. Senate Intelligence Committee chairman Mark Warner. "It is much more serious and much worse than even what you all presume at this point."
One U.S. representative suggested Americans rely more on encrypted apps. The U.S. is already [5]investigating — but while researching the article, the columnist writes, "The National Security Council declined to comment, and the FBI did not respond to a request for comment..." They end with this recommendation.
"If millions of Americans are vulnerable to Chinese surveillance, they have a right to know now."
[1] https://www.washingtonpost.com/opinions/2024/11/02/china-spying-telecom-trump-harris-fbi-cell-phone/
[2] https://www.washingtonpost.com/national-security/2024/10/27/chinese-hackers-cellphones-trump/?itid=lk_inline_manual_13
[3] https://www.wsj.com/tech/cybersecurity/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b?mod=article_inline
[4] https://www.cisa.gov/news-events/news/joint-statement-fbi-and-cisa-prc-activity-targeting-telecommunications
[5] https://news.slashdot.org/story/24/10/25/2055241/fbi-investigates-claims-china-tried-to-hack-donald-trumps-phone
Few people are really affected (Score:2, Insightful)
1) Anyone who works in a sensitive government position (or adjacent to one where your movements could reveal something) and is stupid enough to carry around an insecure phone.
2) Anyone who works in an industry within which the Chinese government might like to engage in some industrial espionage.
3) Chinese expats worried about Xi wanting to exert control over them and threaten family members back in China.
4) Pretty much nobody else.
I don't want Xi snooping in my phone, but it's incredibly unlikely to have an
Re: (Score:3)
> 1) Anyone who works in a sensitive government position (or adjacent to one where your movements could reveal something) and is stupid enough to carry around an insecure phone.
This is specifically about phone independent monitoring. If you make a phone call from a "secured" phone to an actual normal number.
> 2) Anyone who works in an industry within which the Chinese government might like to engage in some industrial espionage.
Or anyone who works in an industry like banking where the Chinese might profit from insider knowledge. Or anyone who works in support of an industry China wants to take over.
> 3) Chinese expats worried about Xi wanting to exert control over them and threaten family members back in China.
Or anyone who's doing things like this Slashdot story that are uncomfortable for the Chinese government. Or anyone who might travel to China and have mistakenly visited an anti-China web page or be useful f
Re: (Score:3)
Exactly. Don't create a dystopian domestic surveillance infrastructure here in the US and the Chinese won't have anything to "burrow" into.
Because I don't want to be put under surveillance by anyone, be it semi-unconstitutional three-letter agencies, private big data monopolies or foreign dictatorships.
Re: Start getting privacy laws, then we will talk. (Score:3)
A secure OS may be irrelevant if the wiretap is at the carrier infrastructure.
Lawful-access system (Score:5, Insightful)
This is why you don't build back doors into your stuff. Even if they are only meant for the "good guys".
Re: (Score:2)
Good guys don't need backdoors. Only people up to no good do.
Re: (Score:2)
The "good guys" use front doors! So you do not even get to complain when they rape you...
For context, some deeply immoral asshole German politicos complained their deeply desired surveillance mechanisms were called "backdoors" by all experts and claimed that government surveillance would, of course, use "front doors".
Re: (Score:3)
Who could have predicted it? It's almost like the thing that every cryptography professional told them from the outset would happen, happened!
Re: (Score:2)
I wish I had moderator points today in order to give you a +1 to this.
Re: (Score:2)
Came here for this comment. Thank you.
A system can be secure or... (Score:3)
...insecure. Those are the only options.
It's impossible to allow the good guys to get in while keeping the bad guys out.
If there is a secret back door, the bad guys will find it.
It's not even possible to make sure the good guys are always good.
Re: (Score:2)
Do you have updates turned off on your phone?
Spam (Score:1)
Anyone who wants to waste their time reading the piles of spam I get very day is welcome to. If you worried about surveillance, don't use your phone for anything critical.
Get payed... (Score:2)
Got contacted by my local government. A polite letter telling me that they want to spy... research how I use my smartphone. They pay me 7€ a month. But they were to lazy to use a back door. I had to install an app. Nice.
Re: (Score:1)
Yea, all good questions which I notice you were suspiciously modded down for. Of course, I had known someone had been monitoring my cellphone communications for years already, and now I'm wondering if these are the same people, or if it has been someone else who has also had this level of access all along. I wonder if there's anyone left in the world who doesn't have this level of access at this point. It seems like security is a joke to these companies.
Open doors are OPEN for bad actors (Score:1)
Techdirt (https://www.techdirt.com) has covered this for decades.
When you CREATE AN OPEN DOOR then bad actos WILL gain access and WILL use it.
Today that may be a nation state hell bent on figuring out how much interest my bank account collected.
Tomorrow it may be those spammer scammers who will TRANSFER ALL MY MONEY elsewhere.
What will the US government do? Blame other people. Even though they DEMANDED the breaking of
encryption and creation of the access, and the banks and other instituions acceded to the
Can they block messages too? (Score:1)
Just curious.
Backdoor wide open (Score:3)
> "The Chinese hackers,[] have burrowed inside the private wiretapping and surveillance system that American telecom companies built for the exclusive use of U.S. federal law enforcement agencies"
Please remember this if you are tempted to support "back doors" in encryption, for ANY reason. Security by obscurity doesn't work, and keeping something like that "secret" is not only nearly impossible in the long-term, it presents a weakness that can eventually be cracked, even if it remains secret.
So who is being blackmailed? (Score:1)
Spies don't spy on people for fun, they spy to get an advantage. So with complete access to US telecom networks they would use that information to compromise the military, the politicians, the corporations, and the rich by blackmailing them. This would explain a lot about US politics and corporate behavior. Possibly system logs could indicate who has been compromised, but maybe not, it's not unusual for cyber attackers to erase or modify logging systems. Even if the VIP's are not personally compromised,
Major carriers. (Score:1)
> "on the networks of at least three major U.S. carriers."
So, all of them? If you have a cell phone in the US it's pretty much on one of three networks: TMO, VZW, and ATT. There is US Cellular but they don't have much of a footprint.
Yes! Communications Assistance for LE Act (Score:2)
Per the FCC:
The Communications Assistance for law Enforcement Act (CALEA) is a statute enacted by Congress in 1994 to require that telecommunications carriers and manufacturers of telecommunications equipment design their equipment, facilities, and services to ensure that they have the necessary surveillance capabilities to comply with legal requests for information.
https://www.fcc.gov/calea
Per Wikipedia:
In the years since CALEA was passed it has been greatly expanded to include all VoIP and broadband In
Let me fix that headline.. (Score:2)
"Millions of U.S. Cellphones Are Vulnerable to Chinese Government Surveillance " (And the rest of the planet, of course). That's better.
Waitaminute... (Score:2)
The bad guys are exploiting the secret back door for the good guys? Which one is which again? Defend Encryption
Don't put confidential stuff on your phone (Score:2)
Or use your phone to talk about it. Or have your phone in the room when you do (except battery removed).
There, really not that hard and not even a new thing.
Accuracy please (Score:2)
The phones themselves are fine. Or at least as fine as they were previously.
The issue here is the network they connect to. Professionals need to fix the jacked up network. Normal users that don't understand how electricity even works do NOT need to go buy new phones.
Ooops (Score:2)
what more is there needed to be said? Oh wait we need more government mandated backdoors in everything - why? because of the children of course.
Is there space left in US cellphones? (Score:2)
I mean Google and Apple are already doing surveillance there. The place is already taken.
Re: (Score:3)
It is, isn't it? US is probably spying on billions.
Re: (Score:3)
Governments would love you to believe that foreign spying is bad but domestic spying is good. That is true for government, military, and some industrial sectors. It is the exact opposite of what is true for everybody else.
Restating some points (Score:2)
> which is used to investigate foreign spying that involves contact with U.S. citizens
1) Not really, calls between the US and foreign countries have a different set of laws allow the call information to be monitored (number, date/time, duration, etc).
2) Other countries have similar to the USA prohibitions of watching people inside the country calling within the country. They monitor within the US and the US monitors within their country. Then they exchange information on each other's internals without h
Re: (Score:2)
Personally I do not mind the spying. But I am just a tiny uninteresting fish in the big ocean. I do wonder though if they play nice. It is very tempting to spy for industrial secrets to pimp up one's economy. It is very tempting to find dirt on someone of influence that you want out of the game.... Oh well, I will just keep swimming looking for food.
Re: (Score:2)
China is scary because China can potentially violate my privacy, and China doesn't have my interests at heart.
US agencies and US Big Data monopolies are scarier because they for sure violate my privacy and they don't have my interests at heart either.
Quite frankly, I'm a lot more concerned about actual domestic surveillance than potential foreign one.
Re: (Score:3)
The "big data" companies not only violate your privacy, they are also accomplices to the never-ending Ad-Rape, stealing your time and attention for abusive advertisements.
Re: (Score:1)
Apple? Not really. In states that are required give you all of your information that they have, if you ask Apple, the information that they have is practically nothing. Google is another story, unless you have everything turned off. It's a huge document. Turning everything off is at least an afternoon project and they're constantly adding new things that you have to dig into to try to turn off. In a nutshell, don't use Google and block anything that can be used to track you, like login popups on 3rd party s
Re: (Score:2)
The solution is really simple: The Chinese just hack and steal the data-sets. Why go to all the trouble surveilling users directly?