China Possibly Hacking US “Lawful Access” Backdoor
The Wall Street Journal is reporting that Chinese hackers (Salt Typhoon) penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests. Those backdoors have been mandated by law—CALEA—since 1994.
The wiretap systems, as mandated under a 30-year-old U.S. federal law, are some of the most sensitive in a telecom or internet provider’s network, typically granting a select few employees nearly unfettered access to information about their customers, including their internet traffic and browsing histories.
But for the technologists who have for years sounded the alarm about the security risks of legally required backdoors, news of the compromises are the “told you so” moment they hoped would never come but knew one day would.
The Washington Post reported on the hacking campaign yesterday, describing it as “an audacious espionage operation likely aimed in part at discovering the Chinese targets of American surveillance.” The Post report attributed the information to US government officials and said an investigation by the FBI, other intelligence agencies, and the Department of Homeland Security “is in its early stages.”
The Post report said there are indications that China’s Ministry of State Security is involved in the attacks.
This incident should henceforth be the canonical example when arguing against “back doors for the good guys” in any networks or protocols. It’s not fair to say that all back doors will, with certainty, eventually be compromised, but the more sensitive and valuable the communications, the more likely it is that they will. And this one was incredibly sensitive and valuable. There are downsides to the inability of law enforcement to easily intercept end-to-end encrypted communication, but the potential downsides of back doors are far worse.
According to a 2016 paper from Public Safety Canada, “Australia, the U.S., the UK and many other European nations require CSPs [Communications Service Providers] to have an interception capability”; it also notes Canada does not. Such a requirement is understandable from an investigative perspective. But, as Pfefferkorn says, capabilities like these have been exploited before, and it will happen again. These are big targets and there are no safe backdoors.
Previously:
- Proposed EU Chat Control
- Extending Section 702 of FISA
- Privacy Is OK
- ProtonMail Opposes EU Golden Key
- Attorney General William Barr on Encryption Policy
- The Time Tim Cook Stood His Ground Against the FBI
- Ray Ozzie’s Encryption Backdoor
- Apple, CALEA, and Law Enforcement
- Microsoft Leaks Its Golden Key
- Why Are We Fighting the Crypto Wars Again?
- Apple Working on Removing iOS Backdoor
- FBI Asks Apple for Secure Golden Key
- Secure Golden Key
Update (2025-01-10): Eric Tucker:
A ninth U.S. telecoms firm has been confirmed to have been hacked as part of a sprawling Chinese espionage campaign that gave officials in Beijing access to private texts and phone conversations of an unknown number of Americans, a top White House official said Friday.
Jessica Lyons (via Hacker News):
AT&T, Verizon, and Lumen Technologies confirmed that Chinese government-backed snoops accessed portions of their systems earlier this year, while the White House added another, yet-unnamed telecommunications company to the list of those breached by Salt Typhoon.
The digital intrusion, which has been called the “worst telecom hack in our nation’s history,” gave Beijing-backed spies the “capability to geolocate millions of individuals” and “record phone calls at will,” Anne Neuberger, deputy national security advisor for cyber and emerging technology, told reporters.
[…]
“Based on our current investigation of this attack, the People’s Republic of China targeted a small number of individuals of foreign intelligence interest,” the statement added.
Millions of users have had their geolocation data taken. One compromised admin account controlled 100,000 routers. This isn’t a security incident, a few missed patches or lucky phishing, this is an entire sector in scandalous disarray.
[…]
In peacetime, this sort of bland denialist corporate propaganda is just part of the great game of complacent capitalism. In wartime, it’s treason. Are we at war? Ask a vandalized Baltic cable. Ask a filet of drones, on their way back from surveilling an airbase in the UK. Ask a Cisco router, snug in its rack in North Virginia but reporting back to Beijing. If we woke up one day to find an unfriendly foreign power in control of our domestic road, rail and air transport, the answer would be easy. Why is our data infrastructure different?
Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea.
2 Comments RSS · Twitter · Mastodon
This is the inevitable outcome of any backdoor. It's inherently insecure and shouldn't exist
Sharing an access key / certificate with someone who can’t control its security, I mean saying that’s inevitable means any user account or ssh key on any system is compromisable.
What does that say about IT? We have been talking around that secret since its inception? Mind blowing.
