720-891-1663
Return to Client Alerts Overview
The feds have been tracking this Chinese attack on telecom providers like AT&T and T-Mobile for several months now. They are keeping a tight lid on details but some details are starting to be released.
They are now saying that at least 8 U.S. telecom providers including Verizon, AT&T and Lumen have been compromised and dozens of providers of both phone and Internet services worldwide have been attacked.
No one is saying who or how many were compromised, but they are saying that metadata of a lot of people, actual call data of a selected group of people and access to the phone tapping system of the carriers was targeted.
The phone tapping system, called CALEA (for communications assistance for law enforcement act), is the method that ALL CARRIERS MUST IMPLEMENT. Of course everyone says that CALEA is secure so you have nothing to worry about. Apparently, they were wrong.
They are saying that kicking the attackers out will take years and require the providers to replace thousands of network devices.
CISA, in partnership with the NSA, FBI, Australian Signals Directorate (their NSA), Australian Cybersecurity Center, Canadian Cyber Security Center and New Zealand’s National Cyber Security Center released a joint advisory with a few details, consistent with the fact that this is an ongoing attack and they do not want to tip off the attackers as to how much we know.
We do know that telecom CEOs were summoned to the White House and given a classified briefing and the Senate was also given a classified briefing this week.
What people are saying, however, is that this is likely the worst cyber attack on the telecom sector in history.
While the bulletin is targeted at those telecom providers – both phone and Internet – you are responsible for securing your company, your company’s data and your customer’s data. We recommend reviewing CISA’s recommendations and see what makes sense for you to implement. In the best case, most of the recommendations are applicable to you.
The Electronic Frontier Foundation or EFF has weighed in on this. They said, in part, that you cannot build a backdoor (which is what CALEA is) that only lets in the good guys and not the bad guys.
You should assume that anything that you send or receive via your phone or the Internet is able to be viewed – not only by the friendlies but also by the not so friendlies such as Russia and China.
That means the use of end to end encryption for anything that you don’t want to be easily exposed. There are lots of end to end encrypted messaging apps (remember that while iMessage is encrypted if the message is between two Apple users, it is totally unprotected if any one of the recipients is not an Apple customer), many of them free. Email can be encrypted, again many ways to do that. Finally, file transfers should be encrypted (anyone remember the MoveIT breach from last year that compromised a hundred million people?).
I know that protecting your communications is not at the top of your to-do list but it is clear that you cannot count on your carriers to do that.
If you don’t know how to proceed or whether what you are currently doing to protect communications is adequate, please contact us for assistance.
Credit: Bleeping Computer, CISA and EFF