Security News FBI: Chinese State Hackers Breached U.S. Telecom Providers

[enaph]

Content source

https://cyberinsider.com/fbi-chinese-state-hackers-breached-u-s-telecom-providers/

The FBI and Cybersecurity and Infrastructure Security Agency (CISA) announced that Chinese state-affiliated hackers breached U.S. telecommunications infrastructure, posing a major threat to national security.

The agencies reported that the unauthorized access impacts critical communications systems across the nation, raising concerns about potential data exposure and interference in essential communications. The breach has prompted an immediate, multi-agency investigation, with the FBI and CISA working directly with affected companies to secure their networks.

The breach was initially flagged by the FBI, which, along with CISA, alerted impacted telecom providers, offering technical assistance to contain the threat. Both agencies are now intensifying efforts across the telecom sector, encouraging organizations to bolster their cybersecurity defenses.

The FBI and CISA have urged any companies suspecting unauthorized access to immediately report incidents to their local FBI field office or CISA. While the recent announcement did not disclose specific telecom companies affected, the breach's impact on vital national infrastructure has placed cybersecurity in the telecommunications sector under high scrutiny.

Similar threats reported in Canada​

The Canadian Centre for Cyber Security, a division of the Communications Security Establishment (CSE), published a related advisory, warning of extensive reconnaissance scans targeting Canadian government and critical infrastructure sectors. Although these scans do not constitute full breaches, they are typically seen as potential precursors to more intrusive attacks.

The scans, attributed to Chinese state-sponsored hackers, have targeted various organizations, including government departments, democratic institutions, and critical infrastructure, spanning most of 2024.

The Canadian advisory emphasized the importance of strengthening defenses to guard against this persistent reconnaissance threat. Canadian cybersecurity experts recommend proactive measures such as prompt patching, multi-factor authentication, and enhanced logging to catch any unusual network activity early.

Possible links to previous U.S. telecom breaches​

This recent announcement adds to a growing list of cybersecurity incidents attributed to Chinese state actors targeting North American telecommunications. Earlier this month, reports indicated that hackers associated with a Chinese hacking group, known as “Salt Typhoon,” had accessed the networks of major U.S. broadband providers, potentially compromising systems tied to lawful surveillance. Those affected included key U.S. telecom firms such as AT&T, Verizon, and Lumen Technologies, whose networks play critical roles in managing communications for both government and civilian entities.

Though it remains uncertain whether this breach is linked to the recent FBI and CISA disclosures, both cases share similarities, such as a focus on critical communications infrastructure and potential interception of sensitive information. Salt Typhoon, active since 2020, specializes in intelligence collection and espionage, often targeting network traffic within North America and Southeast Asia.

 

[Gandalf_The_Grey]

US says Chinese hackers breached multiple telecom providers

The FBI and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) have disclosed that Chinese hackers breached commercial telecommunication service providers in the United States.

The breached entities have been warned, and the agencies are proactively alerting other potential targets of the elevated cyber activity.

"The U.S. Government is investigating the unauthorized access to commercial telecommunications infrastructure by actors affiliated with the People's Republic of China," reads the announcement.

"After the FBI identified specific malicious activity targeting the sector, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) immediately notified affected companies, rendered technical assistance, and rapidly shared information to assist other potential victims."

As the investigation is currently underway, not much information has been shared with the public.

Organizations that believe they might have been compromised by Chinese hackers are urged to contact their local FBI office or CISA and report it immediately.

"Agencies across the U.S. Government are collaborating to aggressively mitigate this threat and are coordinating with our industry partners to strengthen cyber defenses across the commercial communications sector," concludes the announcement.

At the start of the month, it was revealed that a Chinese hacking group tracked as Salt Typhoon had breached multiple U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies.

US says Chinese hackers breached multiple telecom providers

The FBI and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) have disclosed that Chinese hackers breached commercial telecommunication service providers in the United States.

www.bleepingcomputer.com

 

[Vitali Ortzi]

Baseband software could be hacked as well everyone is vulnerable and it's should be a very easier way to get into an iphone then using a escalation change with something like WebKit as the vector , other like the ones for images , gpu (can't remember the name of the kit )

 

[bazang]

The FBI and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) have disclosed that Chinese hackers breached commercial telecommunication service providers in the United States.

This is no surprise. The quality and robustness of Enterprise security is dismal. Government security can be even weaker.

Security is not software. It is a process.

 

[Gandalf_The_Grey]

FBI shifts stance, recommends encryption to keep phone chats private

State-sponsored hackers linked to Beijing recently breached American telecom providers in a big way. The gravity of the situation has prompted the FBI and CISA officials to advise users to adopt encryption as a safeguard for private communications.

A state-sponsored hacking group known as "Salt Typhoon" recently managed to compromise surveillance systems used by law enforcement agencies. This massive breach highlights the growing privacy risks associated with phone usage and communication, a concern that all users should take seriously.

Salt Typhoon's attack targeted major U.S. telecom providers, including AT&T, Verizon, T-Mobile, and Lumen Technologies. According to an unnamed FBI agent, the hackers accessed vast amounts of sensitive data, including details such as phone call recipients, call times, and, in some cases, the actual content of live calls. Additionally, they may have obtained unencrypted text messages, further exposing users to significant privacy vulnerabilities.

The situation is unprecedented, prompting U.S. officials to make some unexpected recommendations. "Encryption is your friend," said Jeff Greene of CISA. The agency, which has been promoting this message internally, is now urging the American public to adopt encrypted communication methods. Encrypted data, even if intercepted, is far less useful to hackers due to the complexities involved in decryption.

Side note: The following platforms provide end-to-end encryption by default for all direct messages and calls (outside of groups): WhatsApp, Signal, iMessage (between Apple devices), Telegram (secret chats only), Viber, Element, Threema.

FBI shifts stance, recommends encryption to keep phone chats private

A state-sponsored hacking group known as "Salt Typhoon" recently managed to compromise surveillance systems used by law enforcement agencies. This massive breach highlights the growing privacy risks...

www.techspot.com

 

[oldschool]

Also, this piece: Salt Typhoon: The Chinese hackers deep inside US telecoms - Asia Times

 

[Victor M]

I sometimes think we should stop making indictments against foreign hackers. So what if we are able to restrict their overseas travels? Are they going to visit Disneyland any time soon? And I don't think these hackers will ever store their money in US financial systems, so we won't be able to confiscate their funds. All it is doing is showing off our capabilities. We show them that we know these guys, where they work, and we have their mug shots. And in so doing we are putting our intelligence efforts at risk, because their counter intelligence team will start investigating where all that info came from, who leaked it and so on. What effect will that have on them? Are they going to give up and say "oh oh, the CIA is onto us"? They'll probably say "come arrest me you bastard." Or they will simply shoot the hacker who's mug shot was posted.

The above video seems to portray a beam of hope that lies in future developments in AI. Not so fast. You are forgetting that our latest foray lies in large language models. The chinese have their own language that is as different than ours like the moon is to the sun. Who's to say that we will win in this AI battle?

imho it is better to do the option mentioned in the video and build a strong secure new telecom system in parallel and slide over when it's ready. And dictate to these slack profit centered telecoms that they Must have secure systems, classify them as national backbone and have different regulations and penalties for them. We have the FDA when it comes to food safety, so make one for national safety. I don't think these telecoms would budge voluntarily.They are not banks where customers will seek alternatives when their systems are hacked.

 

[oldschool]

it is better to do the option mentioned in the video and build a strong secure new telecom system in parallel and slide over when it's ready. And dictate to these slack profit centered telecoms that they Must have secure systems, classify them as national backbone and have different regulations and penalties for them.

You must be kidding. Never gonna happen with the powerful interest groups that control this nation.

We have the FDA when it comes to food safety, so make one for national safety.

Wait until January 20th, or some time after. There may well be a hollowed out FDA, with only the bark, and not the bite, remaining. Or there may be none at all. This will happen with other major departments as well, e.g., DOD, DOJ, and on and on.

 

[Victor M]

A probe with ChatGPT revealed some legal mandates and not just voluntary obedience.

-------------------------------------------------------------------------------------------------------------------------------------------

Regulations and Mandates for Telecom Security in the U.S.​

If you're looking for binding requirements, these regulations and frameworks mandate security measures for telecoms and other critical infrastructure entities in the U.S.:

1. Federal Communications Commission (FCC) Regulations​

• Applicability: Telecom providers operating in the U.S.
• Requirements:
  • FCC imposes regulations under laws such as the Communications Act of 1934 and the Telecommunications Act of 1996.
  • Telecoms are required to:
    • Protect Customer Proprietary Network Information (CPNI).
    • Report breaches involving customer data.
  • Enforcement: The FCC can fine companies for failing to secure customer data or report breaches promptly.

2. Cybersecurity Executive Orders (EOs)​

• Examples:
  • EO 13800 (Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure): Encourages voluntary adoption of best practices like the NIST Cybersecurity Framework but stops short of mandates.
  • EO 14028 (Improving the Nation's Cybersecurity): Focuses on federal contractors but indirectly impacts telecoms by raising supply chain and infrastructure security standards.

3. CISA Requirements​

• Governing Body: Cybersecurity and Infrastructure Security Agency (CISA).
• Applicability: Telecoms classified as part of critical infrastructure.
• Requirements:
  • Operators are required to report significant cyber incidents under the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022.
  • Encourages participation in information-sharing initiatives like the Cyber Information Sharing and Collaboration Program (CISCP).

4. State-Level Mandates​

• Examples:
  • California CCPA and CPRA: Mandate strong data security practices for companies handling consumer data, including telecoms.
  • New York Cybersecurity Regulation (23 NYCRR 500): Requires comprehensive cybersecurity programs, including for telecom providers interacting with financial institutions.

5. Supply Chain Security Regulations​

• Federal Acquisition Regulations (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS):
  • While these apply to federal contractors, telecoms providing services to the government must adhere to stringent cybersecurity standards, often based on NIST SP 800-171 or 800-53.

---

CSSP vs. Mandates​

• CSSP:
  • Purpose: Offers a roadmap for improving security and resilience in the communications sector.
  • Enforceability: Voluntary. Adherence depends on a telecom’s risk management priorities and willingness to align with best practices.
• Regulations:
  • Mandates like CIRCIA, FCC rules, or state laws have legal backing and enforce penalties for non-compliance.

===============================================================================================

imho the FCC and those states with laws like California and New York should file charges. The laws seem to protect customers and the govt is a customer. That would be some financial incentive for them.

 

[Victor M]

So I asked a further question:
==================================================================================

What are the chances that the FCC and California and New York to file charges against these telecoms?

ChatGPT said:​

Federal Communications Commission (FCC)​

Chances of FCC Action​

• Moderate to Highif:
  • The breach involved violations of the Customer Proprietary Network Information (CPNI) rules under the Communications Act of 1934.
  • There was evidence of inadequate security measures or failure to report the breach promptly.
• Examples of Past FCC Enforcement:
  • In 2015, the FCC fined AT&T $25 million for a data breach affecting 280,000 customers.
  • Verizon and other telecoms have faced smaller fines for failing to protect customer data.

Considerations:​

• If the breach compromises sensitive communications infrastructure or national security, the FCC is more likely to pursue action.

---

California (via CCPA/CPRA Enforcement)​

Chances of California Action​

• Highif:
  • The telecom handles California residents' data and failed to:
    • Implement reasonable security measures.
    • Notify affected consumers within the required timeframe.
• Examples of Enforcement:
  • The California Attorney General has previously fined companies under the CCPA for failure to protect consumer data.
  • The California Privacy Protection Agency (CPPA), created under the CPRA, actively enforces data security and breach notification requirements.

Considerations:​

• California’s aggressive stance on data privacy makes enforcement actions against telecoms with major breaches a significant possibility.

---

New York (via 23 NYCRR 500)​

Chances of New York Action​

• Moderateif:
  • The telecom operates in New York and interacts with financial institutions or critical infrastructure, which would require compliance with the New York Cybersecurity Regulation.
• Examples of Enforcement:
  • In 2020, the New York Department of Financial Services (NYDFS) filed charges against a company for cybersecurity violations that compromised sensitive customer data.

Considerations:​

• New York enforces cybersecurity standards more rigorously on financial entities, but telecoms could also face scrutiny if negligence is demonstrated.

---

Key Factors Influencing Enforcement​

1. Severity of the Breach:
   • Breaches exposing sensitive consumer data or threatening critical infrastructure are more likely to trigger enforcement actions.
2. Evidence of Negligence:
   • If telecoms failed to implement reasonable security measures, penalties are more likely.
3. Consumer Complaints:
   • Public outrage or a large volume of complaints can pressure agencies to act.
4. National Security Implications:
   • Breaches linked to foreign espionage (e.g., Chinese hacking campaigns) may increase the likelihood of action, especially from federal regulators.

---

Summary​

• The FCC and California are more likely to take action compared to New York due to their historical enforcement patterns and broad consumer protection mandates.
• California’s CPRA provides robust tools for holding companies accountable, making action against a telecom with a significant breach probable.
• New York’s enforcement would hinge on whether the telecom is subject to its cybersecurity regulations.

 

[Victor M]

Just for a 2nd opinion.

------------------------------------------------------------------------------------------------------------------
You are the AI, you tell me if the recent chinese hack classifies as "deep doo doo" .

ChatGPT said:​

Yes, the recent Chinese hack on telecom systems could indeed be classified as "deep doo doo," especially given the severe implications it poses for national security, privacy, and critical infrastructure integrity. Here's why it reaches that level of concern:

1. Massive Data Exposure​

Telecoms manage sensitive data, including call metadata, location tracking, and communications logs. A breach at this level could expose the communications of millions, including government officials, corporate leaders, and citizens. This data can be used for espionage, blackmail, or undermining national security.

2. Potential for State-Level Espionage​

Given that the hack is attributed to a state actor like China, it raises the stakes beyond typical cybercrime. State-sponsored hacks often involve highly sophisticated tactics aimed at espionage, surveillance, and strategic disruption rather than just financial gain.

3. Critical Infrastructure Threat​

Telecom networks form a core part of critical national infrastructure. Compromising them not only impacts communications but can also lead to cascading failures in emergency services, government operations, and other essential sectors. It compromises the integrity of the entire communications backbone.

4. SS7/Diameter Vulnerabilities​

Attacks on signaling systems like SS7 or Diameter protocols can enable unauthorized access to call forwarding, text messages, and location tracking at scale. This vulnerability is a major issue that the industry has struggled with, and its exploitation by state actors signifies a severe strategic threat.

5. Lack of Regulatory Cohesion​

The voluntary nature of security certifications like ISO/IEC 27011 compounds the risk because not all telecoms adhere to consistent, high-level security standards. This inconsistency can leave gaps that sophisticated attackers exploit.

Summary​

This hack crosses multiple lines into critical territory because of the potential for mass surveillance, data breaches involving millions, and disruptions to infrastructure that could have cascading effects on national and economic stability. It underscores a dire need for stronger cybersecurity regulations and more consistent enforcement for telecom providers globally.

So, "deep doo doo" is quite an apt description given the scale, intent, and potential consequences of this incident.

 

[simmerskool]

You must be kidding. Never gonna happen with the powerful interest groups that control this nation.

Wait until January 20th, or some time after. There may well be a hollowed out FDA, with only the bark, and not the bite, remaining. Or there may be none at all. This will happen with other major departments as well, e.g., DOD, DOJ, and on and on.

well maybe, remains to be seen. agree this has been or seems like it has been the threat but...?