"In her remarks, Neuberger confirmed that nine telecommunications providers were impacted by the breaches, adding one more firm to the eight she acknowledged earlier this month. She noted that guidance was given to key U.S. telecommunications firms early on — a “hunting guide” and a “hardening guide” — that detailed Chinese hacking methods and allowed companies to “look for those techniques in their networks and call for help if they discover it.” This led to the determination that a ninth telco provider had been impacted by the same Salt Typhoon breach, alongside Lumen Technologies, AT&T, Verizon and others.

It’s unclear if the Chinese hackers have been fully evicted from all of the U.S. telecommunications networks. Earlier this month, Neuberger said that none of the providers have managed to oust the Chinese hackers from their networks, an assertion that some of the providers, including Lumen and AT&T, have refuted.

Neuberger explained that once Chinese hackers infiltrated telecommunication networks, they essentially had “broad and full access” to American data, which allowed them to “geolocate millions of individuals” and “record phone calls at will.”"

https://www.politico.com/news/2024/12/27/chinese-hackers-telco-access-00196082

#CyberSecurity #China #SaltTyphoon #USA #BigTelco #StateHacking

"It's not often that a piece of FBI advice triggers a Snopes fact check. But the agency's urgent message this month to Americans, often summarized as "stop texting," surprised many consumers.

The warning from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) highlighted vulnerabilities in text messaging systems that millions of Americans use every day.

The U.S. believes hackers affiliated with China's government, dubbed Salt Typhoon, are waging a "broad and significant cyber-espionage campaign" to infiltrate commercial telecoms and steal users' data — and in isolated cases, to record phone calls, a senior FBI official who spoke to reporters on condition of anonymity said during a Dec. 3 briefing call.

The new guidance may have surprised consumers — but not security experts.

"People have been talking about things like this for years in the computer security community," Jason Hong, a professor at Carnegie Mellon University's School of Computer Science, told NPR. "You should not rely on these kinds of unencrypted communications because of this exact reason: There could be snoopers in lots of infrastructure.""

https://www.npr.org/2024/12/17/nx-s1-5223490/text-messaging-security-fbi-chinese-hackers-security-encryption

#USA #FBI #SaltTyphoon #CyberSecurity #China #StateHacking

"The collective shrug around Salt Typhoon can also be seen across the news industry, where headlines about Salt Typhoon are making the rounds in the cybersecurity community, but generally aren’t splashed across front pages. In fairness, the news cycle at the moment is exhausting for reporters and readers alike — there’s a new administration forming, major global conflicts rage on and people are looking to take a break from it all over the holidays. Worrying about a massive and likely devastating global hack does not feel very merry.

And many details about the hack — when it happened, who was impacted, the extent of the damage — are slowly emerging and are still not totally clear, making it difficult for the layperson to follow.

But Beijing is taking notes on the sluggish U.S. response. At the one Senate Commerce hearing on the topic held Wednesday, JAMES LEWIS, director of the Strategic Technologies Program at the Center for Strategic and International Studies, testified about the need for the U.S. to counter Chinese hacking operations by giving Beijing a taste of its own medicine through U.S. offensive hacking. Otherwise, he warned, China would just keep going."

https://www.politico.com/newsletters/national-security-daily/2024/12/12/we-need-to-talk-about-salt-typhoon-00183727

#CyberSecurity #China #USA #SaltTyphoon #StateHacking