alt Hacker NewsAT&T, Verizon blocking release of Salt Typhoon security assessment reports
Comments
These companies were required by the government to have lawful intercept capability. A bad actor took advantage of that government-required backdoor, and now the government has the shamelessness to grandstand about privacy and security? We need to elect better people.
This was enabled by the Communications Assistance for Law Enforcement Act (CALEA), enacted in 1994. Congress made their bed, now they need to lie in. Time to remove the govt mandated backdoors.
blocking these reports is a huge blow to systemic risk management.
if the specific vectors of the breach aren't disclosed, the rest of the critical infrastructure ecosystem is basically flying blind. it feels like we're trading collective security for corporate reputational damage control.
They don't want their backdoors they allowed and buffoonery in securing/managing them exposed. This is only the wireless providers, now what about all the residential ISP's like Comcast, Cox, Charter, etc? They're even more incompetent usually, I've worked for enough to know.
A decent example of why implementing authoritarian policies is a bad strategy for the US; particularly coming from the current administration. We're only strengthening Chinese supremacy at this point and tearing the US apart in the process of trying to claw some back. We don't have what it takes to pull this shit off as well as China does. This is a failure at many levels: the uncoordinated surveillance, the gross lack of security, lack of skills, lack of knowledge, etc. and it extends to many aspects of American governance. Between the US putting significant traumatic pressure on its own citizens and companies doing mass layoffs in an increasingly unaffordable economy, this will push even more brain drain overseas, which only accelerates China's strengthening stance more.
If they simply implicated an "APT" in wrongdoing, they would have released it, as it would have been unremarkable and fit neatly within the Overton window of hissing-chinese spys justifying an even more expansive national security apparatus and general anti-sino sentiments among the ruling class in Washington.
This leads me to two possible, non-exclusive outcomes: the links to China are tenuous, and the attribution is flimsy (e.g., they accessed a machine at 9 am Beijing time!); or the report implicates the system itself as unauditable by design, which was bound to happen given the design of the intercept tools.
why does the government, any government, has a backdoor on anyone's phones to begin with?
srsly doubt that these reports would ever be released publicly, but i'm curious if they might suggest that their recent high-profile extended outages are related to weaknesses that were easily exploited by bad actors.
Glad no comments here are directed at China. We vilify our own government, our businesses, even ourselves for being too naive or gasp having trust in our networks. But the actual perpetrators, China, we have no harsh words for. It’s like if Ukrainian citizens blamed themselves rather than Putin. That’s how thoroughly brainwashed most people (here) are.
Many years ago I wrote a functional spec for lawful intercept in a 3G data node. It was based on a spec for a different product, so it contained a lot of institutional knowledge of how lawful intercept works.
A key element of the design of lawful intercept is not to trust the company running the network. Otherwise employees of that company would become targets for organized crime influence, among what are probably a few other considerations. The network operator isn't told about intercepts, and the relatively low rate of traffic intercept, the node has to support up to 3% of traffic intercepted, at least that was the spec at the time, makes it relatively easy for that traffic to be hidden from network management tools. It's not supposed to show up in your logs or network management reporting.
Intercepts originate on LI consoles operated by law enforcement agencies. This sounds pretty good so far. Until a hacker breaks into an LI console. Now that hacker can acquire traffic with pinpoint accuracy, undetected by design.
I have always been skeptical of claims that network operators have eliminated salt typhoon from their networks. I do not believe they know when the exploit began. Nor can they tell if their networks are truly free of salt typhoon activity. There are multiple vendors of LI console software. It's a standardized interoperable protocol to set up intercepts. So there's no one neck to wring.