One vulnerability was lack of multi-factor authentication
It Appears That Chinese Hackers Have Stolen Your Naughty TextsLast month, the Wall Street Journal reported that Chinese hackers had successfully penetrated the networks of a number of US broadband providers.
Investigators found that the cyber attackers had potential access to a federal government system that's used for court-authorized wiretapping requests — a major national security scandal.
And according to new comments by Senate Intelligence Committee chairman and Virginia senator Mark Warner, the situation is far worse than we thought.
"The barn door is still wide open, or mostly open," he told the New York Times, explaining that the hackers even have access to telephone conversations and text messages.
In short, it's a stunning and reportedly "ongoing" data breach that took advantage of the aging and insecure telecommunications network in the United States.
The hack has since been linked to a Chinese intelligence-gathering hacking group dubbed Salt Typhoon.
According to government officials, the hackers were able to even listen in on conversations involving president-elect Donald Trump and vice president-elect JD Vance.
They exploited out-of-date telecommunications equipment and seams in the infrastructure connecting major networks to a much larger extent than initially feared.
Warner warned that while US officials previously claimed the hackers had disappeared with no trace, there's a good chance they're still listening in on phone conversations and reading text messages.
"We’ve not found everywhere they are," he told the NYT.
Even considering previous infiltrations by Chinese hackers, the latest stunt is particularly egregious.
"This is far and away the most serious telecom hack in our history," Warner told the NYT. "This makes Colonial Pipeline and SolarWinds look like small potatoes," he said, referring to two major Russian state-backed intrusions targeting the US in 2021 and 2019 respectively.
The hackers' primary targets were national security officials and politicians, according to investigators. As the Washington Post reports, around 150 victims, most of whom reside in the Washington DC area, have been notified about breaches by the FBI.
"severe, persistent threat"
https://www.msn.com/en-us/news/world/us-cyber-watchdog-wants-immediate-switch-to-encrypted-apps-following-salt-typhoon-hacks/ar-AA1w6i6yThe U.S. cybersecurity watchdog CISA is telling senior American government officials and politicians to immediately switch to end-to-end encrypted messaging following intrusions at major American telecoms blamed on Chinese hackers.
In written guidance released on Wednesday, the Cybersecurity and Infrastructure Security Agency said "individuals who are in senior government or senior political positions" should "immediately review and apply" a series of best practices around the use of mobile devices.
The first recommendation: "Use only end-to-end encrypted communications."
Greatest hack is convincing Westerners they need poor people to come work and save them
The book isn't complete, we rebound yet again.
You mean like Trump?
China bad again. It comes and goes, as needed.
telecom providers aren't getting the word out there, thought it wouldn't hurt to post here.
what "bad guys" do can be made worse by greedy businesses and unmotivated public officials. the duty to warn the public hasn't been taken seriously in this case.
update: Trumplandia is asleep at the switch and so are the telecoms
https://www.techdirt.com/2025/06/20/...-of-intrusion/Late last year, eight major U.S. telecoms were the victim of a massive intrusion by Chinese hackers who managed to spy on public U.S. officials for more than a year. The “Salt Typhoon” hack was so severe, the intruders spent a year rooting around the ISP networks even after discovery. AT&T and Verizon, two of the compromised companies, apparently didn’t think it was worth informing subscribers this happened.
Like most hacks, the scale of the intrusion was significantly worse than originally stated. Last week, insiders told NextGovthat Comcast and data center giant Digital Realty were also caught up in the hack and had their systems compromised. The same insiders stated that government officials still aren’t really sure that they have a full grasp on the attack’s impact:
“Various agencies across the U.S. government are in possession of lists of confirmed or potential victims, but it’s not clear if the tallies are consistent with each other, adding to confusion about who may have been accessed, targeted or marked for investigation, one of the people said.”But it’s this little bit in the report that I thought was of particular note:
“Inside two major U.S. telecom operators, incident response staff have been instructed by outside counsel not to look for signs of Salt Typhoon, said one of the people, declining to name the firms because the matter is sensitive.”So big telecoms are so afraid of liability and government oversight they’ve just stopped looking for evidence of intrusion in one of the worst hacks the U.S. has ever seen. That’s sure to fix the problem.
The U.S. business press covering the hack refuse to talk about it, but a major catalyst for the hack was thesteady and mindless deregulation of the U.S. telecom sector. Libertarians and right wingers, “free market” think tanks in tow, spent the better part of the last thirty years insisting that gutting all meaningful state and federal oversight would result in vast, near-Utopian outcomes.
Instead, freed of both pesky compe ion and competent oversight, major U.S. telecoms saw zero incentive to compete on price, shore up spotty access, improve quality, or even consistently, adequately invest in privacy and security standards. The results are everywhere you look, from sloppy handling of consumer location data, to companies like T-Mobile being hacked eight times in five years.
And this was all before the Trump 2.0 authoritarians came to town. Now, we’re disemboweling our telecom and cybersecurity regulators at a much faster rate, stocking our regulators with weird, incompetent, and unqualified zealots, and building a court system in which it’s genuinely impossible for telecom giants to see any sort of real-world accountability for fraud or incompetence.
Again, the second Trump administration is utterly indistinguishable from a foreign attack. Because it’s dressed up in so much domestic religious and pseudo-populist propaganda and bull , it’s in many ways worse.
https://www.macworld.com/article/282...apple-ids.htmlCybernews reported on Wednesday on its research that resulted in the online discovery of 30 datasets that include 16 billion records of user login information for “pretty much any online service imaginable,” including Apple, Facebook, and Google.
The records include a URL and login information. Since this data is what is often collected by malware, it appears that these records are a result of numerous infostealer attacks. Cybernews states that the datasets do include overlapping records, but the enormity of the data collection makes it difficult to compare individual records in order to conclude how many users have been exposed.
The exposed datasets have not been previously reported, except for one discovered by Jeremiah Fowler that had 185 million unique usernames and passwords. The datasets are also made available temporarily and are taken down after some time. Cybernews states that new databases appear “every few weeks” with “fresh, weaponizable intelligence.” It is also not clear as to the origins of the datasets and who is behind the data collection.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote
