It was revealed this weekend that Chinese hackers managed to access systems run by three of the largest internet service providers (ISPs) in the US.
What’s notable about the attack is that it compromised security backdoors deliberately created to allow for wiretaps by US law enforcement …
Chinese hack of US ISPs
The WSJ was first to report on the successful penetration of wiretap systems at AT&T, Lumen (aka CenturyLink), and Verizon.
A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers, potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests.
For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, according to people familiar with the matter.
The Washington Post says that the hack appears to have been made by the Chinese government.
There are indications that China’s foreign spy service, the Ministry of State Security, which has long targeted the United States for intelligence, is involved in the breach. Officials internally are referring to it as having been carried out by an arm of the MSS known as Salt Typhoon, a moniker given to the group by Microsoft, which monitors Chinese hacking activity.
The former executive director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency agrees.
“This has all the hallmarks of an espionage campaign — one with potentially deep access to the most important communication companies in the country,” said Brandon Wales, former executive director at the DHS’s Cybersecurity and Infrastructure Security Agency and now a vice president at SentinelOne, a cybersecurity firm. “The impacts are potentially staggering.”
China denies that it is behind the attack.
This is why Apple’s stand against the FBI was right
Apple famously refused the FBI’s request to create a backdoor into iPhones to help access devices used by shooters in San Bernardino and Pensacola. The FBI was subsequently successful in accessing all the iPhones concerned without the assistance it sought.
Our arguments against such backdoors predate both cases, when Apple spoke out on the issue in the wake of terrorist attacks in Paris more than a decade ago.
Apple is absolutely right to say that the moment you build in a backdoor for use by governments, it will only be a matter of time before hackers figure it out.
You cannot have an encryption system which is only a little bit insecure any more than you can be a little bit pregnant. Encryption systems are either secure or they’re not – and if they’re not then it’s a question of when, rather than if, others are able to exploit the vulnerability.
This latest case perfectly illustrates the point. The law required ISPs to create backdoors that could be used for wiretaps by US law enforcement, and hackers have now found and accessed them. Exactly the same would be true if Apple created backdoors into iPhones.
Photo by Lightsaber Collection on Unsplash
FTC: We use income earning auto affiliate links. More.
Comments