T-Mobile's network was among the systems hacked in a damaging Chinese cyber-espionage operation that gained entry into multiple US and international telecommunications companies, The Wall Street Journal reported on Friday citing people familiar with the matter:
Hackers linked to a Chinese intelligence agency were able to breach T-Mobile as part of a monthslong campaign to spy on the cellphone communications of high-value intelligence targets, the Journal added, without saying when the attack took place.
[...] It was unclear what information, if any, was taken about T-Mobile customers' calls and communications records, according to the WSJ report.
[...] On Wednesday, The Federal Bureau of Investigation (FBI) and the US cyber watchdog agency CISA said China-linked hackers have intercepted surveillance data intended for American law enforcement agencies after breaking into an unspecified number of telecom companies.
Earlier in October, the Journal reported that Chinese hackers accessed the networks of US broadband providers, including Verizon Communications, AT&T and Lumen Technologies and obtained information from systems the federal government uses for court-authorized wiretapping.
Previously: U.S. Wiretap Systems Targeted in China-Linked Hack
« NASA May Have Inadvertently Killed Life in Martian Sample, Scientist Says | Weekends Were a Mistake, Says Infosys Co-Founder Murthy »
Related Stories
U.S. Wiretap Systems Targeted in China-Linked Hack
From Schneier's Blog
A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers, potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests.
https://www.schneier.com/blog/archives/2024/10/china-possibly-hacking-us-lawful-access-backdoor.html
It's a weird story. The first line of the article is: "A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers." This implies that the attack wasn't against the broadband providers directly, but against one of the intermediary companies that sit between the government CALEA requests and the broadband providers.
For years, the security community has pushed back against these backdoors, pointing out that the technical capability cannot differentiate between good guys and bad guys. And here is one more example of a backdoor access mechanism being targeted by the "wrong" eavesdroppers.
Pluralistic: China Hacked Verizon, AT&T and Lumen Using the FBI's Backdoor (07 Oct 2024) – Pluralist
China hacked Verizon, AT&T and Lumen using the FBI's backdoor (permalink)
State-affiliated Chinese hackers penetrated AT&T, Verizon, Lumen and others; they entered their networks and spent months intercepting US traffic – from individuals, firms, government officials, etc – and they did it all without having to exploit any code vulnerabilities. Instead, they used the back door that the FBI requires every carrier to furnish:
In 1994, Bill Clinton signed CALEA into law. The Communications Assistance for Law Enforcement Act requires every US telecommunications network to be designed around facilitating access to law-enforcement wiretaps. Prior to CALEA, telecoms operators were often at pains to design their networks to resist infiltration and interception. Even if a telco didn't go that far, they were at the very least indifferent to the needs of law enforcement, and attuned instead to building efficient, robust networks.
Predictably, CALEA met stiff opposition from powerful telecoms companies as it worked its way through Congress, but the Clinton administration bought them off with hundreds of millions of dollars in subsidies to acquire wiretap-facilitation technologies. Immediately, a new industry sprang into being; companies that promised to help the carriers hack themselves, punching back doors into their networks. The pioneers of this dirty business were overwhelmingly founded by ex-Israeli signals intelligence personnel, though they often poached senior American military and intelligence officials to serve as the face of their operations and liase with their former colleagues in law enforcement and intelligence.
Telcos weren't the only opponents of CALEA, of course. Security experts – those who weren't hoping to cash in on government pork, anyways – warned that there was no way to make a back door that was only useful to the "good guys" but would keep the "bad guys" out.
These experts were – then as now – dismissed as neurotic worriers who simultaneously failed to understand the need to facilitate mass surveillance in order to keep the nation safe, and who lacked appropriate faith in American ingenuity. If we can put a man on the moon, surely we can build a security system that selectively fails when a cop needs it to, but stands up to every crook, bully, corporate snoop and foreign government. In other words: "We have faith in you! NERD HARDER!"
(Score: 4, Interesting) by Barenflimski on Thursday November 21, @01:18AM (2 children)
That's fairly impressive they were able to get into the snooping systems.
That stuff is locked down in so many ways, its a big question. How did they get access to this stuff? Very few people have credentials. Getting access to those networks is no small feat. Maybe a few 0-days into Windows along with the firewalls? Inside job? Phished some extremely high level credentials? Found a service account they could change?
What will be even more interesting to know is how long they've been in and able to monitor these systems. My guess is they've been in awhile and got caught expanding their footprint. Someone in the Chinese spy agency is going to be pissed.
(Score: 5, Interesting) by Mykl on Thursday November 21, @03:16AM
But are these systems really locked down as hard as they say they are?
After 9/11 there was a shift to ensure that information could be shared between agencies much more easily and widely - I assume that this was the case between agencies and industry too.
I for one am totally unsurprised that the systems the government uses to spy on their citizens are now being used to spy on their citizens.
(Score: 0) by Anonymous Coward on Thursday November 21, @03:58AM
Usually it is a human getting fooled.
(Score: 2, Insightful) by dwilson98052 on Thursday November 21, @01:23AM (9 children)
CUT them off from the rest of the internet for a few days are punishment for behaving badly.
Poison their routes, jam their signals, and demand that all allies do the same.
They'll stop.
(Score: 2) by Tork on Thursday November 21, @01:23AM (2 children)
🏳️🌈 Proud Ally 🏳️🌈
(Score: 2) by dwilson98052 on Thursday November 21, @10:58PM (1 child)
Absolutely.
Do a search for BGP poisoning... it's really quite easy to do since most of the internet is simply built on trust.
(Score: 2) by Tork on Thursday November 21, @11:11PM
🏳️🌈 Proud Ally 🏳️🌈
(Score: 4, Insightful) by gawdonblue on Thursday November 21, @07:08AM
Excellent idea.
And do the same to every other country that intrudes on anothers network.
It will be good to get rid of Facebook and friends.
(Score: 2) by Freeman on Thursday November 21, @02:30PM (4 children)
Please stop encouraging another Cold War.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by RedGreen on Thursday November 21, @05:03PM (2 children)
"Please stop encouraging another Cold War."
There is nothing cold about it, the Chinese are engaged in a hot war with us right now. Through their support of the war in Europe by Russia and now for the second time a cargo ship from there is involved in an act of war by cutting the internet cables in the Baltic Sea added onto the pipeline they did a few months ago, another act of war. Add in the 24/7 hacking of critical systems and all out economic war to destroy anything but Chinese businesses. They are flat out at it on all fronts and unless the spineless bastards we have for politicians get at doing something to defend us we have not got a hope in hell of winning any of it.
"I modded down, down, down, and the flames went higher." -- Sven Olsen
(Score: 3, Insightful) by Freeman on Thursday November 21, @05:25PM
Mea Culpa.
Dear Warmongers,
Stop encouraging World War III.
Thanks,
Most people who don't want to die in a giant ball of fire.
P.S.
https://youtu.be/VqhCQZaH4Vs [youtu.be]
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by corey on Thursday November 21, @10:25PM
You're right, them and their puppet, NK are going all out, from the public articles and things I read.
I believe they are more involved in Ukraine than we realise, including authorising/encouraging NK troops and armaments for the Ukraine invasion. I would love to be a fly in the wall in the NSA or the US geo intelligence agency (can't remember the acronym), they must be aware of the movements of things over the China/Russia/NK borders at night. But what to do, that's the question. Anyway there's a whole discussion there.
I don't think cutting internet with China is going to do any good for anyone, there's a shitload of ecommerce comms from western businesses and retailers going there so that'll hurt us. But maybe we need to take some pain too.
There's a long-term problem in China, that being demographics. As I understand, the 1-child policy is coming back to bite bigtime. An absolutely outsized part of their population is working age right now, which is great for their economic growth now, but in the next decade they are retiring. There's nowhere near enough younger people to replace them so their economy is predicted to (and starting to) tank. And young people don't want more than 1-2 kids. Usually, in the past, countries start importing immigrants and foreign workers to fill the gap, but China will need up to a couple of hundred million. And who wants to go work in China? Not many, that's the problem so that isn't a fix. Their only option is automation, but that's also pushing it. The USA had a soft landing after the baby boomers (and they didn't have a 1-child policy), and they're now sustainable demographically. Anyway, how that relates to your anger at China - yeah maybe we should do more but maybe the above will help you feel better. :)
(Score: 3, Funny) by dwilson98052 on Thursday November 21, @11:00PM
Or..... stop letting bad people behave badly because you're scared of a little conflict.
Spare the rod, spoil the child. Same applies to countries.
Sometimes you need to stand up to bullies.
(Score: 3, Informative) by Tork on Thursday November 21, @01:23AM (2 children)
So... no more credit card perks AND if a hack wipes out my bank account (instead of my credit line... grrr) I get to have a lovely conversation with my spouse. It's been a couple of years since I wasn't filled with contempt over their "uncarrier" branding.
🏳️🌈 Proud Ally 🏳️🌈
(Score: 2) by Frosty Piss on Thursday November 21, @02:52AM (1 child)
I have a number of "debit card" accounts. My paycheck and rent are in and out of one, everything else comes out ofy trash account. ALWAYS separate your important stuff from the account you use online.
(Score: 2) by Tork on Thursday November 21, @03:01AM
🏳️🌈 Proud Ally 🏳️🌈
(Score: 1, Funny) by Anonymous Coward on Thursday November 21, @02:46AM
Hacked is an awfully strong word to use against one of Orange Jesus's most trusted besties. Xi, or whatever his name is...