Arthur T Knackerbracket has processed the following story:
We’ve noted for decades that U.S. telecom security and privacy standards aren’t great. T-Mobile has been hacked so many times in the last five years it’s easy to lose count. AT&T not long ago had a breach impacting the data of 73 million users it initially tried to pretend hadn’t happened.
Telecoms have lobbied relentlessly to dismantle much in the way of corporate oversight, so when hacks or breaches or bad choices manifest, executives and companies alike routinely see little in the way of real, meaningful accountability. Which, of course, ensures nothing much changes.
This all came to a head recently with the Salt Typhoon hack, which involved 8 major U.S. telecom operators suffering a major intrusion by Chinese hackers. The hack, oddly getting far less attention than the TikTok moral panic did, was leveraged to help spy on U.S. political officials. It was so severe and extensive that the involved, unnamed telecoms have yet to fully remove the intruders from their networks:
This is par for the course for a country that’s literally too corrupt to pass even a baseline privacy law for the internet era, or hold telecom giants meaningfully accountable for much of anything. At best, telecoms have grown fat and comfortable with a paradigm that involves a tiny fine and wrist slap for their incompetence, assuming they get challenged over it at all.
Enter Senator Ron Wyden, who is proposing a new law that would require the FCC to take broader ownership of telecom cybersecurity.
His Secure American Communications Act would more clearly establish FCC authority to monitor telecoms for privacy and cybersecurity violations, require they conduct routine testing of their networks and systems, and contract outside independent auditors to make sure they’re doing a competent job. They’d also have to submit formal annual reviews to the FCC.
“It was inevitable that foreign hackers would burrow deep into the American communications system the moment the FCC decided to let phone companies write their own cybersecurity rules,” Wyden said. “Telecom companies and federal regulators were asleep on the job and as a result, Americans’ calls, messages, and phone records have been accessed by foreign spies intent on undermining our national security. Congress needs to step up and pass mandatory security rules to finally secure our telecom system against an infestation of hackers and spies.”
Of course the last thing AT&T, Verizon, Comcast, T-Mobile and Charter want is additional (or any) government oversight, so even if perfectly designed to minimize headaches and problems, the bill likely has zero real chance of passing a corrupt Congress.
Telecoms want to be able to exploit their regional monopolies to extract money from captive customers free from pesky government intervention. Which, as Wyden notes, is precisely how we got to this point. It’s the same reason the U.S. still doesn’t have even a basic internet-era privacy law after decades of endless scandal, fraud, hacks, and consumer data abuses. It’s corruption.
The real bummer is we’re not only going to not pass Wyden’s law, we’re going to do the exact opposite of what Wyden’s requesting. Trump’s incoming FCC boss Brendan Carr (R, AT&T) has professed to be super worried about all of this. But has not been subtle about his plan to obliterate whatever’s left of broadband consumer protection and FCC oversight of telecom.
At the same time, the Trump stocked Supreme Court, 5th, and 6th circuits are all in the process of neutering regulatory independence (which is why Wyden proposed this clearer law that won’t pass), and declaring FCC broadband consumer protection effectively illegal across a wide variety of subjects. That’s going to impact national security as much as it impacts consumer welfare.
The goal for corporate power was always to corrupt Congress to the point that real reforms can’t pass, then lobotomize regulatory independence and corporate oversight so they’re largely decorative. This was sold to you as some kind of good faith “rebalancing of institutional power” designed to “corral out of control regulators,” but it’s really just the ultimate manifestation of unchecked corruption.
The endless hacks and privacy scandals will join a rotating parade of problems across every industry that touches every corner of your lives, until the U.S. press and public finally realize corporate power may have taken things just a little too far with the whole “dismantling the federal regulatory state” thing. Which, with any luck, might occur by 2070… if it happens at all.
« Buying a TV in 2025? Expect Lower Prices, More Ads, and an OS War. | South Florida's Beachfront Buildings Found to be Sinking Faster Than Expected »
Related Stories
With the help of tipsters, the cybersecurity agency was able to 'connect the dots' to crack what has been called one of the worst telecom hacks in US history:
Chinese state-backed cyber espionage group Salt Typhoon, which has been in the news for its breach of U.S. telecom firms, was first discovered on the federal network using a different name, according to Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA).
"We saw it as a separate campaign called another goofy cyber name. And we were able to—based on the visibility that we had within the federal networks—to be able to connect some dots," she said during a discussion at the Foundation for Defense of Democracies on Jan. 15.
[...] The earlier identification under a different name enabled officials to connect the dots with the help of tipsters from the private sector, which Easterly said ultimately "led to kind of cracking open the larger Salt Typhoon piece."
[...] On Jan. 17, the U.S. Treasury Department announced it was sanctioning Chinese cybersecurity company Sichuan Juxinhe Network Technology Co. for "direct involvement in the Salt Typhoon cyber group."
"Chinese state-backed cyber actors continue to present some of the greatest and most persistent threats to U.S. national security," the Treasury Department said.
The Treasury Department also sanctioned Shanghai-based hacker Yin Kecheng, who was allegedly behind a major breach of the department's network in early December. The cyber actor is affiliated with China's Ministry of State Security, the department said.
Previously:
- U.S. Treasury Confirms It Was Breached by China-Backed Hackers
- A 9th Telecoms Firm Has Been Hit by a Massive Chinese Espionage Campaign, the White House Says
- Wyden Law Would Give FCC Greater Power Over Telecom's Lax Cybersecurity In Wake Of Ugly Salt Typhoon
- Salt Typhoon's Cyberstorm Reaches Beyond US Telcos
- Senators Ask Cyber Review Board to Conduct Investigation on Chinese Hack Group
(Score: 2) by Username on Friday December 20, @03:23PM (3 children)
Far as I know all government phones, etc are end to end encrypted. If anything government related gets leaked, we should hold that employee responsible. Especially post "like a cloth or something."
Not sure if I want my cell carrier enhancing my security for me. Every day having to authenticate through email or something. If China wants to look at photos of my dick, I don't really care. They can have my dick pics.
(Score: 2) by Barenflimski on Friday December 20, @05:29PM
SMS messages aren't encrypted. When you can sniff the telecom backend you can pick up any 2 factor authentication sent by SMS.
If you have a diplomat in a different country its possible your message gets sent SMS.
(Score: 0) by Anonymous Coward on Friday December 20, @05:37PM
Are politicians' *personal* phones encrypted that way? You know, the ones that they use to make behind-the-scenes deals.
I'm pretty sure it's that that they're worried about being observed.
(Score: 4, Informative) by VLM on Friday December 20, @06:52PM
Data payloads are unneeded.
"Oh look your phone and your mistress's phone were at the love-hotel when you were supposedly at a business meeting and we can keep that all quiet for the low, low cost of ..."
"Oh look your embassy/employer/wtf forbids you as an employee from visiting location-xyz because of too many bar fights or whatever, and look you're right there, now we can keep that all quiet for the low, low cost of ..."
(Score: -1, Offtopic) by Anonymous Coward on Friday December 20, @10:29PM (1 child)
Yeah, in the souls of those who reelect corrupt politicians to 50 year careers while passing blame onto the "system".
(Score: 0) by Anonymous Coward on Saturday December 21, @05:05AM
"It’s corruption."
Says right there in the summary. How is it offtopic to say where it comes from?
(Score: 2) by ShovelOperator1 on Saturday December 21, @08:07AM
I don't know how the attack was conducted, but in the media there is less and less coverage about technical side of it. Fear-mongering? Panicking? Making people mad to start another war? Yes, of course, but technical details are, let's say, scarce. If it would be some foreign hackers group exploiting devices, there would be some analysis. It looks like they try to cover something really ugly made on US side, like the group logged into the passwordless account, or just found that a full records of metadata are sent some way in unencrypted form. It's not 1980s, you don't find nationwide backdoors by scanning ports!
While I know that it's not time for conclusions yet, maybe government finally got cut with own sword by forcing suppliers to include U.S. government backdoor, and this backdoor has been used as most security researchers warned? The reaction would be the same.
And customer protection is a joke, and it's a joke everywhere. In the EU, we have GDPR. There is literally an article about minimizing the amount of data processed and stored. Nobody cares about it and data brokers flourish like everywhere. If some data cannot be sold, they are "leaked" and suddenly the owner gets a fat slice of cash. GDPR regulations which are required for most services contain points about profiling and advertising and it's impossible to opt out because this is "in the system". The only results of leaks are services like "check is your data in leak", responsibility is almost none. So, don't even start with "customer protection", we have a late capitalism, customers became a property of a company.