U.S. telecom giants are under constant attack from Chinese hackers. A federal investigation has uncovered a massive cyberespionage campaign by the Chinese government, targeting U.S. telecommunications networks to steal Americans’ information. A top White House official confirmed that at least eight U.S. telecom companies have been affected by this hacking spree.
To combat this, the FBI and CISA have released advice for telecom companies to help them detect and block the hackers while preventing future attacks. I break down the details of this Chinese hacking campaign and share tips on how to keep your data safe.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
What you need to know about the China hacking campaign
According to the FBI, hackers linked to Beijing have infiltrated the networks of “multiple” telecom companies, gaining access to customer call records and private communications of “a limited number of individuals.” Since this is an espionage campaign, they’re not interested in the average Joe’s texts or call history. Instead, their targets are Americans involved in government and politics.
The hackers also tried to copy “certain information that was subject to U.S. law enforcement requests pursuant to court orders,” according to the FBI. This suggests they might have been attempting to breach programs like those under the Foreign Intelligence Surveillance Act (FISA), which allows U.S. spy agencies to monitor the communications of individuals suspected of working for foreign powers.
Earlier this month, Deputy National Security Adviser Anne Neuberger shared new details about the scale of the Chinese hacking campaign. According to Neuberger, the U.S. believes the hackers managed to access communications from senior government officials and prominent political figures.
She explained that while the hackers were focused on a relatively small group of individuals, a limited number of Americans’ phone calls and texts were compromised. Neuberger also mentioned that the affected telecom companies are working to address the breaches, but none have been able to completely remove the Chinese hackers from their networks yet.
This campaign is believed to have started a year or two ago, according to the Associated Press. Authorities suspect a Chinese hacking group known as Salt Typhoon to be behind the operation.
HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS
How are hackers able to access sensitive information
Salt Typhoon managed to access call records and private communications by exploiting decades-old back doors in major telecom providers, including AT&T and Verizon, experts believe.
“The irony here is that the back doors exploited by the Chinese are, in fact, the same back doors that are utilized by federal law enforcement for purposes of conducting legal surveillance,” John Ackerly, CEO and co-founder of Virtru, a data-centric security company, told CyberGuy.
The vulnerabilities are a result of the Communications Assistance for Law Enforcement Act (CALEA), a federal law that mandates back doors in critical telecommunications infrastructure. CALEA enables law enforcement agencies to access phone records and metadata, including facilitating wiretaps, as part of authorized investigations.
“The problem with back doors is simple. They’re not selective. A backdoor created for law enforcement is, by its very nature, a vulnerability in the system. And vulnerabilities, once they exist, can be exploited by anyone who discovers them. Both good guys and bad guys can enter back doors,” Ackerly, who previously served as a White House technology advisor, added.
BEWARE OF ENCRYPTED PDFS AS THE LATEST TRICK TO DELIVER MALWARE TO YOU
The solution is end-to-end encryption
To protect private conversations and phone calls, cybersecurity experts recommend using end-to-end encrypted platforms. Jeff Greene, executive assistant director of cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), urged Americans to prioritize encrypted communication tools.
“Use your encrypted communications where you have it,” Greene advised, emphasizing the importance of secure platforms. He added, “We definitely need to do that, kind of look at what it means long-term, how we secure our networks.”
An FBI official warned that citizens should be “using a cell phone that automatically receives timely operating system updates, responsibly managed encryption and phishing resistant MFA for email, social media and collaboration tool accounts.”
However, cybersecurity experts warn that these measures are not foolproof. The term “responsibly managed encryption” is problematic, as it intentionally leaves room for “lawful access,” such as the backdoors required by CALEA.
“It’s clear that encryption with backdoors is not actually responsible at all,” Ackerly said. “It’s time for the U.S. government to acknowledge and support end-to-end encryption as a stronger protection against foreign adversaries.”
WHAT TO DO IF YOUR BANK ACCOUNT IS HACKED
10 ways to protect your personal information against cybersecurity threats
Now that we’ve discussed the threat let’s take a look at the solutions. Here are ten ways you can keep your personal information safe.
1) Use end-to-end encrypted platforms: For private communications, prioritize platforms that offer end-to-end encryption. This ensures that only you and the intended recipient can access your messages or calls, preventing unauthorized access by hackers or other third parties.
“Anyone can take control of their own data and protect themselves from security threats by using applications that provide end-to-end encryption. Whether you’re emailing, sending messages and files, or video chatting, the only way to truly ensure your data is safe from bad actors is to encrypt it as it travels,” Ackerly advised. “Choose an app or tool that is easy to use, so that you will actually use it.”
For texting, consider apps like Signal or WhatsApp. For email, services like StartMail offer easy-to-use end-to-end encryption. These platforms ensure that your private communications remain secure from unauthorized access. StartMail provides robust end-to-end encryption capabilities, including OpenPGP encryption and password-protected messages for recipients who may not use encrypted email services. Additionally, StartMail incorporates features such as multi-factor authentication and blocking of tracking pixels, further enhancing user privacy and security.
You can get an Exclusive deal for CyberGuy readers: 50% off: $29.98 for first year ($2.50 per month, billed annually). Includes a free 7-day trial.
See my review of best secure and private email services here
http://cyberguy.com/mail
2) Keep your device’s operating system updated: Make sure your cell phone and other devices automatically receive timely operating system updates. These updates often include important security patches that protect against new vulnerabilities exploited by hackers. For reference, see my guide on how to keep all your devices updated.
3) Enable two-factor authentication (2FA): Set up phishing-resistant 2FA on your email, social media, and collaboration tool accounts. This adds an extra layer of protection, requiring more than just a password to access your accounts, making it harder for cybercriminals to steal your information.
4) Use strong antivirus software: Be aware of phishing techniques and remain skeptical of suspicious links, emails, or phone calls asking for personal information. Cybercriminals often use these methods to gain access to your sensitive data.
The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers:
5) Encrypt sensitive data: Encrypt data on USB drives, SIM cards, and laptops to protect information if devices are lost or stolen. Also, be sure to password-protect your sensitive files or folders by following these steps.
6) Implement strong password practices: Use unique, complex passwords for each account and consider using a password manager.
7) Regularly backup your data: Backing up your data helps protect against data loss from ransomware or device failure. You’ll want to back up your mobile device, Mac and Windows computers.
8) Be cautious with public Wi-Fi: Use a VPN (Virtual Private Network) when connecting to public Wi-Fi networks to encrypt your internet traffic. This makes it harder for hackers and third parties to intercept your data, especially on public Wi-Fi. A VPN masks your IP address, helping to obscure your location and online activity. While VPNs don’t directly prevent phishing emails, they reduce the exposure of your browsing habits to trackers that may use this data maliciously. With a VPN, you can securely access your email accounts from anywhere, even in areas with restrictive internet policies.
ExpressVPN and Surfshark are both trusted VPN services that prioritize your privacy and security and are available on a wide range of platforms, including Mac, Windows, iOS, Android, and popular browsers.
ExpressVPN: ExpressVPN is known for its speed, reliability, and strong privacy features. It offers ultra-fast servers in 105 countries, supports P2P sharing, and allows up to 8 devices to connect simultaneously. Available on a wide range of devices, it features a simple setup that takes less than 2 minutes. ExpressVPN’s strict no-log policy ensures your data is never stored, and all servers run on RAM, so no user activity is saved. With 24/7 live customer support and a 30-day money-back guarantee, ExpressVPN is a top choice for privacy-conscious users.
CYBERGUY DEALS:
- Save 48% now with CyberGuy’s exclusive offer – you can get now up to 3 months FREE with a 12-month plan, for $6.67/month. Try 30 days risk-free.
- Save 61% now with CyberGuy’s exclusive offer – you can get now up to 4 months FREE with a 24-month plan, for $4.99/month. Try 30 days risk-free.
Surfshark: Another excellent option, Surfshark provides strong security features at an affordable price. Like ExpressVPN, Surfshark operates under a strict no-logs policy and uses advanced encryption to keep your data safe. One standout feature is Surfshark’s ability to support unlimited devices on a single account, making it ideal for families or users with multiple gadgets. Another to top choice for privacy-conscious users.
CYBERGUY DEALS:
- Save 81% now with CyberGuy’s exclusive offer – Get 4 extra months FREE with a 12-month plan. Try 30 days risk-free, for only $2.99 per month.
- Save 87% now with CyberGuy’s exclusive offer – Get 4 extra months FREE with a 24-month plan. Try 30 days risk-free, for only $1.99 per month.
9) Invest in personal data removal services: Consider services that scrub your personal information from public databases. This reduces the chances of your data being exploited in phishing or other cyberattacks after a breach.
A service like Incogni can help you remove all this personal information from the internet. It has a very clean interface and will scan 195 websites for your information and remove it and keep it removed.
Special for CyberGuy Readers (60% off): Incogni offers A 30-day money-back guarantee and then charges a special CyberGuy discount only through the links in this article of $6.49/month for one person (billed annually) or $13.19/month for your family (up to 4 people) on their annual plan and get a fully automated data removal service, including recurring removal from 190+ data brokers. I recommend the family plan because it works out to only $4.12 per person per month for year-round coverage. It’s an excellent service, and I highly recommend at least trying it out to see what it’s all about.
Get Incogni for your family (up to 4 people) here
10) Use identity theft protection: Identity theft protection services monitor your accounts for unusual activity, alert you to potential threats, and can even assist in resolving issues if your data is compromised.
My top recommendation is Identity Guard. One of the best parts of using Identity Guard is that they might include identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.
Exclusive CyberGuy deal: 66% off Ultra Annual Plans: Get the Identity Guard Ultra protection to protect your identity and credit for as little as $9.99/mo (lowest offered anywhere) for the first year.
See my tips and best picks on how to protect yourself from identity theft.
Kurt’s key takeaway
There’s no denying that the U.S. is facing a serious cyberattack that puts millions at risk. What’s even more concerning is that hackers continue to exploit telecom providers even after the issue has been made public. The government and the affected companies must prioritize addressing this threat and patching the backdoors these cybercriminals are using. We’re witnessing one of the largest intelligence compromises in U.S. history.
Do you believe the current laws around encryption and lawful access are enough to protect your privacy? Let us know in the comments below.
FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.
1 comment
No, the current laws are too weak. All of the above ext messages should be encrypted by default.