State-affiliated Chinese hackers penetrated AT&T, Verizon, Lumen and others; they entered their...

State-affiliated Chinese hackers penetrated AT&T, Verizon, Lumen and others; they entered their networks and spent months intercepting US traffic - from individuals, firms, government officials, etc - and they did it all without having to exploit any code vulnerabilities. Instead, they used the back door that the FBI requires every carrier to furnish:

wsj.com/tech/cybersecurity/u-s

1/

If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

pluralistic.net/2024/10/07/for

2/

Pluralistic: China hacked Verizon, AT&T and Lumen using the FBI’s backdoor (07 Oct 2024) – Pluralistic: Daily links from Cory Doctorow
pluralistic.net

In 1994, Bill Clinton signed CALEA into law. The Communications Assistance for Law Enforcement Act requires every US telecommunications network to be designed around facilitating access to law-enforcement wiretaps. Previous to CALEA, telecoms operators were often at pains to design their networks to *resist* infiltration and interception.

3/

Even if a telco didn't go that far, they were at the very least indifferent to the needs of law enforcement, and attuned instead to building efficient, robust networks.

Predictably, CALEA met stiff opposition from powerful telecoms companies as it worked its way through Congress, but the Clinton administration bought them off with hundreds of millions of dollars in subsidies to acquire wiretap-facilitation technologies.

4/

Immediately, a new industry sprang into being; companies that promised to help the carriers hack themselves, punching back doors into their networks. The pioneers of this dirty business were overwhelmingly founded by ex-Israeli signals intelligence personnel, though they often poached senior American military and intelligence officials to serve as the face of their operations and liase with their former colleagues in law enforcement and intelligence.

5/

Telcos weren't the only opponents of CALEA, of course. Security experts - those who weren't hoping to cash in on government pork, anyways - warned that there was no way to make a back door that was only useful to the "good guys" but would keep the "bad guys" out.

6/

These experts were - then as now - dismissed as neurotic worriers who simultaneously failed to understand the need to facilitate mass surveillance to keep the nation safe, *and* who lacked appropriate faith in American ingenuity. If we can put a man on the moon, surely we can build a security system that selectively fails when a cop needs it to, but stands up to every crook, bully, corporate snoop and foreign government. In other words: "We have faith in you! NERD HARDER!"

7/

NERD HARDER! has been the answer ever since CALEA - and related Clinton-era initiatives, like the failed Clipper Chip program, which would have put a spy chip in every computer, and, eventually, every phone and gadget:

en.wikipedia.org/wiki/Clipper_

America may have invented NERD HARDER! but plenty of other countries have taken up the cause.

8/

Clipper chip - Wikipedia
en.wikipedia.org

The all-time champion is former Australian Prime Minister Malcolm Turnbull, who, when informed that the laws of mathematics dictate that it is impossible to make an encryption scheme that only protects good secrets and not bad ones, replied, "<b>The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia</b>":

zdnet.com/article/the-laws-of-

9/

https://www.zdnet.com/article/the-laws-of-australia-will-trump-the-laws-of-mathematics-turnbull/
www.zdnet.com

CALEA forced a redesign of the foundational, physical layer of the internet. Thankfully, encryption at the protocol layer - in the programs we use - partially counters this deliberately introduced brittleness in the security of all our communications.

10/

CALEA can be used to intercept your communications, but mostly what an attacker gets is "metadata" ("so-and-so sent a message of X bytes to such and such") because the data is scrambled and they can't unscramble it, because cryptography actually *works*, unlike back doors.

11/

Of course, that's why governments in the EU, the US, the UK and all over the world are *still* trying to ban working encryption, insisting that the back doors they'll install will only let the good guys in:

pluralistic.net/2023/03/05/the

*Any* back door can be exploited by your adversaries.

12/

They’re still trying to ban cryptography – Pluralistic: Daily links from Cory Doctorow
pluralistic.net

The Chinese sponsored hacking group know as Salt Typhoon intercepted the communications of hundreds of millions of American residents, businesses, and institutions. From that position, they could do NSA-style metadata-analysis, malware injection, and interception of unencrypted traffic. And they *didn't have to hack anything*, because the US government insists that all networking gear ship *pre-hacked* so that cops can get into it.

13/

This isn't even the first time that CALEA back doors have been exploited by a hostile foreign power as a matter of geopolitical skullduggery. In 2004-2005, Greece's telecommunications were under mass surveillance by US spy agencies who wiretapped Greek officials, all the way up to the Prime Minister, in order to mess with the Greek Olympic bid:

en.wikipedia.org/wiki/Greek_wi

14/

Greek wiretapping case 2004–05 - Wikipedia
en.wikipedia.org

This is a wild story in *so many* ways. For one thing, CALEA isn't law in Greece! You can totally sell working, secure networking gear in Greece, and in many other countries around the world where they have not passed a stupid CALEA-style law. *However* the US telecoms market is so fucking *huge* that all the manufacturers build CALEA back doors into their gear, no matter where it's destined for.

15/

So the US has effectively exported this deliberate insecurity to the whole planet - and used it to screw around with *Olympic bids*, the most penny-ante bullshit imaginable.

Now Chinese-sponsored hackers with cool names like "Salt Typhoon" are traipsing around inside US telecoms infrastructure, using the back doors the FBI insisted would be safe.

16/

On October 23 at 7PM, I'll be in Decatur, presenting my novel *The Bezzle* at Eagle Eye Books:

eagleeyebooks.com/event/2024-1

--

Tor Books has just published two new, free "Little Brother" stories: "Vigilant," about creepy surveillance in distance education:

reactormag.com/spill-cory-doct

And "Spill," about oil pipelines and indigenous landback:

reactormag.com/vigilant-cory-d

17/

Image:
Kris Duda, modified
flickr.com/photos/ahorcado/543

CC BY 2.0
creativecommons.org/licenses/b

eof/

Czeladź - Elektrownia Saturn

Dawna kopalnia i elektrownia Saturn w Czeladzi. Polecam odwiedzić to miejsce ze względu na działającą tutaj niesamowitą galerię sztuki współczesnej. The former Saturn coal mine and powerplant. I advise you to visit this place, because of the art gallery functioning in one of the powerplant buildings. A place were modern art meets the art of engineering.

Flickr