"Unprecedented cyberattack" sparks warning to US citizens to switch to encryption

Date:
Thu, 05 Dec 2024 15:23:27 +0000

Description:
The ongoing attack on US telecom companies from the China-linked Salt Typhoon group may be one of the largest in US history. Here's all you need to know to stay safe.

FULL STORY ======================================================================

US authorities are urging Americans to use encrypted messaging apps to secure their sensitive data against foreign attackers.

The security call comes in the wake of an "unprecedented cyberattack" on the countries' telecoms companies, NBC News reported . The attack is considered among the largest intelligence compromises in US history and isn't yet fully fixed.

The China-linked Salt Typhoon group was first spotted targeting US telecoms with a new backdoor malware a few months ago. It has reportedly hacked the likes of AT&T, Verizon, and Lumen Technologies to spy on their customers' activities.

The need for strong encryption

"Encryption is your friend, whether its on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able
to intercept the data, if it is encrypted, it will make it impossible, said Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday as per
NBC News.

Encryption refers to scrambling the data into an unreadable form to prevent third-party access. From messaging apps like WhatsApp, Signal , and Session
to secure email services like ProtonMail and Tuta , online communications are expected to remain private from the sender to the receiver (end to end)
thanks to this technology.

Besides encrypting chats and calls leaving your device, FBI officials also suggest keeping your smartphone up-to-date and enabling two-factor authentication whenever possible to protect your accounts against phishing attacks. Do you know? (Image credit: Getty Images) The US Cybersecurity and Infrastructure Security Agency (CISA) has also published new guidance for helping enterprises defend against Salt Typhoon's threats, which includes a series of best practices and other security tips to stay protected .

Tech and privacy experts have welcomed the US authorities' endorsement of
using encrypted communication software. They have long advocated for the necessity of these tools on both privacy and security grounds, in fact, strongly rejecting any attempts from lawmakers to undermine their efficiency
in combating crime.

Commenting on this point, Greg Nojeim of the Center for Democracy &
Technology (CDT) a member of the Steering Committee of the Encryption Coalition said: "If anti-encryption advocates had their way, the United
States would now be defenseless to this type of mass snooping from a foreign power."

That said, Salt Typhoon hackers aren't just targeting the content of
Americans' communications, but also their call record metadata as Reuters reported .

Metadata privacy is becoming a growing issue nowadays. Attackers can now harvest the power of AI tools to find patterns and trace back people's data even without the need to access the encrypted content.

======================================================================
Link to news story: https://www.techradar.com/vpn/vpn-privacy-security/unprecedented-cyberattack-s parks-warning-to-us-citizens-to-switch-to-encryption

$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

"Unprecedented cyberattack" sparks warning to US citizens to switch to encryption

I wonder why the cellphone companies don't do more to protect their customers? Encryption of data isn't something that they haven't mastered.

The least they could do is encrypt our text messages.

--- Mystic BBS v1.12 A49 2023/04/30 (Windows/64)
* Origin: JoesBBS.Com, Telnet:23 SSH:22 HTTP:80 (1:342/201)

"Unprecedented cyberattack" sparks warning to US citizens to switch to encryption

I wonder why the cellphone companies don't do more to protect their

ustomers?

Encryption of data isn't something that they haven't mastered.

The least they could do is encrypt our text messages.

I am not sure but their reluctance could be because it would make it more difficult for them to access the messages in question (i.e. should Uncle
Sam ask to see them). It would also add costs and overhead, something
they'd probably pass on to us, of course.


* SLMR 2.1a * 2 + 2 = 5 for extremely small values of 5.
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

I wonder why the cellphone companies don't do more to protect their customers? Encryption of data isn't something that they haven't mastered.

Because they use that data for their purposes.

Not too long ago, someone was testing some stuff out with an email
server that he was setting up - mainly why it wasn't negotiating a secure/encrypted connection.

Long story short: His ISP was actively changing the data stream to/from his email server to BLOCK the request to turn on encryption. He let his ISP know that this was a violation of the law and they soon took that
out, but had no explanation of why it was there in the first place.

The elite are aware that a few of us are trying to evade their invasion of our privacy. In some cases, like the one you mentioned, they back down. I'm currently in process of begging one of the major free email providers to unblock my wife's email server's IP address from delivering mail to their recipients.

With that being said, does that solve the mystery? They either enjoy all the begging, or they're on a collective mission to monitor all of our communications (probably both.)

--- Mystic BBS v1.12 A49 2023/04/30 (Windows/64)
* Origin: JoesBBS.Com, Telnet:23 SSH:22 HTTP:80 (1:342/201)

Aaron Thomas wrote to Mike Powell <=-

I wonder why the cellphone companies don't do more to protect their customers? Encryption of data isn't something that they haven't
mastered.

Because they use that data for their purposes.

Not too long ago, someone was testing some stuff out with an email server that he was setting up - mainly why it wasn't negotiating a secure/encrypted connection.

Long story short: His ISP was actively changing the data stream to/from his email server to BLOCK the request to turn on encryption. He let his ISP know that this was a violation of the law and they soon took that out, but had no explanation of why it was there in the first place.

We can just assume today that your ISP, cell phone provider, etc. are actively spying on it. Probably just for marketing purposes, but who knows how that data will be used in the future.


... I like your approach, now let's see your departure
___ MultiMail/Linux v0.52

--- Mystic BBS/QWK v1.12 A47 2021/12/25 (Windows/32)
* Origin: cold fusion - cfbbs.net - grand rapids, mi (1:120/616)

Aaron Thomas wrote to Dr. What <=-

With that being said, does that solve the mystery? They either enjoy
all the begging, or they're on a collective mission to monitor all of
our communications (probably both.)

The market will ultimately decide. And with Trump in office, the market has a better chance of winning out.

For me, I long ago went to Tutanota for my email. It's encrypted at rest (so even if someone raids Tutanota's servers, they still can't read my messages) and encrypted in transit - with more than just TLS (which ISPs can do "main in the middle" attacks on).

I use Brave as my browser - which routes traffic through a VPN, making it harder (but not impossible) for someone to track my browsing.

Not perfect, but steps nonetheless.

I've already had problems with a couple companies.

Adafruit, for example, refused to sell me anything because of my tutanota.com address. So I simply stopped doing business with them.

One of my credit card companies refused to allow me to pay my bill via the web because Brave uses a VPN. When I asked them about it via phone, they basically
said I needed to use an insecure browser. I told them what I thought about that, paid my bill via check and mail - and then cancelled the card.

I don't have to put up with their BS. If enough people won't, the market will adjust.

It will be interesting when an ISP gets hacked and all the person data that they collected on people (which they said that they wouldn't collect) is stolen. I can see the huge lawsuits coming out of that.

Sadly, it takes time and some work on the consumer's part. But that's how capitalism works.


... "640K ought to be enough for anybody." (Bill Gates, 1981)
___ MultiMail/Linux v0.52

--- Mystic BBS/QWK v1.12 A47 2021/12/25 (Windows/32)
* Origin: cold fusion - cfbbs.net - grand rapids, mi (1:120/616)

For me, I long ago went to Tutanota for my email. It's encrypted at
rest (so even if someone raids Tutanota's servers, they still can't read my messages) and encrypted in transit - with more than just TLS (which ISPs can do "main in the middle" attacks on).

It sounds good, but how can you be sure that they're encrypting it?

I use Brave as my browser - which routes traffic through a VPN, making it harder (but not impossible) for someone to track my browsing.

I don't know how any browser can be trusted either. Browser-based spying seems like the perfect solution for the elites as they deal with people switching to private email servers, encrypted data, secure connections, etc.

Adafruit, for example, refused to sell me anything because of my tutanota.com address. So I simply stopped doing business with them.

That's awfully discriminatory of them. I was delighted to find google and yahoo accepting email from my (wife's) email server. It's the other big one that's putting up a fight.

Email server software is complex software. I don't understand all aspects of it. But I've got a basic setup in place and it's working nicely. It makes me realize how much of a hack the elites really are. They did what I did, but they packaged it with cellphones, and it made them famous.

--- Mystic BBS v1.12 A49 2023/04/30 (Windows/64)
* Origin: JoesBBS.Com, Telnet:23 SSH:22 HTTP:80 (1:342/201)

Aaron Thomas wrote to Dr. What <=-

It sounds good, but how can you be sure that they're encrypting it?

I can't really. But seeing that's their main selling point, if it's ever discovered that they aren't, they are bankrupt.

I don't know how any browser can be trusted either. Browser-based
spying seems like the perfect solution for the elites as they deal with people switching to private email servers, encrypted data, secure connections, etc.

Trust is earned. So far Brave has earned my trust. But, ya, you can't be sure
- and look how the Elitists infiltrate organizations that have gained our trust.

But this is the market. Browser A pisses me off, I move to Browser B and Browser A changes or fades away after a while.

If enough people demand privacy in browsing, someone will meet that demand and the browsers that don't respect privacy will hurt.

Adafruit, for example, refused to sell me anything because of my tutanota.com address. So I simply stopped doing business with them.

That's awfully discriminatory of them.

Yes, it was. Especially when I asked nicely "why" and they basically told me to go pound sand - not in a nice way.

I was delighted to find google
and yahoo accepting email from my (wife's) email server. It's the other big one that's putting up a fight.

At my previous company, their "spam cannon" (i.e. mass marketing system) was blocked at many companies. It took them quite some time to fix that.

Some email companies are very shy about "unvetted" email servers.

Email server software is complex software. I don't understand all
aspects of it. But I've got a basic setup in place and it's working nicely. It makes me realize how much of a hack the elites really are.
They did what I did, but they packaged it with cellphones, and it made them famous.

Yup. Most of those people didn't really do anything but take advantage of other people or situations. The people who actually contributed just fade into
the background.

Steve Jobs and Dennis Richie died around the same time. Yet only Steve Jobs was noted by most people. But Dennis Richie contributed FAR more than Steve Jobs was ever capable of.


... A low yield atomic bomb is like being a bit pregnant.
___ MultiMail/Linux v0.52

--- Mystic BBS/QWK v1.12 A47 2021/12/25 (Windows/32)
* Origin: cold fusion - cfbbs.net - grand rapids, mi (1:120/616)

Trust is earned. So far Brave has earned my trust. But, ya, you can't
be sure - and look how the Elitists infiltrate organizations that have gained our trust.

I read a little about Brave and it is open-source, and I think it's written in Python. That's a good sign. We could review the source code to look for backdoors (although I don't have much experience with Python.)

But that is a good reason to use it and I will give it a try.

Email server software is complex software. I don't understand all aspects of it. But I've got a basic setup in place and it's working nicely. It makes me realize how much of a hack the elites really

are.

They did what I did, but they packaged it with cellphones, and it

mad

them famous.

Yup. Most of those people didn't really do anything but take advantage
of other people or situations. The people who actually contributed just fade into the background.

That's what I suspect about a lot of these people. I always thought Bill Gates was the author of DOS and Windows, but I did a google search of "who created DOS" and the answer was "Tim Patterson." Then I searched "Who is the author of Windows 3.1?" and the answer was "Microsoft."

I guess Bill Gates isn't the hacker I thought he was. His specialty is in the taking credit department.

--- Mystic BBS v1.12 A49 2023/04/30 (Windows/64)
* Origin: JoesBBS.Com, Telnet:23 SSH:22 HTTP:80 (1:342/201)

Aaron Thomas wrote to Dr. What <=-

That's what I suspect about a lot of these people. I always thought
Bill Gates was the author of DOS and Windows, but I did a google search
of "who created DOS" and the answer was "Tim Patterson." Then I
searched "Who is the author of Windows 3.1?" and the answer was "Microsoft."

I guess Bill Gates isn't the hacker I thought he was. His specialty is
in the taking credit department.

Bill Gates was never that technical. Most of what he did was taken from others
- which was actually pretty normal at the time - and being a good businessman mostly by identifying opportunities and taking advantage of them.

But as far as creation: ya, he never really did much.


... I thought I was a wit, and I was half right.
___ MultiMail/Linux v0.52

--- Mystic BBS/QWK v1.12 A47 2021/12/25 (Windows/32)
* Origin: cold fusion - cfbbs.net - grand rapids, mi (1:120/616)