US telecommunications giants are under constant attack from Chinese hackers. A federal investigation has uncovered a massive cyber espionage operation by the Chinese government, targeting U.S. communications networks and stealing information on Americans. A senior White House official acknowledged that at least eight U.S. telecommunications companies were affected by the latest hack.
To combat this, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have released advice for carriers to help detect and block hackers while preventing future attacks. We’ll break down the details of this Chinese hacking operation and share tips on how to keep your data safe.
Get security alerts, tips from experts – Sign up for Cart Newsletter – Cyber Guy Report here
Illustration of a hacker at work (Kurt “Cyber Guy” Knutson)
What you need to know about China’s hacking campaign
According to the FBIBeijing-linked hackers infiltrated the networks of “multiple” carriers and accessed customer call records and private communications of “a limited number of individuals.” Since this is espionage, they are not interested in your average Joe’s text messages or call history. Instead, their targets are Americans involved in government and politics.
The hackers also attempted to copy “certain information that was the subject of a court-ordered U.S. law enforcement request,” the FBI said. This suggests that they may have been trying to violate programs such as those under the Foreign Intelligence Surveillance Act, which allows U.S. spy agencies to monitor the communications of individuals suspected of working for foreign powers. are.
Earlier this month, Vice President for National Security Ann Neuberger revealed new details about the scale of China’s hacking operations. Neuberger said the United States believes the hackers were able to access communications of senior government officials and prominent politicians.
She explained that although the hackers focused on a relatively small number of individuals, a limited number of Americans’ calls and text messages were compromised. Neuberger also noted that while affected carriers are working to address the breach, none have yet been able to completely remove Chinese hackers from their networks.
The campaign is believed to have started one to two years ago, according to . Associated Press. Authorities suspect that a Chinese hacker group known as Salt Typhoon is behind the operation.
Illustration of a hacker at work (Kurt “Cyber Guy” Knutson)
Here’s what ruthless hackers stole from 110 million AT&T customers
How can hackers access sensitive information?
Experts believe Salt Typhoon was able to access call records and private communications by exploiting a decades-old backdoor used by major telecommunications providers such as AT&T and Verizon.
“The irony here is that the backdoor the Chinese exploited is actually the same backdoor used by federal law enforcement for legal surveillance purposes.” -Security at the Center company, told CyberGuy.
This vulnerability results from the Communications Assistance for Law Enforcement Act (CALEA), a federal law that requires backdoors in critical telecommunications infrastructure. CALEA allows law enforcement to access phone records and metadata as part of authorized investigations, including facilitating wiretaps.
“The problem with backdoors is simple: backdoors are not selective. Backdoors created for law enforcement are essentially system vulnerabilities. “Anyone who discovers it could exploit it,” said Ackerley, who previously served as a White House technical adviser.
Illustration of a hacker at work (Kurt “Cyber Guy” Knutson)
Beware of encrypted PDFs as the latest method to deliver malware
The solution is end-to-end encryption
To protect your private conversations and phone calls, cybersecurity experts recommend using an end-to-end encryption platform. Jeff Green, CISA’s executive assistant director for cybersecurity, urged Americans to prioritize encrypted communication tools.
“Use encrypted communications wherever you can,” Green advised, emphasizing the importance of a secure platform. He added: “We definitely need to do that to consider what that means in the long term and how we protect our networks.”
FBI officials said the public will “receive timely and automatic operating system updates, responsibly managed encryption and phishing-resistant MFA for email, social media, and collaboration tool accounts.” “Use a mobile phone equipped with
However, cybersecurity experts warn that these measures are not foolproof. The term “responsibly managed encryption” is problematic because it intentionally leaves room for “lawful access” such as backdoors as required by CALEA.
“It’s clear that no backdoor encryption was actually involved,” Ackerley said. “It is time for the U.S. government to recognize and support end-to-end encryption as a stronger protection against foreign adversaries.”
Illustration of a cyber security expert at work (Kurt “Cyber Guy” Knutson)
What to do if your bank account is hacked
10 ways to protect your personal information from cybersecurity threats
Now that we have discussed the threat, let’s look at the solution. Here are 10 ways to keep your personal information safe.
1) Use an end-to-end encryption platform. For private communications, prioritize platforms that offer end-to-end encryption. This ensures that only you and the intended recipient have access to your messages and calls, and prevents unauthorized access by hackers and other third parties.
“Anyone can take control of their data and protect themselves from security threats by using applications that provide end-to-end encryption, whether it’s email, sending messages or files, or video chatting. No matter what you do, the only way to ensure your data is protected from malicious actors is to encrypt it in transit,” Ackerley said. Try out the apps and tools that are easy to use.
For texting, consider apps like: Signal or WhatsApp. For email services, look for one that offers easy-to-use end-to-end encryption. These platforms ensure that private communications are protected from unauthorized access. Read my review of the best secure and private email services here..
2) Keep your device’s operating system up to date. Enable your mobile phone or other device to automatically receive operating system updates in a timely manner. These updates often include critical security patches that protect against new vulnerabilities exploited by hackers. For reference, please refer to my guide How to keep all your devices up to date.
3) Enable two-factor authentication (2FA). Set up phishing resistance 2FA In your email, social media, and collaboration tool accounts. This adds an extra layer of protection, requiring more than just a password to access your account, making it harder for cybercriminals to steal your information.
4) Use strong antivirus software. Be aware of phishing techniques and remain skeptical of suspicious links, emails, and phone calls that request personal information. Cybercriminals often use these methods to access sensitive data.
The best way to protect yourself from malicious links is to install antivirus software on all your devices. This protection also warns you about phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best antivirus protection products of 2024 for Windows, Mac, Android, and iOS devices.
5) Encrypt sensitive data. Data encryption Found on USB drives, SIM cards, and laptops, it protects your information if your device is lost or stolen. Also, be sure to password-protect any sensitive files or folders by following these steps: These steps.
6) Implement strong passwords. Use unique and complex passwords for each account; password manager.
7) Back up your data regularly. Backing up your data prevents data loss due to ransomware or device failure. Must be backed up. mobile device, Mac and window computer.
8) Be wary of public Wi-Fi: use. VPN (Virtual Private Network) when connecting to Public Wi-Fi Encrypt your network and encrypt your internet traffic. This makes it difficult for hackers and third parties to intercept your data, especially on public Wi-Fi. A VPN masks your IP address, obscuring your location and online activity. While a VPN won’t directly prevent phishing emails, it will reduce the exposure of your browsing habits to trackers who can use this data maliciously. A VPN allows you to securely access your email account from anywhere, even in regions with restrictive internet policies. For the best VPN software, read my expert review of the best VPNs to browse the web privately. Windows, Mac, Android, iOS devices.
9) Invest in a personal data deletion service: Consider a service that scrubs personal information from public databases. This makes it less likely that your data will be used for phishing or other cyber-attacks after a breach. Check out my recommended data deletion services here.
10) Use identity theft protection. Identity theft protection services monitor your accounts for unusual activity, alert you to potential threats, and help resolve issues if your data is compromised. Check out our tips and recommendations on how to protect yourself from identity theft.
Cart important points
There is no denying that the United States faces serious cyberattacks that put millions of people at risk. What’s even more concerning is that hackers continue to exploit telecom providers even after the issue was made public. Governments and affected businesses must prioritize addressing this threat and patching backdoors used by cybercriminals. We are witnessing the largest data breach in U.S. history.
Do you think current laws regarding encryption and lawful access are sufficient to protect your privacy? Email us. Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report newsletter using the link below. Cyberguy.com/Newsletter.
Ask Kurt a question or let us know your story you’d like us to cover.
Follow Kurt on his social channels.
Answers to CyberGuy frequently asked questions:
New from cart:
Copyright 2024 CyberGuy.com. Unauthorized reproduction is prohibited.
