Chinese hackers target US telecom companies: What you need to know to protect your data

US telecom giants are under constant attack from Chinese hackers. A federal investigation revealed a widespread electronic espionage campaign by the Chinese government, targeting American communications networks to steal Americans’ information. A senior White House official confirmed that at least eight American telecommunications companies were affected by this wave of piracy.

To combat this, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued tips for telecom companies to help them detect and block hackers while preventing future attacks. I break down the details of this Chinese hacking campaign and share tips on how to keep your data safe.

GET SECURITY ALERTS, EXPERT ADVICE – SUBSCRIBE TO KURT’S NEWSLETTER – CYBERGUY REPORT HERE

What you need to know about the Chinese hacking campaign

According to the FBIHackers linked to Beijing have infiltrated the networks of “several” telecom companies, gaining access to customer call logs and the private communications of “a limited number of individuals”. Since this is a spy campaign, they are not interested in Joe’s regular messages or call history. Instead, their targets are Americans involved in government and politics.

The hackers also attempted to copy “certain information that was subject to US law enforcement requests under court orders,” according to the FBI. This suggests they may have been trying to hack programs like those under the Foreign Intelligence Surveillance Act, which allows US spy agencies to monitor the communications of individuals suspected of working for foreign powers.

Earlier this month, Deputy National Security Advisor Anne Neuberger shared new details about the scale of China’s hacking campaign. According to Neuberger, the United States believes that hackers gained access to the communications of senior government officials and prominent political figures.

She explained that while the hackers focused on a relatively small group of individuals, a limited number of Americans’ private phone calls and texts were compromised. Neuberger also stated that the affected telecom companies are working to address the breaches, but none have been able to completely remove the Chinese hackers from their networks yet.

It is believed that this campaign began a year or two ago, according to what Reuters reported. news agency. Authorities suspect a Chinese hacking group known as Salt Typhoon is behind the operation.

Here’s what hackers stole from 110 million AT&T customers

How do hackers access sensitive information?

Experts believe Salt Typhoon gained access to call logs and private communications by exploiting outdated backdoors at major telecommunications companies, including AT&T and Verizon.

“The irony here is that the backdoors that the Chinese are exploiting are actually the same backdoors that federal law enforcement uses for the purposes of conducting lawful surveillance,” said John Ackerley, CEO and co-founder of Virtru, a data specialist. A central security company told CyberGuy.

These vulnerabilities are a result of the Communications Enforcement Assistance Act (CALEA), a federal law that mandates backdoors in critical communications infrastructure. CALEA provides law enforcement agencies access to phone records and metadata, including facilitating wiretaps, as part of authorized investigations.

“The problem with backdoors is simple. They are not selective. A backdoor created for law enforcement is, by nature, a weak point in the system. And vulnerabilities, once they exist, can be exploited by anyone who discovers them,” said Ackerley, who previously served as a White House technology adviser. : “Both good guys and bad guys can enter through the back doors.”

Beware of encrypted PDF files as the latest trick to deliver malware to you

The solution is end-to-end encryption

To protect private conversations and phone calls, cybersecurity experts recommend using end-to-end encrypted platforms. Jeff Green, associate executive director for cybersecurity at CISA, urged Americans to prioritize encrypted communication tools.

“Use your encrypted communications wherever you have them,” Green advised, stressing the importance of secure platforms. He added: “We definitely need to do that, and look at what that means in the long term, and how to secure our networks.”

An FBI official warned that citizens should “use a mobile phone that automatically receives timely operating system updates, responsibly managed encryption, and phishing-resistant multi-factor authentication (MFA) for email, social media, and collaboration tool accounts.” .

However, cybersecurity experts warn that these measures are not foolproof. The term “responsibly managed encryption” is problematic, because it intentionally leaves room for “lawful access,” such as backdoors required by CALEA.

“Clearly, backdoor encryption is not responsible at all,” Ackerley said. “It is time for the US government to recognize and support end-to-end encryption as a stronger protection against foreign adversaries.”

What to do if your bank account is hacked

10 ways to protect your personal information from cybersecurity threats

Now that we’ve discussed the threat, let’s take a look at the solutions. Here are 10 ways you can keep your personal information safe.

1) Use end-to-end encrypted platforms: For private communications, prioritize platforms that offer end-to-end encryption. This ensures that only you and the intended recipient can access your messages or calls, preventing unauthorized access by hackers or other third parties.

“Anyone can control their own data and protect themselves from security threats by using apps that provide end-to-end encryption. Whether you’re emailing, sending messages and files, or having a video chat, the only way to truly ensure your data is to protect against malicious actors,” Ackerley said. The bad is encrypting it in transit.” “Choose an app or tool that is easy to use, so you can actually use it.”

For texting, consider apps like Signal or WhatsApp. For email services, look for ones that offer end-to-end encryption and are easy to use. These platforms ensure that your private communications remain safe from unauthorized access. See my review of the best secure and private email services here.

2) Keep your device’s operating system updated: Ensure that your mobile phone and other devices receive operating system updates automatically in a timely manner. These updates often include important security patches that protect against new vulnerabilities that hackers exploit. For reference, see my guide on How to keep all your devices updated.

3) Enable two-factor authentication (2FA): Set up phishing resistance 2FA On your email, social media, and collaboration tool accounts. This adds an extra layer of protection, requiring more than just a password to access your accounts, making it harder for cybercriminals to steal your information.

4) Use powerful antivirus software: Be aware of phishing techniques and be suspicious of suspicious links, emails, or phone calls requesting personal information. Cybercriminals often use these methods to access your sensitive data.

The best way to protect yourself from malicious links is to install antivirus software on all your devices. This protection can also alert you to phishing emails and ransomware, keeping your personal information and digital assets safe. Get my picks for the best antivirus protection winners of 2024 for Windows, Mac, Android, and iOS.

5) Encrypt sensitive data: Data encryption On USB drives, SIM cards and laptops to protect information if devices are lost or stolen. Also make sure to password protect your sensitive files or folders by doing the following These steps.

6) Implement strong password practices: Use unique, complex passwords for each account and consider using Password manager.

7) Back up your data regularly: Backing up your data helps protect against data loss due to ransomware or device failure. You will want to back up your data Mobile device, Mac and Windows Computers.

8) Be careful when using public Wi-Fi networks: Use a VPN (virtual private network) When you contact him Public Wi-Fi service Networks to encrypt your Internet traffic. This makes it difficult for hackers and third parties to intercept your data, especially on public Wi-Fi networks. A VPN masks your IP address, which helps hide your location and online activity. Although VPNs don’t directly block phishing emails, they reduce the exposure of your browsing habits to trackers who might use this data maliciously. With a VPN, you can safely access your email accounts from anywhere, even in areas with restrictive internet policies. For the best VPNs, see my expert review of the best VPNs for browsing the web privately on your device Windows, Mac, Android and iOS devices.

9) Invest in personal data removal services: Consider services that scrub your personal information from public databases. This reduces the chances of your data being exploited for phishing or other cyber attacks after a breach. Check out my top picks for data removal services here.

10) Use identity theft protection: Identity theft protection services monitor your accounts for unusual activity, alert you of potential threats, and can even help resolve issues if your data is compromised. Check out my tips and top picks on how to protect yourself from identity theft.

Key takeaway for Kurt

There is no denying that the United States is facing a serious cyberattack that puts millions at risk. What’s even more worrying is that hackers continue to exploit telecom providers even after the issue is published. The affected government and companies must prioritize addressing this threat and patching backdoors used by cybercriminals. We are witnessing one of the largest intelligence compromises in US history.

Do you think that current laws regarding encryption and legal access are sufficient to protect your privacy? Let us know by writing to us at Cyberguy.com/Contact.

For more tech tips and security alerts, sign up for the free CyberGuy Report newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or tell us what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most frequently asked questions about CyberGuy:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.