A wiretap system built into AT&T/Verizon networks meant for law enforcement only has been discovered and used by China.
In multiple countries around the world, we’ve seen several debates surrounding encryption. Those on the anti-encryption side of the debate have pushed the myth that the “bad guys” are going dark because of encryption. If encrypted technology isn’t backdoored for only the “good guys”, then crime will become completely undetectable and the “good guys” won’t be able to fight crime online.
First of all, the wording used by such people is simply patronizing. Second of all, what they are describing is technologically impossible. What is being proposed here is banning effective encryption and weakening existing encrypted technology. It’s a dangerous idea because people use encrypted technology every day. Whether that is accessing banking information, sending encrypted technology, logging in to an account, accessing a website in general (HTTPS), or accessing a secure network through a VPN, encryption is a critical aspect of our daily online lives.
Additionally, the argument that crime would become impossible to stop is completely ridiculous. Law enforcement have been able to crack people’s accounts and manufacturers have been all too happy to hand over the encryption keys whenever, say, law enforcement is trying to access a cell phone. The existence of encryption only means an extra step in the process as opposed to making crime fighting an impossible task.
Yet, for opponents of security and encryption, these are just “excuses” and all “they” need to do is nerd harder. After all, the people who built the platforms or manufactured the cell phones are smart, why not just perform some magical typing to make the “back door for good guys only” a reality? Again, that circles back to asking the impossible because all you are doing is weakening the encryption. If a weakness in the encryption exists, it can be found by unauthorized third parties sooner or later, plain and simple. Of course, the ignorant will simply roll their eyes and insist that it’s possible because if they can imagine it, then it can be made a reality.
So, in some cases, apparently, back doors were built into some forms of encryption anyway. This is often known as “lawful access”. Anyone with any real knowledge in security will know that this is a recipe for disaster. Sooner or later, this will blow up in their faces – and blow up in their faces is precisely what happened. Reports are surfacing that the Chinese government has had access to the back door installed in AT&T/Verizon for an unknown period of time. From TechDirt:
Leaving aside the fact that it’s not even that much like wiretapping phones, this story should be thrown back in the faces of all of law enforcement folks believing that backdooring “lawful access” into encryption is nothing to worry about. Chinese hackers have apparently had access to the major US wiretapping system “for months or longer.”
A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers, potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests.
For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk. The attackers also had access to other tranches of more generic internet traffic, they said.
According to the reporting, the hackers, known as “Salt Typhoon,” a known Chinese state-sponsored hacking effort, were able to breach the networks of telco giants Verizon and AT&T.
The Wall Street Journal says that officials are freaking out about this, saying that the “widespread compromise is considered a potentially catastrophic security breach.”
Here’s the thing: whenever you set up a system that allows law enforcement to spy on private communications, it’s going to become a massive target for all sorts of sophisticated players, from organized crime to nation states. So, this shouldn’t be a huge surprise.
But it should also make it clear why backdoors to encryption should never, ever be considered a rational decision. Supporters say it’s necessary for law enforcement to get access to certain information, but as we keep seeing, law enforcement has more ways than ever to get access to all sorts of information useful for solving crimes.
Putting backdoors into encryption, though, makes us all less safe. It opens up so many private communications to the risk of hackers getting in and accessing them.
And again, for all the times that law enforcement has argued for backdoors to encryption being just like wiretaps, it seems like this paragraph should destroy that argument forever.
The surveillance systems believed to be at issue are used to cooperate with requests for domestic information related to criminal and national security investigations. Under federal law, telecommunications and broadband companies must allow authorities to intercept electronic information pursuant to a court order. It couldn’t be determined if systems that support foreign intelligence surveillance were also vulnerable in the breach.
Observers and experts alike (as well as people like us) have long warned that this was going to happen if you start installing back doors into everything. As it turns out, we were all ignored and the situation blew up in precisely the manner that we had warned about.
The same thought that entered Mike Masnick’s mind also popped into mine as well. For all the hand wringing about how TikTok was some sort of Chinese mind controlling machine, it seems that the real threat was found much closer to home with America’s own cell phone networks. Even if TikTok is being used as some nefarious spy machine, it’s kind of worthless when the Chinese government could directly access the cell phone networks and monitor internet traffic directly instead.
The situation here is entirely self inflicted. The logical response to all of this is that the back doors get shut down permanently and law enforcement focuses in on other tools available to them. Unfortunately, since we’re dealing with illogical people, it’s very likely that the response will be how they just need to double down and make back doors ultra double secret so no one finds it. Again, that’s an impossible task just like it was the first time they tried it, but it’ll be an open question of how many times this thinking will burn authorities (and the rest of the population for that matter) before the lesson is learned. The hand has met the stove, and the stove is hot. Will this be the last time the hand gets burned or will it take multiple burns before the lesson is finally learned? Only time will tell on that one.
