Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
United States Security

Telcos Struggle To Boot Chinese Hackers From Networks (axios.com) 49

China-linked spies are still lurking inside U.S. telecommunications networks roughly six months after American officials started investigating the intrusions, senior officials told reporters Tuesday. From a report: This is the first time U.S. officials have confirmed reports that Salt Typhoon hackers still have access to critical infrastructure -- and they're proving difficult to kick out. Officials added that they don't yet know the full scope of the intrusions, despite starting the investigation in late spring.

The Cybersecurity and Infrastructure Security Agency and FBI released guidance Tuesday for the communications sector to harden their networks against Chinese state-sponsored hackers. The guide includes basic steps like maintaining logs of activity on the network, keeping an inventory of all devices in the telecom's environment and changing any default equipment passwords. The hack has given Salt Typhoon unprecedented access to records from U.S. telecommunications networks about who Americans are communicating with, a senior FBI official told reporters during a briefing.

Telcos Struggle To Boot Chinese Hackers From Networks

Comments Filter:
  • lawful access (Score:5, Insightful)

    by awwshit ( 6214476 ) on Tuesday December 03, 2024 @05:21PM (#64988721)

    National embarrassment.

    • What are you referring to, there are no public details on which providers were compromised or how. People are straight up imagining some nefarious intentional security backdoor for law enforcement that doesn't exist because that's not how anything works, not for law enforcement, not for intelligence gathering, etc.

      For one, your idea presupposes that telecoms networks are otherwise impenetrable. Until we know more, that's fucking retarded, frankly.

      • by 1s44c ( 552956 )

        There are racks of government spying equipment wired to every phone exchange in the US. They have access to everything. People who work in telecoms are not even publicly allowed to admit this equipment exists.

        Anyway it's setup and managed by government spooks who don't know what they are doing and rely on threats to keep it protected. Those threats don't work on people physically located in uncooperative countries.

  • ... includes basic steps ...

    If all surveillance has to be approved by a central office, the system is reasonably protected. If the password is shared with entire police departments so automated mass surveillance can continue, nothing has changed.

    While a central office prevents automated mass surveillance, the basic problem remains: Anyone can say "I'm a cop, this is urgent: Tell me about phone number X". One cyber-intruder can do that 1,000 times a month, and after 6 months, he's got information on all senior bureaucrats and mil

    • ... includes basic steps ...

      If all surveillance has to be approved by a central office, the system is reasonably protected. If the password is shared with entire police departments so automated mass surveillance can continue, nothing has changed.

      While a central office prevents automated mass surveillance, the basic problem remains: Anyone can say "I'm a cop, this is urgent: Tell me about phone number X". One cyber-intruder can do that 1,000 times a month, and after 6 months, he's got information on all senior bureaucrats and military personnel in the USA.

      The problem - IMHO - isn't access. It's that the data is gathered in the first place. Maybe a cop gets impersonated. Or a department phished. Or a server hacked.

      It doesn't matter how, it only matters that the data exists to be accessed. I get it... it's juicy. Knowing who a suspect interacted with, and where they went is very, very attractive to law enforcement. Knowing where a missing child's phone was last seen is useful. Understanding who was around a terrorist event sounds great.

      But to viola

      • That assumes the goal is "proper" law enforcement. Which is a Big mistake. The real goal is to monitor the terrorists calling themselves "Americans" who don't have a 7+ digit income and a security clearance to enter the White House / Congress.
  • slasdot ads (Score:1, Offtopic)

    by awwshit ( 6214476 )

    Must be a change in chromium but I see lots of ads on slashdot now, even with the Disable Ads box checked.

    These ads slow down the site substantially and hurt the site.

    Frankly, the Temu ads are creepy. I'm not sure what they are selling exactly, AI pictures of school girls? What fucking creepers buy that shit? Why am I seeing this?

    Seeing ads in one thing, seeing ads that have some inappropriate angle is just creepy and weird. Slashdot has always been a bit weird and troll-y, but never lecherous.

    Hey slashdot,

    • by ukoda ( 537183 )
      Chromium is built on the Chrome code base. Chrome is developed by Google, the worlds biggest add platform. No point in complaining to Slashdot, they just feed ads from Google the same as everyone else. If you want to browse with the minimum of ads use Firefox with the UBlock Origin add on, or a similar combo from a company that does not make its income from ads.
    • by Tablizer ( 95088 )

      AI pictures of school girls? What fucking creepers buy that shit?

      They are recruitment ads for Donald's New and Improved Lout-Swamp.

      -5 Political Troll

    • Yup, they changed something so Slashdot is all ad based now apparently, regardless of "disabled ads". No announcement about this though... It's probably your typical third party ad broker service, where you can't curate what's shown on your own site.

      And it's on Firefox as well, it's not Chrome.

      I agree, Temu is weird. It's nice that if there is anything good about AI it gets corrupted by generating provocative Anime pictures.

      • If it was obviously meant to be Anime I wouldn't complain. These Temu ads are showing some obviously AI generated pictures but approaching the uncanny valley.

        I think my original point stands, no one is buying from these ads, and thus the ads provide no benefit. I'm fine if Temu throws its money away on bad generated ads, but I'm not fine seeing them.

        • Oh, it's not necessarily Temu doing this, or Slashdot. It's the middle man making the money, promising tons of views to one party and revenue to the other party.

          Advertising isn't really a science, despite it being in high tech, in that you can't directly correlate advertising costs to increased revenue or gauge how effective advertising on Slashdot really is. It's very likely many companies are overpaying on their ads. In the early dotcom this was definitely true, as costs per view on the internet were t

        • I think my original point stands, no one is buying from these ads, and thus the ads provide no benefit.

          I don't know what makes you so confident about that.

          The for-profit entities with concrete data on the ad cost, clickthrough numbers, and sale conversion rates can trivially assess whether a given ad is cost effective, and they're choosing to spend more money on them. I don't have any reason to believe they're behaving an in economically irrational manner and knowingly throwing away money.

      • The number of entries reported by NoScript in Firefox doubled or tripled. I had to do some experimental enabling to figure out what would un-break the "new" site.
        • It tried fiddling with the scripts, but the only thing that disabled the ads was to disable slashdot.org or fsdn.com. Which then disables most things in slashdot... There are only 4 scripts that were set to non-default. Adblock has a way to disable specific elements, but each ad seems to have a different name and no obvious wildcarding...

          (ie, "news.slashdot.org/story/24/12/03/2159242/telcos-struggle-to-boot-chinese-hackers-from-networks?utm_source=rss1.0mainlinkanon&utm_medium=feed")

    • If you block them at the network level by DNS blackhole for known ad networks, there isn't a damn thing Slashdot or the browser can do about it.

      I see no ads here, running an AdGuard Home docker container as a DNS proxy.

    • Disabling javascript for slasdot.org seems to have helped. Trying to send their ad networks to 127.0.0.1 broke the site completely.

    • by kackle ( 910159 )
      I had to uninstall and reinstall uBlock Origin in Firefox.
  • The hack has given Salt Typhoon unprecedented access to records from U.S. telecommunications networks about who Americans are communicating with

    I hope China is really enjoying knowing when my partner gets off work, and how we're sometimes indecisive about what we're having for dinner. Truly, a great cause for national security concern. /s

    • Re: (Score:2, Troll)

      by Tablizer ( 95088 )

      I hope China is enjoying knowing when my partner gets off...

      This is the Great President Xi. I know you two like to boink each other with cold bacon on your love-parts, and if you don't call the 'Lago Tribble Top and tell him to stop with his foolish tariffs, the whole world will know about your bacon fetish! You've been warned, Dear American."

      • Re: (Score:3, Funny)

        by Powercntrl ( 458442 )

        Dear president Pooh,

        I hope the whole oppressive regime thing is going well and this message finds you in good health. While I can certainly sympathize with your concerns, unfortunately my social credit score is too low for my grievances to be acknowledged by my county's leadership. Perhaps you would have success with a person of greater influence, such as Leon Musk. I believe he presently has business relations with your county's manufacturing sectors, so you should already have his contact information.

        Mu

    • by cmseagle ( 1195671 ) on Wednesday December 04, 2024 @10:01AM (#64990211)

      I expect the real world concern is that the Chinese notice that some engineer at Lockheed is making a lot of out-of-hours calls to a young woman that's not his wife, and decide to ask for "favors" to keep that observation quiet.

      Given the nature of the Slashdot audience, I imagine there are at least a handful of people of reading this with access to critical systems, who could do some damage if extorted by telecom-derived kompromat.

  • Why does slashdot pretend china, russia, iran and north korea are the only hackers?

    We know that WE are ALL affected more by Israeli hackers and those they sell their products to.

    • Re: (Score:1, Troll)

      by Tablizer ( 95088 )

      But Israel knows how to kiss up to US evangelicals, so we turn a blind eye to them.

  • ...a free reminder that our car's extended warranty is about to expire. Such nice people.

  • That's what you get for booting very secure Huawei hardware and replace it with nsa/cia backdoored US hardware, it's so easy for most hackers to also use those backdoors.
  • by whoever57 ( 658626 ) on Tuesday December 03, 2024 @05:44PM (#64988815) Journal

    A couple of my webservers are currently under attack from a very dumb bot.

    My daily log analysis showed a large number of ssh login attempts from a couple of Chinese /24 networks. The bot is very dumb because I set some rules to drop all packets from those /24 blocks (they were already rate-limited by fail2ban), but the bots continue the attack.

    • by Tablizer ( 95088 )

      Redirect them to a honeypot and mess with them!

    • One month I had over 50,000 login attempts from a single address in China. That finally drove me to install sshguard.

      • I've been getting a crapload of pings from China on my little server. Tens of thousands per day of tcp connect requests that don't get finalized. I've got numerous /8 /9, /10, /11, /12 level blocks on china assigned IP's. The attacks wax and wane over the course of a week or so. I'd be good if a trawler accidentally ran over some cables from China. I've always blocked ssh down to accept a very small IP range that I know I'm going to be in and block everything else.
  • No fix (Score:5, Insightful)

    by ukoda ( 537183 ) on Tuesday December 03, 2024 @05:52PM (#64988843) Homepage
    They will never be able to fix this until they give up on the idea that a backdoor can exist that only the good guys can use.
  • The problem with these systems is rarely a backdoor. It is rarely an insecure password. It is the people who are either incompetent or are compromised. It sure is nice to get some cash deposited to your bank account instead of having to work for close to minimum wage for horrible overlords. It used to be a requirement to have skills and knowledge to work on these networks. Now whomever we can pay the least wins! You get what you pay for.
  • How about we tun off the back doors so no one has access?
    • But then they'd have difficulty feigning incompetence while continuing to illegally sell my data to my enemies.

  • Either the FBI's advice is completely useless ... or our nation's telco infrastructure is being run in an ad hoc manner by incompetent companies who are not yet operationally CMMC level 1. If the FBI's advice is pertinent then they are failing to implement Level 1 practices. https://dodcio.defense.gov/Por... [defense.gov]

Remember: Silly is a state of Mind, Stupid is a way of Life. -- Dave Butler

Working...