US Officials Urge Americans to Use Encrypted Apps Amid Unprecedented Cyberattack

An anonymous reader shared this report from NBC News: Amid an unprecedented cyberattack on telecommunications companies such as AT&T and Verizon, U.S. officials have recommended that Americans use encrypted messaging apps to ensure their communications stay hidden from foreign hackers...

In the call Tuesday, two officials — a senior FBI official who asked not to be named and Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency — both recommended using encrypted messaging apps to Americans who want to minimize the chances of China's intercepting their communications. "Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it's on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible," Greene said. The FBI official said, "People looking to further protect their mobile device communications would benefit from considering using a cellphone that automatically receives timely operating system updates, responsibly managed encryption and phishing resistant" multi-factor authentication for email, social media and collaboration tool accounts...

The FBI and other federal law enforcement agencies have a complicated relationship with encryption technology, historically advocating against full end-to-end encryption that does not allow law enforcement access to digital material even with warrants. But the FBI has also supported forms of encryption that do allow some law enforcement access in certain circumstances.
Officials said the breach seems to include some live calls of specfic targets and also call records (showing numbers called and when). "The hackers focused on records around the Washington, D.C., area, and the FBI does not plan to alert people whose phone metadata was accessed."

"The scope of the telecom compromise is so significant, Greene said, that it was 'impossible" for the agencies "to predict a time frame on when we'll have full eviction.'"

Morons

[gweihir]

Experts have told you for frigging _decades_ that a backdoor or weakened encryption or any other form of "lawful" interception _will_ be used by criminal attackers and spies. Did you listen? No. This is 100% on you that you wanted those backdoors and you have no excuses.

Re:Morons

[AleRunner]

It's worse than that. They listened and they knowingly chose their priorities. They directly lied about this and tried to undermine and damage the credibility of those experts. They took Phil Zimmerman to court over this type of thing [wikipedia.org]. This is something that NIST, which is a government agency, explicitly warned against and attempted to avoid and then was forced into accepting in their security standards. This is something that legislators have brought up every time that people have attempted to force through legislation limiting access to cryptography. This is something that has been repeatedly discussed when talking about government handling of unpublished exploits. Many of these people, primarily in the NSA and in GCHQ are the experts. Some of the stood up, said what had to happen and were rejected. Many of them knew and consented to things which they were fully aware were building up security risks for us in future. Of course, some of this discussion took place in private, and for sure individuals shouldn't be judged without us getting into details of what they said to who and what pressure they were under, but when we see the private data that we know China has been capturing and the uses it can be put to, we know already that our security establishment has failed to do it's job.

Re:

[gweihir]

Indeed. So desperately desiring to spy on the very people they are tasked to protect, that they willingly and knowingly weakened protections against other spies massively. I call that treason.

Re: Morons

[50000BTU_barbecue]

The Clipper Chip.

Are there any "encrypted" apps?

[UBfusion]

Please provide some examples so that all may benefit...

Don't trust Whatsapp

[echo123]

Please provide some examples so that all may benefit...

By hacking Whatsapp [cnn.com], Saudi Arabia's Crown Prince Mohammad Bone Saw (MBS) was able to chop Jamal Koshoggi into little tiny pieces.

Re: Don't trust Whatsapp

[madbrain]

I think the word you were looking for was hack, not chop.

Re:

[drinkypoo]

First you hack, then you whack

First you chop, then you mop.

Business as usual for the nation which murders the second-most journalists in the world on the regular.

Now gee, who's #1 at that?

Re:Don't trust Whatsapp

[thegarbz]

Nice link, and one that shows WhatsApp wasn't hacked. The end device in question was. The encrypted status of the messaging service has nothing to do with what is going on in your story, other than they may not have needed to compromise the device if he used a plain text chat instead.

Re:

[bill_mcgonigle]

CIA should take care of their agents better.

Why even get a marriage license? That's so authoritarian.

Re:

[VeryFluffyBunny]

Perhaps they mean Signal? Does the Swiss govt cooperate with the USA &/China on illegal telecoms interception?

Re:Are there any "encrypted" apps?

[echo123]

Please provide some examples so that all may benefit...

With Threats to Encryption Looming, Signal's Meredith Whittaker Says 'We're Not Changing' [wired.com]

Signal Is More Than Encrypted Messaging. Under Meredith Whittaker, It's Out to Prove Surveillance Capitalism Wrong [wired.com]

Re: Are there any "encrypted" apps?

[EmagGeek]

There are none, sorry.

Re:

[jonwil]

https://jami.net/ [jami.net] seems like a good option for end-to-end encrypted messaging. Fully free and open source. Strong (and well tested) cryptography and cryptographic libraries. Available on all the major platforms. Uses a peer-to-peer connection so there is no central servers and you never have to give anyone personal information (no need to share your phone number unlike Signal).

I have no connection to the project other than thinking its a great piece of software and that the people who point to things like S

The world is ending

[NotEmmanuelGoldstein]

... recommended using encrypted messaging ...

In other news, the devil is enjoying Christmas by having his first snowball-fight.

Re:

[Iamthecheese]

If they're pushing encryption you can bet your nuts they feel confident in having some way around it.

Officials who pushed for the weakened security?

[misnohmer]

Are those the same officials who pushed hard to put in the back doors the hackers used, despite security experts (or anyone with a clue about security) telling them it would happen? They really ought to be fired for creating this mess in the first place, and definitely not trusted to even suggest any kind of security policy for the country. Maybe I missed something, did Biden administration do something good in this arena towards the end? Did they fire them all and replace them with people who actually understand cybersecurity?

Re:

[bill_mcgonigle]

They don't face any direct consequences for their actions so they will continue to demand impossible and contradictory outcomes.

"Impossible"

[thegarbz]

The criminals in Europe along with the group behind Encrochat, SkyECC, and as of this week Matrix https://www.dutchnews.nl/2024/... [dutchnews.nl] would take issue with that. ;-)

Re: "Impossible"

[GloryWacky]

Not to be confused with the Matrix protocol [wikipedia.org].

If enough people like me

[Papaspud]

don't care= read my communications all you want, there is nothing to see, what a waste of their time.

Re:If enough people like me

[codebase7]

There is always something to see, if there isn't it will be made.

The same rule that gets porn on the internet, is also used by government. (And in some cases both sides are invoked by government. Nothing like some planted CP to blackmail dissonant voices.)

Re:

[TractorBarry]

Time to bring out the old Cardinal Richelieu quote:

"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him".

Re: If enough people like me

[zawarski]

Agreed. If anything, I am a patriot for forcing them to waste so much time on my nonsense.

Contradictory

[tatroc]

I thought US officials want access to our messages? This seems contradictory to past messaging from officials.

Re:

[drinkypoo]

I thought US officials want access to our messages? This seems contradictory to past messaging from officials.

Assume your devices are back doored. You are not permitted to know what code is running on your baseband processor.

Re:

[Big Hairy Gorilla]

so, if your baseband processor is compromised... in your opinion, how does that impact the security/privacy of full disk encryption or over the wire encryption like wireguard?

My take on privacy is that 99% of the problem is that Joe Average uses apps like Whatsapp, then when they hear that it's compromised, they move to another app that's got the same problems. Like Joe Conspiracy who moved to Discord, because FOR SURE you can trust that other app... ie. people move from one compromised app to another. Same

Re:

[drinkypoo]

so, if your baseband processor is compromised... in your opinion, how does that impact the security/privacy of full disk encryption or over the wire encryption like wireguard?

It means that they could be inspecting the information when it is in memory before/after it is decrypted.

Whatsappis crap.So is "going dark"

[gavron]

The US "law enforement community" (read "crooked pieces of shit who want to abuse your rights)
regularly WHINE about "going dark."

There used to be the ability to detect crimd and work around it but today's LAZY COPS just want to
break into your cellphone. To prevent that from being oh so difficult they call encryption "going dark"
and they want Apple and Google to stop that bad stuff.

ENCRYPTION IS CRITICAL to keepin our data from the criminals. See OP.

FUCK the FBI's whining about going dark
FUCK LEOs who whine about "having to break encryption" because they can't do their fucking job.
GOOD JOB on Senator Ron Wyden who has pushed for useful encryption for decades.
GOOD JOB on Techdirt.com who has pushed for useful encryption for decades.

Sorry, What'sapp. You "use" the SIgnal protocol... badly. Die quickly.
And Signal, you could do better to educate. Take up the mantle, babes.

And all those data are probably for sale in China

[jbmartin6]

Given how effectively open access is to the Chinese government's accumulated data on Chinese citizens is [wired.com], I wonder if all the data lifted from US sources is in the same data pipeline.

Good open source encrypted messenger

[mprindle]

For those looking for a good messenger not owned by one of the big 5, take a look at Signal. Its Open source and fully end to end encrypted including the metadata. https://signal.org/ [signal.org]

Re:

[Big Hairy Gorilla]

I've reluctantly become a tinfoil hatter over the years. I think Signal may be playing games too. Check out the size of the commercial binaries vs the Foss versions. Commercial versions include google blobs for GPS location and payments, of course, we need money. They reach out and touch you, everytime you connect to their servers. Do they need that information? You could create a pretty valuable database of every top criminal, politician, and conspiracy nut with GPS locations correlated to phone numbers...

Re:

[kwelch007]

"They" can do all of those things without Signal. Signal E-to-E's the messages and metadata using well known cryptographic algorithms (see Kerchoff's Principal.) It does not secure the phone or anything else. A compromised phone could simply screenshot the Signal app. So the insecure part is the phone, not the Signal protocol.

I agree that it would be good to inspect the source (or build yourself) of the client you and your contacts use, but that's not a reasonable expectation for most, and hard on syste

Re:

[Big Hairy Gorilla]

can you offer an opinion on XMPP ? As a tinfoil hatter, it's a foregone conclusion that Apple won't allow you to do it your way. However do you think the same applies to Android, which we see as an open ecosystem .. I'm talking about base Android/AOSP, not commercial versions like the horrors of Samsung.

I was not pleased to see there was considerable difference in the binaries of Conversations commercial version vs. whatever is on Github.. like 20mb vs 5mb binary file size... groan... more work.. i haven't

Only one sure way to be secure

[602]

I'm using one-time pads for all my comms.

Monty Python's sacking quote applies here

[hwstar]

We apologise for the fault in the subtitles. Those responsible have been sacked.
.
.
.
We apologise again for the fault in the subtitles. Those responsible for sacking the people who have just been sacked have been sacked.
.
.
.
The directors of the firm hired to continue the credits after the other people had been sacked, wish it to be known that they have just been sacked. The credits have been completed in an entirely different style at great expense and at the last minute.

Replace subtitles with "security of the