Chinese Government Hackers Compromise ‘Back Door for the Good Guys’ in U.S. Communication Networks
Sarah Krouse, Dustin Volz, Aruna Viswanatha, and Robert McMillan, reporting for The Wall Street Journal:
For months or longer, the hackers might have held access to
network infrastructure used to cooperate with lawful U.S. requests
for communications data, according to people familiar with the
matter, which amounts to a major national security risk. The
attackers also had access to other tranches of more generic
internet traffic, they said. Verizon Communications, AT&T and
Lumen Technologies are among the companies whose networks were
breached by the recently discovered intrusion, the people said.
The widespread compromise is considered a potentially catastrophic
security breach and was carried out by a sophisticated Chinese
hacking group dubbed Salt Typhoon. It appeared to be geared toward
intelligence collection, the people said. […]
The surveillance systems believed to be at issue are used to
cooperate with requests for domestic information related to
criminal and national security investigations. Under federal law,
telecommunications and broadband companies must allow authorities
to intercept electronic information pursuant to a court order. It
couldn’t be determined if systems that support foreign
intelligence surveillance were also vulnerable in the breach.
This incident should henceforth be the canonical example when arguing against “back doors for the good guys” in any networks or protocols. It’s not fair to say that all back doors will, with certainty, eventually be compromised, but the more sensitive and valuable the communications, the more likely it is that they will. And this one was incredibly sensitive and valuable. There are downsides to the inability of law enforcement to easily intercept end-to-end encrypted communication, but the potential downsides of back doors are far worse. Law enforcement is supposed to be hard work.
We should rightfully blame China first for this attack — and the U.S. government ought to start treating such attacks by China as the second Cold War that it is — but secondary blame must go to Congress for passing the Communications Assistance for Law Enforcement Act (CALEA) in 1994, and to the FCC for broadening its interpretation a decade later. Verizon, AT&T, and the other companies whose networks were breached were — and remain — required by law to provide the back doors that the Chinese hackers exploited.
★
Sarah Krouse, Dustin Volz, Aruna Viswanatha, and Robert McMillan, reporting for The Wall Street Journal:
For months or longer, the hackers might have held access to
network infrastructure used to cooperate with lawful U.S. requests
for communications data, according to people familiar with the
matter, which amounts to a major national security risk. The
attackers also had access to other tranches of more generic
internet traffic, they said. Verizon Communications, AT&T and
Lumen Technologies are among the companies whose networks were
breached by the recently discovered intrusion, the people said.
The widespread compromise is considered a potentially catastrophic
security breach and was carried out by a sophisticated Chinese
hacking group dubbed Salt Typhoon. It appeared to be geared toward
intelligence collection, the people said. […]
The surveillance systems believed to be at issue are used to
cooperate with requests for domestic information related to
criminal and national security investigations. Under federal law,
telecommunications and broadband companies must allow authorities
to intercept electronic information pursuant to a court order. It
couldn’t be determined if systems that support foreign
intelligence surveillance were also vulnerable in the breach.
This incident should henceforth be the canonical example when arguing against “back doors for the good guys” in any networks or protocols. It’s not fair to say that all back doors will, with certainty, eventually be compromised, but the more sensitive and valuable the communications, the more likely it is that they will. And this one was incredibly sensitive and valuable. There are downsides to the inability of law enforcement to easily intercept end-to-end encrypted communication, but the potential downsides of back doors are far worse. Law enforcement is supposed to be hard work.
We should rightfully blame China first for this attack — and the U.S. government ought to start treating such attacks by China as the second Cold War that it is — but secondary blame must go to Congress for passing the Communications Assistance for Law Enforcement Act (CALEA) in 1994, and to the FCC for broadening its interpretation a decade later. Verizon, AT&T, and the other companies whose networks were breached were — and remain — required by law to provide the back doors that the Chinese hackers exploited.