This is a cache of https://news.slashdot.org/story/24/12/03/2159242/telcos-struggle-to-boot-chinese-hackers-from-networks. It is a snapshot of the page at 2024-12-04T01:15:44.746+0000.
Telcos Struggle To Boot Chinese Hackers From Networks - Slashdot

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
United States Security

Telcos Struggle To Boot Chinese Hackers From Networks (axios.com) 29

China-linked spies are still lurking inside U.S. telecommunications networks roughly six months after American officials started investigating the intrusions, senior officials told reporters Tuesday. From a report: This is the first time U.S. officials have confirmed reports that Salt Typhoon hackers still have access to critical infrastructure -- and they're proving difficult to kick out. Officials added that they don't yet know the full scope of the intrusions, despite starting the investigation in late spring.

The Cybersecurity and Infrastructure Security Agency and FBI released guidance Tuesday for the communications sector to harden their networks against Chinese state-sponsored hackers. The guide includes basic steps like maintaining logs of activity on the network, keeping an inventory of all devices in the telecom's environment and changing any default equipment passwords. The hack has given Salt Typhoon unprecedented access to records from U.S. telecommunications networks about who Americans are communicating with, a senior FBI official told reporters during a briefing.

Telcos Struggle To Boot Chinese Hackers From Networks

Comments Filter:
  • lawful access (Score:5, Insightful)

    by awwshit ( 6214476 ) on Tuesday December 03, 2024 @05:21PM (#64988721)

    National embarrassment.

    • What are you referring to, there are no public details on which providers were compromised or how. People are straight up imagining some nefarious intentional security backdoor for law enforcement that doesn't exist because that's not how anything works, not for law enforcement, not for intelligence gathering, etc.

      For one, your idea presupposes that telecoms networks are otherwise impenetrable. Until we know more, that's fucking retarded, frankly.

  • ... includes basic steps ...

    If all surveillance has to be approved by a central office, the system is reasonably protected. If the password is shared with entire police departments so automated mass surveillance can continue, nothing has changed.

    While a central office prevents automated mass surveillance, the basic problem remains: Anyone can say "I'm a cop, this is urgent: Tell me about phone number X". One cyber-intruder can do that 1,000 times a month, and after 6 months, he's got information on all senior bureaucrats and mil

    • ... includes basic steps ...

      If all surveillance has to be approved by a central office, the system is reasonably protected. If the password is shared with entire police departments so automated mass surveillance can continue, nothing has changed.

      While a central office prevents automated mass surveillance, the basic problem remains: Anyone can say "I'm a cop, this is urgent: Tell me about phone number X". One cyber-intruder can do that 1,000 times a month, and after 6 months, he's got information on all senior bureaucrats and military personnel in the USA.

      The problem - IMHO - isn't access. It's that the data is gathered in the first place. Maybe a cop gets impersonated. Or a department phished. Or a server hacked.

      It doesn't matter how, it only matters that the data exists to be accessed. I get it... it's juicy. Knowing who a suspect interacted with, and where they went is very, very attractive to law enforcement. Knowing where a missing child's phone was last seen is useful. Understanding who was around a terrorist event sounds great.

      But to viola

  • Must be a change in chromium but I see lots of ads on slashdot now, even with the Disable Ads box checked.

    These ads slow down the site substantially and hurt the site.

    Frankly, the Temu ads are creepy. I'm not sure what they are selling exactly, AI pictures of school girls? What fucking creepers buy that shit? Why am I seeing this?

    Seeing ads in one thing, seeing ads that have some inappropriate angle is just creepy and weird. Slashdot has always been a bit weird and troll-y, but never lecherous.

    Hey slashdot,

    • by ukoda ( 537183 )
      Chromium is built on the Chrome code base. Chrome is developed by Google, the worlds biggest add platform. No point in complaining to Slashdot, they just feed ads from Google the same as everyone else. If you want to browse with the minimum of ads use Firefox with the UBlock Origin add on, or a similar combo from a company that does not make its income from ads.
    • by Tablizer ( 95088 )

      AI pictures of school girls? What fucking creepers buy that shit?

      They are recruitment ads for Donald's New and Improved Lout-Swamp.

      -5 Political Troll

    • Yup, they changed something so Slashdot is all ad based now apparently, regardless of "disabled ads". No announcement about this though... It's probably your typical third party ad broker service, where you can't curate what's shown on your own site.

      And it's on Firefox as well, it's not Chrome.

      I agree, Temu is weird. It's nice that if there is anything good about AI it gets corrupted by generating provocative Anime pictures.

      • If it was obviously meant to be Anime I wouldn't complain. These Temu ads are showing some obviously AI generated pictures but approaching the uncanny valley.

        I think my original point stands, no one is buying from these ads, and thus the ads provide no benefit. I'm fine if Temu throws its money away on bad generated ads, but I'm not fine seeing them.

        • Oh, it's not necessarily Temu doing this, or Slashdot. It's the middle man making the money, promising tons of views to one party and revenue to the other party.

          Advertising isn't really a science, despite it being in high tech, in that you can't directly correlate advertising costs to increased revenue or gauge how effective advertising on Slashdot really is. It's very likely many companies are overpaying on their ads. In the early dotcom this was definitely true, as costs per view on the internet were t

    • If you block them at the network level by DNS blackhole for known ad networks, there isn't a damn thing Slashdot or the browser can do about it.

      I see no ads here, running an AdGuard Home docker container as a DNS proxy.

    • Disabling javascript for slasdot.org seems to have helped. Trying to send their ad networks to 127.0.0.1 broke the site completely.

  • The hack has given Salt Typhoon unprecedented access to records from U.S. telecommunications networks about who Americans are communicating with

    I hope China is really enjoying knowing when my partner gets off work, and how we're sometimes indecisive about what we're having for dinner. Truly, a great cause for national security concern. /s

    • by Tablizer ( 95088 )

      I hope China is enjoying knowing when my partner gets off...

      This is the Great President Xi. I know you two like to boink each other with cold bacon on your love-parts, and if you don't call the 'Lago Tribble Top and tell him to stop with his foolish tariffs, the whole world will know about your bacon fetish! You've been warned, Dear American."

      • Dear president Pooh,

        I hope the whole oppressive regime thing is going well and this message finds you in good health. While I can certainly sympathize with your concerns, unfortunately my social credit score is too low for my grievances to be acknowledged by my county's leadership. Perhaps you would have success with a person of greater influence, such as Leon Musk. I believe he presently has business relations with your county's manufacturing sectors, so you should already have his contact information.

        Mu

  • Why does slashdot pretend china, russia, iran and north korea are the only hackers?

    We know that WE are ALL affected more by Israeli hackers and those they sell their products to.

  • ...a free reminder that our car's extended warranty is about to expire. Such nice people.

  • That's what you get for booting very secure Huawei hardware and replace it with nsa/cia backdoored US hardware, it's so easy for most hackers to also use those backdoors.
  • by whoever57 ( 658626 ) on Tuesday December 03, 2024 @05:44PM (#64988815) Journal

    A couple of my webservers are currently under attack from a very dumb bot.

    My daily log analysis showed a large number of ssh login attempts from a couple of Chinese /24 networks. The bot is very dumb because I set some rules to drop all packets from those /24 blocks (they were already rate-limited by fail2ban), but the bots continue the attack.

  • No fix (Score:5, Insightful)

    by ukoda ( 537183 ) on Tuesday December 03, 2024 @05:52PM (#64988843) Homepage
    They will never be able to fix this until they give up on the idea that a backdoor can exist that only the good guys can use.
  • by UncleScidhuv ( 7657782 ) on Tuesday December 03, 2024 @06:52PM (#64988919)
    The problem with these systems is rarely a backdoor. It is rarely an insecure password. It is the people who are either incompetent or are compromised. It sure is nice to get some cash deposited to your bank account instead of having to work for close to minimum wage for horrible overlords. It used to be a requirement to have skills and knowledge to work on these networks. Now whomever we can pay the least wins! You get what you pay for.
  • How about we tun off the back doors so no one has access?

"In the fight between you and the world, back the world." --Frank Zappa

Working...