Many years ago I wrote a functional spec for lawful intercept in a 3G data node. It was based on a spec for a different product, so it contained a lot of institutional knowledge of how lawful intercept works.
A key element of the design of lawful intercept is not to trust the company running the network. Otherwise employees of that company would become targets for organized crime influence, among what are probably a few other considerations. The network operator isn't told about intercepts, and the relatively low rate of traffic intercept, the node has to support up to 3% of traffic intercepted, at least that was the spec at the time, makes it relatively easy for that traffic to be hidden from network management tools. It's not supposed to show up in your logs or network management reporting.
Intercepts originate on LI consoles operated by law enforcement agencies. This sounds pretty good so far. Until a hacker breaks into an LI console. Now that hacker can acquire traffic with pinpoint accuracy, undetected by design.
I have always been skeptical of claims that network operators have eliminated salt typhoon from their networks. I do not believe they know when the exploit began. Nor can they tell if their networks are truly free of salt typhoon activity. There are multiple vendors of LI console software. It's a standardized interoperable protocol to set up intercepts. So there's no one neck to wring.
I worked in/with network ops at a big US telco. Some of the engineers have ideas on which nodes have these intercepts (and what they are) based on the call flows they monitor and the level of access they have to troubleshoot problems further. I can’t guess the details further since that wasn’t my domain, but that part of opsec wasn’t fully hidden.
These companies were required by the government to have lawful intercept capability. A bad actor took advantage of that government-required backdoor, and now the government has the shamelessness to grandstand about privacy and security? We need to elect better people.
I've worked as a security consultant with one or two companies (who shall remain nameless) whose sole product was a hardware device with a black-box software stack meant to be a plug-and-play lawful intercept compliance solution. Telecoms should be able to buy it, install it, and access a web panel to do their government-mandated business.
In the three or four year I worked with them, they would only let me do penetration testing of their user network, and never the segments where the developers were, and never the product itself. In speaking with their security team (one guy - shocker) during compliance initiatives, it was very clear to me that the product itself was not to be touched per the explicit direction of senior leadership.
All I can say is that if the parts of their environment they did let us touch are any indication of the state of the rest of their assets, that device was compromised a long time ago.
I agree with you on electing better people, but this is largely a systematic problem with how government works:
1. Propose bill to solve a problem which is either minor or completely misunderstood by the person proposing the bill
2. Pass bill, don't solve original "problem," creates 15 new, actual problems
3. Run on fixing all the new problems they created (and some others that don't exist)
4. Repeat
The problem isn't the back door. Every telecom company in every country provides access for "lawful intercept". Phone taps have been a thing for decades and as far as I know, require a warrant.
The problem is that telecoms are very large, very complex environments, often with poor security controls. Investing in better controls is hard, time-consuming and expensive, and many telecoms are reluctant to do it. That's not great great since telcos are prime targets for nation state hackers as Salt Typhoon shows.
Hacking the lawful intercept systems is very brazen, but even if the hackers didn't don't go as far, and "only" gained control of normal telco stuff like call routing, numbering, billing, etc. it still would have been incredibly dangerous.
goomba fallacy. the government isn't one person with one position. i agree with you that the backdoor should never have been installed in the first place but accusing them of hypocrisy because a group of lawmakers passed a law a while ago and a different group of lawmakers want a report on what went wrong and why is silliness. It seems as though the person spearheading this effort, Senator Cantwell, is in fact one of the better people that you propose we should elect but here you are shitting on her for trying to shed light on the pitfalls of the very policy you seem to be against in the first place.
Not even that, they have CVE 10 from 2019 on their routers, which the hackers got root on then patched, so they wouldn't be kicked off by other hackers. All because IT upkeep wasn't done and hardening on Cisco devices is a distinct admin guide and not at all on by default. The days are long gone of qualified and careful network admins, now we just get the low-ball outsourced Cisco TAC and the like which DGAF
This was enabled by the Communications Assistance for Law Enforcement Act (CALEA), enacted in 1994. Congress made their bed, now they need to lie in. Time to remove the govt mandated backdoors.
I worked at Verizon almost 10 years ago, they hired a group come to come in and assess. Within 3-4 hours they pwned the entire place (including offices outside of the office we were in) through an unsecured windows jenkins machine/script console.
It's hilarious that the Chinese, plus a whole boat load of other countries, plus a bunch of individuals and groups, all have access to the communications spying system.
At this point the only person without access to it is you!
It blows my mind that some individuals have allowed politicians to put these systems in place to spy on everyone.
The only purpose for these spy devices is to collect blackmail and wait until the person either becomes either important or the government wants to do parallel construction on a court case.
There is absolutely no need for anyone to spy on another persons conversation. We have had encrypted messaging for many years and the world keeps turning.
They don't want their backdoors they allowed and buffoonery in securing/managing them exposed. This is only the wireless providers, now what about all the residential ISP's like Comcast, Cox, Charter, etc? They're even more incompetent usually, I've worked for enough to know.
A decent example of why implementing authoritarian policies is a bad strategy for the US; particularly coming from the current administration. We're only strengthening Chinese supremacy at this point and tearing the US apart in the process of trying to claw some back. We don't have what it takes to pull this shit off as well as China does. This is a failure at many levels: the uncoordinated surveillance, the gross lack of security, lack of skills, lack of knowledge, etc. and it extends to many aspects of American governance. Between the US putting significant traumatic pressure on its own citizens and companies doing mass layoffs in an increasingly unaffordable economy, this will push even more brain drain overseas, which only accelerates China's strengthening stance more.
If they simply implicated an "APT" in wrongdoing, they would have released it, as it would have been unremarkable and fit neatly within the Overton window of hissing-chinese spys justifying an even more expansive national security apparatus and general anti-sino sentiments among the ruling class in Washington.
This leads me to two possible, non-exclusive outcomes: the links to China are tenuous, and the attribution is flimsy (e.g., they accessed a machine at 9 am Beijing time!); or the report implicates the system itself as unauditable by design, which was bound to happen given the design of the intercept tools.
These reports would be useful for any other attacker interested in their infra, it’s obvious why the companies wouldn’t want to release them in this manner.
srsly doubt that these reports would ever be released publicly, but i'm curious if they might suggest that their recent high-profile extended outages are related to weaknesses that were easily exploited by bad actors.
I'll actually steelman against this; there's nothing to criticize them for. The US does the exact same thing and supports regimes around the world that perpetuate cyber-terror as a weapon of asymmetrical conflict. The US has to come to the table for negotiation or secure itself accordingly.
I have plenty of harsh words for China, but we know they and other countries are an ongoing threat so the criticism is why aren't we defending ourselves better?
Zigurd|20 days ago
A key element of the design of lawful intercept is not to trust the company running the network. Otherwise employees of that company would become targets for organized crime influence, among what are probably a few other considerations. The network operator isn't told about intercepts, and the relatively low rate of traffic intercept, the node has to support up to 3% of traffic intercepted, at least that was the spec at the time, makes it relatively easy for that traffic to be hidden from network management tools. It's not supposed to show up in your logs or network management reporting.
Intercepts originate on LI consoles operated by law enforcement agencies. This sounds pretty good so far. Until a hacker breaks into an LI console. Now that hacker can acquire traffic with pinpoint accuracy, undetected by design.
I have always been skeptical of claims that network operators have eliminated salt typhoon from their networks. I do not believe they know when the exploit began. Nor can they tell if their networks are truly free of salt typhoon activity. There are multiple vendors of LI console software. It's a standardized interoperable protocol to set up intercepts. So there's no one neck to wring.
SWv2|20 days ago
jtbayly|20 days ago
nickdothutton|20 days ago
ungreased0675|20 days ago
illithid0|20 days ago
In the three or four year I worked with them, they would only let me do penetration testing of their user network, and never the segments where the developers were, and never the product itself. In speaking with their security team (one guy - shocker) during compliance initiatives, it was very clear to me that the product itself was not to be touched per the explicit direction of senior leadership.
All I can say is that if the parts of their environment they did let us touch are any indication of the state of the rest of their assets, that device was compromised a long time ago.
SunshineTheCat|20 days ago
1. Propose bill to solve a problem which is either minor or completely misunderstood by the person proposing the bill 2. Pass bill, don't solve original "problem," creates 15 new, actual problems 3. Run on fixing all the new problems they created (and some others that don't exist) 4. Repeat
maltalex|20 days ago
The problem is that telecoms are very large, very complex environments, often with poor security controls. Investing in better controls is hard, time-consuming and expensive, and many telecoms are reluctant to do it. That's not great great since telcos are prime targets for nation state hackers as Salt Typhoon shows.
Hacking the lawful intercept systems is very brazen, but even if the hackers didn't don't go as far, and "only" gained control of normal telco stuff like call routing, numbering, billing, etc. it still would have been incredibly dangerous.
gruez|20 days ago
Where's "the government [... grandstanding] about privacy and security"? It's getting blocked by the companies, not the government.
>She said Mandiant refused to provide the requested network security assessments, apparently at the direction of AT&T and Verizon.
dmix|20 days ago
ratelimitsteve|18 days ago
hulitu|20 days ago
The better people do not put themselves to be elected.
downrightmike|20 days ago
briandw|20 days ago
bastardoperator|20 days ago
Ms-J|20 days ago
At this point the only person without access to it is you!
It blows my mind that some individuals have allowed politicians to put these systems in place to spy on everyone.
The only purpose for these spy devices is to collect blackmail and wait until the person either becomes either important or the government wants to do parallel construction on a court case.
There is absolutely no need for anyone to spy on another persons conversation. We have had encrypted messaging for many years and the world keeps turning.
hulitu|17 days ago
This is how Microsoft, Google and Apple works.
bastard_op|20 days ago
1vuio0pswjnm7|20 days ago
https://www.msn.com/en-us/technology/cybersecurity/senator-s...
Text-only:
http://assets.msn.com/content/view/v2/Detail/en-in/AA1VB52W/
(Yes, Microsoft is now using HTTP not HTTPS)
Zenul_Abidin|19 days ago
y-c-o-m-b|20 days ago
MisterTea|20 days ago
unknown|20 days ago
[deleted]
ok123456|20 days ago
This leads me to two possible, non-exclusive outcomes: the links to China are tenuous, and the attribution is flimsy (e.g., they accessed a machine at 9 am Beijing time!); or the report implicates the system itself as unauditable by design, which was bound to happen given the design of the intercept tools.
walletdrainer|20 days ago
unknown|20 days ago
[deleted]
DANmode|20 days ago
Perhaps they should not.
Zenul_Abidin|20 days ago
There is no reason to hide it from the general public.
natas|20 days ago
pluralmonad|20 days ago
jbug187|20 days ago
red-iron-pine|20 days ago
engelo_b|20 days ago
[deleted]
farco12|20 days ago
farceSpherule|20 days ago
[deleted]
farceSpherule|20 days ago
[deleted]
learingsci|20 days ago
[deleted]
bigyabai|20 days ago
ourmandave|20 days ago
DeepYogurt|20 days ago