Chairman of Senate Intelligence Committee calls salt typhoon "worst telecom hack in our nation's history"
Re: compromise of lawful intercept / CALEA related features: https://archive.is/jZt59 Original URL: https://www.washingtonpost.com/national-security/2024/11/21/salt-typhoon-chi... *The hackers, part of a group dubbed Salt Typhoon, have been able to listen in on audio calls in real time and have in some cases moved from one telecom network to another, exploiting relationships of “trust,” said Sen. Mark R. Warner (D-Virginia), chairman of the Senate Intelligence Committee and a former telecom venture capitalist. Warner added that intruders are still in the networks.*
On Tue, Nov 26, 2024 at 3:57 AM Eric Kuhnke <eric.kuhnke@gmail.com> wrote:
Re: compromise of lawful intercept / CALEA related features:
Uhm, which of course 'no one saw coming'...
Original URL: https://www.washingtonpost.com/national-security/2024/11/21/salt-typhoon-chi...
The hackers, part of a group dubbed Salt Typhoon, have been able to listen in on audio calls in real time and have in some cases moved from one telecom network to another, exploiting relationships of “trust,” said Sen. Mark R. Warner (D-Virginia), chairman of the Senate Intelligence Committee and a former telecom venture capitalist. Warner added that intruders are still in the networks.
also, this very same thing played out a tad smaller (maybe? no one really fessed up) in ~2002-3? admittedly the person that MAY NOT have just been a patsy for some other larger thing (nation-state-actor) but.. we probably won't know.
On Nov 26, 2024, at 12:26, Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Tue, Nov 26, 2024 at 3:57 AM Eric Kuhnke <eric.kuhnke@gmail.com> wrote:
Re: compromise of lawful intercept / CALEA related features:
Uhm, which of course 'no one saw coming'...
Original URL: https://www.washingtonpost.com/national-security/2024/11/21/salt-typhoon-chi...
The hackers, part of a group dubbed Salt Typhoon, have been able to listen in on audio calls in real time and have in some cases moved from one telecom network to another, exploiting relationships of “trust,” said Sen. Mark R. Warner (D-Virginia), chairman of the Senate Intelligence Committee and a former telecom venture capitalist. Warner added that intruders are still in the networks.
also, this very same thing played out a tad smaller (maybe? no one really fessed up) in ~2002-3? admittedly the person that MAY NOT have just been a patsy for some other larger thing (nation-state-actor) but.. we probably won't know.
How could they have possibly hacked an intentional backdoor!? No. Get out.
NANOGers - As followup on the Salt Typhoon matter, it’s worth noting that in response to the hack there are now proposals at the FCC and at the US Senate that would require attestation, certification, and/or audits of telecommunications providers cybersecurity practices – FCC - https://www.reuters.com/technology/cybersecurity/fcc-chair-proposes-cybersec... US Senate - https://www.bleepingcomputer.com/news/security/wyden-proposes-bill-to-secure... FYI, /John John Curran President and CEO American Registry for Internet Numbers On Nov 25, 2024, at 4:58 PM, Eric Kuhnke <eric.kuhnke@gmail.com> wrote: Re: compromise of lawful intercept / CALEA related features: https://archive.is/jZt59 Original URL: https://www.washingtonpost.com/national-security/2024/11/21/salt-typhoon-chi... The hackers, part of a group dubbed Salt Typhoon, have been able to listen in on audio calls in real time and have in some cases moved from one telecom network to another, exploiting relationships of “trust,” said Sen. Mark R. Warner (D-Virginia), chairman of the Senate Intelligence Committee and a former telecom venture capitalist. Warner added that intruders are still in the networks.
This is probably a good idea. Such audits and attestations are already required for medical, commerce, and government data systems, to guard against data breaches. For example, I just completed a PCI audit of a department store chain, which handles lots of sensitive financial information belonging to its customers and employees. These audits routinely identify vulnerabliities before they get exploited. It's amazing that telcos and ISPs have managed to escape formal governance this long! -mel ________________________________ From: NANOG <nanog-bounces+mel=beckman.org@nanog.org> on behalf of John Curran <jcurran@arin.net> Sent: Tuesday, December 10, 2024 2:29 PM To: nanog <nanog@nanog.org> Subject: Re: Chairman of Senate Intelligence Committee calls salt typhoon "worst telecom hack in our nation's history" NANOGers - As followup on the Salt Typhoon matter, it’s worth noting that in response to the hack there are now proposals at the FCC and at the US Senate that would require attestation, certification, and/or audits of telecommunications providers cybersecurity practices – FCC - https://www.reuters.com/technology/cybersecurity/fcc-chair-proposes-cybersec... US Senate - https://www.bleepingcomputer.com/news/security/wyden-proposes-bill-to-secure... FYI, /John John Curran President and CEO American Registry for Internet Numbers On Nov 25, 2024, at 4:58 PM, Eric Kuhnke <eric.kuhnke@gmail.com> wrote: Re: compromise of lawful intercept / CALEA related features: https://archive.is/jZt59 Original URL: https://www.washingtonpost.com/national-security/2024/11/21/salt-typhoon-chi... The hackers, part of a group dubbed Salt Typhoon, have been able to listen in on audio calls in real time and have in some cases moved from one telecom network to another, exploiting relationships of “trust,” said Sen. Mark R. Warner (D-Virginia), chairman of the Senate Intelligence Committee and a former telecom venture capitalist. Warner added that intruders are still in the networks.
participants (5)
-
Christopher Morrow -
Eric Kuhnke -
joel@joelesler.net -
John Curran -
Mel Beckman