back to article China has utterly pwned 'thousands and thousands' of devices at US telcos

The Biden administration on Friday hosted telco execs to chat about China's recent attacks on the sector, amid revelations that US networks may need mass rebuilds to recover. Details of the extent of China's attacks came from senator Mark R Warner, who on Thursday gave both The Washington Post and The New York Times insights …

  1. Anonymous Coward
    Anonymous Coward

    Hijacked elections too

    Check out shocking presidential election results in Romania. TikTok was the vehicle.

    1. heyrick Silver badge

      Re: Hijacked elections too

      You don't think that might have been more Russia then China?

      1. simkin

        Re: Hijacked elections too

        Or, you know, democracy.

        1. HuBo Silver badge
          Mushroom

          Re: Hijacked elections too

          Or populist disinformation, leveraging the side-effects of Russia's devastating and incompetent invasion attempt of its sovereign neighbor, Ukraine ... leading to increased energy prices (gas, through necessary sanctions), and consequent inflation. The resulting cost of living issues are then shamelessly exploited by failed-state-aligned populists to win elections ...

          Best way to stop this nonsense is to send Putin to meet his dish maker, Yevgeny Prigozhin, for a dynamite last supper, pronto, IMHO!

          1. DoctorNine

            Re: Hijacked elections too

            I have a bottle of bubbly ready for the inevitable event...

          2. Anonymous Coward
            Anonymous Coward

            Re: Hijacked elections too

            If Putin didn't exist, it would be necessary for the west to invent him.

            Oh, that's right, they largely did.

  2. Headley_Grange Silver badge

    If the FCC had tried to issue federal mandates for security regulations, procurement, testing, etc., there would have outcry about government overreach with cases in the supreme court about the states' and companies' rights to manage this (==make money) without interference from the-man-from-the-government.

    1. steviebuk Silver badge

      Its fine, now with Trump in power he'll just give China the keys then blame Biden.

  3. Doctor Syntax Silver badge

    may require the replacement of "literally thousands and thousands and thousands" of switches and routers.

    Given that Huawei kit was supposed to have been replaced I wonder what makes these were.

    Ah - I've just checked the Washington Post article: Cisco.

    1. Blazde Silver badge

      Cisco share price up since Wednesday of course, they'll be selling more hardware now.

      Could have gone Huawei after all. Same result but cheaper.

      1. Paul Crawford Silver badge
        Trollface

        Could have gone Huawei after all. Same result but cheaper.

        You beat me to it!

    2. ecofeco Silver badge
      Holmes

      CISCO again? WHOCOULDAKNOWED?

      /S

    3. Arthur Daily

      In Australia, we have an ICT government approved purchasing without a tender contract book. CISCO is in it, and preferred... At the same time our version of Homeland Security says question your vendor's and check that they do the right thing. Only that things like this, do not see then reported or struck off the no-bid list because of gross security incompetence. There is no word if 2FA or other applied to this gaping wound. And why did auditing not pull this one up. How stale was the 'admin tapper' password? Was it changed daily? The only way to force recalcitrant vendors is to kick them off the list for 6-18 months after every severe incident. Nothing like failed sales targets to incentivize them. The same goes for mobile phone engineering software, that allows anyone to listen in.

    4. David Hicklin Silver badge

      Or is this a case of Huawei kit was supposed to have been was not yet replaced

  4. abend0c4 Silver badge

    My hair is on fire

    I thought that was the next step but one.

  5. Anonymous Coward
    Anonymous Coward

    There are industries where security is mandatory, and products designed accordingly.

    But if you do not set the standard for infrastructure to be resilient, then you cannot take seriously the complaints afterwards.

    If you as a company double your overhead to make secure devices, yet none of your customers care (by voting with their wallet), then you as a company will incur a loss over time.

    Having a reputation of producing insecure devices does not seem to harm sales either.

    This is not a trivial problem either, because digital security is not something most understand. Insecure cars kill people, and will get lawsuits and reputational damage.

    Yet if you sample The Register on yet another CVE >= 8 on widespread networked devices, you do wonder if anyone cares or foots the bill.

    If you do not change the dynamic/payoff, do not expect the players to change.

    I care, but n=1, so not that relevant.

    1. Anonymous Coward
      Anonymous Coward

      Not as daft as you might think. Making a properly secure networking service costs a lot but takes forever to get signed off. Meanwhile the users have got fed up of waiting and bought from a random unapproved supplier, with no pushback from the brass who sign off on the policy causing this mess.

  6. heyrick Silver badge

    Easily pwned Cisco kit

    Gee, whodathunkit?

    1. DoctorNine

      Re: Easily pwned Cisco kit

      I've been warning about this for literally over a decade. No one listened. Now I'm about to retire, suddenly people want to talk about it. I can't be arsed. Pfft!

      1. heyrick Silver badge
        Coat

        Re: Easily pwned Cisco kit

        Well, the solution is simple. For "national security etc", it is imperative to now strip out all Cisco kit and replace it with.......?

      2. EricB123 Silver badge

        Re: Easily pwned Cisco kit

        Same here. I was considered bad for rocking the boat.

        It's no longer my department!

  7. Anonymous Coward
    Anonymous Coward

    So, when are they going to hold the CEOs of these firms liable? Oh that's right, they're untouchable campaign "contributors"

  8. Anonymous Coward
    Anonymous Coward

    For what it's worth, China claims the US makes this stuff up – but hasn't offered an alternative explanation.

    I'm curious, why should they? Why would they have to invent scenarios for an as yet not publicly proven issue? Given that the US were loudly bleating about Huawei without evidence to the point of even blackmailing their contacts to 'go American' (and so probably giving US and Five Eyes intercept a leg up instead) I think it's more feasible to assume they're all making a lot of noise to get the Government to fund the equipment upgrade they clearly have failed to invest in themselves, so they can keep handing themselves massive salaries.

    Let's call it the Bank's CDO approach to accepting blame (i.e. none, and nobody went to jail either).

    1. Roland6 Silver badge

      "The barn door is still wide open, or mostly open." Says it all...

      This would suggest those with the ability to get the barn doors closed, aren't really doing anything. I thus suspect a large part of the "china has done x" is a way of rousing people to take action by pointing the finger at a plausible scapegoat, with little chance of being sued by the scapegoat or for the scapegoat to present any evidence that would not be viewed as suspect.

    2. HereIAmJH Silver badge

      Corporate welfare?

      I think it's more feasible to assume they're all making a lot of noise to get the Government to fund the equipment upgrade they clearly have failed to invest in themselves,

      My first thought when I read the article is how much of this is technical debt that is being pushed onto the taxpayer. Get the government to mandate replacing old hardware so that we're on the hook for paying for it. This could be billions of dollars in savings for the Telco's and sales for Cisco. The only other question is, will Cisco be required to manufacture on shore, or will they just import it from China?

  9. Scene it all

    I seem to recall the telcos putting in monitoring and backdoor features at the request of the FBI. Who would have guessed that somebody else might take advantage of those tools? /s

    1. Anonymous Coward
      Anonymous Coward

      Surveillance functionality

      In the US, wiretapping capabilities are required by legislation. Most is covered by the CALEA act of 1994.

      Since calls are just digital streams, all that is needed is to mirror the packets and send them to collection points for law enforcement. It would certainly be possible to listen to live calls, or simply just stream them to disk for later review.

      If you think that is bad, think what could happen if they legislate the ability to modify streams. Hidden under FISA, of course. With AI tech being developed to imitate people, imagine what you could do with the Govt/Telco doing a man-in-the-middle on calls and altering the conversation.

      1. Scene it all

        Re: Surveillance functionality

        AT&T technician Mark Klein reveal the existence of those intercept facilities back in 2006. https://en.wikipedia.org/wiki/Room_641A

        It uses optical beam splitters to be able to look at entire fiber contents at a time while introducing no delay.

      2. Roland6 Silver badge

        Re: Surveillance functionality

        >” Since calls are just digital streams, all that is needed is to mirror the packets and send them to collection points for law enforcement. It would certainly be possible to listen to live calls, or simply just stream them to disk for later review.”

        Why touch the packet streams when you’ve got full user access to the law enforcement collection and analysis systems?

        It is this level of compromise being alluded to…

    2. DoctorNine

      NSA. Under Clapper. Same thing though, really.

  10. Anonymous Coward
    Anonymous Coward

    Shocked, shocked I tell you. Shocked - and stunned

    Who'd 'a thunk it?

  11. ecofeco Silver badge
    Facepalm

    Pay peanuts for security and testing

    ...and you get a circus.

    They got what they deserved. Pwned. Idiots.

  12. Nasu

    US spying

    July 10, 2014

    Germany announced Thursday it is kicking out Washington's top spy in Berlin, a dramatic response from a key U.S. ally to a yearlong spying dispute over eavesdropping on Chancellor Angela Merkel's cellphone calls that flared anew this week. and allegedly even spied on Chancellor Angela Merke

  13. Nasu

    On September 2, 2020, a U.S. federal court ruled in United States v. Moalin that the U.S. intelligence's mass surveillance program exposed by Snowden was illegal and possibly unconstitutional.

    The material exposed a government-run surveillance program that monitored the communications records of not just criminals or potential terrorists, but law-abiding citizens as well.

    The first story published in The Guardian revealed that the NSA was collecting and monitoring the telephone records and the texts of citizens. Days later, The Washington Post and The Guardian reported that the U.S. government was tapping into the servers of nine Internet companies, including Apple, Facebook and Google, to spy on people’s audio and video chats, photographs, emails, documents and connection logs, as part of a surveillance program called Prism. Later articles revealed that the government was even spying on leaders of other countries

  14. Nasu

    Oct 2013

    The National Security Agency monitored the phone conversations of 35 world leaders after being given the numbers by an official in another US government department, according to a classified document provided by whistleblower Edward Snowden.

  15. Nasu

    Oct 2013

    Le Monde newspaper says documents leaked by Edward Snowden show that the U.S. National Security Agency swept up 70.3 million French phone records in a 30-day period. The French government has summoned the U.S. ambassador to explain why the Americans spied on one of their closest allies.

    Earlier reports in Der Spiegel uncovered NSA activity against the offices and communications of senior officials of the European Union.

    1. SCP

      ... why the Americans spied on one of their closest allies.

      That's an easy one - "For the same reasons the French spy on all of their allies!"

  16. Nasu

    June 2013

    The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.

    The NSA access is part of a previously undisclosed program called Prism, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says.

    The Guardian has verified the authenticity of the document, a 41-slide PowerPoint presentation – classified as top secret with no distribution to foreign allies – which was apparently used to train intelligence operatives on the capabilities of the program. The document claims "collection directly from the servers" of major US service providers.

    1. Tim99 Silver badge
      Big Brother

      At the time I wondered if someone had, or had not, a sense of humour, as simple optical beam splitters are made from prisms...

  17. Nasu

    June 6, 2013

    a report in the British newspaper The Guardian shocked Americans with evidence that the telecommunications giant Verizon had voluntarily handed a database of every call made on its network to the National Security Agency. The piece was by reporter Glenn Greenwald, and the information came from Edward Snowden, a 29-year-old IT consultant who had left the US with hundreds of thousands of documents detailing the NSA's secret procedures

  18. Nasu

    Jack Teixeira, a member of the national guard

    was arrested in April 2023,

    He is accused of sharing top-secret intelligence with friends in the social-media forum Discord over the course of months—

    Leaked Documents reveal that

    The US has been SPYING on:

    .

    *Russia and Wagner Group

    .

    *Israel

    .

    *S.Korea.

    .

    *Egypt

    .

    *The head of the UN

    .

    *Zelenski

    .

    *Jordan.

    *Hungary

    .

    *Turkey

    .

    *UAE

    .

    *Germany

    .

    *UK

    .

    *Brazil and

    .

    *CHINA

    1. vtcodger Silver badge

      It's their job, doncha know?

      The three letter kids (NSA,CIA, who knows how many others we've never heard of) are paid to spy -- in polite-speak "collect intelligence" -- on other countries. Why is it a surprise that they actually do so?

      And why are we shocked that other countries do the same?

  19. Anonymous Coward
    Anonymous Coward

    That explains a few things

    I was on the phone the other day ordering some KFC, and a guy named Donald came on the line as well.

    1. vtcodger Silver badge

      Re: That explains a few things

      Yeah, that was me. We were having a beer break at the listening post and someone knocked a jug of brew over. And while we were mopping up I inadvertently flipped a few switches. And ... Well, I guess I can't go into details. Anyway, sorry about the inconvenience. Would it make it right if we fixed you up with a video and text tap on the largest brothel in Tijuana? No cost to you. We already did that for the dude who came on your line.

  20. This post has been deleted by its author

  21. Ray Foulkes

    Backdoors get prised open

    Did anyone note the phrase "perhaps by using carriers' wiretapping capabilities" - to paraphrase that, "ANY backdoor into ANY communications channel in favour of a government, is very likely to be exploited by the people you least need to be exploiting it. That applies to "secret" government decryption keys etc. etc. Put in "government - only" back doors and it rapidly becomes "government plus evil b******d's" back door.

    1. schermer
      Meh

      Re: Backdoors get prised open

      Sometimes it is not necessary to use pleonasms ...

  22. Adrastus

    An amiable people

    Compared with the Opium War or suppression of the Boxers it all seems quite minor

  23. DestroyingAngel

    Trump has his work cut out for him

    Cyberwar will be one prong of China's invasion of Taiwan. My guess is that this invasion will happen BEFORE the new team gets sworn in and/or confirmed. Happy New Year, schmucks!

  24. Steve Hersey

    So after January 20, ...

    The Orange One will have a phone call with Chinese leadership, they'll assure him there's nothing to this and also they've stopped doing it, then he'll announce victory and close down the government part of any security efforts.

    And then we're well and truly fucked.

  25. Anonymous Coward
    Anonymous Coward

    So how much of the actual hardware/software/firmware do the telcos actualy make themselves and how much is bought in ?

    Do they have in-house expertise to quality assess bought in items, or is that function outsourced ?

    Of those items outsourced to other US companies, how much of their stuff do they make themselves and how much is bought in ?

    Do they have in-house expertise to quality assess bought in components ?

    Do the telcos run their own billing systems of is processing all that useful meta data farmed out to the lowest bidder ?

    and so on

  26. Kraft

    Backdoor

    It looks like someone else found the key to their own backdoor. Oh my, who would have thought?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like