
Hijacked elections too
Check out shocking presidential election results in Romania. TikTok was the vehicle.
The Biden administration on Friday hosted telco execs to chat about China's recent attacks on the sector, amid revelations that US networks may need mass rebuilds to recover. Details of the extent of China's attacks came from senator Mark R Warner, who on Thursday gave both The Washington Post and The New York Times insights …
Or populist disinformation, leveraging the side-effects of Russia's devastating and incompetent invasion attempt of its sovereign neighbor, Ukraine ... leading to increased energy prices (gas, through necessary sanctions), and consequent inflation. The resulting cost of living issues are then shamelessly exploited by failed-state-aligned populists to win elections ...
Best way to stop this nonsense is to send Putin to meet his dish maker, Yevgeny Prigozhin, for a dynamite last supper, pronto, IMHO!
If the FCC had tried to issue federal mandates for security regulations, procurement, testing, etc., there would have outcry about government overreach with cases in the supreme court about the states' and companies' rights to manage this (==make money) without interference from the-man-from-the-government.
In Australia, we have an ICT government approved purchasing without a tender contract book. CISCO is in it, and preferred... At the same time our version of Homeland Security says question your vendor's and check that they do the right thing. Only that things like this, do not see then reported or struck off the no-bid list because of gross security incompetence. There is no word if 2FA or other applied to this gaping wound. And why did auditing not pull this one up. How stale was the 'admin tapper' password? Was it changed daily? The only way to force recalcitrant vendors is to kick them off the list for 6-18 months after every severe incident. Nothing like failed sales targets to incentivize them. The same goes for mobile phone engineering software, that allows anyone to listen in.
There are industries where security is mandatory, and products designed accordingly.
But if you do not set the standard for infrastructure to be resilient, then you cannot take seriously the complaints afterwards.
If you as a company double your overhead to make secure devices, yet none of your customers care (by voting with their wallet), then you as a company will incur a loss over time.
Having a reputation of producing insecure devices does not seem to harm sales either.
This is not a trivial problem either, because digital security is not something most understand. Insecure cars kill people, and will get lawsuits and reputational damage.
Yet if you sample The Register on yet another CVE >= 8 on widespread networked devices, you do wonder if anyone cares or foots the bill.
If you do not change the dynamic/payoff, do not expect the players to change.
I care, but n=1, so not that relevant.
Not as daft as you might think. Making a properly secure networking service costs a lot but takes forever to get signed off. Meanwhile the users have got fed up of waiting and bought from a random unapproved supplier, with no pushback from the brass who sign off on the policy causing this mess.
For what it's worth, China claims the US makes this stuff up – but hasn't offered an alternative explanation.
I'm curious, why should they? Why would they have to invent scenarios for an as yet not publicly proven issue? Given that the US were loudly bleating about Huawei without evidence to the point of even blackmailing their contacts to 'go American' (and so probably giving US and Five Eyes intercept a leg up instead) I think it's more feasible to assume they're all making a lot of noise to get the Government to fund the equipment upgrade they clearly have failed to invest in themselves, so they can keep handing themselves massive salaries.
Let's call it the Bank's CDO approach to accepting blame (i.e. none, and nobody went to jail either).
This would suggest those with the ability to get the barn doors closed, aren't really doing anything. I thus suspect a large part of the "china has done x" is a way of rousing people to take action by pointing the finger at a plausible scapegoat, with little chance of being sued by the scapegoat or for the scapegoat to present any evidence that would not be viewed as suspect.
I think it's more feasible to assume they're all making a lot of noise to get the Government to fund the equipment upgrade they clearly have failed to invest in themselves,
My first thought when I read the article is how much of this is technical debt that is being pushed onto the taxpayer. Get the government to mandate replacing old hardware so that we're on the hook for paying for it. This could be billions of dollars in savings for the Telco's and sales for Cisco. The only other question is, will Cisco be required to manufacture on shore, or will they just import it from China?
In the US, wiretapping capabilities are required by legislation. Most is covered by the CALEA act of 1994.
Since calls are just digital streams, all that is needed is to mirror the packets and send them to collection points for law enforcement. It would certainly be possible to listen to live calls, or simply just stream them to disk for later review.
If you think that is bad, think what could happen if they legislate the ability to modify streams. Hidden under FISA, of course. With AI tech being developed to imitate people, imagine what you could do with the Govt/Telco doing a man-in-the-middle on calls and altering the conversation.
>” Since calls are just digital streams, all that is needed is to mirror the packets and send them to collection points for law enforcement. It would certainly be possible to listen to live calls, or simply just stream them to disk for later review.”
Why touch the packet streams when you’ve got full user access to the law enforcement collection and analysis systems?
It is this level of compromise being alluded to…
July 10, 2014
Germany announced Thursday it is kicking out Washington's top spy in Berlin, a dramatic response from a key U.S. ally to a yearlong spying dispute over eavesdropping on Chancellor Angela Merkel's cellphone calls that flared anew this week. and allegedly even spied on Chancellor Angela Merke
On September 2, 2020, a U.S. federal court ruled in United States v. Moalin that the U.S. intelligence's mass surveillance program exposed by Snowden was illegal and possibly unconstitutional.
The material exposed a government-run surveillance program that monitored the communications records of not just criminals or potential terrorists, but law-abiding citizens as well.
The first story published in The Guardian revealed that the NSA was collecting and monitoring the telephone records and the texts of citizens. Days later, The Washington Post and The Guardian reported that the U.S. government was tapping into the servers of nine Internet companies, including Apple, Facebook and Google, to spy on people’s audio and video chats, photographs, emails, documents and connection logs, as part of a surveillance program called Prism. Later articles revealed that the government was even spying on leaders of other countries
Oct 2013
Le Monde newspaper says documents leaked by Edward Snowden show that the U.S. National Security Agency swept up 70.3 million French phone records in a 30-day period. The French government has summoned the U.S. ambassador to explain why the Americans spied on one of their closest allies.
Earlier reports in Der Spiegel uncovered NSA activity against the offices and communications of senior officials of the European Union.
June 2013
The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.
The NSA access is part of a previously undisclosed program called Prism, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says.
The Guardian has verified the authenticity of the document, a 41-slide PowerPoint presentation – classified as top secret with no distribution to foreign allies – which was apparently used to train intelligence operatives on the capabilities of the program. The document claims "collection directly from the servers" of major US service providers.
June 6, 2013
a report in the British newspaper The Guardian shocked Americans with evidence that the telecommunications giant Verizon had voluntarily handed a database of every call made on its network to the National Security Agency. The piece was by reporter Glenn Greenwald, and the information came from Edward Snowden, a 29-year-old IT consultant who had left the US with hundreds of thousands of documents detailing the NSA's secret procedures
Jack Teixeira, a member of the national guard
was arrested in April 2023,
He is accused of sharing top-secret intelligence with friends in the social-media forum Discord over the course of months—
Leaked Documents reveal that
The US has been SPYING on:
.
*Russia and Wagner Group
.
*Israel
.
*S.Korea.
.
*Egypt
.
*The head of the UN
.
*Zelenski
.
*Jordan.
*Hungary
.
*Turkey
.
*UAE
.
*Germany
.
*UK
.
*Brazil and
.
*CHINA
The three letter kids (NSA,CIA, who knows how many others we've never heard of) are paid to spy -- in polite-speak "collect intelligence" -- on other countries. Why is it a surprise that they actually do so?
And why are we shocked that other countries do the same?
Yeah, that was me. We were having a beer break at the listening post and someone knocked a jug of brew over. And while we were mopping up I inadvertently flipped a few switches. And ... Well, I guess I can't go into details. Anyway, sorry about the inconvenience. Would it make it right if we fixed you up with a video and text tap on the largest brothel in Tijuana? No cost to you. We already did that for the dude who came on your line.
This post has been deleted by its author
Did anyone note the phrase "perhaps by using carriers' wiretapping capabilities" - to paraphrase that, "ANY backdoor into ANY communications channel in favour of a government, is very likely to be exploited by the people you least need to be exploiting it. That applies to "secret" government decryption keys etc. etc. Put in "government - only" back doors and it rapidly becomes "government plus evil b******d's" back door.
The Orange One will have a phone call with Chinese leadership, they'll assure him there's nothing to this and also they've stopped doing it, then he'll announce victory and close down the government part of any security efforts.
And then we're well and truly fucked.
So how much of the actual hardware/software/firmware do the telcos actualy make themselves and how much is bought in ?
Do they have in-house expertise to quality assess bought in items, or is that function outsourced ?
Of those items outsourced to other US companies, how much of their stuff do they make themselves and how much is bought in ?
Do they have in-house expertise to quality assess bought in components ?
Do the telcos run their own billing systems of is processing all that useful meta data farmed out to the lowest bidder ?
and so on