What is Salt Typhoon? A Security Expert Explains the Chinese Hackers and Their Aattack on U.S. Telecommunications Networks
Salt Typhoon also compromised the private portals, or backdoors, that telephone companies provide to law enforcement to request court-ordered monitoring of phone numbers pursuant to investigations. This is also the same portal that is used by U.S. intelligence to surveil foreign targets inside the United States.
As a result, Salt Typhoon attackers may have obtained information about which Chinese spies and informants counterintelligence agencies were monitoring – knowledge that can help those targets try to evade such surveillance.
On Dec. 3, the Cybersecurity and Infrastructure Security Agency, National Security Agency and FBI, along with their counterparts in Australia, New Zealand and Canada, released guidance to the public on how to address the Salt Typhoon attack. Their Enhanced Visibility and Hardening Guidance for Communications Infrastructure guide essentially reiterates best cybersecurity practices for organizations that could help mitigate the impact of Salt Typhoon or future copycat attacks.
It does, however, include recommendations to protect specific telecommunication equipment for some of the Cisco products that were targeted in this attack.
As of this writing, U.S. officials and affected companies have not been able to fully ascertain the scope, depth and severity of the attack – or remove the attackers from compromised systems – even though this attack has been ongoing for months.
What Can Be Done?
U.S. officials have said that many of the ways Salt Typhoon penetrated its targets was through existing weaknesses with the infrastructure. As I’ve written previously, failing to implement basic cybersecurity best practices can lead to debilitating incidents for organizations of all sizes. Given how dependent the world is on networked information systems, it is more important than ever to maintain cybersecurity programs that make it difficult for attacks to succeed, especially for critical infrastructure like the phone network.
In addition to following the best practices guidance issued by the Cybersecurity and Infrastructure Security Agency earlier this week, organizations should remain vigilant. They should monitor not only the news for information about this attack but the various free, proprietary or private threat intelligence feeds and informal professional networks to stay up to date on attackers’ tactics and techniques – and ways to counter them.
Companies and governments should also ensure their IT departments and cybersecurity programs are adequately staffed and funded to meet their needs and ensure that best practices are implemented. The Federal Communications Commission is already threatening companies with fines for failing to bolster their defenses against Chinese hacking.
Although any illicit surveillance is concerning, the average American probably has little to worry about from Salt Typhoon. It’s unlikely that your family phone calls or text messages to friends are of interest to the Chinese government. However, if you want to increase your security and privacy a bit, consider using end-to-end encrypted messaging services like Signal, FaceTime or Messages.
Also make sure you’re not using default or easily guessed passwords on your devices, including your home router. And consider using two-factor authentication to further strengthen the security of any critical internet accounts.
Backdoors and Bad Guys
Lost in the noise of the story is that Salt Typhoon has proved that the decades of warnings by the internet security community were correct. No mandated secret or proprietary access to technology products is likely to remain undiscovered or used only by “the good guys” – and efforts to require them are likely to backfire.
So it’s somewhat ironic that one of the countermeasures recommended by the government to guard against Salt Typhoon spying is to use strongly encrypted services for phone calls and text messages – encryption capabilities that it has spent decades trying to undermine so that only “the good guys” can use it.
Richard Forno is Principal Lecturer, CSEE & Assistant Director, UMBC Cybersecurity Institute, University of Maryland, Baltimore County. This article is published courtesy of The Conversation.