YYou know the drill. You're logged into your bank or another service you use regularly (like Gmail). After you enter your username and password, the service says it will send you an SMS message with a code you can use to verify that you are the one logging in. This is called “two-factor authentication” (2FA). It's a best practice in a networked world, given how easily passwords and login details can be cracked.
Sadly, our world is not only networked but also evil, and SMS messages can be used to log in using someone else's phone, i.e. phishing personal information, and empty your current account. You may be redirected to the criminal's phone.
This kind of dastardly act has been possible for years. I just found that account What is happening to bank customers? Germany first encountered this issue in 2017, but security experts had been warning about it long before then. The root of the problem is chronic security SS7 vulnerabilitiesis an arcane, decades-old technical protocol for routing phone calls and messages that is built into every phone system.
These vulnerabilities are exploited by hackers It tracks every mobile phone in the world for various harms. Listen to the call. Read and redirect SMS messages. Intercept internet traffic. It disrupts user connectivity and network availability, just to name a few. But SS7 also allows you to keep your mobile phone connected during calls, even on trains that pass through many local cells. Therefore, it is an integral part of the mobile phone system – the glue that holds the whole system together.
It could also be called “too big to fail,” which may explain why major carriers are reluctant to face its obvious downside. This laziness is now induced intervention This is likely due to Oregon Sen. Ron Wyden now describing the SS7 vulnerability as a “national security” issue.
Coincidentally, the senator is trying to get the door open. Because there is panic in Washington about the extent and depth of foreign (aka Chinese) intrusion into America's communications and critical infrastructure. Part of that is undoubtedly facilitated by the SS7 vulnerability. At the International Security Summit in Bahrain on December 7, Anne Neuberger of the White House National Security Council acknowledged the existence of Chinese cyber spies. Recorded as “very senior'' American politicians called for this, but did not reveal the names of the victims. He also acknowledged that eight U.S. telecommunications providers were compromised by Chinese hackers.
North Korea and Russia are also considered cybersecurity adversaries, but Americans seem obsessed with the Chinese threat. Three hacker groups in particular seem to be keeping people in Washington awake at night. As one young man commented, it is “typhoon season” in the city, reflecting the names assigned to the trio: Salt Typhoon, Bolt Typhoon, and Flux Typhoon. Flax operated a botnet with 260,000 devices. dismantled by FBI. Salt's cyber spies infiltrated U.S. telecommunications companies Verizon, AT&T, and Lumen Technologies, and in an even more sophisticated move, they hacked into their eavesdropping systems (systems that FBI agents would have to deploy when they arrived with a warrant). I hacked it.
Boruto is, in some ways, the most evil of the trio. The company specializes in U.S. critical infrastructure (water systems, power grids, etc.). It runs a botnet based on discontinued Cisco and Netgear routers (models that no longer receive security updates). We have been working since mid-2021 with the goal of According to Microsoftto build the ability to disrupt critical communications infrastructure between the United States and the Asian region in the event of a future crisis. (Perhaps a Chinese invasion of Taiwan?) Affected organizations “span the communications, manufacturing, utilities, transportation, construction, maritime, government, information technology, and education sectors.” It is speculated that Bolt “intends to conduct espionage and maintain access as undetected as possible.”
So, as a technology, companies line up Two of the three Chinese hacking groups named after the storm to donate millions of dollars to President Trump's inaugural fund will still quietly wreak havoc in America's digital backyard . The idea of ​​Salt Typhoon hacking into the FBI's own eavesdropping system is especially juicy. Meanwhile, ubiquitous cell phones remain connected to outdated protocols that are about as secure as a two-person tent in a hurricane. And when President Trump visits Beijing to seal the deal with his fellow emperor, Xi Jinping will present the visitor with a leather-bound book recording all his private phone conversations since 2016. will be possible.
Happy new year!
After newsletter promotion
what i was reading
Blinded by the light
optical illusion Tina Brown's blog about the strange appeal of Trumpian glamor for many Americans is a great inspiration.
university challenge
How the Ivy League destroyed America – the title of a long, thoughtful essay by David Brooks. atlantic ocean About the evils of “meritocracy”.
To the teacher, with love
Reclaiming the Essay: Two Memories. A lovely piece by Richard Farr about what it means to have a great teacher.
Source: www.theguardian.com
