(Photo by Anadolu Agency via Getty Images)
As Chinese hackers potentially lurk in US networks, the FBI is advising the public to adopt encryption—a technology the agency has long demonized.
A senior FBI official mentioned the tip in a call with journalists on Tuesday while discussing how China’s "Salt Typhoon" group has compromised multiple US telecommunication networks.
"People looking to further protect their mobile device communications would benefit from considering using a cellphone that automatically receives timely operating system updates, responsibly managed encryption, and phishing resistant MFA (multi-factor authentication) for email, social media, and collaboration tool accounts,” the official said.
In the same call, Jeff Greene, an official with the Cybersecurity and Infrastructure Security Agency (CISA), added: “Encryption is your friend, whether it is on text messaging or you have the capacity to use encrypted voice communication.”
End-to-end encryption is a powerful tool that can prevent spying because even if the data is stolen, it will be scrambled and thus unreadable to hackers. Only users with the decryption keys, which are typically stored on their smartphones or devices, can decode and access the information, ensuring data privacy even in the event of interception.
The advice from the FBI and CISA comes as officials try to determine whether Chinese hackers are still lurking in US networks after breaching AT&T, Verizon, T-Mobile, and Lumen Technology to spy on users’ cellphone activities.
"Given where we are in discovering the activity, I think it would be impossible for us to predict a timeframe on when we’ll have full eviction,” Greene said.
He also noted that the degree of infiltration is different across the telecommunication companies. “It really depends on the victim…. It will depend on each one, and we’re still getting a sense of the type of compromise,” Greene added.
In the meantime, CISA and the FBI published an advisory urging engineers at US telecom firms to “ensure that traffic is end-to-end encrypted to the maximum extent possible.”
This push to use end-to-end encryption is ironic since the FBI has long complained that the same technology can stymie their investigations into seized smartphones and online accounts belonging to criminal suspects. In 2016, the FBI demanded that Apple effectively create a backdoor into the company’s OS before the agency resorted to using a third-party hacking tool to access an iPhone used by the San Bernardino mass shooter.
Over the summer, FBI Director Christopher Wray also said encrypted apps made it more difficult for the agency to fully examine a phone owned by the man who attempted to assassinate President-elect Donald Trump at a political rally in Pennsylvania.
Lack of encryption can be a serious weakness, as demonstrated by the Salt Typhoon hacks. On Wednesday, US Senators Ron Wyden (D-Ore.) and Eric Schmitt (R-MO) called for the Defense Department's Inspector General to investigate why the Pentagon awarded a $2.7 billion contract to the affected US carriers, despite knowing they were “vulnerable to foreign surveillance.”
“DoD’s failure to secure its unclassified voice, video, and text communications with end-to-end encryption technology has left it needlessly vulnerable to foreign espionage,” they allege.