FBI cyber cop: Salt Typhoon pwned 'nearly every American'

> This indiscriminate targeting, as the FBI and White House security officials have previously noted, allowed Beijing’s snoops to geo-locate millions of mobile phone users, monitor their internet traffic, and, in some cases, record their phone calls. Victims reportedly included President Donald Trump and Vice President JD Vance.

Welp... that's quite a capable piece of surveillance.

I imagined it involved tapping to cell towers/cell infrastructure, but the details at the wikipedia page [1] suggest servers were hacked instead? Did they hack AT&T servers or something?

Side note, are there any ways to not get your data stolen in such cases? I would imagine using only a VPN might help, but if they're getting data from triangulation you couldn't do much short of turning off your phone, right?

1 - https://en.wikipedia.org/wiki/Salt_Typhoon#Methodology

Almost as if having GDPR to keep at least the worst of the data-brokering/selling industry out is a good thing.

The more detailed report someone posted does sound like this was hacked at the source, but a lot of the data can be bought legally on the open, not-even-too-grey market. Some journalists bought one of the location data sets and used it to demonstrate that you can identify intelligence agency employees from it (if someone spends almost every workday at one site belonging to the agency, occasionally visits the other one... the other place that "anonymous" user spends a lot of time at is likely the home of an intelligence agency employee).

If the industry wasn't selling it to anyone who asks, they'd still likely keep it in easily hacked places.