FBI cyber cop: Salt Typhoon pwned 'nearly every American'

(www.theregister.com)

287 points Bender | 1 comments | 30 Aug 25 12:43 UTC | HN request time: 0s | source

Show context

michael1999 ◴[30 Aug 25 15:52 UTC] No.45075658[source]▶

The security community warned that making Lawful Access easy and automated would guarantee that bad people would penetrate the network.

And now we have China using CALEA-crippled systems to slurp up the entire USA network. Exactly as predicted.

And this - "outside of the norms of what we see in the espionage space" - LOL. ROTFL even. The NSA tapped Google's backbone! Have we forgotten Room 641A? MAINWAY? Poindexter and TIA? Palantir?

The NSA used to play defence and offence, and has gone full-offence for a generation. Did anyone really believe that only the USA could play offence?

Morons.

replies(6): >>45076034 #>>45076126 #>>45076525 #>>45076997 #>>45078492 #>>45078734 #

dvno42 ◴[30 Aug 25 16:46 UTC] No.45076034[source]▶

>>45075658 #

So what was the actual point of compromise? Was it a CALEA supporting software vendor? My guess is a common MD (Mediator device) vendor was targeted that was used by many carriers but that's speculation on my part.

Context for others, there's a small number of software vendors that make these MD devices that handle initiating a capture of a flow (a wiretapping request) and managing the chain of custody for a pcap. MDs usually sends an SNMP poll to a router/switch to start a (r)span port and the MD device slurps up all data and saves it.

Anyway, what I'm curious about is if it's the MDs that were taken over and if it was one manufacturer but I'm not seeing much technical info on all these reports.

Here's some context for "LI" for those interested: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9...

replies(3): >>45076913 #>>45078464 #>>45080661 #

aftbit ◴[30 Aug 25 18:26 UTC] No.45076913[source]▶

>>45076034 #

Most protocols that I use day-to-day are secure against simple passive interception. Either SSH or TLS encrypts just about every packet that leaves my network. This got much better with DNS over HTTPS (or TLS before that). Of course these protocols are sometimes susceptible to downgrade attacks, man in the middle compromises, etc, but none of that would be available to someone who was running a pcap without modifying the traffic streams.

So how would a simple MD attack affect me? Any sort of CALEA attack on a higher protocol layer (e.g. compromising Gmail at Google instead of capturing their traffic) would make sense, but not a pcap.

replies(4): >>45077028 #>>45078489 #>>45081033 #>>45081534 #

1. michael1999 ◴[30 Aug 25 22:19 UTC] No.45078489{3}[source]▶

>>45076913 #

That’s what makes CALEA so toxic. Any covered comms must be effectively-plain-text, or it doesn’t work. Once you impose a plain-text architecture, a mass-breach is inevitable.

↑