• US government security official's advice: Urged Americans to use encrypted messaging as major telecom companies struggle with Chinese hackers. The attack is attributed to the Salt Typhoon hacking group, and there are reports that Chinese hackers penetrated telecom networks and may have accessed court-authorized wiretap systems of Verizon, AT&T, T-Mobile, and Lumen.
• Telecom companies' responses: T-Mobile said its own network wasn't hacked but severed a connection to a compromised provider's network. Lumen said there's no evidence that customer data on its network was accessed.
• US agencies' actions: The US Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and international partners urged telecom providers to upgrade security and published a guide. CISA executive assistant director Jeff Greene said it's hard to predict when telecom providers will evict hackers as they're still figuring out the extent of the penetration.
• US's stance on encryption and backdoors: The FBI official advised phone users to use phones with timely OS updates, responsible encryption, and phishing-resistant multifactor authentication. Despite recognizing encryption's security benefits, US officials have long sought backdoors for government access to encrypted communications. Cryptographer Bruce Schneier criticized backdoors, saying they can be used by criminal hackers and other nation-states.
• 1994 surveillance law: The Chinese hacking campaign raises concerns about the 1994 Communications Assistance for Law Enforcement Act (CALEA), which requires telecom companies to have surveillance capabilities. US Sen. Ron Wyden criticized telecom companies for lax cybersecurity and the government for mandating surveillance systems through CALEA. A Lumen spokesperson said there's no evidence of customer data access on its network.
• T-Mobile's actions: T-Mobile addressed the hacks in a blog post, suggesting its own network wasn't compromised and quickly severed the connection to the compromised provider's network. It couldn't identify the attacker's identity but reported the findings to the government. T-Mobile also highlighted its security measures and had faced data breach issues in the past. We contacted AT&T and Verizon but haven't received new information yet.