AT&T, Verizon blocking release of Salt Typhoon security assessment reports (reuters.com)
247 points by redman25 8 hours ago
Zigurd 5 hours ago
Many years ago I wrote a functional spec for lawful intercept in a 3G data node. It was based on a spec for a different product, so it contained a lot of institutional knowledge of how lawful intercept works.
A key element of the design of lawful intercept is not to trust the company running the network. Otherwise employees of that company would become targets for organized crime influence, among what are probably a few other considerations. The network operator isn't told about intercepts, and the relatively low rate of traffic intercept, the node has to support up to 3% of traffic intercepted, at least that was the spec at the time, makes it relatively easy for that traffic to be hidden from network management tools. It's not supposed to show up in your logs or network management reporting.
Intercepts originate on LI consoles operated by law enforcement agencies. This sounds pretty good so far. Until a hacker breaks into an LI console. Now that hacker can acquire traffic with pinpoint accuracy, undetected by design.
I have always been skeptical of claims that network operators have eliminated salt typhoon from their networks. I do not believe they know when the exploit began. Nor can they tell if their networks are truly free of salt typhoon activity. There are multiple vendors of LI console software. It's a standardized interoperable protocol to set up intercepts. So there's no one neck to wring.
jtbayly an hour ago
What is an LI console? Where is it installed that it has access to accomplish this?
ungreased0675 7 hours ago
These companies were required by the government to have lawful intercept capability. A bad actor took advantage of that government-required backdoor, and now the government has the shamelessness to grandstand about privacy and security? We need to elect better people.
illithid0 5 hours ago
I've worked as a security consultant with one or two companies (who shall remain nameless) whose sole product was a hardware device with a black-box software stack meant to be a plug-and-play lawful intercept compliance solution. Telecoms should be able to buy it, install it, and access a web panel to do their government-mandated business.
In the three or four year I worked with them, they would only let me do penetration testing of their user network, and never the segments where the developers were, and never the product itself. In speaking with their security team (one guy - shocker) during compliance initiatives, it was very clear to me that the product itself was not to be touched per the explicit direction of senior leadership.
All I can say is that if the parts of their environment they did let us touch are any indication of the state of the rest of their assets, that device was compromised a long time ago.
red-iron-pine 33 minutes ago
when I lived in NoVA I had a roommate that installed and serviced boxes that sound suspiciously similar.
SSL crackers to MITM all ISP user traffic
SunshineTheCat 6 hours ago
I agree with you on electing better people, but this is largely a systematic problem with how government works:
1. Propose bill to solve a problem which is either minor or completely misunderstood by the person proposing the bill 2. Pass bill, don't solve original "problem," creates 15 new, actual problems 3. Run on fixing all the new problems they created (and some others that don't exist) 4. Repeat
maltalex 6 hours ago
The problem isn't the back door. Every telecom company in every country provides access for "lawful intercept". Phone taps have been a thing for decades and as far as I know, require a warrant.
The problem is that telecoms are very large, very complex environments, often with poor security controls. Investing in better controls is hard, time-consuming and expensive, and many telecoms are reluctant to do it. That's not great great since telcos are prime targets for nation state hackers as Salt Typhoon shows.
Hacking the lawful intercept systems is very brazen, but even if the hackers didn't don't go as far, and "only" gained control of normal telco stuff like call routing, numbering, billing, etc. it still would have been incredibly dangerous.
forgotaccount3 6 hours ago
> many telecoms are reluctant to do it.
This really buries the lede. Telecoms are reluctant to do it because 'doing' it isn't aligned with their priorities.
Why would a telecom risk bankruptcy by investing heavily into a system that their competitors aren't?
If you want a back-door to exist (questionable) then the government either needs to have strong regulatory compliance where poor implementations receive a heavy fine such that telecoms who don't invest into a secure implementation get fined in excess of the investment cost or the government needs to fund the implementation itself.
maltalex 6 hours ago
ddtaylor 6 hours ago
The problem is the back door.
Decentralized systems don't have the same faults.
Just because you want to force a structure or paradigm doesn't absolve it of responsibility for the problem.
Hand waving the problem away because a company is bad at management or scale doesn't change anything.
KaiserPro 5 hours ago
maltalex 6 hours ago
gruez 7 hours ago
>and now the government has the shamelessness to grandstand about privacy and security? We need to elect better people.
Where's "the government [... grandstanding] about privacy and security"? It's getting blocked by the companies, not the government.
>She said Mandiant refused to provide the requested network security assessments, apparently at the direction of AT&T and Verizon.
observationist 6 hours ago
"US Senator says AT&T, Verizon blocking release of Salt Typhoon security assessment reports"
A US senator is using it for political grandstanding. She is an ineffective twit with no power and no principles, no right under law to receive what she demanded, and she made sure to run to the press with it "see! look, I'm a principled, powerful senator holding those evil corporations feet to the fire!"
The problem is that the vulnerability exploited by salt typhoon is a systemic flaw implemented at the demand of Cantwell and other of our legislative morons.
You cannot have an "only the good guys" backdoor. That doesn't work. People are bad, and stupid, and fallible. You can't make policy or exceptions that depend on people being good, and smart, and infallible.
She's using the inevitable consequence of a system she helped create for her own political benefit. She voted for the backdoor back in 94 against the strenuous and principled objections by people who actually know what they're talking about.
Bobblehead talking points should not serve as the basis for technical policy and governance, but here we are.
oasisbob 4 hours ago
Spivak 6 hours ago
charcircuit 5 hours ago
dmix 7 hours ago
Is this speculation or has that information come out already?
medina 7 hours ago
https://www.commerce.senate.gov/2025/12/experts-agree-u-s-co...
> “The Chinese government's espionage operation deeply penetrated networks of at least nine U.S. telecom companies, including AT&T and Verizon,” said Sen. Cantwell. “They exploited the wiretapping system that our law enforcement agencies rely on under the Communications Assistance for Law Enforcement Act -- known as CALEA. These systems became an open door for Chinese intelligence. Salt Typhoon allowed the Chinese operation to track millions of Americans’ locations in real time, record phone calls at will and read our text messages.”
xnx 7 hours ago
dmix 7 hours ago
downrightmike 22 minutes ago
Not even that, they have CVE 10 from 2019 on their routers, which the hackers got root on then patched, so they wouldn't be kicked off by other hackers. All because IT upkeep wasn't done and hardening on Cisco devices is a distinct admin guide and not at all on by default. The days are long gone of qualified and careful network admins, now we just get the low-ball outsourced Cisco TAC and the like which DGAF
briandw 4 hours ago
This was enabled by the Communications Assistance for Law Enforcement Act (CALEA), enacted in 1994. Congress made their bed, now they need to lie in. Time to remove the govt mandated backdoors.
bastardoperator an hour ago
I worked at Verizon almost 10 years ago, they hired a group come to come in and assess. Within 3-4 hours they pwned the entire place (including offices outside of the office we were in) through an unsecured windows jenkins machine/script console.
engelo_b 5 hours ago
blocking these reports is a huge blow to systemic risk management.
if the specific vectors of the breach aren't disclosed, the rest of the critical infrastructure ecosystem is basically flying blind. it feels like we're trading collective security for corporate reputational damage control.
farco12 an hour ago
This interview discusses potential vectors: https://www.cybersecuritydive.com/news/tmobile-salt-typhoon-...
bastard_op 5 hours ago
They don't want their backdoors they allowed and buffoonery in securing/managing them exposed. This is only the wireless providers, now what about all the residential ISP's like Comcast, Cox, Charter, etc? They're even more incompetent usually, I've worked for enough to know.
y-c-o-m-b 5 hours ago
A decent example of why implementing authoritarian policies is a bad strategy for the US; particularly coming from the current administration. We're only strengthening Chinese supremacy at this point and tearing the US apart in the process of trying to claw some back. We don't have what it takes to pull this shit off as well as China does. This is a failure at many levels: the uncoordinated surveillance, the gross lack of security, lack of skills, lack of knowledge, etc. and it extends to many aspects of American governance. Between the US putting significant traumatic pressure on its own citizens and companies doing mass layoffs in an increasingly unaffordable economy, this will push even more brain drain overseas, which only accelerates China's strengthening stance more.
MisterTea 3 hours ago
This very much feels like the old cold war dynamic between Russia and the USA with the roles reversed.
Zenul_Abidin 3 hours ago
The hackers already have it.
There is no reason to hide it from the general public.
ok123456 7 hours ago
If they simply implicated an "APT" in wrongdoing, they would have released it, as it would have been unremarkable and fit neatly within the Overton window of hissing-chinese spys justifying an even more expansive national security apparatus and general anti-sino sentiments among the ruling class in Washington.
This leads me to two possible, non-exclusive outcomes: the links to China are tenuous, and the attribution is flimsy (e.g., they accessed a machine at 9 am Beijing time!); or the report implicates the system itself as unauditable by design, which was bound to happen given the design of the intercept tools.
walletdrainer 6 hours ago
These reports would be useful for any other attacker interested in their infra, it’s obvious why the companies wouldn’t want to release them in this manner.
ok123456 3 hours ago
Yes, most organizations are shy to release reports that make them look incompetent or highlight systemic problems. That's why we have laws that now require disclosure of incidents that may have exposed customer data.
JasonADrury 2 hours ago
thinkthatover 5 hours ago
If they can't provide it to us for national security purposes, certainly they could to the appropriate congressional subcommittee
natas 5 hours ago
why does the government, any government, has a backdoor on anyone's phones to begin with?
pluralmonad 5 hours ago
Terrorists, drugs, the children, future excuse for the panopticon.
mikkupikku 5 hours ago
Wiretapping predates all of these sort of arguments. Wiretapping was invented at basically the same time that telephones themselves were and was underway for decades before the law even began to take note; the first major legal development in this regard was the Supreme Court saying cops could do it without a warrant in 1928 (they already had been the entire time.)
pluralmonad 5 hours ago
red-iron-pine an hour ago
translation: we got pwn3d, and badly
jbug187 5 hours ago
srsly doubt that these reports would ever be released publicly, but i'm curious if they might suggest that their recent high-profile extended outages are related to weaknesses that were easily exploited by bad actors.
learingsci 5 hours ago
Glad no comments here are directed at China. We vilify our own government, our businesses, even ourselves for being too naive or gasp having trust in our networks. But the actual perpetrators, China, we have no harsh words for. It’s like if Ukrainian citizens blamed themselves rather than Putin. That’s how thoroughly brainwashed most people (here) are.
ourmandave 4 hours ago
I have plenty of harsh words for China, but we know they and other countries are an ongoing threat so the criticism is why aren't we defending ourselves better?
bigyabai 4 hours ago
I'll actually steelman against this; there's nothing to criticize them for. The US does the exact same thing and supports regimes around the world that perpetuate cyber-terror as a weapon of asymmetrical conflict. The US has to come to the table for negotiation or secure itself accordingly.
Zigurd 3 hours ago
The sheer elegance of hacking a law enforcement intercept architecture that's designed to make intercept traffic hard to track would be so irresistibly satisfying to any hacker that I don't see how they could say "Nahhh, too far."
DeepYogurt 4 hours ago
Infosec is such a scam