this post was submitted on 07 Dec 2024

336 points (98.0% liked)

memes

10693 readers

2779 users here now

Community rules

1. Be civil

No trolling, bigotry or other insulting / annoying behaviour

2. No politics

This is non-politics community. For political memes please go to [email protected]

3. No recent reposts

Check for reposts when posting a meme, you can only repost after 1 month

4. No bots

No bots without the express approval of the mods or the admins

5. No Spam/Ads

No advertisements or spam. This is an instance rule and the only way to live.

Sister communities

[email protected] : Star Trek memes, chat and shitposts
[email protected] : Lemmy Shitposts, anything and everything goes.
[email protected] : Linux themed memes
[email protected] : for those who love comic stories.

founded 2 years ago

MODERATORS

[email protected]

336

Everyone gangsta until you realize everything has been deeply compromised (lemmy.zip)

submitted 2 weeks ago* (last edited 2 weeks ago) by [email protected] to c/[email protected]

56 comments fedilink hide all child comments

The fun part is they don't know the extent of the comprise or how long it has been going on.

What happened is that CISA recently published a report stating that they think a lot of US telecommunications equipment has been compromised. It isn't a one time breach. They know that China has control over a unspecified amount of critical components. The malware China is using is extremely complex and very hard if not completely impossible to detect. China is very good at covering there tracks so even getting a sample of Malware is hard.

Because of all this, CISA is now recommending that people use encrypted messagers.

top 50 comments

sorted by: hot top controversial new old

[–] [email protected] 97 points 2 weeks ago (1 children)

This is why the old guard of tech and privacy was against a lot of the shenanigans you routinely encounter in any app or device. Bonus, the S in IoT stands for security.

[–] [email protected] 24 points 2 weeks ago

Security is last thing about Internet of thingS

[–] [email protected] 92 points 2 weeks ago (2 children)

Apparently, the hackers exploited the backdoor that was provided for "lawful surveillance" in the 3G spec. Imagine that.

[–] [email protected] 51 points 2 weeks ago (1 children)

Lol.

Seven years ago I spent hours trying to explain to my MP that this would happen if they weakened encryption and put in back doors.

He seemingly couldn't get his head round the fact that you have to assume foreign adversaries have access to everything in transit and they're not going to be worried about longer prison sentences designed to make up for weaker security.

I should send him an email asking if he understands the argument now it's coming from an American in a suit and not just one of the plebs.

[–] [email protected] 5 points 2 weeks ago* (last edited 2 weeks ago)

You absolutely should

Also include links to the human rights abuse done by the Chinese police. And the fact that South Korea almost just turned into a dictatorship.

[–] [email protected] 11 points 2 weeks ago (1 children)

My understanding is that the scope is totally unknown. I'm sure they exploited the crap out of those systems.

[–] [email protected] 14 points 2 weeks ago

At first, the F.B.I. and other investigators believed that China’s hackers used stolen passwords to focus mostly on the system that taps telephone conversations and texts under court orders. It is administered by a number of the nation’s telecommunications firms, including the three largest — Verizon, AT&T and T-Mobile. But in recent days, investigators have discovered how deeply China’s hackers had moved throughout the country by exploiting aging equipment and seams in the networks connecting disparate systems.

https://www.nytimes.com/2024/11/21/us/politics/china-hacking-telecommunications.html

Doesn’t look like they know (or are willing to share specifics as to) the full scope of the hack, but they seem to have a pretty good idea.

[–] Console_Modder 31 points 2 weeks ago* (last edited 2 weeks ago) (4 children)

So what would be an encrypted messenger? Telegram or a Matrix app like Element? Asking cuz I've been kinda hinting to my friends that maybe we should move away from Facebook Messenger, but all we do is share memes and YouTube videos... Occasionally we'll fuck with their stupid AI and make it write all responses in cuneiform or call everyone "shitass"

Edit: I can't spell for shit

[–] [email protected] 57 points 2 weeks ago (2 children)

Not Telegram. Signal is a better choice which has been audited by third parties and produces internal transparency reports.

[–] [email protected] 26 points 2 weeks ago

And it's open source!

[–] Console_Modder 15 points 2 weeks ago (1 children)

I've been leaning towards Matrix/Element, but I'll check out Signal and see what everyone else thinks. Thanks dood!

[–] [email protected] 18 points 2 weeks ago

Signal is pretty easy to get people into, too, I feel like.

[–] [email protected] 24 points 2 weeks ago (1 children)

Matrix is not always encrypted.

Signal, Simplex chat or any other well vetted messager. Avoid Telegram as it isn't encrypted and is tied to Russia.

[–] [email protected] 3 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Whut? When is matrix not encrypted somtetimes? Genuine question - I'm a matrix newbie and i thought that all was encrypted was the whole point O.o

[–] [email protected] 3 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

On the transport level it is encrypted but not on the server. To get E2EE you need to turn it on.

[–] [email protected] 7 points 2 weeks ago

It's been on by default for many years now.

[–] [email protected] 12 points 2 weeks ago (1 children)

We have been down this road before. There's nothing out there beating or close enough to signal.

https://soatok.blog/2024/05/14/its-time-for-furries-to-stop-using-telegram/ https://soatok.blog/2024/07/31/what-does-it-mean-to-be-a-signal-competitor/

[–] [email protected] 2 points 2 weeks ago* (last edited 2 weeks ago)

I'd argue Threema. The server code isn't open source, but the apps are auditable. You can use it without any other identifiers (phone number, email are optional). It comes from a private company, but they have had a good track record.

Edit: They also have a version on F-Droid, without proprietary components, that uses their own push protocol instead of Google's.

[–] [email protected] 3 points 2 weeks ago (1 children)

https://www.forbes.com/sites/zakdoffman/2024/12/03/fbi-warns-iphone-and-android-users-stop-sending-texts/

[–] Console_Modder 3 points 2 weeks ago

Oh. How fun. yay

[–] [email protected] 25 points 2 weeks ago (1 children)

What, they weren't recommending encrypted communication before?

[–] [email protected] 59 points 2 weeks ago (1 children)

They didn't want to compromise their ability to spy on us easily.

[–] [email protected] 12 points 2 weeks ago (2 children)

Note even with all of this they only recommend they use encrypted messaging. We should merrily go along with fb messenger or sms or whatever they swear is good.

[–] [email protected] 8 points 2 weeks ago

They recommended Signal:

https://www.forbes.com/sites/zakdoffman/2024/12/03/fbi-warns-iphone-and-android-users-stop-sending-texts/

[–] [email protected] 3 points 2 weeks ago

btw messenger isn’t the worst case scenario. 1-1 chats are e2ee.

it’s still facebook and it sucks, but it’s not as bad as SMS/calls

[–] [email protected] 21 points 2 weeks ago (2 children)

What breach happened

[–] [email protected] 54 points 2 weeks ago* (last edited 2 weeks ago) (2 children)

It not about one breach

CISA recently published a report stating that they think a lot of US telecommunications equipment has been compromised. It isn't a one time breach. They know that China has control over a unspecified amount of critical components. The malware China is using is extremely complex and very hard if not completely impossible to detect. China is very good at covering there tracks so even getting a sample of Malware is hard. They are constantly evolving and adapting it so it is very tricky to pinpoint and clean systems.

Because of all this, CISA is now recommending that people use encrypted messagers. Usually the government wants unfeathered access to data so that's how you know it is very bad.

[–] [email protected] 14 points 2 weeks ago (2 children)

unfeathered

Bone apple tea?

[–] [email protected] 5 points 2 weeks ago (2 children)

France is bacon.

[–] [email protected] 3 points 2 weeks ago

Finkle is Einhorn!

[–] [email protected] 2 points 2 weeks ago (1 children)

Madam cure me.

[–] [email protected] 2 points 2 weeks ago

Should of, would of, could of.

[–] southsamurai 1 points 2 weeks ago

If not, that's the best autocorrect I've ever seen lol

[–] Cracks_InTheWalls 7 points 2 weeks ago

Do you have a link to the report?

[–] [email protected] 17 points 2 weeks ago (1 children)

Salt Typhoon.

[–] [email protected] 6 points 2 weeks ago (1 children)

Sodium Tsunami.

[–] [email protected] 5 points 2 weeks ago

NaCl Cyclone.

[–] [email protected] 1 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

How much of this was delivered through the TikTok app?

[–] [email protected] 18 points 2 weeks ago (1 children)

None. It was built into the hardware. TikTok isn't telecommunications related

[–] [email protected] 5 points 2 weeks ago (1 children)

This was caused by lowest bidder decision making. Along with a tolerance for critical systems designed, developed and manufactured outside of North America and Western Europe. If a country doesn’t have a history of liberal democracy, they can never be fully trusted.

[–] [email protected] 1 points 2 weeks ago

I think trust is the problem honesty trust less and you won't have to worry as much.

load more comments