Conversation

Notices

Embed this notice
Matt Blaze (mattblaze@federate.social)'s status on Sunday, 06-Oct-2024 01:34:40 JST Matt Blaze

We’ve been warning about this for literally three decades, ever since CALEA mandated wiretap-ready telecom infrastructure. And this is merely the latest example of how these dangerous interfaces can be turned against us by our adversaries.
https://mastodon.social/@fj/113253726161428151
In conversation about 2 months ago from federate.social permalink
Attachments
1. Domain not in remote thumbnail source whitelist: files.mastodon.social
  
  Frederic Jacobs (@fj@mastodon.social)
  
  from Frederic Jacobs
  
  Attached: 1 image China targeted and might have held for months access to the infrastructure used to do wiretaps on the AT&T and Verizon networks. This is a huge "told you so" moment for the cryptographic community that has been saying that such infrastructure does present a huge risk to national security. China reportedly used this capability for intelligence collection, obviously without a warrant ... https://www.wsj.com/tech/cybersecurity/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b?st=C5ywbp&reflink=desktopwebshare_permalink
- Embed this notice
  Matt Blaze (mattblaze@federate.social)'s status on Sunday, 06-Oct-2024 09:47:48 JST Matt Blaze
  in reply to
  
  Exploits of "lawful access" interfaces, such as the Chinese attack reported today by the WSJ, appeared almost immediately after they became standardized in the 90's. The most famous example is the case known as "the Athens Affair" https://spectrum.ieee.org/the-athens-affair .
  It was a bad idea then, and still a bad idea now.
  In conversation about 2 months ago permalink
  Attachments
  1. Domain not in remote thumbnail source whitelist: spectrum.ieee.org
    
    The Athens Affair
    
    from https://www.facebook.com/48576411181
    
    How some extremely smart hackers pulled off the most audacious cell-network break-in ever
  Another Linux Walt Alt likes this.
- Embed this notice
  Matt Blaze (mattblaze@federate.social)'s status on Sunday, 06-Oct-2024 09:47:50 JST Matt Blaze
  in reply to
  
  Tl;dr: creating one-stop shopping for attackers is a bad idea.
  
  In conversation about 2 months ago permalink
  
  Paul Cantrell repeated this.
- Embed this notice
  Matt Blaze (mattblaze@federate.social)'s status on Sunday, 06-Oct-2024 09:48:08 JST Matt Blaze
  in reply to
  
  Also, I'd be remiss if I didn't note that all the reasons that "lawful access" features in telecom infrastructure are risky apply at least equally to the periodically revived proposals for "key escrow" backdoors in cryptographic systems. Fortunately, we've mostly held back the tide on those, but they come up every few years. It would be a security disaster if they're ever mandated.
  
  In conversation about 2 months ago permalink
  
  Another Linux Walt Alt likes this.
- Embed this notice
  Matt Blaze (mattblaze@federate.social)'s status on Sunday, 06-Oct-2024 09:48:09 JST Matt Blaze
  in reply to
  
  Anyway, my "told you so" muscles are pretty weary at this point.
  
  In conversation about 2 months ago permalink
- Embed this notice
  Matt Blaze (mattblaze@federate.social)'s status on Sunday, 06-Oct-2024 09:48:10 JST Matt Blaze
  in reply to
  
  The Athens Affair is interesting for a number of reasons, but it's particularly notable that the switch that was compromised didn't actually have the CALEA option installed from the factory (since it wasn't then required in Greece). But it was added through a software update (induced by the attacker), and then exploited.
  
  In conversation about 2 months ago permalink

Public

Conversation

Notices

Feeds