Originally published at: Pluralistic: China hacked Verizon, AT&T and Lumen using the FBI’s backdoor (07 Oct 2024) – Pluralistic: Daily links from Cory Doctorow
Today's links
- China hacked Verizon, AT&T and Lumen using the FBI's backdoor: There's no such thing as a backdoor that only works when 'good guys' use it.
- Hey look at this: Delights to delectate.
- This day in history: 2004, 2009, 2014, 2019
- Upcoming appearances: Where to find me.
- Recent appearances: Where I've been.
- Latest books: You keep readin' em, I'll keep writin' 'em.
- Upcoming books: Like I said, I'll keep writin' 'em.
- Colophon: All the rest.
China hacked Verizon, AT&T and Lumen using the FBI's backdoor (permalink)
State-affiliated Chinese hackers penetrated AT&T, Verizon, Lumen and others; they entered their networks and spent months intercepting US traffic – from individuals, firms, government officials, etc – and they did it all without having to exploit any code vulnerabilities. Instead, they used the back door that the FBI requires every carrier to furnish:
In 1994, Bill Clinton signed CALEA into law. The Communications Assistance for Law Enforcement Act requires every US telecommunications network to be designed around facilitating access to law-enforcement wiretaps. Previous to CALEA, telecoms operators were often at pains to design their networks to resist infiltration and interception. Even if a telco didn't go that far, they were at the very least indifferent to the needs of law enforcement, and attuned instead to building efficient, robust networks.
Predictably, CALEA met stiff opposition from powerful telecoms companies as it worked its way through Congress, but the Clinton administration bought them off with hundreds of millions of dollars in subsidies to acquire wiretap-facilitation technologies. Immediately, a new industry sprang into being; companies that promised to help the carriers hack themselves, punching back doors into their networks. The pioneers of this dirty business were overwhelmingly founded by ex-Israeli signals intelligence personnel, though they often poached senior American military and intelligence officials to serve as the face of their operations and liase with their former colleagues in law enforcement and intelligence.
Telcos weren't the only opponents of CALEA, of course. Security experts – those who weren't hoping to cash in on government pork, anyways – warned that there was no way to make a back door that was only useful to the "good guys" but would keep the "bad guys" out.
These experts were – then as now – dismissed as neurotic worriers who simultaneously failed to understand the need to facilitate mass surveillance in order to keep the nation safe, and who lacked appropriate faith in American ingenuity. If we can put a man on the moon, surely we can build a security system that selectively fails when a cop needs it to, but stands up to every crook, bully, corporate snoop and foreign government. In other words: "We have faith in you! NERD HARDER!"
NERD HARDER! has been the answer ever since CALEA – and related Clinton-era initiatives, like the failed Clipper Chip program, which would have put a spy chip in every computer, and, eventually, every phone and gadget:
https://en.wikipedia.org/wiki/Clipper_chip
America may have invented NERD HARDER! but plenty of other countries have taken up the cause. The all-time champion is former Australian Prime Minister Malcolm Turnbull, who, when informed that the laws of mathematics dictate that it is impossible to make an encryption scheme that only protects good secrets and not bad ones, replied, "The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia":
https://www.zdnet.com/article/the-laws-of-australia-will-trump-the-laws-of-mathematics-turnbull/
CALEA forced a redesign of the foundational, physical layer of the internet. Thankfully, encryption at the protocol layer – in the programs we use – partially counters this deliberately introduced brittleness in the security of all our communications. CALEA can be used to intercept your communications, but mostly what an attacker gets is "metadata" ("so-and-so sent a message of X bytes to such and such") because the data is scrambled and they can't unscramble it, because cryptography actually works, unlike back doors. Of course, that's why governments in the EU, the US, the UK and all over the world are still trying to ban working encryption, insisting that the back doors they'll install will only let the good guys in:
https://pluralistic.net/2023/03/05/theyre-still-trying-to-ban-cryptography/
Any back door can be exploited by your adversaries. The Chinese sponsored hacking group know as Salt Typhoon intercepted the communications of hundreds of millions of American residents, businesses, and institutions. From that position, they could do NSA-style metadata-analysis, malware injection, and interception of unencrypted traffic. And they didn't have to hack anything, because the US government insists that all networking gear ship pre-hacked so that cops can get into it.
This isn't even the first time that CALEA back doors have been exploited by a hostile foreign power as a matter of geopolitical skullduggery. In 2004-2005, Greece's telecommunications were under mass surveillance by US spy agencies who wiretapped Greek officials, all the way up to the Prime Minister, in order to mess with the Greek Olympic bid:
https://en.wikipedia.org/wiki/Greek_wiretapping_case_2004%E2%80%9305
This is a wild story in so many ways. For one thing, CALEA isn't law in Greece! You can totally sell working, secure networking gear in Greece, and in many other countries around the world where they have not passed a stupid CALEA-style law. However the US telecoms market is so fucking huge that all the manufacturers build CALEA back doors into their gear, no matter where it's destined for. So the US has effectively exported this deliberate insecurity to the whole planet – and used it to screw around with Olympic bids, the most penny-ante bullshit imaginable.
Now Chinese-sponsored hackers with cool names like "Salt Typhoon" are traipsing around inside US telecoms infrastructure, using the back doors the FBI insisted would be safe.
(Image: Kris Duda, CC BY 2.0, modified)
Hey look at this (permalink)
- Juice Rescue ⚡🔌🚗 https://juice-rescue.org
-
Privacy and security in your messages https://opcandado.citizensandtech.org
-
The Fed Took $3k From You and Gave it to Jamie Dimon https://www.thebignewsletter.com/p/monopoly-round-up-the-fed-took-3k
This day in history (permalink)
#20yrsago How the NSA broke crypto, and created civilian crypto industry https://www.schneier.com/blog/archives/2004/10/the_legacy_of_d.html
#20yrsago Brewster Kahle: Universal access to all human knowledge is possible https://craphound.com/kahleweb20.txt
#20yrsago HOWTO break Google Print DRM https://web.archive.org/web/20041011120549/http://vitanuova.loyalty.org/weblog/nb.cgi/view/vitanuova/2004/10/07/2
#15yrsago Japanese court overturns Winny ruling, says file-sharing software is legal even if used for infringement https://web.archive.org/web/20091009232138/http://mdn.mainichi.jp/mdnnews/national/news/20091008p2a00m0na016000c.html
#15yrsago Robert E Howard collection, HEROES IN THE WIND: revisit your heroic past https://memex.craphound.com/2009/10/08/robert-e-howard-collection-heroes-in-the-wind-revisit-your-heroic-past/
#15yrsago The criticism that Ralph Lauren doesn’t want you to see! https://memex.craphound.com/2009/10/06/the-criticism-that-ralph-lauren-doesnt-want-you-to-see/
#15yrsago Scott Westerfeld’s Leviathan: kick-ass young adult steampunk series starts with a bang, a hiss and a clank https://memex.craphound.com/2009/10/06/scott-westerfelds-leviathan-kick-ass-young-adult-steampunk-series-starts-with-a-bang-a-hiss-and-a-clank/
#10yrsago Profile of Daniel Pinkwater, “Pynchon for kids” https://forward.com/culture/206667/how-daniel-pinkwater-became-my-own-personal-guru/
#10yrsago Sore losers: How casinos went after two guys who found a video poker bug https://www.wired.com/2014/10/cheating-video-poker/
#10yrsago Fixing the unfixable USB bug https://www.wired.com/2014/10/unpatchable-usb-malware-now-patchsort/
#10yrsago 20 meaningful things you can do about climate change http://thischangeseverything.org/twenty-things-you-can-do-to-address-the-climate-crisis/
#10yrsago 10% of Americans have 10 or more alcoholic drinks every day https://www.washingtonpost.com/news/wonk/wp/2014/09/25/think-you-drink-a-lot-this-chart-will-tell-you/
#10yrsago $35 Firefox OS smartphone – back to the drawing board https://arstechnica.com/gadgets/2014/10/testing-a-35-firefox-os-phone-how-bad-could-it-be/
#5yrsago For the first time ever, taxes on the 400 richest Americans were lower than taxes on everyone else https://www.nytimes.com/interactive/2019/10/06/opinion/income-tax-rate-wealthy.html
#5yrsago Supreme Court greenlights lawsuit over Amazon’s wage-theft from warehouse workers https://www.reuters.com/article/us-usa-court-amazon-com/u-s-supreme-court-rejects-amazon-warehouse-worker-wage-appeal-idUSKBN1WM1FI/
#5yrsago Bernie Blindness: a subreddit for noting the way press narratives ignore or smear Bernie Sanders https://www.reddit.com/r/bernieblindness/top/
#5yrsago Checkm8: an “unstoppable” Iphone jailbreaking crack https://arstechnica.com/information-technology/2019/09/developer-of-checkm8-explains-why-idevice-jailbreak-exploit-is-a-game-changer/
#5yrsago After an injunction against Pacifica radio, New York’s WBAI is back on the air https://twitter.com/2600/status/1181423565389942786
#5yrsago How the “Varsity Blues” admissions scam punished deserving, hard working kids so that mediocre kids of the super-rich could prosper https://memex.craphound.com/2019/10/08/how-the-varsity-blues-admissions-scam-punished-deserving-hard-working-kids-so-that-mediocre-kids-of-the-super-rich-could-prosper/
#5yrsago Facebook’s 2016 election billboards: Buy all your elections with us! https://twitter.com/MarietjeSchaake/status/1180166896294887424
#5yrsago Podcast: Why do people believe the Earth is flat? https://ia601006.us.archive.org/35/items/Cory_Doctorow_Podcast_311/Cory_Doctorow_Podcast_311_-_Why_do_people_believe_the_Earth_is_flat.mp3
#5yrsago The cloud vs humanity: Adobe terminates every software license in Venezuela, keeps Venezuelans’ money https://helpx.adobe.com/la/x-productkb/policy-pricing/executive-order-venezuela.html
#5yrsago How this fine gentleman convinced me to donate $300 to Elizabeth Warren https://memex.craphound.com/2019/10/06/how-this-fine-gentleman-convinced-me-to-donate-300-to-elizabeth-warren/
#5yrsago The corrupt Brazilian prosecutors who locked up Lula now want to release him, to make him less sympathetic https://memex.craphound.com/2019/10/06/the-corrupt-brazilian-prosecutors-who-locked-up-lula-now-want-to-release-him-to-make-him-less-sympathetic/
#5yrsago Hi-rez, open-licensed recreation of the 1968 Disneyland souvenir map https://ia803109.us.archive.org/7/items/disneylandmap1968_201910/DisneylandMap1968Full.jpg
Upcoming appearances (permalink)
- “Come distruggere il capitalismo della sorveglianza” (Pisa/Remote), Oct 12
https://www.internetfestival.it/programma/come-distruggere-il-capitalismo-della-sorveglianza/ -
OKFN Tech We Want Online Summit (Remote), Oct 18
https://okfn.org/en/events/the-tech-we-want-online-summit/ -
SOSS Fusion (Atlanta), Oct 22
https://sossfusion2024.sched.com/speaker/cory_doctorow.1qm5qfgn -
Eagle Eye Books (Decatur), Oct 23
https://eagleeyebooks.com/event/2024-10-23/cory-doctorow -
TusCon (Tucson), Nov 8-10
https://tusconscificon.com/ -
International Cooperative Alliance (New Delhi), Nov 24
https://icanewdelhi2024.coop/welcome/pages/Programme
Recent appearances (permalink)
- Go Fact Yourself
https://maximumfun.org/episodes/go-fact-yourself/ep-158-aida-rodriguez-cory-doctorow/ -
The great decline of everything online (Lately podcast)
https://www.theglobeandmail.com/podcasts/lately/article-cory-doctorow-podcast-interview/ -
A Book Talk with Cory Doctorow and Woodrow Hartzog at BU Law
https://www.youtube.com/watch?v=Gkt9dlTX-gs
Latest books (permalink)
- The Bezzle: a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (the-bezzle.org). Signed, personalized copies at Dark Delicacies (https://www.darkdel.com/store/p3062/Available_Feb_20th%3A_The_Bezzle_HB.html#/).
-
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org). Signed, personalized copies at Dark Delicacies (https://www.darkdel.com/store/p3007/Pre-Order_Signed_Copies%3A_The_Lost_Cause_HB.html#/)
-
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
-
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com. Signed copies at Dark Delicacies (US): and Forbidden Planet (UK): https://forbiddenplanet.com/385004-red-team-blues-signed-edition-hardcover/.
-
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
-
"Attack Surface": The third Little Brother novel, a standalone technothriller for adults. The Washington Post called it "a political cyberthriller, vigorous, bold and savvy about the limits of revolution and resistance." Order signed, personalized copies from Dark Delicacies https://www.darkdel.com/store/p1840/Available_Now%3A_Attack_Surface.html
-
"How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59?sk=f6cd10e54e20a07d4c6d0f3ac011af6b) (signed copies: https://www.darkdel.com/store/p2024/Available_Now%3A__How_to_Destroy_Surveillance_Capitalism.html)
-
"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583; personalized/signed copies here: https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html
-
"Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627. Get a personalized, signed copy here: https://www.darkdel.com/store/p2682/Corey_Doctorow%3A_Poesy_the_Monster_Slayer_HB.html#/.
Upcoming books (permalink)
- Picks and Shovels: a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books, February 2025
-
Unauthorized Bread: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2025
Colophon (permalink)
Today's top sources: Matt Blaze (https://www.mattblaze.org/).
Currently writing:
- Enshittification: a nonfiction book about platform decay for Farrar, Straus, Giroux. Today's progress: words ( words total).
-
A Little Brother short story about DIY insulin PLANNING
-
Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. FORTHCOMING TOR BOOKS FEB 2025
Latest podcast: Spill, part one (a Little Brother story) https://craphound.com/littlebrother/2024/10/06/spill-part-one-a-little-brother-story/
This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
How to get Pluralistic:
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
Medium (no ads, paywalled):
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla