News: Salt in the wound

Monday, October 7, 2024

Salt in the wound

Oct 07, 2024

Driving the day

— A Chinese state-linked cyberattack on major U.S. telecom providers has compromised sensitive wiretapping systems, raising serious concerns about national security and law enforcement capabilities.

HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! I’m halfway through “The Brothers Karamazov” and I think it’s already topped my list of best books. Sorry, “The Giving Tree.”

Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Find me on X at @JGedeon1 or email me at jgedeon@politico.com. You can also follow @POLITICOPro and @MorningCybersec on X. Full team contact info is below.

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

Today's Agenda

National Academy of Medicine President Victor Dzau and National Academy of Sciences President Marcia McNutt are headed to the Johns Hopkins Berman Institute of Bioethics. 8:45 a.m.

CIA Director William Burns and acting chair of the National Intelligence Council, Michael Collins, are in Georgia for Day 3 of the 2024 Cipher Brief threat conference. Starts at 9 a.m.

Critical Infrastructure

WIRETAP WORRIES — The Wall Street Journal report this weekend revealed that Chinese state-linked hackers have penetrated the networks of major U.S. telecom providers, including Verizon, AT&T, and Lumen Technologies. But what's got cyber experts on edge? The next level aggressiveness to possibly go after court-authorized wiretaps.

— Salt Typhoon's surge: Recently outed Chinese state-linked hacking group Salt Typhoon are said to be behind this latest incursion, though attribution is still unclear. But whichever group is behind this attack is looking to top the cybercriminal charts based solely on the sheer skill and brazenness needed for this type of campaign.

“Compromising ISP’s wiretaps is probably one of the most complicated and bold cyber operations a nation-state actor can execute,” said Sygnia CEO Ram Elboim. “It deals with extremely sensitive data and touches on both law enforcement and potential intelligence data.”

— I spy: The potential compromise of wiretapping systems is raising alarms in Washington — triggering separate House and Senate intelligence committee briefings by U.S. officials on Sunday.

Remember, these systems are crucial for law enforcement and counterintelligence operations and are within the realm of possibilities for a Chinese state-backed attack — possibly to dig up what dirt the U.S. had on them.

“I’d argue it is even within the realm of likelihood,” said Andrew Borene, the executive director of international markets and global security at Flashpoint and former senior official at the Office of the Director of National Intelligence, in an email. “Many CPC-directed espionage efforts are focused on large volume and constant efforts to steal any highly protected U.S. data.”

James Lewis, senior vice president at the Center for Strategic and International Studies and former diplomat, tells MC the wiretaps in question are mainly FBI, likely making it a counter-counter intelligence operation.

“The Chinese are probably looking to close the gaps in their operations in the U.S.,” Lewis said.

— Espionage or something more: While intelligence gathering seems to be the primary goal, some experts aren't ruling out more sinister motives. John Terrill, the chief information security officer at Phosphorus Cybersecurity, suggests that since infrastructure doesn’t run traditional cybersecurity software, access gained could be used for other purposes, potentially as a foothold for future operations.

“ISPs are a target for nation states as either a pivot point into another environment or as a collection point for a lot of data that traverses their infrastructure,” Terrill said. “It’s why when you’re thinking about attacker personas and capabilities, you don’t don’t worry that much about breaking encryption - unless you’re worried about nation states.

This breach also isn't occurring in isolation. U.S. officials have recently disrupted other China-linked campaigns, including Volt Typhoon and Flax Typhoon, targeting both critical infrastructure and consumer devices.

— Par for the course: The reporting around town indicates hackers may have had access for months or longer, raising questions about the extent of information compromised. Still, Lewis sees it as part of a broader geopolitical strategy.

“Always helps to know what the other side is up to,” Lewis said.

The International Scene

ONE YEAR OUT — It’s been a full year into all-out war in the Middle East, but the battlefield extends far beyond Gaza and Lebanon — it’s raging across social media platforms, state-backed news outlets and messaging apps.

Both pro-Israeli and pro-Hamas actors are waging information war to create a dizzying array of truths, half-truths and straight up fabrications that’ll only give us a taste of influence operations of the future.

“Things have worsened compared to a year ago,” McKenzie Sadeghi, the AI and foreign influence editor at misinformation tracker NewsGuard, tells MC. “The aims of these campaigns have also evolved.”

— Disinfo by the numbers: Since last October, researchers at NewsGuard have now identified 179 myths about the Israel-Hamas war, spread across 389 websites in multiple languages.

It’s even outpacing their data for the number of falsehoods from the Russia and Ukraine war (at about 250) which began a full year and a half earlier.

— Equal opportunity offenders: Pro-Hamas disinformation efforts have ranged from manipulated images to fake news reports mimicking Western media outlets. In April, pro-Iranian groups resorted to portraying its attacks against Israel as success by using outdated and unrelated military footage.

In pro-Iranian circles, one big narrative on messaging platforms has to do with weapons to Israel by Western allies, while Kremlin circles are also “very active” in the Middle East space, says Atlantic Council Digital Forensic Research Lab resident fellow Ruslan Trad.

“It is important to stress that in the last two months, the narratives have gone from being pro-Gaza and pro-Palestinian to being overtly pro-Iran and pro-Hezbollah,” Trad tells Morning Cyber.

But it's the pro-Israel campaigns that have been able to penetrate the upper echelon of U.S. political society, such as the widely-shared but unsubstantiated report of Hamas beheading 40 babies during the Oct. 7 attack that was repeated by President Joe Biden.

— State actors enter the chat: Iran, Russia, and China have emerged as the key players in spreading false pro-Hamas narratives, often converging on themes that undermine Western influence. These state attackers are alleged to be behind nearly 400 articles about pro-Palestinian protests on U.S. college campuses in just two weeks, according to NewsGuard.

Israel’s government has also been linked to disinformation campaigns, including one state-backed effort targeting over 120 U.S. lawmakers on social media trying to downplay human rights abuses, which we reported earlier this year.

— Platform problems persist: Social media giants also look like they’re struggling to keep pace with the flood of disinformation. NewsGuard found that on X, 74 percent of the most viral misinformation came from “verified” blue check-mark accounts.

— What’s next: The convergence of the multiple war fronts in the Middle East, the ongoing Russia-Ukraine war and the nearing U.S. presidential election just means that more room is being made for more sophisticated influence campaigns.

“Bad actors are capitalizing on these events to promote narratives that undermine Western influence and exacerbate societal divisions at a time when societies are distracted by multiple crises,” Sadeghi said. “The combination of ongoing conflicts and political turmoil has provided a much more fertile ground compared to a year ago.”

Tweet of the Weekend

Only sometimes worth it.

Source: https://x.com/lauriewired/status/1842416606439424264

Quick Bytes

ANOTHER ONE BITES THE DUST — The once-promising cybersecurity firm IronNet, founded by a former NSA director and staffed with elite intelligence personnel, has collapsed after failing to deliver on its overhyped promises, leaving behind bitter investors and employees. Alan Suderman for The Associated Press has the story.

SOME OTHER CYBERATTACK — Whatever it was, it wasn’t a ransomware attack that hobbled MoneyGram into a five-day outage, reports Lawrence Abrams for BleepingComputer.

ICYMI — “Election offices are preparing for a smooth voting process — and angry voters” (CyberScoop)

Follow us on Twitter