The security community warned that making Lawful Access easy and automated would guarantee that bad people would penetrate the network.
And now we have China using CALEA-crippled systems to slurp up the entire USA network. Exactly as predicted.
And this - "outside of the norms of what we see in the espionage space" - LOL. ROTFL even. The NSA tapped Google's backbone! Have we forgotten Room 641A? MAINWAY? Poindexter and TIA? Palantir?
The NSA used to play defence and offence, and has gone full-offence for a generation. Did anyone really believe that only the USA could play offence?
A door with a lock can only be opened by those with a key...
as well as anyone that can pick the lock, jimmy the lock, remove the door from its hinges, remove the lock, break the door down, go under the door, go over the door, get somebody with a key to open the door, and many other methods which can be found with just a little imagination.
So what was the actual point of compromise? Was it a CALEA supporting software vendor? My guess is a common MD (Mediator device) vendor was targeted that was used by many carriers but that's speculation on my part.
Context for others, there's a small number of software vendors that make these MD devices that handle initiating a capture of a flow (a wiretapping request) and managing the chain of custody for a pcap. MDs usually sends an SNMP poll to a router/switch to start a (r)span port and the MD device slurps up all data and saves it.
Anyway, what I'm curious about is if it's the MDs that were taken over and if it was one manufacturer but I'm not seeing much technical info on all these reports.
The simple answer is that CALEA requires all traffic to be effectively in plain text. Once you impose that constraint, any decent router exploit gives you everything.
Most protocols that I use day-to-day are secure against simple passive interception. Either SSH or TLS encrypts just about every packet that leaves my network. This got much better with DNS over HTTPS (or TLS before that). Of course these protocols are sometimes susceptible to downgrade attacks, man in the middle compromises, etc, but none of that would be available to someone who was running a pcap without modifying the traffic streams.
So how would a simple MD attack affect me? Any sort of CALEA attack on a higher protocol layer (e.g. compromising Gmail at Google instead of capturing their traffic) would make sense, but not a pcap.
Take it one step further. Foreign threats are often manufactured or overplayed for their value in convincing American citizens to hand over even more power to their government.
>The NSA used to play defence and offence, and has gone full-offence for a generation.
And IIRC most of those people who used to work for the NSA now work at private firms like the NSO group, which is pretty scary when you think about it. It's hard to blame them though, if I was being offered the amount of money they were given, I would probably take it as well.
I recommend the book 'This Is How They Tell Me the World Ends' by Nicole Perlroth, it gives some good insights into what is going on behind the scenes (though with some of the major events which have happened since it was published some things may be outdated. Either way it's a good read.)
IMHO, the real "morons" (your word) are those deploying Chinese-fabricated SoCs (like the latest ESP32, LinkStar, etc) and mainboards with Chinese-written BIOS/EFI/UEFI (like Zima) on what an increasing number of "influencers" deem "Raspberry Pi alternatives". Even when you cite the websites about things like "Moonbounce", there is a generation of workers in the Business now that become outwardly enraged and irrational about the risk and otherwise stick their head firmly in the sand while quietly knowing what they have done and will therefore likely continue to do is costing us the Country. Even if this effort wasn't part of VOLT, it certainly is consistent with the LAW in China that all companies must have CCP management and implement all requests required of them by that management. The worst part is that when you publicly confront these companies with this fact, for example, in Discord, they don't even deny it, they simply respond solemnly that "the other side does it too." (True, but our guys don't currently sell prisoner kidneys.)
Hey, I'll bet you never look at that WiFi-"enabled" power bank or HEPA/AC unit again the same way (or my favorite AI response du jour "Some Chinese scooters come with a microphone integrated into a GPS tracker or helmet, while others can be customized with aftermarket solutions. There is no single model called "Chinese scooter with microphone," but rather multiple products and approaches that fit this description.") Errbody worried about the talking LLM parrot AI and your vehicle dashboard always listening (or even watching), but that's not the most serious threat we face now.
Unfortunately the problem is that your government is the one that has natural powers to inflict violence on you, but Chinese can't. (And vice versa for Chinese citizens)
Not sure if you're aware, but the organ harvesting allegations are complicated because the Falun Gong believe their adherents enjoy magical organ healing; the blind will see, kidneys become good again, etc., and that they are targeted specifically for their organs is an endorsement of their religion. So there's incentive for false claims, which I rarely see brought up.
PS: I've been downvoted on HN for years and years for mentioning this topic. Once, someone even summoned dang. One would think that by now, with this being out in the open (why did "China H2Oh" fail again? lol) but no..threat actors gone act.. Those smart enough to listen to words of someone with nearly five decades in the Business might not lose as much money as those who don't.
This is what we get for installing mandatory government backdoors all over our communications infrastructure. Unbelievable that such a critical piece of infrastructure wasn't secured properly. But after the OPM hack and the bungled implementation of CIA "drop sites" online, nothing about our government's cyber incompetence surprises me anymore.
I'm really tempted to stop using phone numbers, altogether. The security is really bad, and phone numbers are used for identification almost as often as social security numbers, but there's no requirement to have one.
Technically not. But not having a working phone number will quickly become a problem when you need to interact with authorities, banks, insurance companies, the legal system etc. I remember when cell phones were becoming affordable and I thought I was clever by ditching my land line. That got me no end of trouble, then bit by bit it became more normalized to the point that if you have a landline now people look at you a little funny. Not having a phone number today would be the same as not having a landline would have been in the early 90's, and probably much worse than not having a phone was back then.
Top tier state-sponsored actors don't need backdoors, their skill, resources, and persistance mean they can penetrate almost any system. Ascrbing this to mandatory backdoors distracts from the fact we need to improve cyber resilence and build better offense.
Reading the Atlantic Council's recent paper on what the US can do to counter the system China has created which funnels exploits to their government shows how mistatched the West is versus China. Paper here: https://www.atlanticcouncil.org/wp-content/uploads/2025/06/C...
I think your point is we need deeper security improvements than only patching back doors. But it does come across like saying “hackers don’t need to guess passwords to get in, therefore just use hunter2.”
If they don't NEED them, why do they always DEMAND them? The fact is that mandatory backdoors makes things easier for attackers. Counter offensive capabilities do not cancel out defensive vulnerabilities. Once your data is gone or your personnel killed, there's no taking it back.
You are being downvoted by anti-backdoor people, which is fine, but you highlight an interesting new facet of the discussion:
How do we build a functioning world where secrets are not required? By this I don’t mean “everyone behaves good and therefore has nothing to hide/fear” but rather, how do we function in a world in which secrets are simply not possible?
Computers can never be 100% secure. It’s just a matter of how many zeros one is willing to spend, especially when physical access to the hardware is so easy (for nation states).
They can be close enough to 100% as you like. Even if that was true, it does not excuse the morons who built the stuff for easy spying instead of reasonable security.
You only need to spend barely 7 zeros to defeat any organization in the world. About half of a single tank to defeat any commercial IT system no matter how much they spend on “security”.
I wrote the lawful intercept spec for a 3G GGSN node. So keep in mind that my knowledge of present day systems might be outdated. The spec was derived from pre-existing specifications for telephone equipment. One of the interesting things about lawful intercept is that it was supposed to hide from network management. Intercepts aren't logged at the network operator. The node being used in an intercept gives no indication that the intercept is happening.
IIRC the standard at the time was to enable intercepting up to 3% of traffic, without the surveillance target of course knowing, but also without their carrier knowing. Law-enforcement agencies used LI consoles on their own premises to order intercepts.
So it's not that lawful intercept was particularly easy to hack, it's that once it's compromised, detecting that it's being used nefariously is especially difficult. I would question whether anyone knows for sure when the compromise began, and how long it lasted.
It seems crazy to me that the network operator would have zero insight into any audit logs for lawful intercept. How would anyone know if someone broke in?
I can only speculate as to what they were thinking when they wrote those specs. Evidently they didn't trust network operators, or they thought that they were avoiding potential attack surfaces.
In addition to the privacy and policy and justice problems with LI, this exploit points to law enforcement agencies as the weak link. There are too many law-enforcement agencies that can initiate intercepts from systems that lack oversight and coordination.
Any discussion of Salt Typhoon should start with the unusual fact that it is still an active and uncontained incident, despite having been widely revealed in 2024. Typically we are accustomed to discussing lessons learned during a post mortem. This particular mortem has not yet posted. We are still owned and data continues to be compromised.
Man, good thing Doge and MAGA gutted 30% of that agency[1]. We certainly don't need a bunch of bureaucrats doing (checks notes) cybersecurity and infrastructure security right now.
>The FBI and CISA raised the alarm two months after The Wall Street Journal reported that hackers linked to the Chinese government have broken into systems that enable U.S. law enforcement agencies to conduct electronic surveillance operations under the Communications Assistance for Law Enforcement Act (CALEA).
>"These are for legitimate wiretaps that have been authorized by the courts," Hong says. But in hackers' hands, he says, the tools could potentially be used "to surveil communications and metadata for lots of people. And it seems like the [hackers'] focus is primarily Washington, D.C."
> What this really underscores is that what the PRC is doing through these proxy actors is really reckless and unbounded, in a way that is significantly outside of the norms of what we see in the espionage space,"
Given that the US intelligence community, with PRISM and Upstream and the like, hoovers up all the world's communications, I think the "norms" must be "nobody except the US was able to do this until now." Now China has shown that it can compete in the same space.
And yeah pretty much. I don’t know anything about anything but it feels like there is a hierarchy (norm? At least what they are trying to enforce) of US > Five Eyes > other Western Intel (France, etc) > Pakistan/Russia/Etc > China/North Korea/Iran; and Israel falls somewhere in that mix as a maverick. Of course in practice it doesn’t work out this way.
He's referring to the norm that only the American government is allowed to conduct unlawful mass surveillance of American citizens. Who do these Chinese think they are???
Indiscriminate targeting. It's clarified at the end of that paragraph, and was part of the article's lead-in:
"There's a thought among the public that if you don't work in a sensitive area that the PRC might be interested in for its traditional espionage activities, then you are safe, they will not target you," [deputy assistant director for the FBI's cyber division] said, during a Thursday interview with The Register. "As we have seen from Salt Typhoon, this is no longer an assumption that anyone can afford to make."
Yea, I wasn’t aware that there was a rule book for spies. I thought the only rule was “anything goes, but don’t get caught.” But perhaps I’m uninformed.
do we have other sources for this other than just this government’s?
i absolutely believe it may have happened, but due to overwhelming and well documented history of lies from this regime, i’d feel like i was standing on more solid footing with this if we had some reputable 3rd party sources. ideally someone who is far away from the hysterical levels of partisanship our current leaders have planted themselves.
again, i’m not in denial that it couldnt have happened, it’s just that unfortunately i think it would be unreasonable to trust anything from this regime’s people. and to reiterate, they have a long and very well documented history of outright lying. not even typical politician half truths, but shoving it in our face lying.
Anecdote, but I have a friend in cybersecurity in Australia, and he was telling me a few months ago that China basically has almost all the data they could want on almost all of the US.
Readit News
And now we have China using CALEA-crippled systems to slurp up the entire USA network. Exactly as predicted.
And this - "outside of the norms of what we see in the espionage space" - LOL. ROTFL even. The NSA tapped Google's backbone! Have we forgotten Room 641A? MAINWAY? Poindexter and TIA? Palantir?
The NSA used to play defence and offence, and has gone full-offence for a generation. Did anyone really believe that only the USA could play offence?
Morons.
as well as anyone that can pick the lock, jimmy the lock, remove the door from its hinges, remove the lock, break the door down, go under the door, go over the door, get somebody with a key to open the door, and many other methods which can be found with just a little imagination.
Context for others, there's a small number of software vendors that make these MD devices that handle initiating a capture of a flow (a wiretapping request) and managing the chain of custody for a pcap. MDs usually sends an SNMP poll to a router/switch to start a (r)span port and the MD device slurps up all data and saves it.
Anyway, what I'm curious about is if it's the MDs that were taken over and if it was one manufacturer but I'm not seeing much technical info on all these reports.
Here's some context for "LI" for those interested: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9...
So how would a simple MD attack affect me? Any sort of CALEA attack on a higher protocol layer (e.g. compromising Gmail at Google instead of capturing their traffic) would make sense, but not a pcap.
While for foreign citizens you can pretty much capture anything at will, without any need for FISA or warrants
And IIRC most of those people who used to work for the NSA now work at private firms like the NSO group, which is pretty scary when you think about it. It's hard to blame them though, if I was being offered the amount of money they were given, I would probably take it as well.
I recommend the book 'This Is How They Tell Me the World Ends' by Nicole Perlroth, it gives some good insights into what is going on behind the scenes (though with some of the major events which have happened since it was published some things may be outdated. Either way it's a good read.)
They havent forgotten their offensive operations, they never knew about it or never cared.
Hey, I'll bet you never look at that WiFi-"enabled" power bank or HEPA/AC unit again the same way (or my favorite AI response du jour "Some Chinese scooters come with a microphone integrated into a GPS tracker or helmet, while others can be customized with aftermarket solutions. There is no single model called "Chinese scooter with microphone," but rather multiple products and approaches that fit this description.") Errbody worried about the talking LLM parrot AI and your vehicle dashboard always listening (or even watching), but that's not the most serious threat we face now.
Reading the Atlantic Council's recent paper on what the US can do to counter the system China has created which funnels exploits to their government shows how mistatched the West is versus China. Paper here: https://www.atlanticcouncil.org/wp-content/uploads/2025/06/C...
How do we build a functioning world where secrets are not required? By this I don’t mean “everyone behaves good and therefore has nothing to hide/fear” but rather, how do we function in a world in which secrets are simply not possible?
So where is our deep, persistent infiltration of China?
This is ridiculous defeatism. You are going to need more 0's than exist in the global economy to crack many cryptosystems.
IIRC the standard at the time was to enable intercepting up to 3% of traffic, without the surveillance target of course knowing, but also without their carrier knowing. Law-enforcement agencies used LI consoles on their own premises to order intercepts.
So it's not that lawful intercept was particularly easy to hack, it's that once it's compromised, detecting that it's being used nefariously is especially difficult. I would question whether anyone knows for sure when the compromise began, and how long it lasted.
In addition to the privacy and policy and justice problems with LI, this exploit points to law enforcement agencies as the weak link. There are too many law-enforcement agencies that can initiate intercepts from systems that lack oversight and coordination.
https://www.theregister.com/2025/08/28/china_salt_typhoon_al...
[1] https://archive.is/20250603190111/https://www.axios.com/2025...
Deleted Comment
https://www.npr.org/2024/12/17/nx-s1-5223490/text-messaging-...
>The FBI and CISA raised the alarm two months after The Wall Street Journal reported that hackers linked to the Chinese government have broken into systems that enable U.S. law enforcement agencies to conduct electronic surveillance operations under the Communications Assistance for Law Enforcement Act (CALEA).
>"These are for legitimate wiretaps that have been authorized by the courts," Hong says. But in hackers' hands, he says, the tools could potentially be used "to surveil communications and metadata for lots of people. And it seems like the [hackers'] focus is primarily Washington, D.C."
What norms are he referring to?
And yeah pretty much. I don’t know anything about anything but it feels like there is a hierarchy (norm? At least what they are trying to enforce) of US > Five Eyes > other Western Intel (France, etc) > Pakistan/Russia/Etc > China/North Korea/Iran; and Israel falls somewhere in that mix as a maverick. Of course in practice it doesn’t work out this way.
Reminds me of the recent news that the US will ban Chinese components from undersea cables, globally: https://asia.nikkei.com/content/99550c9ade243fe057e8a2ba6f29...
(Some high value people do seem to be targeted for even more intensive spying.)
i absolutely believe it may have happened, but due to overwhelming and well documented history of lies from this regime, i’d feel like i was standing on more solid footing with this if we had some reputable 3rd party sources. ideally someone who is far away from the hysterical levels of partisanship our current leaders have planted themselves.
again, i’m not in denial that it couldnt have happened, it’s just that unfortunately i think it would be unreasonable to trust anything from this regime’s people. and to reiterate, they have a long and very well documented history of outright lying. not even typical politician half truths, but shoving it in our face lying.
https://www.verizon.com/about/salt-typhoon-matter-update