this post was submitted on 07 Dec 2024

336 points (98.0% liked)

memes

10637 readers

2282 users here now

Community rules

1. Be civil

No trolling, bigotry or other insulting / annoying behaviour

2. No politics

This is non-politics community. For political memes please go to [email protected]

3. No recent reposts

Check for reposts when posting a meme, you can only repost after 1 month

4. No bots

No bots without the express approval of the mods or the admins

5. No Spam/Ads

No advertisements or spam. This is an instance rule and the only way to live.

Sister communities

[email protected] : Star Trek memes, chat and shitposts
[email protected] : Lemmy Shitposts, anything and everything goes.
[email protected] : Linux themed memes
[email protected] : for those who love comic stories.

founded 2 years ago

MODERATORS

Tenthrow

The_Picard_Maneuver

[email protected]

336

Everyone gangsta until you realize everything has been deeply compromised (lemmy.zip)

submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/memes

56 comments fedilink hide all child comments

The fun part is they don't know the extent of the comprise or how long it has been going on.

What happened is that CISA recently published a report stating that they think a lot of US telecommunications equipment has been compromised. It isn't a one time breach. They know that China has control over a unspecified amount of critical components. The malware China is using is extremely complex and very hard if not completely impossible to detect. China is very good at covering there tracks so even getting a sample of Malware is hard.

Because of all this, CISA is now recommending that people use encrypted messagers.

top 50 comments

sorted by: hot top controversial new old

[–] nifty 95 points 1 week ago (1 children)

This is why the old guard of tech and privacy was against a lot of the shenanigans you routinely encounter in any app or device. Bonus, the S in IoT stands for security.

[–] [email protected] 24 points 1 week ago

Security is last thing about Internet of thingS

[–] jas0n 91 points 1 week ago (2 children)

Apparently, the hackers exploited the backdoor that was provided for "lawful surveillance" in the 3G spec. Imagine that.

[–] [email protected] 50 points 1 week ago (1 children)

Lol.

Seven years ago I spent hours trying to explain to my MP that this would happen if they weakened encryption and put in back doors.

He seemingly couldn't get his head round the fact that you have to assume foreign adversaries have access to everything in transit and they're not going to be worried about longer prison sentences designed to make up for weaker security.

I should send him an email asking if he understands the argument now it's coming from an American in a suit and not just one of the plebs.

[–] [email protected] 5 points 1 week ago* (last edited 1 week ago)

You absolutely should

Also include links to the human rights abuse done by the Chinese police. And the fact that South Korea almost just turned into a dictatorship.

[–] [email protected] 11 points 1 week ago (1 children)

My understanding is that the scope is totally unknown. I'm sure they exploited the crap out of those systems.

[–] cannedtuna 14 points 1 week ago

At first, the F.B.I. and other investigators believed that China’s hackers used stolen passwords to focus mostly on the system that taps telephone conversations and texts under court orders. It is administered by a number of the nation’s telecommunications firms, including the three largest — Verizon, AT&T and T-Mobile. But in recent days, investigators have discovered how deeply China’s hackers had moved throughout the country by exploiting aging equipment and seams in the networks connecting disparate systems.

https://www.nytimes.com/2024/11/21/us/politics/china-hacking-telecommunications.html

Doesn’t look like they know (or are willing to share specifics as to) the full scope of the hack, but they seem to have a pretty good idea.

[–] [email protected] 31 points 1 week ago* (last edited 1 week ago) (4 children)

So what would be an encrypted messenger? Telegram or a Matrix app like Element? Asking cuz I've been kinda hinting to my friends that maybe we should move away from Facebook Messenger, but all we do is share memes and YouTube videos... Occasionally we'll fuck with their stupid AI and make it write all responses in cuneiform or call everyone "shitass"

Edit: I can't spell for shit

[–] [email protected] 57 points 1 week ago (2 children)

Not Telegram. Signal is a better choice which has been audited by third parties and produces internal transparency reports.

[–] peopleproblems 26 points 1 week ago

And it's open source!

[–] [email protected] 15 points 1 week ago (1 children)

I've been leaning towards Matrix/Element, but I'll check out Signal and see what everyone else thinks. Thanks dood!

[–] kn33 18 points 1 week ago

Signal is pretty easy to get people into, too, I feel like.

[–] [email protected] 24 points 1 week ago (1 children)

Matrix is not always encrypted.

Signal, Simplex chat or any other well vetted messager. Avoid Telegram as it isn't encrypted and is tied to Russia.

[–] [email protected] 3 points 1 week ago* (last edited 1 week ago) (1 children)

Whut? When is matrix not encrypted somtetimes? Genuine question - I'm a matrix newbie and i thought that all was encrypted was the whole point O.o

[–] [email protected] 3 points 1 week ago* (last edited 1 week ago) (1 children)

On the transport level it is encrypted but not on the server. To get E2EE you need to turn it on.

[–] [email protected] 7 points 1 week ago

It's been on by default for many years now.

[–] devfuuu 12 points 1 week ago (1 children)

We have been down this road before. There's nothing out there beating or close enough to signal.

https://soatok.blog/2024/05/14/its-time-for-furries-to-stop-using-telegram/ https://soatok.blog/2024/07/31/what-does-it-mean-to-be-a-signal-competitor/

[–] [email protected] 2 points 1 week ago* (last edited 1 week ago)

I'd argue Threema. The server code isn't open source, but the apps are auditable. You can use it without any other identifiers (phone number, email are optional). It comes from a private company, but they have had a good track record.

Edit: They also have a version on F-Droid, without proprietary components, that uses their own push protocol instead of Google's.

[–] Anticorp 3 points 1 week ago (1 children)

https://www.forbes.com/sites/zakdoffman/2024/12/03/fbi-warns-iphone-and-android-users-stop-sending-texts/

[–] [email protected] 3 points 1 week ago

Oh. How fun. yay

[–] marcos 25 points 1 week ago (1 children)

What, they weren't recommending encrypted communication before?

[–] [email protected] 59 points 1 week ago (1 children)

They didn't want to compromise their ability to spy on us easily.

[–] [email protected] 12 points 1 week ago (2 children)

Note even with all of this they only recommend they use encrypted messaging. We should merrily go along with fb messenger or sms or whatever they swear is good.

[–] Anticorp 8 points 1 week ago

They recommended Signal:

https://www.forbes.com/sites/zakdoffman/2024/12/03/fbi-warns-iphone-and-android-users-stop-sending-texts/

[–] dzervas 3 points 1 week ago

btw messenger isn’t the worst case scenario. 1-1 chats are e2ee.

it’s still facebook and it sucks, but it’s not as bad as SMS/calls

[–] SendMePhotos 21 points 1 week ago (2 children)

What breach happened

[–] [email protected] 53 points 1 week ago* (last edited 1 week ago) (2 children)

It not about one breach

CISA recently published a report stating that they think a lot of US telecommunications equipment has been compromised. It isn't a one time breach. They know that China has control over a unspecified amount of critical components. The malware China is using is extremely complex and very hard if not completely impossible to detect. China is very good at covering there tracks so even getting a sample of Malware is hard. They are constantly evolving and adapting it so it is very tricky to pinpoint and clean systems.

Because of all this, CISA is now recommending that people use encrypted messagers. Usually the government wants unfeathered access to data so that's how you know it is very bad.

[–] [email protected] 14 points 1 week ago (2 children)

unfeathered

Bone apple tea?

[–] [email protected] 5 points 1 week ago (2 children)

France is bacon.

[–] Anticorp 3 points 1 week ago

Finkle is Einhorn!

[–] postmateDumbass 2 points 1 week ago (1 children)

Madam cure me.

[–] [email protected] 2 points 1 week ago

Should of, would of, could of.

[–] [email protected] 1 points 1 week ago

If not, that's the best autocorrect I've ever seen lol

[–] [email protected] 8 points 1 week ago

Do you have a link to the report?

[–] solrize 17 points 1 week ago (1 children)

Salt Typhoon.

[–] TropicalDingdong 6 points 1 week ago (1 children)

Sodium Tsunami.

[–] [email protected] 5 points 1 week ago

NaCl Cyclone.

[–] Anticorp 1 points 1 week ago* (last edited 1 week ago) (1 children)

How much of this was delivered through the TikTok app?

[–] Nastybutler 18 points 1 week ago (1 children)

None. It was built into the hardware. TikTok isn't telecommunications related

[–] ForgotAboutDre 5 points 1 week ago (1 children)

This was caused by lowest bidder decision making. Along with a tolerance for critical systems designed, developed and manufactured outside of North America and Western Europe. If a country doesn’t have a history of liberal democracy, they can never be fully trusted.

load more comments (1 replies)

load more comments