TechDirt: “Last year almost a dozen major U.S. ISPs were the victim of a massive, historic intrusion by Chinese hackers who managed to spy on public U.S. officials for more than a year. The “Salt Typhoon” hack was so severe, the intruders spent much of the last year rooting around the ISP networks even after discovery. AT&T and Verizon, two of the compromised companies, apparently [didn’t think it was worth informing subscribers](https://www.nbcnews.com/tech/security/phone-hack-data-chinese-salt-typhoon-metadata-fbi-security-encr…
TechDirt: “Last year almost a dozen major U.S. ISPs were the victim of a massive, historic intrusion by Chinese hackers who managed to spy on public U.S. officials for more than a year. The “Salt Typhoon” hack was so severe, the intruders spent much of the last year rooting around the ISP networks even after discovery. AT&T and Verizon, two of the compromised companies, apparently didn’t think it was worth informing subscribers any of this happened. Many of the attack vectors were based on simple things like telecom administrators failing to change default passwords on sensitive hardware entry points. The hack, caused in part by our mindless deregulation and lax oversight of telecom monopolies, only saw a tiny fraction of the press and public attention reserved for our multi-year, mass hyperventilation about TikTok privacy and security. But on their way out the door, Biden FCC officials did try to implement some very basic cybersecurity safeguards, requiring that telecoms try to do a better job securing their networks and informing customers of breaches. Enter the Trump FCC under Brendan Carr, which is now rescinding that entire effort because lobbyists at AT&T, Verizon, Comcast, and Charter told them to:
“The Federal Communications Commission will vote in November to repeal a ruling that requires telecom providers to secure their networks, acting on a request from the biggest lobby groups representing Internet providers.”
In a folksy Halloween blog post, Carr tries to pretend this somehow improves cybersecurity. According to Carr, ISPs pinky swore that everything is fine now, and frames obvious regulatory capture as the agency being more “agile”:
“Following extensive FCC engagement with carriers, the item announces the substantial steps that providers have taken to strengthen their cybersecurity defenses. In doing so, we will also reverse an eleventh hour CALEA declaratory ruling reached by the prior FCC—a decision that both exceeded the agency’s authority and did not present an effective or agile response to the relevant cybersecurity threats. So, we’re correcting course.”
Let me be clear about something: the Biden rules were the absolute baseline for oversight of telecom, basically requiring that ISPs do the absolute bare minimum when it comes to securing their networks, while being transparent with the public about when there’s been a major hack. This stuff was the bare minimum, and the U.S. is too corrupt to even do that…”
Posted in: Cybercrime, Cybersecurity, E-Mail, E-Records, Government Documents, Internet, Privacy