US officials are urging Americans to make calls and send text messages over encrypted apps to minimize the risk of private information falling into the hands of foreign adversaries who might still be lurking in America’s telecommunications networks, NBC News reports.
Two officials from the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) spoke with news outlets, including NBC News, Tuesday on the lasting effects of a recent attack on US telecommunications systems. The attack, which was tied to Chinese hacking group Salt Typhoon, impacted companies including AT&T, Verizon, T-Mobile and Lumen Technologies, The Wall Street Journal first reported in October. The Journal later reported that targets of the hack included phone numbers for people in the Donald Trump and Kamala Harris campaigns.
Two months after the initial report of the hack, malicious actors may still be able to gain access to sensitive information about Americans’ communications from the telecom networks.
An FBI official on the call, who was not identified in press reports, reportedly said hackers accessed information including call records showing phone numbers called and the times of the call, and in some cases actual live phone calls of certain targets. The Journal reported last month that hackers could have gained access to unencrypted texts as well.
Jeff Greene, executive assistant director for cybersecurity at CISA, told reporters on the call that the scale of the hack was so great that agencies could not possibly predict when there would be a “full eviction” of malicious material, NBC News writes.
“Encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication,” Greene said, according to NBC News. “Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible.” Services like Signal and WhatsApp offer end-to-end encrypted messaging that can obscure communications outside of the users involved in the call or text.
Law enforcement’s embrace of encrypted apps is particularly notable given that the FBI has previously railed against tech companies’ protectiveness over the technology. Though the FBI publicly says it does not oppose encryption, it has strict parameters on its support. The agency’s website states that it “does not want encryption to be weakened or compromised so that it can be defeated by malicious actors,” but wants companies that “manage encrypted data to be able to decrypt that data and provide it to law enforcement only in response to U.S. legal process.” That’s something tech companies say could undermine the whole system.