On Wednesday, December 18, the Cybersecurity and Infrastructure Security Agency (CISA) of the United States released guidelines demanding that government officials and political figures immediately stop using phones to make calls and send texts after major U.S. telecom companies were infiltrated by hackers associated with the Chinese Communist Party.
According to a report by Reuters on Wednesday, the guidelines issued by CISA emphasize that individuals holding high-ranking positions in government or politics should “immediately review and apply” a series of best practices related to mobile device usage.
The first recommendation in the guidelines is to “only use end-to-end encryption for communication.”
End-to-end encryption is a data protection technology that aims to prevent anyone other than the sender and receiver from accessing information. This technology is integrated into various chat applications, including Meta Platforms’ WhatsApp, Apple’s iMessage, and privacy-focused app Signal. Enterprise products that allow end-to-encryption also include Microsoft’s Teams and online meeting platform Zoom Communications.
Traditional phone calls or texts lack end-to-end encryption and can be monitored by phone companies, law enforcement agencies, or hackers who compromise the infrastructure of telecommunications companies.
This is what a network spy organization known as “Salt Typhoon” does, which U.S. officials say is controlled by the Chinese government.
Earlier this month, a senior U.S. official stated that at least eight American telecom and telecommunications infrastructure companies were targeted in cyberattacks by “Salt Typhoon,” resulting in the theft of “significant amounts of American’s metadata” during surveillance.
Last week, Democratic Senator Ben Ray Lujan expressed that this wave of intrusion is “likely the largest telecommunications hacking attack in our nation’s history.” It is still unclear whether government officials have devised strategies to counter and thwart these espionage attacks.
Jeff Greene, the Acting Assistant Director for Cybersecurity at CISA, mentioned on Wednesday that investigations are ongoing, with different targeted entities and personnel at various stages of response.
Greene highlighted that the intrusion by “Salt Typhoon” is part of a broader pattern of extensive activities by China (the CCP) targeting critical infrastructure. He emphasized the need for long-term defense against such activities.
Cooper Quintin, a senior technology expert at the Electronic Frontier Foundation, welcomed the guidelines. However, he expressed concern about the government steering its officials away from conventional phone networks, stating it is a significant indictment of the telecommunications operators managing national infrastructure.
Tom Hegel, a researcher at cybersecurity company SentinelOne, echoed Quintin’s support for the CISA guidelines, noting that Chinese hackers are not the only group persistently collecting insecure communications.
He emphasized that for various spies and hackers, if their targets adopt these security measures, they would lose valuable access.