tl;dr
Chinese hackers conducted the 'Salt Typhoon' cyberattacks on U.S. government and major telecommunication companies, compromising the call metadata of numerous Americans. U.S. officials have recommended using end-to-end encryption in response, with Zooko Wilcox-O'Hearn, creator of Zcash, highlighting...
"Salt Typhoon" cyberattacks by Chinese hackers prompt U.S. officials to recommend end-to-end encryption, signaling a potential shift in national security culture. Chinese hackers conducted the 'Salt Typhoon' cyberattacks on U.S. government and major telecommunication companies, compromising the call metadata of numerous Americans.
U.S. officials have recommended using end-to-end encryption in response, with Zooko Wilcox-O'Hearn, creator of Zcash, highlighting the significance of this shift. Services like Signal, WhatsApp, and iMessage, which use end-to-end encryption, are suggested for secure communication.
The FBI and CISA's call for encryption aligns with the ongoing debate around bills like the EARN IT Act, which is seen as a threat to encryption. Digital rights organizations advocate for "encryption by default," emphasizing the importance of strong encryption measures.
The ‘Salt Typhoon’ cyberattacks by Chinese hackers on governments and businesses have been described as a “watershed moment” by digital privacy advocates, after U.S. officials recommended the use of end-to-end encryption in their aftermath.
After U.S. Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) officials urged Americans to use encrypted messaging apps in the wake of the cyberattack, Zooko Wilcox-O'Hearn, creator of privacy coin Zcash, tweeted , "So apparently U.S. national security orgs are advising Americans to use end-to-end-encryption because the Chinese Communist Party is reading your unencrypted messages.”
He added that, “Hopefully this is the watershed moment when the U.S. law-enforcement and natsec culture flips to pro-encryption."
The cyberattack, dubbed Salt Typhoon, infiltrated at least eight major U.S. telecommunication companies earlier this year, including AT&T, Verizon and Lumen Technologies. A senior U.S. official told Reuters last week that the call metadata of a “large number” of Americans was compromised in the attacks.
China has denied involvement in the cyberattack, which has been linked to state actors from the People's Republic of China (PRC) by the FBI and CISA. Services such as Signal, WhatsApp, Google Messages and Apple iMessage all use end-to-end encryption for both calls and texts to keep them secure.
Speaking to Decrypt, Harry Halpin, CEO of decentralized virtual private network (VPN) Nym, explained that, "Text messaging is always insecure as text messages are unencrypted and authenticated. Same with voice messages. Text messages should not be used for two-factor authentication.” Instead, Halpin said, users should opt for "Signal, WhatsApp, iMessage, and two-factor authentication with apps,” adding that, “To be honest, I would also stop using normal voice calls and use encrypted internet voice calls."
The FBI and CISA’s call for Americans to use end-to-end encryption comes as bills such as the EARN IT Act go before Congress. The act, which would force Internet platforms to monitor user-generated content using client-side scanning, has been called a “direct threat” to encryption by global nonprofit the Internet Society.
In 2020, when the bill was first introduced to Congress, messaging app Signal, which uses end-to-end encryption for calls and texts, threatened to leave the U.S. if it was passed. In the immediate aftermath of the Salt Typhoon hacks, digital rights nonprofit the Electronic Frontier Foundation (EFF) called for U.S. policymakers to speak up in favor of “encryption by default,” arguing that, “there is no backdoor that only lets in good guys and keeps out bad guys.”