U.S. Senators Accuse Department of Defense of Failing to Protect Communications
The Ongoing Chinese Hacking Campaign: A Threat to American Phone and Internet Giants
Two U.S. senators, Ron Wyden from Oregon and Eric Schmitt from Missouri, have accused the Department of Defense (DOD) of not doing enough to protect the communications of its military personnel. The senators argue that the DOD still relies too heavily on old-fashioned landline calls and unencrypted cellular calls and texts, which are vulnerable to snooping by foreign spies.
The Threats: Salt Typhoon and SS7
The senators specifically point to threats such as the Chinese government espionage group known as Salt Typhoon. This group was recently accused of breaking into major U.S. telecommunications providers, including AT&T and Verizon, to spy on Americans. Additionally, the senators mention SS7, a decades-old protocol that phone carriers around the world still use to route calls and texts. This protocol is routinely exploited for espionage, and its successor, Diameter, has similar weaknesses.
DOD’s Vulnerabilities
The DOD’s chief information officer (CIO) concedes that the department agrees SS7 and Diameter are not secure. However, the CIO writes that "there are limited protections" against these weaknesses, which are primarily the responsibility of telecommunications providers. The DOD relies on carriers’ own audits and third-party commissioned audits to ensure security, but has not reviewed these audits themselves.
The Senators’ Letter and Recommendations
Wyden and Schmitt are asking the DOD to reconsider its contracts with U.S. telcos and instead "renegotiate with the contracted wireless carriers, to require them to adopt meaningful cyber defenses against surveillance threats." The senators also recommend that the DOD share third-party cybersecurity audits with them if requested.
The Ongoing Chinese Hacking Campaign
The Chinese government’s hacking campaign is a significant threat to American phone and internet giants. Salt Typhoon has been accused of breaking into major U.S. telecommunications providers, including AT&T and Verizon, to spy on Americans. This highlights the need for the DOD to take action to protect its communications.
SS7: A Decades-Old Vulnerability
The SS7 protocol is a decades-old vulnerability that phone carriers around the world still use to route calls and texts. However, it is routinely exploited by foreign spies, including those from China. The senators argue that the DOD’s reliance on unencrypted cellular calls and texts puts its personnel at risk.
Diameter: A Successor with Similar Weaknesses
The Diameter protocol is a successor to SS7, but it has similar weaknesses. Global telcos have yet to adopt new methods to protect regular calls and texts in transit, leaving DOD employees vulnerable to surveillance threats.
Recommendations for the DOD
Wyden and Schmitt are recommending that the DOD:
- Reconsider its contracts with U.S. telcos
- Renegotiate with contracted wireless carriers to require meaningful cyber defenses against surveillance threats
- Share third-party cybersecurity audits with the senators if requested
Conclusion
The ongoing Chinese hacking campaign is a significant threat to American phone and internet giants. The DOD’s reliance on old-fashioned landline calls and unencrypted cellular calls and texts puts its personnel at risk. Wyden and Schmitt’s letter highlights the need for the DOD to take action to protect its communications.
Further Reading
- The Ongoing Chinese Hacking Campaign: A Threat to American Phone and Internet Giants
- SS7: A Decades-Old Vulnerability
- Diameter: A Successor with Similar Weaknesses