Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

BumRushDaShow

(144,242 posts)
Wed Dec 4, 2024, 03:46 AM Dec 4

U.S. officials urge Americans to use encrypted apps amid unprecedented cyberattack

Source: NBC News

Dec. 3, 2024, 4:01 PM EST


Amid an unprecedented cyberattack on telecommunications companies such as AT&T and Verizon, U.S. officials have recommended that Americans use encrypted messaging apps to ensure their communications stay hidden from foreign hackers.

The hacking campaign, nicknamed Salt Typhoon by Microsoft, is one of the largest intelligence compromises in U.S. history, and it has not yet been fully remediated. Officials on a news call Tuesday refused to set a timetable for declaring the country’s telecommunications systems free of interlopers. Officials had told NBC News that China hacked AT&T, Verizon and Lumen Technologies to spy on customers.

A spokesperson for the Chinese Embassy in Washington did not immediately respond to a request for comment.

In the call Tuesday, two officials — a senior FBI official who asked not to be named and Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency — both recommended using encrypted messaging apps to Americans who want to minimize the chances of China’s intercepting their communications.

Read more: https://www.nbcnews.com/tech/security/us-officials-urge-americans-use-encrypted-apps-cyberattack-rcna182694

29 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
U.S. officials urge Americans to use encrypted apps amid unprecedented cyberattack (Original Post) BumRushDaShow Dec 4 OP
OK ReRe Dec 4 #1
I hear you. SamKnause Dec 4 #2
Express VPN Windy Apple Dec 4 #3
VPN? ReRe Dec 4 #6
All set !! Windy Apple Dec 4 #8
All right, all right, all right!!! ReRe Dec 4 #10
Try this Windy Apple Dec 4 #4
From the article, eg WhatsApp or Signal muriel_volestrangler Dec 4 #5
Those apps Windy Apple Dec 4 #9
VPNs only encrypt all traffic *between the VPN endpoints*. For this security issue, you'll want a secure messaging app. sl8 Dec 4 #22
So... Windy Apple Dec 4 #29
Supposedly Apple's and Android's default messages apps are encrypted BumRushDaShow Dec 4 #7
Android to Apple is not encrypted. Basso8vb Dec 4 #26
I have been going through the SMS/RCS migration nightmare BumRushDaShow Dec 4 #27
Signal is free and serious. But the people you text also need to use it for real encryption. I think ProtonMail LauraInLA Dec 4 #24
The other day rambler_american Dec 4 #11
I know, right? tanyev Dec 4 #12
They could cover your groceries with MSG. JustABozoOnThisBus Dec 4 #13
Robohacking now thanks to AI Ponietz Dec 4 #14
Does China know I had a Walmart food delivery at 8pm last night? milestogo Dec 4 #15
My samsung phone did this with an automatic update. Jacson6 Dec 4 #16
I think this is aimed at government and business folks with sensitive info. usonian Dec 4 #17
That's what I was thinking but also to anyone involved in an election campaign BumRushDaShow Dec 4 #18
Since the trigger for this notice is the continuing (!) Chinese hack of telcos. I think it's aimed at business and govt. usonian Dec 4 #19
"I think it's aimed at business and govt." BumRushDaShow Dec 4 #20
Yup, I blew past 14,000 without noticing. usonian Dec 4 #21
The BumRushDaShow Dec 4 #23
I think there could actually be identity theft implications for everyone, though. When I think about some LauraInLA Dec 4 #25
Well, if they hack into anything I write they're going to be mighty, mighty bored. Vinca Dec 4 #28

ReRe

(10,910 posts)
1. OK
Wed Dec 4, 2024, 05:32 AM
Dec 4

So will someone please tell me where to get one of these encrypted messaging apps??!! ASAP, por favor!

ReRe

(10,910 posts)
6. VPN?
Wed Dec 4, 2024, 05:58 AM
Dec 4

Hey, I have a VPN and keep it on all the time. Does that mean I'm set? As a matter of fact, I think I have more than one.
Heck, I can't keep up with what all this stuff is called, let alone what it does.

ReRe

(10,910 posts)
10. All right, all right, all right!!!
Wed Dec 4, 2024, 06:12 AM
Dec 4

I'd be no where were it not for all you young whipper-snappers!

muriel_volestrangler

(102,693 posts)
5. From the article, eg WhatsApp or Signal
Wed Dec 4, 2024, 05:55 AM
Dec 4
Privacy advocates have long advocated using end-to-end encrypted apps. Signal and WhatsApp automatically implement end-to-end encryption in both calls and messages. Google Messages and iMessage also can encrypt calls and texts end to end.

The UK government was having an argument with both about end-to-end encryption last year,

WhatsApp, Signal and other messaging services have urged the government to rethink the Online Safety Bill (OSB).

They are concerned that the bill could undermine end-to-end encryption - which means the message can only be read on the sender and the recipient's app and nowhere else.

https://www.bbc.co.uk/news/technology-65301510

There has been a stand-off between the UK government and tech firms over a clause in the Online Safety Bill relating to encrypted messages.

These are messages that can only be seen by the sender and recipient.

The Bill states that if there are concerns about child abuse content, tech companies might have to access it.

But platforms like WhatsApp, Signal and iMessage say they cannot access or view anybody's messages without destroying existing privacy protections for all users, and have threatened to leave the UK rather than compromise message security.
...
The government has denied that its position has changed. In a statement in the House of Lords, the minister, Lord Parkinson, clarified that if the technology to access messages without breaking their security did not exist, then Ofcom would have the power to ask companies to develop the ability to identify and remove illegal child sexual abuse content on their platforms.

https://www.bbc.co.uk/news/technology-66716502

Windy Apple

(55 posts)
9. Those apps
Wed Dec 4, 2024, 06:09 AM
Dec 4

…will only protect you while specifically using them. A VPN will cover ALLof your internet interactions.

sl8

(16,273 posts)
22. VPNs only encrypt all traffic *between the VPN endpoints*. For this security issue, you'll want a secure messaging app.
Wed Dec 4, 2024, 12:31 PM
Dec 4

Last edited Wed Dec 4, 2024, 02:23 PM - Edit history (1)

VPNs create a secure, encrypted "tunnel" betwen two endpoints. With a commercial VPN such as ExpressVPN, one endpoint is your device and the other is on an ExpressVPN server. Once your traffic leaves that tunnel, it's longer hidden by the VPN.

A VPN won't encrypt traffic end-to-end between the message sender and recipient. For that you'll need a secure messaging app.

There's a reason why the feds are recommending that people who are concerned with message security use secure message apps rather than a VPN.

On edit:

BTW, ExpressVPN posted an article last month comparing/recommending two secure messaging apps:

https://www.expressvpn.com/blog/signal-vs-telegram-which-messaging-app-is-better/?srsltid=AfmBOooXkvj4yFskGXj60kzso79cjapDc8RVfoL_ulDZzuDRgxh7mMGs

PC Magazine reviewed secure messaging apps this month.

Windy Apple

(55 posts)
29. So...
Wed Dec 4, 2024, 05:23 PM
Dec 4

It encrypts on my device then unencrypts when on the internet then encrypted then unencrypted at this end?

Not really how it works

BumRushDaShow

(144,242 posts)
7. Supposedly Apple's and Android's default messages apps are encrypted
Wed Dec 4, 2024, 05:58 AM
Dec 4

but many people apparently use 3rd party messaging apps due to wanting other types of features, customizable layouts, and a better "look and feel".

Here is PC Magazine's list of some 3rd party ones that offer encryption - The Best Private Messaging Apps for 2024

Some are often talked about like "WhatsApp" (which is a Meta product) and "Telegram".

What's scary to me is that many of the RW loons use apps like Telegram.

Basso8vb

(458 posts)
26. Android to Apple is not encrypted.
Wed Dec 4, 2024, 01:55 PM
Dec 4

Android to android is.

Apple keeps playing childish games when it comes to texting between the two.

BumRushDaShow

(144,242 posts)
27. I have been going through the SMS/RCS migration nightmare
Wed Dec 4, 2024, 02:21 PM
Dec 4

They both want everyone only in their own ecosystems.

LauraInLA

(1,355 posts)
24. Signal is free and serious. But the people you text also need to use it for real encryption. I think ProtonMail
Wed Dec 4, 2024, 01:30 PM
Dec 4

might be a better option for texting non-secure users.

As an example, my husband, son, bil, and I all use Signal, and that’s the bulk of my texting. My husband (working in tech) uses Signal with all his work colleagues. If I want to text my friend who refuses to get Signal, we just use iMessages.

rambler_american

(853 posts)
11. The other day
Wed Dec 4, 2024, 07:58 AM
Dec 4

my wife texted me to pick up a package of celery. What interest can China possibly have in shit like that?

JustABozoOnThisBus

(23,825 posts)
13. They could cover your groceries with MSG.
Wed Dec 4, 2024, 08:36 AM
Dec 4

I don't encrypt my grocery lists, I just write them in cursive. Nobody (including me) can read my cursive.

Does that say "celery"? Or "yellow-cake uranium ore"?

milestogo

(18,274 posts)
15. Does China know I had a Walmart food delivery at 8pm last night?
Wed Dec 4, 2024, 10:12 AM
Dec 4

Because I did get a couple of texts about it.

Jacson6

(842 posts)
16. My samsung phone did this with an automatic update.
Wed Dec 4, 2024, 10:35 AM
Dec 4

I could no longer receive SMS messages from my online accounts and to charge my phone now I have to turn it off and plug it in to a charger.

Privacy & Internet security are a myth in the 21st Century.

usonian

(14,621 posts)
17. I think this is aimed at government and business folks with sensitive info.
Wed Dec 4, 2024, 11:34 AM
Dec 4

Apple to Apple and Google to Google texts are encrypted but messages from one to another are vulnerable, even with the new "RCS" protocol for richer content.

Signal is my alternative of choice, since WhatsApp is owned by Meta, i.e. Zuck, and I don't trust him as far as I can fart INTO THE WIND.

It also does video conferencing, and is not run by ogres; rather, by privacy advocates.

Do you trust Zuck, or someone with the colorful name Moxie Marlinspike?

Marlinspike every time.

BumRushDaShow

(144,242 posts)
18. That's what I was thinking but also to anyone involved in an election campaign
Wed Dec 4, 2024, 11:37 AM
Dec 4

because certainly, that has become a means for communications between campaign staff and/or candidates (particularly among the younger ones who look at you if you are crazy if you say "email" ).

usonian

(14,621 posts)
19. Since the trigger for this notice is the continuing (!) Chinese hack of telcos. I think it's aimed at business and govt.
Wed Dec 4, 2024, 11:51 AM
Dec 4

sensitive data that the Chinese would love to have.

I believe that they only targeted big shots of some importance, obviously unknown to me.

just connecting dots.

BTW, congrats on 143,000 posts. 🎉🎁🎈

BumRushDaShow

(144,242 posts)
20. "I think it's aimed at business and govt."
Wed Dec 4, 2024, 12:19 PM
Dec 4

Well before I retired from the feds, I had (required) a serious of encrypted blackberries (and some of my coworkers eventually got iPhones and/or iPads similarly encrypted). Our laptops had special OS images with approved software, that were encrypted (along with encryption of the BIOS of the machine and a HSPD-12 PIV card was required in a card reader when logging in). When connecting to the network remotely, it was done through a special VPN. We even had Ironkeys (encrypted drives) for USB stick file transfers.

So at least the federal government has been at it for awhile.

And thanks regarding the 143K! I knew I was getting close but MIRT and posting here hastens it along!

usonian

(14,621 posts)
21. Yup, I blew past 14,000 without noticing.
Wed Dec 4, 2024, 12:29 PM
Dec 4

Time flies when you're having fun.

and thanks for being a DU "bouncer"

Trolls be gone.

BumRushDaShow

(144,242 posts)
23. The
Wed Dec 4, 2024, 12:34 PM
Dec 4

trolls have been particularly obnoxious so it's been great to work with the huge team going 24/7 with disposal!!!

LauraInLA

(1,355 posts)
25. I think there could actually be identity theft implications for everyone, though. When I think about some
Wed Dec 4, 2024, 01:35 PM
Dec 4

of the info I share with my family (over Signal), linking it to my phone number could provide bad actors with some usable data. We all generally do not think enough about the personal info we share online. And don’t get me started on passwords .

Latest Discussions»Latest Breaking News»U.S. officials urge Ameri...