In response to an unprecedented cyberattack on telecommunications companies, U.S. officials are urging Americans to use encrypted messaging apps to protect their communications from foreign hackers. The hacking campaign, dubbed "Salt Typhoon" by Microsoft, is one of the largest intelligence compromises in U.S. history, with telecommunications giants such as AT&T and Verizon among the victims. The full extent of the breach is yet to be determined, and officials have not provided a timeline for when the country's telecommunications systems will be free of intruders.
"We cannot say with certainty that the adversary has been evicted," said Jeff Greene, executive assistant director for cybersecurity at the U.S. Cybersecurity and Infrastructure Security Agency. "We're on top of tracking them down … but we cannot with confidence say that we know everything, nor would our partners."
Greene, who spoke to the media along with an unnamed senior FBI official, suggested that Americans should use encrypted apps for all their communications.
Greene stated, "Our suggestion, what we have told folks internally, is not new here: encryption is your friend, whether it's on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible."
The hackers reportedly accessed three types of information. One type has been call records showing the time and numbers that phone calls were made. The second type has been live phone calls of some specific targets. The third is the system that telecommunications companies use in compliance with the Commission on Accreditation for Law Enforcement Agencies (CALEA), which allows law enforcement and intelligence agencies to track individuals' communications with court orders.
Despite the severity of the attack, the FBI official stated that the United States does not believe it was an attempt to sway election results but rather a massive espionage operation by China to gather intelligence on American politics and government.
In light of the attack, privacy advocates are encouraging the use of end-to-end encrypted apps. Signal and WhatsApp both automatically implement end-to-end encryption in both calls and messages. Google Messages and iMessage also can encrypt both calls and texts end to end.