And now we have China using CALEA-crippled systems to slurp up the entire USA network. Exactly as predicted.
And this - "outside of the norms of what we see in the espionage space" - LOL. ROTFL even. The NSA tapped Google's backbone! Have we forgotten Room 641A? MAINWAY? Poindexter and TIA? Palantir?
The NSA used to play defence and offence, and has gone full-offence for a generation. Did anyone really believe that only the USA could play offence?
Morons.
as well as anyone that can pick the lock, jimmy the lock, remove the door from its hinges, remove the lock, break the door down, go under the door, go over the door, get somebody with a key to open the door, and many other methods which can be found with just a little imagination.
Context for others, there's a small number of software vendors that make these MD devices that handle initiating a capture of a flow (a wiretapping request) and managing the chain of custody for a pcap. MDs usually sends an SNMP poll to a router/switch to start a (r)span port and the MD device slurps up all data and saves it.
Anyway, what I'm curious about is if it's the MDs that were taken over and if it was one manufacturer but I'm not seeing much technical info on all these reports.
Here's some context for "LI" for those interested: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9...
So how would a simple MD attack affect me? Any sort of CALEA attack on a higher protocol layer (e.g. compromising Gmail at Google instead of capturing their traffic) would make sense, but not a pcap.
edit these network devices probably also carry voip/voice trunks from enterprise and possibly carriers such as VZW. No telling if those are encrypted or not. If China is able to tap that using these CALEA systems, I could see how that would be a big deal for stealing IP/secrets.
Does anyone here think even a decent portion of government officials are tech literate? (I'm not even convinced half of hacker new or half of programmers are tech literate! Instead only have basic literacy and high confidence) There's a few, but I'm not convinced it's that many. The vast majority of Congressmen don't even have an aid who specializes in tech. So do you think it takes any more than someone at the NSA saying "it's encrypted and only we can access it" for them to believe in this magic key? (And this is something we've seen NSA officials say)
Remember, in the senate only 12 members are under 50, 33 are 60-69, and 33 are over 70! In the house 20% are over 70, 43% over 60, and 70% over 50. Only 8% are under 40. Almost none of these people have ever programmed. Just think about how tech illiterate the average 20 year old is (even worse on a technology subreddit!) and we're talking about.
Come on guys. It's a choice between stupid old people and hyper intelligent deep state actors that are acting idiotically. I'd put money on aliens before I'd put money on the later
> You can get aides so I’m not worried about their ages.
>> The vast majority of Congressmen don't even have an aid who specializes in tech.
What they also told me is that most of the expert advice tends to come through lobbying. Or "industry relationships" as he put it while using air quotes. It's a budgeting problem, not just that it is hard to get a competent tech aid at such a low salary but even just a handful of domain expert aids in the first place.
I am going mostly off of what this guy told me but I have no good reason to distrust him. (It felt like talking nerd to nerd, not with a politician)
While for foreign citizens you can pretty much capture anything at will, without any need for FISA or warrants
And IIRC most of those people who used to work for the NSA now work at private firms like the NSO group, which is pretty scary when you think about it. It's hard to blame them though, if I was being offered the amount of money they were given, I would probably take it as well.
I recommend the book 'This Is How They Tell Me the World Ends' by Nicole Perlroth, it gives some good insights into what is going on behind the scenes (though with some of the major events which have happened since it was published some things may be outdated. Either way it's a good read.)
They havent forgotten their offensive operations, they never knew about it or never cared.
Hey, I'll bet you never look at that WiFi-"enabled" power bank or HEPA/AC unit again the same way (or my favorite AI response du jour "Some Chinese scooters come with a microphone integrated into a GPS tracker or helmet, while others can be customized with aftermarket solutions. There is no single model called "Chinese scooter with microphone," but rather multiple products and approaches that fit this description.") Errbody worried about the talking LLM parrot AI and your vehicle dashboard always listening (or even watching), but that's not the most serious threat we face now.
Here [1] is one example of a couple Chinese police in NYC but I can not find the links to the groups in Los Angeles.
[1] - https://www.pbs.org/newshour/politics/2-men-arrested-on-char...
This only became a problem when the mortgage was paid off last year and despite getting emails about it, I got a registered letter saying they must talk to me and that haven’t been answering my phone. So I call them as instructed and it was just a “you’re done. We’ll be mailing you documents to send to your insurer. Thanks for your business.”
FWIW: I’ve never personally owned a land line. The last time I ever lived somewhere with one was 19 years ago.
The bigger problem with Google Voice is that Google's email gateway for SMS is awful. It cuts off outgoing messages after two carriage returns, strips out single carriage returns, and won't send me group messages, instead sending me a link to the message, and even that only rarely, usually not even notifying me that I received a group message.
I've found a few alternatives, and I wouldn't mind paying a few dollars a month for one, but every one I've looked into requires I upload a copy of my photo ID, and I'm definately not going to do that.
There are easily hundreds of comments on HN from people in Europe who assure us all that this is solely an American problem, and that it never happens anywhere else.
There's no way the legal system could require a phone number, because the government overplays their support for the homeless, and being able to work with people that don't have phone numbers is a big part of that.
Reading the Atlantic Council's recent paper on what the US can do to counter the system China has created which funnels exploits to their government shows how mistatched the West is versus China. Paper here: https://www.atlanticcouncil.org/wp-content/uploads/2025/06/C...
How do we build a functioning world where secrets are not required? By this I don’t mean “everyone behaves good and therefore has nothing to hide/fear” but rather, how do we function in a world in which secrets are simply not possible?
I think sliding down towards "I have no privacy" end of the spectrum is bad for both the citizens and the society. Stopping the this slide is a worthwhile goal. My 2c.
So where is our deep, persistent infiltration of China?
This is ridiculous defeatism. You are going to need more 0's than exist in the global economy to crack many cryptosystems.
It's also possible to design systems with an intermediate level of security. With your attitude, you might as well leave your house unlocked because any competent locksmith could break in.
https://www.blackduck.com/blog/understanding-apple-goto-fail...
Once you patch the bugs, they are patched. You eventually reach a state where there is no more surface area for bugs.
IIRC the standard at the time was to enable intercepting up to 3% of traffic, without the surveillance target of course knowing, but also without their carrier knowing. Law-enforcement agencies used LI consoles on their own premises to order intercepts.
So it's not that lawful intercept was particularly easy to hack, it's that once it's compromised, detecting that it's being used nefariously is especially difficult. I would question whether anyone knows for sure when the compromise began, and how long it lasted.
In addition to the privacy and policy and justice problems with LI, this exploit points to law enforcement agencies as the weak link. There are too many law-enforcement agencies that can initiate intercepts from systems that lack oversight and coordination.
https://www.theregister.com/2025/08/28/china_salt_typhoon_al...
[1] https://archive.is/20250603190111/https://www.axios.com/2025...
Nobody's saying that CISA would break down Verizon's doors and go to their keyboards and start pushing commits, but they sure as hell are working with the telecom industry.
https://www.npr.org/2024/12/17/nx-s1-5223490/text-messaging-...
>The FBI and CISA raised the alarm two months after The Wall Street Journal reported that hackers linked to the Chinese government have broken into systems that enable U.S. law enforcement agencies to conduct electronic surveillance operations under the Communications Assistance for Law Enforcement Act (CALEA).
>"These are for legitimate wiretaps that have been authorized by the courts," Hong says. But in hackers' hands, he says, the tools could potentially be used "to surveil communications and metadata for lots of people. And it seems like the [hackers'] focus is primarily Washington, D.C."
What norms are he referring to?
And yeah pretty much. I don’t know anything about anything but it feels like there is a hierarchy (norm? At least what they are trying to enforce) of US > Five Eyes > other Western Intel (France, etc) > Pakistan/Russia/Etc > China/North Korea/Iran; and Israel falls somewhere in that mix as a maverick. Of course in practice it doesn’t work out this way.
Reminds me of the recent news that the US will ban Chinese components from undersea cables, globally: https://asia.nikkei.com/content/99550c9ade243fe057e8a2ba6f29...
Objecting to calling Israel the west is at least as weird as including it in the context of this conversation.
What are we even talking about anymore? This sub thread is a weird digression on if it’s normal to include Israel in the phrase “western intelligence”. The US collaborates more with 5 eyes nations (2 of which are is the South Pacific) and Israel, be it Mossad or Unit 8200 than it does with France.
My contention is that the phrase Western Intelligence is a cultural signifier that has nothing to do with geography. And that pointing out that Israel is not in the west (while not doing the same for New Zealand) is more strange than including them by default.
It's a tilted west.
Look, I know it's cultural much more than geographical. But Australia can easily be both. It's not actually a counterexample.
Imagine if there were movements in Switzerland to move to certain areas to push out the speakers of some local dialect, and literally organized home-buying in groups to get them out?
"There's a thought among the public that if you don't work in a sensitive area that the PRC might be interested in for its traditional espionage activities, then you are safe, they will not target you," [deputy assistant director for the FBI's cyber division] said, during a Thursday interview with The Register. "As we have seen from Salt Typhoon, this is no longer an assumption that anyone can afford to make."(Some high value people do seem to be targeted for even more intensive spying.)
i absolutely believe it may have happened, but due to overwhelming and well documented history of lies from this regime, i’d feel like i was standing on more solid footing with this if we had some reputable 3rd party sources. ideally someone who is far away from the hysterical levels of partisanship our current leaders have planted themselves.
again, i’m not in denial that it couldnt have happened, it’s just that unfortunately i think it would be unreasonable to trust anything from this regime’s people. and to reiterate, they have a long and very well documented history of outright lying. not even typical politician half truths, but shoving it in our face lying.
Israeli government has current access to United States communications the same way China does.
Welp... that's quite a capable piece of surveillance.
I imagined it involved tapping to cell towers/cell infrastructure, but the details at the wikipedia page [1] suggest servers were hacked instead? Did they hack AT&T servers or something?
Side note, are there any ways to not get your data stolen in such cases? I would imagine using only a VPN might help, but if they're getting data from triangulation you couldn't do much short of turning off your phone, right?
don't use a phone number for anything. SIM should provide data only and be rovolved regularly.
The more detailed report someone posted does sound like this was hacked at the source, but a lot of the data can be bought legally on the open, not-even-too-grey market. Some journalists bought one of the location data sets and used it to demonstrate that you can identify intelligence agency employees from it (if someone spends almost every workday at one site belonging to the agency, occasionally visits the other one... the other place that "anonymous" user spends a lot of time at is likely the home of an intelligence agency employee).
If the industry wasn't selling it to anyone who asks, they'd still likely keep it in easily hacked places.
I wish the journalist had been a little cheeky and tried to get a quote from Angela Merkel.
China is the last group we should blame for this. Our government did this to us and must be held accountable or this will happen again, and again, and again.
The ban for anti-social networks to less 16yo is a good start but it does not fix the smartphone or telecommunication spy.
The need to ban twitter, tiktok, facebook and many others is a must.
That the government is unwilling to genuinely protect its own interests, for example, by preventing ordinary people's data from leaking abroad or ensuring real internet privacy, because without these things we are so unbelievably vulnerable, not just to influence operations designed with this data, but they'll know literally the whole economic structure of the EU, how many people work where, where a particular person works, etc.
They're not even preventing foreign countries from getting access to bank transactions.
When they're denied they cry terrorism, but reality is that if you have this knowledge you can say 'Oh, impossibleFork just moved to X, and he's an expert in Y, he's probably doing Z and W. Let's hire some guys to try the exact same thing, so that it'll be a business here instead of there'.
I don't understand how a government can expect the country it governs to have an economy when it allows this kind of data leakage.
We will.
Can't speak for every American, but I won't take offense. It's our job to protect our infrastructure, corporations and data. Not at all the responsibility of Europe, India or China. It's your job to protect yours.
Haven't seen anything from this. Any idea why? Low compliance in general? Telcos think they're big enough to ignore state regs?
Open source software doesn't have backdoors and it works fine for everyone.
You have to love those people. What happened to FBI mandated backdoors ? Have they ceased to function ? Or were they used by the "enemy" because it was easier for them ? Blaming the others works so well, why bother.
But state-sponsored cyber-war and other such aggressions are now considered normal daily life. Just as bad, U.S. MSM rarely reports American aggression towards others.
I was tired of paying for a spy device that steals my attention and tries to psychologically condition me.
> How has this impacted your daily life?
I've found that many people are so addicted to there phone that they genuinely can't comprehend how to function without one. I'm lucky to have been around longer than smartphones, and remember how to do these things. For instance, going to someones house and knocking on there door instead of sending a text. Sure one is a little harder and takes more time, but shows you care enough to do it. Sending a text is so easy AI bots do it.
I've had to seek out similar minded people. Most people just can't be bothered with someone who won't conform, so I seek out people who don't require me to have a phone to be my friend. I discovered quite quickly who was a good enough friend to come check on me, and also who I felt was important enough that'd I'd go too there house to see them. It may limit the size of my social circle, but I feel its a stronger relationship because of it.
There are absolutely no drawbacks that I'm aware of.
Likewise, if you're Jack Ma and they don't like what poem you quoted, all your stuff is now theirs and there aren't any silly laws to protect yourself. Absolutely 100% goal oriented to the steady increase in power of the communist party and absolutely no higher principles apply.
They are obviously different from other official Chinese components, and the private sector actors that support them. The distinction is also made because other firms sometimes have differing assessments and visibility.
"We installed a door so that any american police officer could enter the space station whenever they want. Too bad it imploded and all of the air escaped. "