Federal officials warned Tuesday that a massive Chinese hacking operation against American telecommunications companies hasn’t yet been fully expelled and that the best way to hide communications from Beijing’s spies is to use encryption.
Encryption is a technology that scrambles a message and requires a “key” to be able to see or hear it.
Different app makers and platforms have used the technology in various forms for more than a decade so governments and hackers that intercept them as they pass through telecommunications infrastructure will see only gibberish. While adopting the technology has historically prompted complaints from law enforcement agencies — including the FBI — it’s also a way people can communicate more privately.
Telecommunications companies tend to temporarily store call and SMS records — which phone number called or texted which, and when — and they briefly store the contents of SMS texts. Audio, however, is generally not recorded. That means it’s easier for hackers like those in the Chinese campaign, which Microsoft has nicknamed Salt Typhoon, to get massive amounts of data on phone records and some stored text messages, but they have to be targeted in listening to specific phone calls as they happen.
For everyday consumers, the simplest way to send encrypted messages or make encrypted calls is to use communications apps like Signal or WhatsApp that have implemented end-to-end encryption between other Signal and WhatsApp users. With end-to-end encryption, every user of an encrypted chat app holds the unique code to unscramble a message sent to that account. Importantly, the corporate owner and the operator of the app don’t have access to that key, so they won’t be able to unscramble an encrypted message even if a court demands it or it is hacked.
Signal and WhatsApp automatically protect all their messages that way with Signal’s encryption, which cryptographers find among the best that are commercially available.
Both apps also allow users to make encrypted phone calls with other users through the internet.
But even without apps like Signal and WhatsApp, many Americans frequently text with end-to-end encryption turned on, even if they don’t know it.
If iMessage users text other iMessage users or Google Messages users text other Google Messages users, those chats are automatically encrypted with the Signal protocol.
But when Google and iMessage users text users who use different texting applications, such as when an iMessage user texts a Google Messages user, the messages are encrypted only with Rich Communications Services, which in the U.S. are all decrypted by Google. While that means they’re in theory hidden from telecommunications companies, they’re not encrypted end to end, and they can be seen under court orders to Google or by hackers who might break into companies.
For phone calls, Google and Apple offer encryption if the calls are made through their internet-connected calling apps — Google Fi and FaceTime.
While the controversial app Telegram does offer what it claims is an option to message users with end-to-end encryption, some leading cryptographers are wary of endorsing it, noting that some of its code isn’t open to the public to test and that it doesn’t encrypt conversations by default.
The FBI began investigating Salt Typhoon in late spring or early summer. The U.S. believes Chinese intelligence hacked into AT&T, Verizon and Lumen Technologies and gained significant access, including records of phone calls and text messages for many people, particularly in the Washington, D.C., area. In some circumstances, affecting members of both the Trump and Harris campaigns, as well as the office of Senate Majority Leader Chuck Schumer D-N.Y., they were able to listen to phone calls.
China denied the accusation, as it routinely does when a Western company or government accuses it of deploying its vast cyberespionage capabilities. A spokesperson for China’s embassy in Washington said in an emailed statement that “China firmly opposes the US’s smear attacks against China without any factual basis.”
This article was originally published on NBCNews.com
