AT&T and Verizon China Hack: End-to-End Encryption is Critical But Not Enough
Learn why end-to-end encryption and zero-trust architecture are essential for secure enterprise communications in the wake of the China Salt Typhoon hack.
The recent revelations of China’s hack of western telecommunications providers across multiple countries are a red flag for corporate and government leaders who care about their sensitive data. The exfiltration of massive amounts of Internet data from western mobile and fixed line networks tells us that end-to-end encryption of internal data is table stakes, and that data protection requires a zero-trust, zero-knowledge, and post-quantum-friendly approach.
The Salt Typhoon Hack, Explained Briefly
As we all know, China operates a huge, multi-armed hacking operation as part of its foreign and commerce strategy, of which Salt Typhoon is just one instance. In October, U.S. government officials announced that this group had successfully hacked dozens of telecom providers as well as hotels and airlines in the U.S. and globally to access the data of U.S. political leaders and national security information. The Salt Typhoon operation utilized sophisticated techniques, tactics and procedures. In this case, they were able to exploit vulnerabilities in security and network equipment, as well as the existing backdoor portals used by U.S. government and intelligence agencies to perform court-authorized surveillance. Based on the types of targets, the goal of this hack appears to be primarily for cyber-surveillance purposes.
So what can corporate and government leaders learn from this hack? In this blog, we’ll cover some key lessons that highlight why Wire goes far beyond table stakes and delivers the world’s most secure enterprise communications platform.
Your Infrastructure Isn't and Won't Be Secure
The first lesson to take is that you should not count on your infrastructure to be secure. Most of the IT and network infrastructure that was hacked was operated by large businesses that have structured operations to patch software vulnerabilities, roll-out configuration updates, and upgrade hardware. If your business runs any sizeable amount of IT and network infrastructure, you know that it is impossible to always have the latest systems in place,or to instantly patch Common Vulnerabilities and Exposures (CVEs). Furthermore, attackers will always be a step ahead of defenders. Government and large criminal networks have technical resources and time on their side that enterprise and the vast majority of government agencies don’t. In short, you should expect that your sensitive data is already highly exposed to attackers.
Major U.S. Tech Firms Architect Their Software for Vulnerability
Despite the reality that you can’t count on infrastructure security in the face of advanced persistent threat (APT) actors like Salt Typhoon, you should be aware that U.S. tech companies in particular often build in significant vulnerabilities into their software, for two reasons. The first was brought to light in this hack–The U.S. government demands backdoor surveillance access to software. Ironically, this very backdoor capability made telco infrastructure more vulnerable to being hacked by malicious actors. Furthermore, many U.S. tech companies monetize the collection of customer metadata, so they build many insecure, open doors and windows into their software. For example, see our coverage of the intentional, massive backdoor left open by Microsoft Teams. This type of vulnerability isn’t a bug, it’s by design. You could say that exfiltration is a part of these companies’ business model. And that means they are inherently far more vulnerable than they should be to exploitation by third parties.
This is why Wire is based in Germany and Switzerland, with the world’s most stringent data privacy laws backing it. Wire doesn’t offer U.S .intelligence agency backdoors. Wire doesn’t monetize any customer data or metadata. And you can prove all of that for yourself by examining our open source code.
End-to-End Encryption Can't Be Security Theater
Given that your IT infrastructure is inherently vulnerable to attack, it goes without saying that you should use end-to-end encrypted communications in your business. That seems so simple, until you consider that mainstream tools like Teams, Zoom, Slack, etc. are far from delivering complete encryption. In too many cases, encryption is optional, doesn’t work for many use cases or at any level of scale. In other words, the tools that most organizations use for corporate collaboration only offer security theater when it comes to end-to-end encryption. Either your sensitive communications and file sharing are fully encrypted, end-to-end, or they’re not. If you leave large gaps in coverage, you should assume that someone you don’t want is reading your communiques and your sensitive data files.
This is why at Wire, we’ve dedicated years and years of work to making sure that every single communication element, from messaging to audio and video, from emojis to integrations, from small to enterprise-scale communications, is always end-to-end encrypted by default. There is no option to turn it off. In fact, it’s so invisible that users don’t even know that they’re using the world’s most secure communications and collaboration suite. Wire utilizes the Messaging Layer Security (MLS) protocol which scales to enterprise-class use cases, unlike consumer messaging platforms such as WhatsApp, Element, and Signal that implement encryption that operates on pairs of users and can’t scale effectively. Wire delivers comprehensive and scalable end-to-end encrypted security, not theater.
Zero-Trust, Zero-Knowledge and Transparency Are Must-Haves
The fact that Salt Typhoon could gain access to enough internal systems to surveil data and metadata in depth shows us that trusting data security the security of centralized systems is a fatal mistake. You should assume that any server involved in processing or relaying communications is going to be compromised. If that server holds the keys (literally or not) to tapping the details of the communications or tracking the metadata of communications and data flowing through it, then so-called “end-to-end encryption” won’t matter. A zero-knowledge architecture–one where hacking the servers that relay data can’t compromise the end-to-end security of the data–is an essential security capability.
Furthermore, any so-called security that allows god-like access to data communications by an IT administrator is bound for spectacular failure. The Slack data exfiltration breach at Disney is the perfect example. Zero-Trust must extend to all players, not just end-users.
Marketing being what it is, it’s important to not just take some vendor’s word that software is architected with the utmost security in mind, you need to be able to examine it for yourself. There is no security in obscurity.
This is why Wire implements complete zero-trust and zero-knowledge architecture with a transparent, open-source codebase. End-to-end encryption communications are only shared explicitly, with no default “root access” by any party. Zero-knowledge software means that an adversary can gain access to a Wire server and still get no data or metadata from it about any of the encrypted communications.
Post-Quantum Readiness Starts Now
If the present threat of getting your most sensitive data exfiltrated isn’t enough, it’s time to consider that exfiltration also means that your future communications can be compromised by the discovery of important data or metadata clues by malicious actors who can use advancing computing power to crack previously collected data. During World War Two, the Bletchely Park cryptographers used known phrase fragments to crack the “unbreakable” Enigma cypher. Exfiltrating large volumes of data offers that same possibility in the present day. Furthermore, the advent of quantum computing means that data secured with pre-quantum cryptography will become completely vulnerable to brute-force decryption attacks. That’s why Wire helped develop and has fully adopted the Messaging Layer Security (MLS) standard that provides for ciphersuite flexibility so you can implement post-quantum cryptographic standards when ready.
How to Get Started: Secure Your Crisis Communications
Trying to move your entire organization off insecure platforms such as Microsoft Teams, Slack, and Zoom can be a daunting IT systems project. That’s why so many of our customers choose to get started by adopting Wire as their fallback and crisis communications platform. This way, in the case that your systems are hacked by an APT, frozen by ransomware, or in some other way compromised by malicious actors, you will have an assured method to communicate securely and privately amongst your crisis management stakeholders. Learn more about our capabilities, and get started today.