The Salt Typhoon Hack is a Giant Wake-Up Call

Recent revelations have shaken the U.S. telecommunications industry to its core. According to reports from major news outlets like the New York Times and Wall Street Journal, as well as confirmations from U.S. government agencies, a highly skilled group of hackers known as Salt Typhoon - believed to be backed by the Chinese government - has breached key components of the U.S. communications infrastructure. The group’s target? The communication systems that enable legally mandated wiretapping, with the apparent goal of surveilling high-ranking U.S. officials.

E2EE: A Critical Defense Against Threats Like Salt Typhoon

In light of these events, both the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are urging U.S. citizens, government officials, and industry leaders to adopt end-to-end encrypted (E2EE) communication tools for their everyday conversations. Why? E2EE ensures that only the intended recipients of communications can access the content. Even if hackers breach the servers of a communication provider, the contents of encrypted messages, calls, or files remain unreadable.

But what does end-to-end encryption mean? Sadly, there are many products that claim to be secure, but suffer from significant, insecure design compromises. To start with, remember that similar wiretapping backdoors that are being targeted by Salt Typhoon are built into many of the communication and collaboration products developed in the U.S., to comply with government mandates.

“End-to-end encryption” can’t just be a bolt-on feature or two, or marketing language, if you want it to protect you. It needs to be serious and thorough. For example, at Wire, our communication and collaboration platform was designed from the ground up to protect privacy and security. With Wire’s end-to-end encryption, only the end users involved in a conversation can decrypt the data. Ever. This means that even if our servers - or any intermediate systems - were to be compromised, the content of messages, calls, and files remains protected from prying eyes.

A Wake-Up Call for Government Officials and Industry Leaders

It’s essential that high-ranking government officials and politicians, as well as U.S. industry leaders, recognize the magnitude of this threat. Salt Typhoon appears to have targeted government communications, but the depth of their intrusion means that everyone - regardless of whether they’re a government official - could potentially be vulnerable.

Organizations working on sensitive projects, whether in technology, intellectual property, research and development, or other critical areas, are especially at risk. The Salt Typhoon hack may be just the beginning, and we encourage all leaders in these industries to take proactive measures in securing their communications.

How Wire Can Protect Your U.S. Communications

At Wire, we create cutting-edge E2EE technologies that ensure your communications are protected - even in a contested digital environment such as what’s playing out in the U.S. telecommunications sector.

• Open-source transparency: Our platform’s codebase is available on GitHub for scrutiny by anyone including security researchers and encryption experts, providing transparency and reassurance about our security claims. It is vital that any technology provider claiming to offer E2EE also proves those assertions by open-sourcing their code. This is because without the transparency of open-source code, customers and end-users fall back into the same old trust-based paradigm whereby unknown vulnerabilities or exaggerated or false claims about security puts customer data at risk. 
   
• Zero trust: In today’s threat landscape, adopting a zero trust approach is essential. Wire’s open-source, E2EE platform eliminates the need to trust any single entity or system, even our own. By making our code openly available for inspection, we allow anyone to verify the integrity of our encryption. This ensures that only the intended recipients can access communications, making it impossible for hackers, malicious insiders, or even compromised infrastructure to eavesdrop on conversations or intercept data.
  
  
• Messaging Layer Security (MLS): We support the latest in encrypted communication technologies, such as MLS, ensuring that messages remain secure, even as user groups expand from dozens or hundreds of users to thousands or tens-of thousands of users, for true enterprise-ready deployments.
  
  
• Post quantum security: Wire has leveraged the crypto-agility property of MLS to implement support for post-quantum secure encryption methods. This same crypto agility property enables Wire to maintain a forward looking posture through the ability to rapidly implement support for new and emerging encryption methods in the race to protect data from the impending arrival of quantum computers which are expected to deeply compromise conventional encryption technologies.
  
  
• Federated E2EE communication: Wire allows secure communication across multiple deployments—whether you’re using our cloud-based service or on-premises solutions for sensitive industries.
  
  
• Sovereign data hosting: For government entities and regulated industries, Wire offers on-premises and private cloud deployment options, ensuring that data remains within national borders and subject to local laws and regulations.
  
  
• Secure cloud options: Organizations that prefer a SaaS solution can still enjoy the highest standards of E2EE through our secure cloud deployments.

In addition to paid offerings for governments and private-sector customers, we believe in the importance of secure communication for everyone. That’s why we offer Wire Free, our E2EE service available to anyone at no cost. Whether you’re a public servant, business leader, or simply someone who values their privacy, Wire Free empowers individuals with the same world-class protection that our enterprise customers enjoy.

Stay Vigilant, Stay Protected

The Salt Typhoon hack serves as a reminder that cybersecurity threats are constantly evolving, and no one is immune. However, by adopting the right tools, we can stay ahead of these threats. Wire is committed to providing the most secure communication solutions, and we’re proud to help protect your privacy in an increasingly connected world. Learn more at wire.com, or if you know you’re ready to explore, contact us.