Encrypted apps urged by lawmakers amid major Chinese telecom breach



U.S. officials are imploring individuals and companies alike to use encrypted messaging apps in order to minimize the chances of the communist Chinese regime intercepting their communications.

The recommendations coincide with the confirmation by a top U.S. security official this week of a historic state-sponsored hacking campaign that compromised at least eight American telecommunications companies, including AT&T, T-Mobile, and Verizon.

Microsoft dubbed the Chinese group responsible Salt Typhoon. Salt Typhoon, which has been active since at least 3020, is also occasionally referred to as GhostEmperor, Earth Estries, UNC2286 or FamousSparrow.

The Wall Street Journal first reported on the Salt Typhoon attack in September, noting that the hackers penetrated numerous broadband providers earlier this year, affording them a foothold within the broadband infrastructure with which to access private data and possible launch a ruinous cyberattack.

While exponents of the Chinese regime have repeatedly denied its role in the attack, American officials aren't buying what they are selling.

'Encryption is your friend.'

The Cybersecurity and Infrastructure Security Agency and the FBI issued a joint statement last month indicating that the U.S. government's "continued investigation into the People's Republic of China (PRC) targeting of commercial telecommunications infrastructure has revealed a broad and significant cyber espionage campaign."

"Specifically, we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders," said the agencies.

Rep. Jake Auchincloss (D-Mass.) stated on Nov. 29, "Salt Typhoon is the worst telecom hack in American history, and demands both a proportionate response to the Chinese Communist Party and increased accountability for U.S. corporations to prevent these intrusions."

Auchincloss suggested to CNN that the hackers were especially brazen, re-asserting themselves in the networks after being discovered.

An unnamed senior FBI official and Jeff Greene, executive assistant director for cybersecurity at CISA, told NBC News Tuesday that Americans should use encrypted messaging apps.

"Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it's on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible," said Greene.

"People looking to further protect their mobile device communications would benefit from considering using a cellphone that automatically receives timely operating system updates, responsibly managed encryption and phishing resistant" multi-factor authentication for email, social media and collaboration tool accounts, said the FBI official.

Greene indicated the networks remained compromised and that intelligence agencies cannot presently "predict a time frame on when we'll have full eviction."

The FBI, CISA, and the National Security Agency published a joint guide Wednesday, titled "Enhanced Visibility and Hardening Guidance for Communications Infrastructure," detailing ways that network engineers and "defenders of communications infrastructure" can harden their network devices against further exploitation by Chinese hackers.

"The PRC-affiliated cyber activity poses a serious threat to critical infrastructure, government agencies, and businesses. This guide will help telecommunications and other organizations detect and prevent compromises by the PRC and other cyber actors," Greene said in a statement.

'It should never have happened.'

The Biden White House's deputy national security adviser, Anne Neuberger, told reporters this week that none of the impacted companies have "fully removed the Chinese actors from these networks," reported the Associated Press.

"So there is a risk of ongoing compromises to communications until U.S. companies address the cybersecurity gaps the Chinese are likely to maintain their access," added Neuberger.

Neuberger added, "We don't believe any classified communications has been compromised."

After intelligence officials briefed members of the U.S. Senate Wednesday, Sen. Rick Scott (R-Fla.) reportedly expressed frustration, noting, "They have not told us why they didn't catch it; what they could have done to prevent it."

Sen. Richard Blumenthal (D-Conn.) said, "The extent and depth and breadth of Chinese hacking is absolutely mind-boggling — that we would permit as much as has happened in just the last year is terrifying," reported Reuters.

The Federal Communications Commission announced Thursday that it is "taking decisive steps to address vulnerabilities in U.S. telecommunications networks following the Salt Typhoon cyberattack, a sophisticated intrusion linked to foreign state-sponsored actors. These measures aim to safeguard critical communications infrastructure and ensure national security, public safety, and economic resilience in the future."

FCC commissioner Brendan Carr tweeted, "The Salt Typhoon intrusion is a serious and unacceptable risk to our national security. It should never have happened. I will be working with national security agencies through the transition and next year in an effort to root out the threat and secure our networks."

Like Blaze News? Bypass the censors, sign up for our newsletters, and get stories like this direct to your inbox. Sign up here!

Could a hacker blow up your EV remotely?



Pagers and walkie-talkies can be turned into remotely triggered bombs — so why not electric vehicles?

That was my first thought when I read about last month's coordinated attacks on Hezbollah — believed to have been orchestrated by Israel — in which pagers and walkie-talkies exploded across Lebanon, killing dozens and wounding thousands.

A thermal runaway event could be induced deliberately, even when the EV's 'ignition' is off — especially if a hacker gained access to the vehicle's battery management system.

While those devices appear to have been modified at some point during the supply chain, the principle behind turning them into deadly weapons is relatively simple: Heat the battery until it catches fire or explodes.

It could just as easily apply to EVs — as well as hybrids, plug-ins, or 48v cars, all of which use batteries much larger than in any handheld device.

Of course, these vehicles have a number of safety systems to prevent the battery from catching fire and overheating. But those safety systems run on software that can be hacked, especially since they are already years old by the time the vehicles are built and sold.

Roy Fridman, CEO and chief revenue officer for C2A Security, an Israel-based cybersecurity company focused on the automotive industry, recently said that one automaker told him that the software that controls a motor has two million lines of code. And that’s just the motor.

He stated, “You have hundreds of millions of lines of code inside a vehicle. If you were talking about autonomous vehicles, it's even more. But the number of lines of code in a vehicle is continuously growing.”

This code is vulnerable to exploitation thanks to wireless connections to the internet (for software updates) and to charging infrastructure. Vehicle-to-grid technology, which allows EV owners to sell their energy storage capacity to grid operators, requires connection to the electricity grid.

“The more communication protocols you have, the more lines of code you have, the more you are susceptible to [hacking],” Fridman said.

We already know the technology exists to disable cars remotely. Cybersecurity experts are also worried that EVs could be hacked to steal drivers' personal data.

As Fridman says, its plausible that someone could "create a battery overload and disable some of the protective mechanisms" within your car.

Lithium-ion batteries catch fire when they enter an uncontrolled, self-heating event called thermal runaway. Most often, it occurs due to damage or a defect in the battery. But such an event could be induced deliberately, even when the EV's "ignition" is off — especially if a hacker gained access to the vehicle's battery management system.

An overheated battery gives off toxic and flammable gases, which can cause an explosion. At the very least, it produces a smoldering, difficult-to-extinguish fire.

For more on this, see my video below:

Hackers push $460M crypto scam via soccer star’s X account — $1M lost in minutes



On Wednesday, hackers controlled soccer star Kylian Mbappe's X account and pushed a crypto scam on his 14 million followers.

ESPN reported that Mbappe is fresh off a transfer to Spanish soccer giant Real Madrid. The deal will see him make over $16 million per year in salary and receive a $166 million signing bonus spread out over the five years of his contract.

The soccer player hadn't made any posts on his X account for about two weeks until a hacker allegedly started sharing memes and statements to his 14.4 million fans.

'This person lost more than $1M in just 1 hour!'

The posts included mocking fellow soccer star Lionel Messi, trolling different professional teams, and even making political statements.

"F*** Israel," a post said with a clown emoji.

About six minutes later, the account made another post with four Palestinian flags, reading, "FREE PALESTINE."

Aside from the fun and games, the hacker promoted a crypto currency pump-and-dump scheme making off with a large sum of money.

With the stolen account, the hacker promoted the coin $MBAPPE, inflating its value by a reported 4,000%. According to Cointelegraph, the hacker's post boosted the coin's market cap to a whopping $460 million before it tanked to less than $100,000 in value.

The hacker made off with an alleged $100,000 profit in about an hour.

'Don’t fall for the $MBAPPE scam.'

However, some savvy investors, likely not involved in the scam, made some money by quickly buying and selling the coin.

One unknown person made a profit of about $125,000 when they bought shares worth $28 when the market cap was at just $80,000.

Other reports popped up about another investor losing around $1 million:

"Someone created a new wallet and spent [$1.03M] to buy ...$MBAPPE in a single transaction," the popular crypto page Lookonchain wrote.

"[It] is now only worth $9.2K. This person lost more than $1M in just 1 hour!"

The scam spread so rapidly that even popular trading platform Crypto.com warned its followers about falling for it.

"Don’t fall for the $MBAPPE scam," it wrote. "Scammers hacked Kyllian [sic] Mbappe's X account today to promote a scam," the attached image said.

Interestingly, the scam mirrors other schemes made by celebrities over recent years. Simply put, notable people can create a coin, buy a significant portion of it, and promote it to their followers as their latest project. Once the market cap is inflated, creators can sell off their shares for a profit. This may not rise to the level of criminal unless they recommend their followers buy-in.

According to Investopedia, a scheme becomes illegal when it makes promises/recommendations about a stock or security based on false, misleading, or greatly exaggerated statements.

Like Blaze News? Bypass the censors, sign up for our newsletters, and get stories like this direct to your inbox. Sign up here!

FBI Probes Trump Campaign’s Claims Of Hacked Files Amid Election Security Concerns

'Transparency is still our best deterrent'

Hackers can steal your data through HDMI cords: 'Governments are worried about this'



A new technique to capture data through HDMI cables is becoming more accurate and easier to decipher.

This technique allows savvy data thieves to spy on your screens, monitors, and, of course, smart TVs if they are in the right area or can capture signals.

While it is not exactly a remote operation for a would-be hacker, individuals may be able to take passwords, data, or anything else transmitted to your screen through an HDMI cable, with greater accuracy than previously thought.

Uruguay's University of the Republic told TechSpot that this method is already being used and thatT governments are aware of it.

'A new avenue for governments and criminals to spy on your data.'

Hackers could potentially steal data from government sources by planting a discreet signal-capturing device within a building or target area to gather electromagnetic signals. Alternatively, a radio antenna could capture signals from HDMI cables outside a government installation.

The HDMI signals leak some electromagnetic radiation transmitted between the source and the display, and then hackers capture those signals, extract the data, and decipher it.

The Uruguayan research team trained an artificial intelligence model based on existing samples of electromagnetic radiation to decipher intercepted signals. This resulted in reconstructing the HDMI signals to 70% completion, which was reportedly good enough to read what was on the screen.

"Your HDMI being hacked is a new avenue for governments and criminals to spy on your data," said Return's managing editor, Peter Gietl. "Although it remains to be seen how effective this attack will be, there is a wide variety of ways for nefarious actors to access your private information. Unfortunately, if the NSA really wants your data, they will most likely be able to get to it."

Return has previously published "The ultimate Return guide to escaping the surveillance state" to give readers easy solutions to protect your privacy.

Believe it or not, it has historically been much easier to steal signals during the era of analog video. Video cables had even greater amounts of leakage in previous generations, but with the advent of HDMI, those signals became more contained and more difficult to decipher when captured.

Lead researcher Federico Larroca claimed "governments are worried about" HDMI data extraction but added that data-sensitive agencies likely already shield their facilities against such exploitations related to electromagnetic signals.

It's worth it, Larroca concluded, even if it comes with a significant cost.

Like Blaze News? Bypass the censors, sign up for our newsletters, and get stories like this direct to your inbox. Sign up here!