US telecommunications giant AT&T in July disclosed a breach involving the six-month 2022 call and text messaging logs of “nearly all” of its more than 100 million customers. In addition to leaking details of the personal communications of a large number of Americans, the FBI was alerted to the fact that its agents’ call and text recordings were also included in the breach. A document first seen and reported by Bloomberg indicates that the Bureau has worked to mitigate potential fallout that could lead to revelations about the identity of anonymous sources linked to the investigations.
The hacked data did not include the contents of calls and text messages, but Bloomberg reports that it allegedly showed communication logs for the agents’ cellphone numbers and other phone numbers they used during the the six month period. It’s unclear how widely the stolen data spread, if at all. WIRED reported in July that after hackers attempted to extort AT&T, company paid $370,000 to try to delete trove of data. In December, US investigators charged and arrested a suspect who would have was behind the entity that threatened to release the stolen data.
The FBI told WIRED in a statement: “The FBI continually adapts our operational and security practices as physical and digital threats evolve. The FBI has a solemn responsibility to protect the identity and security of confidential human sources, who provide information every day that keeps the American people safe, often at great risk to their lives.
AT&T spokesperson Alex Byers said in a statement that the company “worked closely with law enforcement to mitigate the impact on government operations” and appreciates the “thorough investigation.” that they carried out. “Given the growing threat from cybercriminals and state actors, we continue to increase investments in security as well as monitor and remediate our networks,” adds Byers.
The situation surfaces amid continuing revelations about another hacking campaign carried out by Chinese spy group Salt Typhoon, which has compromised a large number of US telecommunications companies, including AT&T. This separate situation exposed the call and text logs of a smaller group of specific high-profile targets and, in some cases, included recordings as well as information such as location data.
While the American government hastened to react, a recommendation from the FBI and the Cybersecurity and Infrastructure Security Agency has meant Americans using end-to-end encrypted platforms, such as Signal Or WhatsApp-to communicate. Signal in particular stores virtually no metadata about its customers and would not reveal which accounts communicated with each other in the event of a breach. This suggestion was good advice from a privacy perspective, but it was very surprising given the advice from the US Department of Justice. historical opposition to the use of end-to-end encryption. If the FBI is grappling with the possibility that its own informants may have been exposed in a recent telecommunications breach, the about-face makes more sense.
However, if agents strictly followed investigative communications, AT&T’s stolen call and text logs shouldn’t pose much of a threat, says Jake Williams, a former NSA hacker and vice president of research by Hunter Strategy. The standard operating procedure should be designed to account for the possibility that call logs could be compromised, he says, and should require agents to communicate with sensitive sources using phone numbers that have never been associated with them or the American government. The FBI might be warning about the AT&T breach out of caution, Williams says, or perhaps having discovered that agent errors and protocol errors were captured in the stolen data. “It wouldn’t be a counterintelligence issue unless someone followed procedure,” he said.
Williams also adds that although the Salt Typhoon campaigns only affected a relatively small group of people, they affected many telecommunications operators and the full impact of these violations may not yet be known.
“I worry about FBI sources who may have been affected by this AT&T exposure, but more broadly, the public still does not fully understand the fallout from the Salt Typhoon campaigns,” Williams says. “And it seems like the U.S. government is working to figure that out, too.” »
