They are obviously different from other official Chinese components, and the private sector actors that support them. The distinction is also made because other firms sometimes have differing assessments and visibility.
[1] https://archive.is/20250603190111/https://www.axios.com/2025...
Nobody's saying that CISA would break down Verizon's doors and go to their keyboards and start pushing commits, but they sure as hell are working with the telecom industry.
Welp... that's quite a capable piece of surveillance.
I imagined it involved tapping to cell towers/cell infrastructure, but the details at the wikipedia page [1] suggest servers were hacked instead? Did they hack AT&T servers or something?
Side note, are there any ways to not get your data stolen in such cases? I would imagine using only a VPN might help, but if they're getting data from triangulation you couldn't do much short of turning off your phone, right?
The more detailed report someone posted does sound like this was hacked at the source, but a lot of the data can be bought legally on the open, not-even-too-grey market. Some journalists bought one of the location data sets and used it to demonstrate that you can identify intelligence agency employees from it (if someone spends almost every workday at one site belonging to the agency, occasionally visits the other one... the other place that "anonymous" user spends a lot of time at is likely the home of an intelligence agency employee).
If the industry wasn't selling it to anyone who asks, they'd still likely keep it in easily hacked places.
I wish the journalist had been a little cheeky and tried to get a quote from Angela Merkel.
https://www.npr.org/2024/12/17/nx-s1-5223490/text-messaging-...
>The FBI and CISA raised the alarm two months after The Wall Street Journal reported that hackers linked to the Chinese government have broken into systems that enable U.S. law enforcement agencies to conduct electronic surveillance operations under the Communications Assistance for Law Enforcement Act (CALEA).
>"These are for legitimate wiretaps that have been authorized by the courts," Hong says. But in hackers' hands, he says, the tools could potentially be used "to surveil communications and metadata for lots of people. And it seems like the [hackers'] focus is primarily Washington, D.C."
What norms are he referring to?
And yeah pretty much. I don’t know anything about anything but it feels like there is a hierarchy (norm? At least what they are trying to enforce) of US > Five Eyes > other Western Intel (France, etc) > Pakistan/Russia/Etc > China/North Korea/Iran; and Israel falls somewhere in that mix as a maverick. Of course in practice it doesn’t work out this way.
Reminds me of the recent news that the US will ban Chinese components from undersea cables, globally: https://asia.nikkei.com/content/99550c9ade243fe057e8a2ba6f29...
Objecting to calling Israel the west is at least as weird as including it in the context of this conversation.
It's a tilted west.
Imagine if there were movements in Switzerland to move to certain areas to push out the speakers of some local dialect, and literally organized home-buying in groups to get them out?
"There's a thought among the public that if you don't work in a sensitive area that the PRC might be interested in for its traditional espionage activities, then you are safe, they will not target you," [deputy assistant director for the FBI's cyber division] said, during a Thursday interview with The Register. "As we have seen from Salt Typhoon, this is no longer an assumption that anyone can afford to make."There are easily hundreds of comments on HN from people in Europe who assure us all that this is solely an American problem, and that it never happens anywhere else.
This only became a problem when the mortgage was paid off last year and despite getting emails about it, I got a registered letter saying they must talk to me and that haven’t been answering my phone. So I call them as instructed and it was just a “you’re done. We’ll be mailing you documents to send to your insurer. Thanks for your business.”
FWIW: I’ve never personally owned a land line. The last time I ever lived somewhere with one was 19 years ago.
Reading the Atlantic Council's recent paper on what the US can do to counter the system China has created which funnels exploits to their government shows how mistatched the West is versus China. Paper here: https://www.atlanticcouncil.org/wp-content/uploads/2025/06/C...
How do we build a functioning world where secrets are not required? By this I don’t mean “everyone behaves good and therefore has nothing to hide/fear” but rather, how do we function in a world in which secrets are simply not possible?
I think sliding down towards "I have no privacy" end of the spectrum is bad for both the citizens and the society. Stopping the this slide is a worthwhile goal. My 2c.
And that's only if blackmail didn't work.
So where is our deep, persistent infiltration of China?
This is ridiculous defeatism. You are going to need more 0's than exist in the global economy to crack many cryptosystems.
i absolutely believe it may have happened, but due to overwhelming and well documented history of lies from this regime, i’d feel like i was standing on more solid footing with this if we had some reputable 3rd party sources. ideally someone who is far away from the hysterical levels of partisanship our current leaders have planted themselves.
again, i’m not in denial that it couldnt have happened, it’s just that unfortunately i think it would be unreasonable to trust anything from this regime’s people. and to reiterate, they have a long and very well documented history of outright lying. not even typical politician half truths, but shoving it in our face lying.
And now we have China using CALEA-crippled systems to slurp up the entire USA network. Exactly as predicted.
And this - "outside of the norms of what we see in the espionage space" - LOL. ROTFL even. The NSA tapped Google's backbone! Have we forgotten Room 641A? MAINWAY? Poindexter and TIA? Palantir?
The NSA used to play defence and offence, and has gone full-offence for a generation. Did anyone really believe that only the USA could play offence?
Morons.
Context for others, there's a small number of software vendors that make these MD devices that handle initiating a capture of a flow (a wiretapping request) and managing the chain of custody for a pcap. MDs usually sends an SNMP poll to a router/switch to start a (r)span port and the MD device slurps up all data and saves it.
Anyway, what I'm curious about is if it's the MDs that were taken over and if it was one manufacturer but I'm not seeing much technical info on all these reports.
Here's some context for "LI" for those interested: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9...
So how would a simple MD attack affect me? Any sort of CALEA attack on a higher protocol layer (e.g. compromising Gmail at Google instead of capturing their traffic) would make sense, but not a pcap.
edit these network devices probably also carry voip/voice trunks from enterprise and possibly carriers such as VZW. No telling if those are encrypted or not. If China is able to tap that using these CALEA systems, I could see how that would be a big deal for stealing IP/secrets.
While for foreign citizens you can pretty much capture anything at will, without any need for FISA or warrants
They havent forgotten their offensive operations, they never knew about it or never cared.
Hey, I'll bet you never look at that WiFi-"enabled" power bank or HEPA/AC unit again the same way (or my favorite AI response du jour "Some Chinese scooters come with a microphone integrated into a GPS tracker or helmet, while others can be customized with aftermarket solutions. There is no single model called "Chinese scooter with microphone," but rather multiple products and approaches that fit this description.") Errbody worried about the talking LLM parrot AI and your vehicle dashboard always listening (or even watching), but that's not the most serious threat we face now.
Here [1] is one example of a couple Chinese police in NYC but I can not find the links to the groups in Los Angeles.
[1] - https://www.pbs.org/newshour/politics/2-men-arrested-on-char...
China is the last group we should blame for this. Our government did this to us and must be held accountable or this will happen again, and again, and again.
But state-sponsored cyber-war and other such aggressions are now considered normal daily life. Just as bad, U.S. MSM rarely reports American aggression towards others.
Haven't seen anything from this. Any idea why? Low compliance in general? Telcos think they're big enough to ignore state regs?
https://www.theregister.com/2025/08/28/china_salt_typhoon_al...
Likewise, if you're Jack Ma and they don't like what poem you quoted, all your stuff is now theirs and there aren't any silly laws to protect yourself. Absolutely 100% goal oriented to the steady increase in power of the communist party and absolutely no higher principles apply.
IIRC the standard at the time was to enable intercepting up to 3% of traffic, without the surveillance target of course knowing, but also without their carrier knowing. Law-enforcement agencies used LI consoles on their own premises to order intercepts.
So it's not that lawful intercept was particularly easy to hack, it's that once it's compromised, detecting that it's being used nefariously is especially difficult. I would question whether anyone knows for sure when the compromise began, and how long it lasted.
roscas•7h ago
The ban for anti-social networks to less 16yo is a good start but it does not fix the smartphone or telecommunication spy.
The need to ban twitter, tiktok, facebook and many others is a must.
bilbo0s•5h ago
We will.
Can't speak for every American, but I won't take offense. It's our job to protect our infrastructure, corporations and data. Not at all the responsibility of Europe, India or China. It's your job to protect yours.
ronsor•5h ago
roscas•4h ago
impossiblefork•1h ago
That the government is unwilling to genuinely protect its own interests, for example, by preventing ordinary people's data from leaking abroad or ensuring real internet privacy, because without these things we are so unbelievably vulnerable, not just to influence operations designed with this data, but they'll know literally the whole economic structure of the EU, how many people work where, where a particular person works, etc.
They're not even preventing foreign countries from getting access to bank transactions.
When they're denied they cry terrorism, but reality is that if you have this knowledge you can say 'Oh, impossibleFork just moved to X, and he's an expert in Y, he's probably doing Z and W. Let's hire some guys to try the exact same thing, so that it'll be a business here instead of there'.
I don't understand how a government can expect the country it governs to have an economy when it allows this kind of data leakage.