US authorities are urging Americans to use encrypted messaging apps to secure their sensitive data against foreign attackers.
The security call comes in the wake of an "unprecedented cyberattack" on the countries' telecoms companies, NBC News reported. The attack is considered among the largest intelligence compromises in US history and isn't yet fully fixed.
The China-linked Salt Typhoon group was first spotted targeting US telecoms with a new backdoor malware a few months ago. It has reportedly hacked the likes of AT&T, Verizon, and Lumen Technologies to spy on their customers' activities.
The need for strong encryption
"Encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible,” said Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday – as per NBC News.
Encryption refers to scrambling the data into an unreadable form to prevent third-party access. From messaging apps like WhatsApp, Signal, and Session to secure email services like ProtonMail and Tuta, online communications are expected to remain private from the sender to the receiver (end to end) thanks to this technology.
Besides encrypting chats and calls leaving your device, FBI officials also suggest keeping your smartphone up-to-date and enabling two-factor authentication whenever possible to protect your accounts against phishing attacks.
The US Cybersecurity and Infrastructure Security Agency (CISA) has also published new guidance for helping enterprises defend against Salt Typhoon's threats, which includes a series of best practices and other security tips to stay protected.
Tech and privacy experts have welcomed the US authorities' endorsement of using encrypted communication software. They have long advocated for the necessity of these tools on both privacy and security grounds, in fact, strongly rejecting any attempts from lawmakers to undermine their efficiency in combating crime.
Commenting on this point, Greg Nojeim of the Center for Democracy & Technology (CDT) – a member of the Steering Committee of the Encryption Coalition – said: "If anti-encryption advocates had their way, the United States would now be defenseless to this type of mass snooping from a foreign power."
That said, Salt Typhoon hackers aren't just targeting the content of Americans' communications, but also their call record metadata – as Reuters reported.
Metadata privacy is becoming a growing issue nowadays. Attackers can now harvest the power of AI tools to find patterns and trace back people's data even without the need to access the encrypted content.