U.S. Officials Advise Using Encrypted Apps Following Major Cyberattack

In the wake of a significant cyberattack targeting major telecommunications companies like AT&T and Verizon, U.S. officials have urged Americans to adopt encrypted messaging apps to protect their communications from foreign hackers.

The cyber operation, dubbed “Salt Typhoon” by Microsoft, is being described as one of the largest intelligence breaches in U.S. history. Although efforts to address the breach are ongoing, officials have not provided a timeline for fully securing the nation’s telecommunications networks. Sources revealed that China allegedly hacked AT&T, Verizon, and Lumen Technologies to spy on users.

A representative from the Chinese Embassy in Washington denied involvement, stating in an email to NBC News that “China firmly opposes and combats all kinds of cyberattacks.”

During a press call, a senior FBI official and Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), recommended that Americans use encrypted apps to safeguard their communications.

“Encryption is a critical tool,” Greene emphasized. “Even if intercepted, encrypted data becomes unusable to adversaries.”

The FBI official added that adopting mobile devices with automatic updates, robust encryption, and phishing-resistant multi-factor authentication is essential for improved protection.

The attack’s scope has been described as vast, with no clear timeline for resolution. Hackers reportedly accessed three main types of data:

1. Call Metadata: Information about phone call logs, including numbers dialed and timestamps, particularly in the Washington, D.C., area.
2. Live Call Interception: Targeted individuals’ live phone calls were accessed, though the number of affected individuals remains undisclosed.
3. Law Enforcement Compliance Systems: Hackers breached systems related to the Communications Assistance for Law Enforcement Act (CALEA), potentially exposing sensitive and classified court-ordered surveillance data.

Privacy advocates have long championed the use of apps with end-to-end encryption, such as Signal and WhatsApp, which ensure both calls and messages are secure. Google Messages and iMessage also offer similar encryption features.

While U.S. federal agencies have historically had reservations about full end-to-end encryption, citing the inability to access digital materials even with warrants, they acknowledge its role in protecting sensitive communications in the wake of such breaches.

The FBI dismissed speculation that the hacking campaign was election-related, describing it instead as a traditional cyberespionage operation aimed at gathering intelligence on U.S. political and governmental activities.

“This is consistent with espionage tactics, focusing on telecommunications providers and internet service providers,” the FBI official said.

Senator Ron Wyden, D-Ore., a prominent privacy advocate, criticized the reliance on CALEA, arguing that unencrypted communications remain vulnerable. “When companies like AT&T or Verizon are inevitably hacked, adversaries like China can steal sensitive information,” he stated.

This breach underscores the critical need for robust cybersecurity measures to defend against state-sponsored cyberattacks.