FBI warns to stop sending texts; here's what to do instead
FBI officials are once again urging Americans to use encrypted messaging to communicate in the wake of one of the largest cyberattacks ever reported.
Dubbed Salt Typhoon by analysts, the wide-ranging cyberespionage campaign emerged earlier this year after hackers sought to penetrate the networks of multiple telecommunications companies. The White House said at least eight U.S. telecom firms and dozens of nations have been impacted. Officials said China is responsible for the major breach, though China denies those claims.
RELATED: Chinese hackers reportedly targeted phones connected to Trump, Harris campaigns
According to NBC News, AT&T, Verizon and Lumen Technologies were among the companies China hacked to spy on customers.
Despite months of investigation, the true scale of China’s operation, including the total number of victims or whether the hackers still have some access to information, is currently unknown.
What happened in the Salt Typhoon hack?
Hackers used their access to target the metadata of a large number of customers, including information on the dates, times and recipients of calls and texts.
The hackers succeeded in retrieving the actual audio files of calls and content from texts from a much smaller number of victims. The FBI has contacted victims in this group, many of whom work in government or politics, but officials said it is up to telecom companies to notify customers included in the first, larger group.
The FBI has said some of the information targeted by the hackers relates to U.S. law enforcement investigations and court orders, suggesting the hackers may have been trying to access programs subject to the Foreign Intelligence Surveillance Act, or FISA. The law grants American spy agencies sweeping powers to surveil the communications of people suspected of being agents of a foreign power.
The U.S. believes that the hackers were able to gain access to communications of senior U.S. government officials and prominent political figures through the hack. They don’t believe the hackers were able to access classified communications.
Because the hack appeared to be targeting a relatively small group of individuals, only a small number of Americans' phone calls and texts have been compromised. But the threat remains as none of the companies targeted "have fully removed the Chinese actors from these networks."
RELATED: How to see if your Social Security number was included in latest data breach
On Tuesday, a spokesperson for China's embassy in Washington called the U.S. allegations "disinformation."
China's government "firmly opposes and combats all kinds of cyber attacks," spokesperson Liu Pengyu wrote in a statement emailed to The Associated Press. "The US needs to stop its own cyberattacks against other countries and refrain from using cyber security to smear and slander China."
How to use encrypted communications
FILE - FBI officials are urging people to use encrypted messaging apps to protect themselves from hackers. (Photo by Jaap Arriens/NurPhoto via Getty Images)
End-to-end encryption means that no one other than the sender and the recipient can decipher people’s messages. Cybersecurity experts say it’s the easiest way to protect yourself from hackers, fraudsters and criminals.
"Encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication," officials told NBC News.
"Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible."
If you have an iPhone, iMessages between iPhone users are encrypted, as are Google messages between Android users. Text messages between iPhones and Androids are not end-to-end encrypted.
Apps like WhatsApp and Signal are also easy ways to use encrypted messaging and encrypted voice communications. Facebook Messenger also uses end-to-end encryption.
The more controversial Telegram app offers users end-to-end encryption for their communications, but — contrary to a popular misconception — this feature is not on by default. Users have to switch on the option. It also doesn’t work with group chats.
"People looking to further protect their mobile device communications would benefit from considering using a cellphone that automatically receives timely operating system updates, responsibly managed encryption and phishing resistant" multi-factor authentication for accounts, officials told NBC.