T-Mobile US CSO: Spies jumped from one telco to another in a way "I've not seen in my career" (go.theregister.com)

submitted 3 weeks ago by PhilipTheBucket@ponder.cat to c/cybersecurity@sh.itjust.works

4 comments fedilink hide all child comments

top 4 comments

sorted by: hot top controversial new old

[-] blarth@thelemmy.club 12 points 3 weeks ago

The problem, as I see it, is that telcos have simply way too many silos and technologies in use to even begin to understand their entire attack surface. I don’t think the Lawful Intercept functions on the devices that are likely compromised are even capable of sending logs to a SIEM. It’s a black box that only a small subset of people at the telco work with and law enforcement has essentially automated access to it once a warrant (or warrantless) wiretap commences.

What if the bespoke hack the CSO is describing is something like backward serialization of a circuit emulation method or some other tunneling technology leveraging a legacy protocol? There’s all kinds of crazy shit in telco networks with lots of capabilities, lots of which go unused. The folks securing those networks do not understand the devices and protocols well enough to ask the right questions, probe the right directions, get the right people to do the right things…

Combine all that with what’s typically an adversarial relationship between security teams and the people building and operating the network and you get a nice shit soufflé waiting to be eaten by APTs.

It was reported long ago that foreign adversaries had compromised telco and financial networks so deeply that they would likely never be eradicated. I don’t think the situation has improved much.

[-] lucidmushr00m@lemmy.ml 7 points 3 weeks ago

what’s typically an adversarial relationship between security teams and the people building and operating the network

While this is definitely a factor I'd place the issue one more level up. Businesses typically do not prioritize security at all. This then causes an adversarial relationship. Ops team has kpi/goals to get shit done and none for doing it well or securely so understandably they don't want to "waste" time with the security team's requests. This of course assuming there is a security team at all or that the ops team isn't outsourced and gives even less of a shit what the quality/security is

[-] blarth@thelemmy.club 3 points 2 weeks ago

Yeah, security is not just operating expense, it also slows down revenue generation. Bad combo for presenting to the C suite.

[-] Pistcow@lemm.ee 5 points 3 weeks ago

So far...

this post was submitted on 05 Dec 2024

49 points (100.0% liked)

Cybersecurity

5855 readers

122 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social