Home Tech Hackers Likely Stole FBI Call Records From AT&T That Could Compromise Informants

Hackers Likely Stole FBI Call Records From AT&T That Could Compromise Informants

0 comments
Hackers Likely Stole FBI Call Records From AT&T That Could Compromise Informants

American telecommunications giant AT&T in July revealed a breach of six months of 2022 call and text message records of “almost all” of its more than 100 million customers. However, in addition to exposing personal communication details of a large number of individual Americans, the FBI has been alert that its agents’ call and text message logs were also included in the breach. a document first seen and reported by Bloomberg indicates that the Bureau has been struggling to mitigate any potential fallout that could lead to revelations about the identities of anonymous sources connected to the investigations.

The leaked data did not include the content of calls and text messages, but Bloomberg reports that it would have shown communication records for the agents’ mobile numbers and other phone numbers they used during the six-month period. It is unclear to what extent the stolen data has been disseminated, if at all. WIRED reported in July that after hackers attempted to extort AT&T, the company paid $370,000 in an attempt to delete the data. In December, U.S. investigators charged and arrested a suspect who reportedly was behind the entity that threatened to leak the stolen data.

The FBI tells WIRED in a statement: “The FBI continually adapts our security and operational practices as physical and digital threats evolve. “The FBI has a solemn responsibility to protect the identity and safety of confidential human sources, who provide information every day that keeps the American people safe, often at risk to themselves.”

AT&T spokesperson Alex Byers says in a statement that the company “worked closely with authorities to mitigate the impact on government operations” and appreciates the “thorough investigation” they conducted. “Given the growing threat from cybercriminals and state actors, we continue to increase investments in security, as well as monitor and remediate our networks,” adds Byers.

The situation is emerging amid ongoing revelations about a different hacking campaign perpetrated by China’s Salt Typhoon espionage group, which compromised a large number of American telecommunications companies, including AT&T. This separate situation exposed call and text message logs for a smaller group of specific high-profile targets and, in some cases, included recordings and information such as location data.

As the U.S. government scrambled to respond, a recommendation from the FBI and the Cybersecurity and Infrastructure Security Agency has been that Americans use end-to-end encrypted platforms, such as Signal or WhatsApp, to communicate. Signal, in particular, stores almost no metadata about its customers and would not reveal which accounts they have communicated with each other if it were breached. The suggestion was good advice from a privacy perspective, but it was very surprising given the US Department of Justice’s historic opposition to the use of end-to-end encryption. However, if the FBI has been grappling with the possibility that its own informants may have been exposed by a recent telecommunications breach, the radical change makes more sense.

However, if agents were strictly following investigative communication, AT&T’s stolen call and text message logs shouldn’t pose much of a threat, says former NSA hacker and Hunter Strategy vice president of research Jake Williams. Standard operating procedure should be designed to account for the possibility of call records being compromised, he says, and should require agents to contact confidential sources using phone numbers that have never been linked to them or to the United States government. The FBI could be warning about the AT&T breach out of an abundance of caution, Williams says, or it may have discovered that agent and protocol errors were captured in the stolen data. “This wouldn’t be a counterintelligence problem unless someone didn’t follow procedure,” he says.

Williams also adds that while the salt typhoon campaigns are known to only affect a relatively small group of people, they affected many telecommunications companies, and the full impact of those breaches may not yet be known.

“I am concerned about FBI sources who may have been affected by this AT&T exposure, but more broadly the public still does not fully understand the consequences of the salt typhoon campaigns,” Williams says. “And it looks like the U.S. government is still working to understand that, too.”

You may also like