The ‘Salt Typhoon’ cyberattacks by Chinese hackers on governments and businesses have been described as a “watershed moment” by digital privacy advocates, after U.S. officials recommended the use of end-to-end encryption in their aftermath.

After U.S. Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) officials urged Americans to use encrypted messaging apps in the wake of the cyberattack, Zooko Wilcox-O'Hearn, creator of privacy coin Zcash, tweeted, "So apparently U.S. national security orgs are advising Americans to use end-to-end-encryption because the Chinese Communist Party is reading your unencrypted messages.” He added that, “Hopefully this is the watershed moment when the U.S. law-enforcement and natsec culture flips to pro-encryption."

AD

The cyberattack, dubbed Salt Typhoon, infiltrated at least eight major U.S. telecommunication companies earlier this year, including  AT&T, Verizon and Lumen Technologies. A senior U.S. official told Reuters last week that the call metadata of a “large number” of Americans was compromised in the attacks.

China has denied involvement in the cyberattack, which has been linked to state actors from the People's Republic of China (PRC) by the FBI and CISA.

Services such as Signal, WhatsApp, Google Messages and Apple iMessage all use end-to-end encryption for both calls and texts to keep them secure.

Speaking to Decrypt, Harry Halpin, CEO of decentralized virtual private network (VPN) Nym, explained that, "Text messaging is always insecure as text messages are unencrypted and authenticated. Same with voice messages. Text messages should not be used for two-factor authentication.” Instead, Halpin said, users should opt for "Signal, WhatsApp, iMessage, and two-factor authentication with apps,” adding that, “To be honest, I would also stop using normal voice calls and use encrypted internet voice calls."

The FBI and CISA’s call for Americans to use end-to-end encryption comes as bills such as the EARN IT Act go before Congress. The act, which would force Internet platforms to monitor user-generated content using client-side scanning, has been called a “direct threat” to encryption by global nonprofit the Internet Society. In 2020, when the bill was first introduced to Congress, messaging app Signal, which uses end-to-end encryption for calls and texts, threatened to leave the U.S. if it was passed.

AD

In the immediate aftermath of the Salt Typhoon hacks, digital rights nonprofit the Electronic Frontier Foundation (EFF) called for U.S. policymakers to speak up in favor of “encryption by default,” arguing that, “there is no backdoor that only lets in good guys and keeps out bad guys.”

Stay on top of crypto news, get daily updates in your inbox.