Image credit: The Byteline

The U.S. government has urged senior officials and politicians to immediately abandon traditional phone calls and text messages in response to cybersecurity risks following significant breaches at major American telecommunications companies, reportedly carried out by Chinese hackers.

The Cybersecurity and Infrastructure Security Agency (CISA) issued guidance on Wednesday advising high-ranking government and political figures to adopt enhanced security measures, including the use of end-to-end encrypted communication tools.

End-to-end encryption ensures that messages are accessible only to the sender and the intended recipient, with popular platforms like WhatsApp, Apple’s iMessage, and Signal offering this level of protection.

Corporate tools such as Microsoft Teams and Zoom also utilize end-to-end encryption. In contrast, traditional phone calls and text messages lack these safeguards, making them vulnerable to interception by telecom providers, law enforcement, or cybercriminals targeting telecom infrastructure.

The advisory comes in the wake of extensive intrusions attributed to a hacking group known as "Salt Typhoon," which U.S. officials allege operates under the Chinese government. Beijing has denied the accusations.

According to a senior U.S. official, the hackers compromised at least eight major telecommunications firms, gaining access to a significant volume of metadata and other sensitive information.

Democratic Senator Ben Ray Luján described the breach as potentially “the largest telecommunications hack in our nation's history,” while government agencies are still assessing the full extent of the intrusion and potential countermeasures.

Jeff Greene, CISA’s executive assistant director for cybersecurity, described the breach as part of a broader campaign targeting critical infrastructure, including utilities and other sensitive networks, under the codename "Volt Typhoon."

Greene emphasized the ongoing nature of these cyber operations and highlighted the need for long-term preparation and defense. The guidance also advised against the use of SMS-based one-time passwords, recommending the adoption of hardware security keys to prevent phishing attacks and enhance authentication security.

The Electronic Frontier Foundation, a digital rights organization, praised the government's push for encrypted communication but criticized the state of U.S. telecommunications.

Cooper Quintin, the foundation's senior staff technologist, called the guidance “a huge indictment of the telecoms that run the nation’s infrastructure.” Cybersecurity experts echoed these sentiments, emphasizing that encrypted communication tools could significantly hinder not only Chinese hackers but also other cybercriminals who exploit unsecured communication channels.

This directive underscores the vulnerabilities within the U.S. telecommunications infrastructure and reflects a broader effort to mitigate sophisticated cyber threats. While hackers continue to exploit weak links in communication systems, the government’s focus on proactive measures highlights the urgency of adopting robust security practices to safeguard sensitive information.

‍