No, Intel agencies have always been too powerful and Truman saw it when disbanding the OSS (Office of strategic services) after WWII. Then, he begrudgingly created the CIA to compete in the cold war.

They've always undermined American security so they could have more information and power.

> It used to be the US government worked to secure American communications.

When was this? As far as I remember (but I'm not that old to be honest), it seems to mostly been about the US government making sure the government has secure communications, while the rest get to fend for themselves.

You misunderstood "American security" to mean "security of Americans" instead of the intended meaning "security of the American regime"

I have heard several anecdotes going back the last 15 years from folks who have had surprise meetings or phone calls with the FBI to inform them that some of their IT infrastructure had been compromised by foreign actors.

In each case the FBI wanted to keep the breach open as a honeypot so they could investigate the bad actors, regardless of considering the cost to the business of continuing to leak data about their products/customers/employees.

That has always been the case. The danger is accepted for additional capabilities. The alleged security is pure propaganda.

"That there is no safe backdoor" has more or less been the statement of any expert on the topic. In a time we still had experts since security consultants of today are often as shady as the scammers trying to get access to your data/system.

Both statements are simultaneously true.

The goal is to protect the physical and institutional USA (and equivalent for other countries' intel agencies); this requires making sure there's no successful conspiracies, from within or without, to destroy it; this requires all the things we here all agree are bad for digital security, including the security necessary to running e.g. electronic banking ledgers or votes.

I don't have any actual solutions here, that's just a description of the problem space as I understand it to be.

There's a bunch of US agencies sponsoring Tor, presumably to undermine hostile governments, even though there's also US agencies trying to subvert it.

^ this guy is about to learn about the crypto wars.

TLS encryption means absolutely nothing. The very system of using certificate authorities is flawed by design. NSA has no trouble performing MITM. Go search 'NSA FLYING PIG'.

https://www.cnet.com/tech/tech-industry/nsa-disguised-itself...

Information that someone can gather from access to telecom network hardware includes all SMS traffic (not Signal/iMessage/etc. of course), the contents of every call you make (not over Signal/iMessage/etc.), 2FA codes, the domain of most websites you visit (sniffing TLS certificates, though ECH should hopefully reduce that at some point), and of course your phone's current location at all times; with beamforming technologies like mmWave, that location can be accurate to centimeters or less.

If access is wide-spread, you could even figure out who's communicating with who over encrypted messengers by watching for packet timings. Target A communicates with the Signal server and milliseconds later Target B receives a push notification? And then seconds later the inverse happens? That's probably proof enough that two people are communicating.

I doubt lawful intercept systems have the ability to inject any traffic, but it's very useful to know the exact make, model, modem version, and OS version of a phone before sending malware like Pegasus to a device, and telco infrastructure knows most of that.

As for phishing, knowing what services your target uses can be very useful. Spoofing numbers isn't very hard, and if you've been receiving calls from your local real estate agent for a while, you won't notice as much when you an imposter uses a spoofed number. The more niche and offline the business you're pretending to be, the less likely you'd consider a phishing attempt suspicious.

On top of what you mentioned, they would have access to significant metadata, unencrypted traffic, and it is worth assuming that government agencies have the resources to acquire certificates and MITM high value information.

Meta data of how many packets are going between two parties, when its going, and who else is getting the data at the same time. It is like the pizza traffic story at 10 pm.

in case that wiretap system related to telephony, etc - plain voice data can be obtained

The CCP doesn't need the backdoor. The US intelligence agencies have to do the whole masquerade of freedom and liberty.

>However, I suspect if someone did a hack that juicy, carrier SOCs would've noticed immediately.

We're talking real deal nation-state actors targeting an industry where for the last few decades the only downside of being breached is having to say "oh oops, sorry" and maybe providing a year of credit monitoring. Security is something taken just seriously enough to avoid a ruling of negligence, but no more.

It is very optimistic to assume that carriers would immediately notice a breach by threat actors this sophisticated.

> This type of infrastructure isn't exactly hooked up to a public IP address somewhere.

Without going into details, consider that sometimes they are, even with very large providers that you think should know better. Law enforcement’s got to get to them somehow.

And much of the documentation for these systems is publicly available. Search for your favorite enterprise company and for “lawful intercept”.

<< few details are available to the public, it's hard to estimate the impact.

Would it not be a good indicator that it may not be a great idea to begin with?

<< carrier SOCs would've noticed immediately.

I want to believe that. I do. But the longer I live in corporate, the more I think that we are experiencing a serious competency problem across the board.

> This type of infrastructure isn't exactly hooked up to a public IP address somewhere.

It's getting from point A to point B, and probably not via sneakernet. The details will make it more or less secure, but I'd be shocked if it's going through anything other than public internet pathways.

> This type of infrastructure isn't exactly hooked up to a public IP address somewhere.

Snort.

I would just assume there's a cloud provider that handles all of the wiretapping services for both or all carriers. There's a single-point-of-failure for everything else nowadays anyway. Look at what happened with Crowdstrike, or Solarwinds, or any number of other big single-source providers. Nobody wants to maintain it in house, with predictable results.

They probably dont have a public ip but just spearfish a network engineer at these ISPs and you'll have access to the devices performing the legal intercept.

[flagged]