US officials recommend encryption apps amid Chinese telecom hackers

A consortium Global law enforcement agencies led by Britain’s National Crime Agency announced this week a takedown operation against two major Russian money laundering networks that process billions of dollars each year at more than 30 locations around the world. WIRED had exclusive access to the investigation, which uncovered new and worrying money laundering techniques, particularly plans to convert cryptocurrencies directly into cash. As the United States government moves to address China’s “Salt Typhoon” digital espionage campaign on U.S. telecommunications companies, two senators this week demanded that the Department of Defense investigate the Defense Department’s failure to secure its own communications and address known vulnerabilities in the U.S. Fix telecommunications infrastructure. Meanwhile, Meredith Whittaker, president of the Signal Foundation, spoke at WIRED’s “The Big Interview” event in San Francisco this week about Signal’s continued commitment to providing private, end-to-end encrypted communications services to people around the world, regardless of the geopolitical climate.

A new smartphone scanner from mobile device security company iVerify can quickly and easily detect spyware and has already flagged seven devices infected with the invasive surveillance tool Pegasus. Programmer Micah Lee created a tool to help you save and delete your X posts after he insulted Elon Musk and was banned from the platform. And privacy advocate Nighat Dad is fighting to protect women in Pakistan from digital harassment after escaping an abusive marriage.

The U.S. Federal Trade Commission is targeting data brokers it says unlawfully tracked protesters and U.S. military personnel, but enforcement efforts are likely to weaken under the Trump administration. Similarly, the U.S. Consumer Financial Protection Bureau has developed a strategy to impose new oversight on predatory data brokers, but the new administration may not continue the initiative. In 2025, some new laws will finally be enacted around the world that attempt to regulate the dysfunction of the digital advertising industry, but malicious advertising is still booming around the world and continues to play a large role in global fraud.

And there’s more. Every week we round up the security and privacy news that we haven’t covered in detail ourselves. Click on the headlines to read the full stories. And stay safe out there.

Remember how over the past three decades the federal government has repeatedly denounced the dangers of strong, freely available encryption tools, arguing that because they enable criminals and terrorists to do so, they should be banned or required to implement government-sanctioned backdoors? As of this week, the government will never be able to make that argument again without privacy advocates pointing to a specific phone call in which two officials recommended that Americans use these very encryption tools to protect themselves in the face of an ongoing massive breach of the Protect US telecommunications from Chinese hackers.

In a briefing with reporters on the breach of as many as eight telephone companies by the Chinese state-sponsored spy hackers called Salt Typhoon, officials from the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI said it was amid the still uncontrolled situation in the face of infiltration by US telecommunications companies that have disclosed calls and text messages, Americans should use encryption apps to protect their privacy. “Encryption is your friend, whether it’s text messages or whether you have the ability to use encrypted voice communications,” said Jeff Greene, deputy director for cybersecurity at CISA. (Signal and WhatsApp, for example, encrypt calls and SMS end-to-end, although officials did not name specific apps.)

The recommendation, amid what one senator has called “the worst telecommunications hack in our country’s history,” represents a stunning about-face from previous U.S. officials’ rhetoric on encryption, particularly the FBI’s repeated calls for backdoor access in encryption. In fact, it was precisely this type of government-sanctioned eavesdropping capability requirement for U.S. telecommunications companies that the Salt Typhoon hackers exploited in some cases to access Americans’ communications.

The hacking group known as Secret Blizzard, Snake or Turla, which is widely believed to work for Russia’s FSB intelligence agency, is known for using some of the most ingenious hacking techniques ever seen to spy on its victims. One of the tricks that has now become his trademark: hacking other hackers’ infrastructure to secretly secure their access. This week, Microsoft threat intelligence researchers and security firm Lumen Technologies revealed that Turla gained access to the servers of a Pakistan-based hacking group and used its insights into victim networks to target government, military and intelligence targets in India and Afghanistan to spy on those who are of interest to him Kremlin. In some cases, Turla has hijacked the Pakistani hackers’ access to install their own malware, while in other cases they appear to have used the other group’s tools for even greater stealth and denial. The incident marks the fourth known time since 2017, according to Lumen, when it breached the command and control servers of an Iranian hacking group and loaded Turla for free onto another hacking group’s infrastructure and tools.

The Russian government is known for turning a blind eye to cybercrime – until it doesn’t. This week, 15 convicted members of the notorious dark web market Hydra learned the limits of that leniency when they reportedly received prison sentences ranging from 8 to 23 years, as well as an unprecedented life sentence for the site’s creator, Stanislav Moiseyev. Before Hydra was destroyed two years ago in a law enforcement operation led by IRS investigators in the United States and the German BKA police department, it was a uniquely sprawling dark web marketplace that was considered not only the largest online bazaar in the post-Soviet world served for narcotics, but also a huge money laundering machine for crimes such as ransomware, fraud and sanctions evasion. In total, Hydra has facilitated more than $5 billion worth of dirty cryptocurrency transactions since 2015, according to crypto tracing firm Elliptic.

Russian law enforcement last week charged and arrested a software engineer suspected of making numerous contributions to several ransomware groups, including developing malware to extort money from companies and other targets. The suspect is reportedly Mikhail Matveev or “Wazawaka,” who has worked as an affiliate of ransomware gangs such as Conti, LockBit, Babuk, DarkSide and Hive. According to reports on social media, Matveev confirmed his charges and said he had been released from police custody on bail.

Russia’s prosecutor general did not name Matveev but last week described charges against a 32-year-old hacker under Article 273 of Russia’s criminal code, which prohibits the creation or use of malware. The move came as Russia appeared to be sending something of a message of its tolerance for cybercrime by convicting employees of dark web marketplace Hydra, including a life sentence for its administrator. In 2023, the US government charged Matveev and imposed sanctions.

In a disturbing report (which we didn’t cover last week because of the Thanksgiving holiday), Reuters reporters have revealed that the FBI is currently targeting a lobbying consulting firm hired by Exxon over the company’s role in a hack-and-leak. Operation identified that targeted climate activists. DCI Group, a lobbying firm hired by Exxon at the time, allegedly passed a list of targeted activists to a private investigator, who then outsourced a hacking operation against those targets to mercenary hackers. After the private investigator – an Israeli named Amit Forlit, who was later arrested in London and charged with hacking in the US – allegedly passed the hacked material to DCI, the company leaked the activists’ internal communications about the climate change litigation against Exxon the media continued, Reuters reported. According to Reuters, the FBI determined that DCI also initially sent this material to Exxon before sharing it. “These documents were used directly by Exxon to use all weapons against me,” a lawyer working with the activist group Center for Climate Integrity told Reuters. “It turned my life upside down.”

Exxon has denied knowing of any hacking activity and DCI told Reuters in a statement that “we instruct all our employees and consultants to comply with the law.”