US officials recommend encryption apps amid Chinese telecom hacking

A consortium of global law enforcement agencies led by Britain’s National Crime Agency announced a takedown operation this week against two major Russian money laundering networks that process billions of dollars each year in more than 30 locations around the world. WIRED had exclusive access to the investigation, which revealed new and troubling money laundering techniques, particularly schemes to directly exchange cryptocurrency for cash. As the US government struggles to address China’s “Salt Typhoon” digital espionage campaign in US telecommunications, two senators this week demanded that the Defense Department investigate its failure to secure its own communications and address known vulnerabilities in US telecommunications infrastructure. Meanwhile, Signal Foundation President Meredith Whittaker spoke at WIRED’s The Big Interview event in San Francisco this week about Signal’s enduring commitment to bringing private, end-to-end encrypted communications services to people around the world regardless of geopolitical climate.

A new smartphone scanner from mobile device security company iVerify can quickly and easily detect spyware and has already flagged seven devices infected with the invasive Pegasus surveillance tool. Programmer Micah Lee built a tool to help you save and delete your X posts after he insulted Elon Musk and was banned from the platform. And privacy campaigner Nighat Dad fights to protect women from digital harassment in Pakistan after fleeing an abusive marriage.

The US Federal Trade Commission is targeting data brokers it says illegally tracked protesters and US military personnel, but enforcement efforts appear to be derailing under the Trump administration. Similarly, the US Consumer Financial Protection Bureau has devised a strategy to impose new oversight on predatory data brokers, but the new administration may not continue the initiative. Some new laws are finally coming around the world in 2025 that will try to regulate the dysfunction of the digital advertising industry, but malicious advertising is still flourishing around the world and continues to play a major role in global fraud.

And there is more. Each week, we round up the security and privacy news that we didn’t cover in depth ourselves. Click on the headlines to read the full stories. And be safe out there.

Remember how the US federal government spent much of the last three decades periodically decrying the dangers of strong, freely available encryption tools, arguing that because they enable criminals and terrorists, they should be banned or required to implement government-sanctioned backdoors? Starting this week, the government will never again be able to make that argument without privacy advocates pointing to a particular phone call in which two officials advised Americans to use those very encryption tools to protect themselves amid an ongoing massive breach of US telecommunications by Chinese hackers.

In a briefing with reporters on the breach of no fewer than eight telephone companies by the Chinese state-sponsored espionage hackers known as Salt Typhoon, officials from the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI both said that amid the still-unchecked infiltration of US telecommunications that has exposed calls and texts, Americans should use encryption apps to protect their privacy. “Encryption is your friend, whether it’s on text messages or if you have the capacity to use encrypted voice communications,” said Jeff Greene, CISA’s executive assistant director of cybersecurity. (Signal and WhatsApp, for example, end-to-end encrypt calls and texts, though officials did not name any specific apps.)

The recommendation in the middle of what a senator has called “the worst telecom hack in our nation’s history” represents a stunning reversal from previous US officials’ rhetoric on encryption, and in particular the FBI’s repeated calls for access to encryption backdoors. Indeed it was exactly this kind of government-sanctioned wiretapping requirements for American telecommunications, which the Salt Typhoon hackers in some cases exploited to gain access to Americans’ communications.

The hacking group known as Secret Blizzard, Snake or Turla, widely believed to work for Russia’s FSB intelligence agency, is known to use some of the most ingenious hacking techniques ever seen to spy on its victims. One of the tricks that has now become its signature feature: hacking other hackers’ infrastructure to sneakily piggyback on their access. This week, Microsoft threat intelligence researchers and security firm Lumen Technologies revealed that Turla accessed the servers of a Pakistan-based hacking group and used its visibility in victim networks to spy on government, military and intelligence targets in India and Afghanistan of interest to the Kremlin. In some cases, Turla hijacked the Pakistani hackers’ access to install their own malware, while in other cases they appear to have used the other group’s tools for even greater stealth and denial. The incident marks the fourth known time since 2017 that it penetrated an Iranian hacker group’s command-and-control servers, which Turla has unleashed on another hacker group’s infrastructure and tools, according to Lumen.

The Russian government is known for turning a blind eye to cybercrime – until it doesn’t. This week, 15 convicted members of the notorious dark web marketplace Hydra learned the limits of that leniency when they reportedly received prison sentences ranging from 8 years to 23 years, as well as an unprecedented life sentence for the site’s creator Stanislav Moiseyev. Before it was brought down two years ago in a law enforcement operation led by IRS criminal investigators in the United States and Germany’s BKA police agency, Hydra was a uniquely dispersed dark web marketplace that not only served as the post-Soviet world’s largest online bazaar for narcotics , but also a major money laundering machine for crimes including ransomware, fraud and sanctions evasion. In total, Hydra has enabled more than $5 billion dollars in dirty cryptocurrency transactions since 2015, according to crypto tracking firm Elliptic.

Russian law enforcement charged and arrested a software developer last week who is suspected of prolific contributions to several ransomware groups, including building malware to extort money from businesses and other targets. The suspect is reportedly Mikhail Matveev, or “Wazawaka”, who has worked as an affiliate with ransomware gangs such as Conti, LockBit, Babuk, DarkSide and Hive. Social media reports show that Matveev confirmed his accusation and said he has been released from police custody on bail.

Russia’s Prosecutor General did not name Matveev, but described charges last week against a 32-year-old hacker under Article 273 of Russia’s Criminal Code, which prohibits the creation or use of malware. The move came as Russia appeared to send a message of sorts about its tolerance for cybercrime with the sentencing of dark web marketplace Hydra’s staff, including a life sentence for its administrator. In 2023, the US Govt accused and sanctioned Matveev.

In a disturbing scoop (one we didn’t cover last week due to the Thanksgiving holiday), Reuters reporters have revealed that the FBI is now investigating a lobbying firm hired by Exxon over the company’s role in a hack-and-leak operation that targeted climate change activists. The DCI Group, a lobbying firm hired at the time by Exxon, allegedly provided a list of target activists to a private investigator, who then outsourced a hacking operation against those targets to mercenary hackers. After the private investigator—an Israeli man named Amit Forlit, who was later arrested in London and charged with US hacking—allegedly provided the hacked material to the DCI, it leaked the activists’ internal communications about climate change lawsuits against Exxon to the media, Reuters spotted. According to Reuters, the FBI has determined that DCI also first previewed the material to Exxon before it was leaked. “These documents were directly employed by Exxon to come after me with all guns blazing,” a lawyer who works with the activist group Center for Climate Integrity told Reuters. “It turned my life upside down.”

Exxon has denied any knowledge of hacking activities, and the DCI told Reuters in a statement that “we instruct all our employees and consultants to comply with the law.”