FBI Cyber Cop: Salt Typhoon Pwned Nearly Every American
Original: FBI cyber cop: Salt Typhoon pwned 'nearly every American'
Key topics
The revelation that Salt Typhoon, a Chinese hacking group, compromised the data of "nearly every American" has sparked a heated debate about government culpability and cybersecurity. Commenters are pointing fingers at the US government for allegedly leaving the digital doors open, with some likening it to "demanding doors be left unlocked" (MSFT_Edging) or "demanding doors exist" (mensetmanusman). While some, like bilbo0s, are unfazed, others, such as impossiblefork, express humiliation and frustration at the government's inability to protect its citizens' data. The discussion highlights a consensus that the US government's inaction is to blame, with many calling for greater accountability.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
38m
Peak period
75
0-6h
Avg / period
20
Based on 160 loaded comments
Key moments
- 01Story posted
Aug 30, 2025 at 8:43 AM EDT
4 months ago
Step 01 - 02First comment
Aug 30, 2025 at 9:22 AM EDT
38m after posting
Step 02 - 03Peak activity
75 comments in 0-6h
Hottest window of the conversation
Step 03 - 04Latest activity
Sep 1, 2025 at 4:49 PM EDT
4 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
The ban for anti-social networks to less 16yo is a good start but it does not fix the smartphone or telecommunication spy.
The need to ban twitter, tiktok, facebook and many others is a must.
We will.
Can't speak for every American, but I won't take offense. It's our job to protect our infrastructure, corporations and data. Not at all the responsibility of Europe, India or China. It's your job to protect yours.
That the government is unwilling to genuinely protect its own interests, for example, by preventing ordinary people's data from leaking abroad or ensuring real internet privacy, because without these things we are so unbelievably vulnerable, not just to influence operations designed with this data, but they'll know literally the whole economic structure of the EU, how many people work where, where a particular person works, etc.
They're not even preventing foreign countries from getting access to bank transactions.
When they're denied they cry terrorism, but reality is that if you have this knowledge you can say 'Oh, impossibleFork just moved to X, and he's an expert in Y, he's probably doing Z and W. Let's hire some guys to try the exact same thing, so that it'll be a business here instead of there'.
I don't understand how a government can expect the country it governs to have an economy when it allows this kind of data leakage.
"We installed a door so that any american police officer could enter the space station whenever they want. Too bad it imploded and all of the air escaped. "
They are obviously different from other official Chinese components, and the private sector actors that support them. The distinction is also made because other firms sometimes have differing assessments and visibility.
[1] https://archive.is/20250603190111/https://www.axios.com/2025...
Nobody's saying that CISA would break down Verizon's doors and go to their keyboards and start pushing commits, but they sure as hell are working with the telecom industry.
Welp... that's quite a capable piece of surveillance.
I imagined it involved tapping to cell towers/cell infrastructure, but the details at the wikipedia page [1] suggest servers were hacked instead? Did they hack AT&T servers or something?
Side note, are there any ways to not get your data stolen in such cases? I would imagine using only a VPN might help, but if they're getting data from triangulation you couldn't do much short of turning off your phone, right?
1 - https://en.wikipedia.org/wiki/Salt_Typhoon#Methodology
The more detailed report someone posted does sound like this was hacked at the source, but a lot of the data can be bought legally on the open, not-even-too-grey market. Some journalists bought one of the location data sets and used it to demonstrate that you can identify intelligence agency employees from it (if someone spends almost every workday at one site belonging to the agency, occasionally visits the other one... the other place that "anonymous" user spends a lot of time at is likely the home of an intelligence agency employee).
If the industry wasn't selling it to anyone who asks, they'd still likely keep it in easily hacked places.
I wish the journalist had been a little cheeky and tried to get a quote from Angela Merkel.
don't use a phone number for anything. SIM should provide data only and be rovolved regularly.
https://www.npr.org/2024/12/17/nx-s1-5223490/text-messaging-...
>The FBI and CISA raised the alarm two months after The Wall Street Journal reported that hackers linked to the Chinese government have broken into systems that enable U.S. law enforcement agencies to conduct electronic surveillance operations under the Communications Assistance for Law Enforcement Act (CALEA).
>"These are for legitimate wiretaps that have been authorized by the courts," Hong says. But in hackers' hands, he says, the tools could potentially be used "to surveil communications and metadata for lots of people. And it seems like the [hackers'] focus is primarily Washington, D.C."
What norms are he referring to?
And yeah pretty much. I don’t know anything about anything but it feels like there is a hierarchy (norm? At least what they are trying to enforce) of US > Five Eyes > other Western Intel (France, etc) > Pakistan/Russia/Etc > China/North Korea/Iran; and Israel falls somewhere in that mix as a maverick. Of course in practice it doesn’t work out this way.
Reminds me of the recent news that the US will ban Chinese components from undersea cables, globally: https://asia.nikkei.com/content/99550c9ade243fe057e8a2ba6f29...
Objecting to calling Israel the west is at least as weird as including it in the context of this conversation.
It's a tilted west.
Look, I know it's cultural much more than geographical. But Australia can easily be both. It's not actually a counterexample.
What are we even talking about anymore? This sub thread is a weird digression on if it’s normal to include Israel in the phrase “western intelligence”. The US collaborates more with 5 eyes nations (2 of which are is the South Pacific) and Israel, be it Mossad or Unit 8200 than it does with France.
My contention is that the phrase Western Intelligence is a cultural signifier that has nothing to do with geography. And that pointing out that Israel is not in the west (while not doing the same for New Zealand) is more strange than including them by default.
Imagine if there were movements in Switzerland to move to certain areas to push out the speakers of some local dialect, and literally organized home-buying in groups to get them out?
(Some high value people do seem to be targeted for even more intensive spying.)
There are easily hundreds of comments on HN from people in Europe who assure us all that this is solely an American problem, and that it never happens anywhere else.
The bigger problem with Google Voice is that Google's email gateway for SMS is awful. It cuts off outgoing messages after two carriage returns, strips out single carriage returns, and won't send me group messages, instead sending me a link to the message, and even that only rarely, usually not even notifying me that I received a group message.
I've found a few alternatives, and I wouldn't mind paying a few dollars a month for one, but every one I've looked into requires I upload a copy of my photo ID, and I'm definately not going to do that.
This only became a problem when the mortgage was paid off last year and despite getting emails about it, I got a registered letter saying they must talk to me and that haven’t been answering my phone. So I call them as instructed and it was just a “you’re done. We’ll be mailing you documents to send to your insurer. Thanks for your business.”
FWIW: I’ve never personally owned a land line. The last time I ever lived somewhere with one was 19 years ago.
There's no way the legal system could require a phone number, because the government overplays their support for the homeless, and being able to work with people that don't have phone numbers is a big part of that.
Reading the Atlantic Council's recent paper on what the US can do to counter the system China has created which funnels exploits to their government shows how mistatched the West is versus China. Paper here: https://www.atlanticcouncil.org/wp-content/uploads/2025/06/C...
How do we build a functioning world where secrets are not required? By this I don’t mean “everyone behaves good and therefore has nothing to hide/fear” but rather, how do we function in a world in which secrets are simply not possible?
I think sliding down towards "I have no privacy" end of the spectrum is bad for both the citizens and the society. Stopping the this slide is a worthwhile goal. My 2c.
And that's only if blackmail didn't work.
So where is our deep, persistent infiltration of China?
This is ridiculous defeatism. You are going to need more 0's than exist in the global economy to crack many cryptosystems.
It's also possible to design systems with an intermediate level of security. With your attitude, you might as well leave your house unlocked because any competent locksmith could break in.
https://www.heartbleed.com
https://www.blackduck.com/blog/understanding-apple-goto-fail...
Once you patch the bugs, they are patched. You eventually reach a state where there is no more surface area for bugs.
i absolutely believe it may have happened, but due to overwhelming and well documented history of lies from this regime, i’d feel like i was standing on more solid footing with this if we had some reputable 3rd party sources. ideally someone who is far away from the hysterical levels of partisanship our current leaders have planted themselves.
again, i’m not in denial that it couldnt have happened, it’s just that unfortunately i think it would be unreasonable to trust anything from this regime’s people. and to reiterate, they have a long and very well documented history of outright lying. not even typical politician half truths, but shoving it in our face lying.
https://www.verizon.com/about/salt-typhoon-matter-update
And now we have China using CALEA-crippled systems to slurp up the entire USA network. Exactly as predicted.
And this - "outside of the norms of what we see in the espionage space" - LOL. ROTFL even. The NSA tapped Google's backbone! Have we forgotten Room 641A? MAINWAY? Poindexter and TIA? Palantir?
The NSA used to play defence and offence, and has gone full-offence for a generation. Did anyone really believe that only the USA could play offence?
Morons.
Context for others, there's a small number of software vendors that make these MD devices that handle initiating a capture of a flow (a wiretapping request) and managing the chain of custody for a pcap. MDs usually sends an SNMP poll to a router/switch to start a (r)span port and the MD device slurps up all data and saves it.
Anyway, what I'm curious about is if it's the MDs that were taken over and if it was one manufacturer but I'm not seeing much technical info on all these reports.
Here's some context for "LI" for those interested: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9...
So how would a simple MD attack affect me? Any sort of CALEA attack on a higher protocol layer (e.g. compromising Gmail at Google instead of capturing their traffic) would make sense, but not a pcap.
edit these network devices probably also carry voip/voice trunks from enterprise and possibly carriers such as VZW. No telling if those are encrypted or not. If China is able to tap that using these CALEA systems, I could see how that would be a big deal for stealing IP/secrets.
Header decryption data (protocol, source, target)
Any phone calls
Etc.
Does anyone here think even a decent portion of government officials are tech literate? (I'm not even convinced half of hacker new or half of programmers are tech literate! Instead only have basic literacy and high confidence) There's a few, but I'm not convinced it's that many. The vast majority of Congressmen don't even have an aid who specializes in tech. So do you think it takes any more than someone at the NSA saying "it's encrypted and only we can access it" for them to believe in this magic key? (And this is something we've seen NSA officials say)
Remember, in the senate only 12 members are under 50, 33 are 60-69, and 33 are over 70! In the house 20% are over 70, 43% over 60, and 70% over 50. Only 8% are under 40. Almost none of these people have ever programmed. Just think about how tech illiterate the average 20 year old is (even worse on a technology subreddit!) and we're talking about.
Come on guys. It's a choice between stupid old people and hyper intelligent deep state actors that are acting idiotically. I'd put money on aliens before I'd put money on the later
What they also told me is that most of the expert advice tends to come through lobbying. Or "industry relationships" as he put it while using air quotes. It's a budgeting problem, not just that it is hard to get a competent tech aid at such a low salary but even just a handful of domain expert aids in the first place.
I am going mostly off of what this guy told me but I have no good reason to distrust him. (It felt like talking nerd to nerd, not with a politician)
While for foreign citizens you can pretty much capture anything at will, without any need for FISA or warrants
Hey, I'll bet you never look at that WiFi-"enabled" power bank or HEPA/AC unit again the same way (or my favorite AI response du jour "Some Chinese scooters come with a microphone integrated into a GPS tracker or helmet, while others can be customized with aftermarket solutions. There is no single model called "Chinese scooter with microphone," but rather multiple products and approaches that fit this description.") Errbody worried about the talking LLM parrot AI and your vehicle dashboard always listening (or even watching), but that's not the most serious threat we face now.
Here [1] is one example of a couple Chinese police in NYC but I can not find the links to the groups in Los Angeles.
[1] - https://www.pbs.org/newshour/politics/2-men-arrested-on-char...
And IIRC most of those people who used to work for the NSA now work at private firms like the NSO group, which is pretty scary when you think about it. It's hard to blame them though, if I was being offered the amount of money they were given, I would probably take it as well.
I recommend the book 'This Is How They Tell Me the World Ends' by Nicole Perlroth, it gives some good insights into what is going on behind the scenes (though with some of the major events which have happened since it was published some things may be outdated. Either way it's a good read.)
as well as anyone that can pick the lock, jimmy the lock, remove the door from its hinges, remove the lock, break the door down, go under the door, go over the door, get somebody with a key to open the door, and many other methods which can be found with just a little imagination.
They havent forgotten their offensive operations, they never knew about it or never cared.
But state-sponsored cyber-war and other such aggressions are now considered normal daily life. Just as bad, U.S. MSM rarely reports American aggression towards others.
China is the last group we should blame for this. Our government did this to us and must be held accountable or this will happen again, and again, and again.
22 more comments available on Hacker News