Daily Archives: 2021-10-05

Company that routes SMS for all major US carriers was hacked for five years

Source: Ars Technica

Article note: ...Our infrastructure is such bullshit.
A woman's hand holding a smartphone.

Enlarge (credit: Getty Images | d3sign)

Syniverse, a company that routes hundreds of billions of text messages every year for hundreds of carriers including Verizon, T-Mobile, and AT&T, revealed to government regulators that a hacker gained unauthorized access to its databases for five years. Syniverse and carriers have not said whether the hacker had access to customers' text messages.

A filing with the Securities and Exchange Commission last week said that "in May 2021, Syniverse became aware of unauthorized access to its operational and information technology systems by an unknown individual or organization. Promptly upon Syniverse's detection of the unauthorized access, Syniverse launched an internal investigation, notified law enforcement, commenced remedial actions and engaged the services of specialized legal counsel and other incident response professionals."

Syniverse said that its "investigation revealed that the unauthorized access began in May 2016" and "that the individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer ('EDT') environment was compromised for approximately 235 of its customers."

Read 12 remaining paragraphs | Comments

Posted in News | Leave a comment

Activists Are Designing Mesh Networks To Deploy During Civil Unrest

Source: Slashdot

Article note: This is something I muse about for fun pretty often. What if we built a peer-to-peer wireless network that we could fiddle with independent of commercial transit? What if it had network properties that looked different than the current internet (eg. store-and-forward? information centered?)? What if we _intentionally_ built technical protections/limitations into it (eg. fancy transport level crypto, nodes identified by cryptographic nonces for anonymity? users with IDs rather than nodes? some kind of peer attestation scheme?)? It's a fucklot of work to play with anything like that so I never get past musing, but it looks like these folks are making some preliminary inroads on a scheme that hits a lot of those points.

An anonymous reader quotes a report from Motherboard: [O]rganizers and programmers with the Mycelium Mesh Project are [...] designing a decentralized, off-grid mesh network for text communications that could be deployed quickly during government-induced blackouts or natural disasters. Mesh networks, a form of intranet distributed across various nodes rather than a central internet provider, have the potential to decrease our collective reliance on telecommunication conglomerates like Spectrum and Verizon. During a civil unrest situation, government operatives could theoretically disconnect established commercial mesh networks by raiding activists' homes and destroying their nodes or super nodes. The Mycelium Mesh Project is addressing this potential weak link by developing a system that could be deployed at a moment's notice in non-locations, such as on abandoned buildings, tree tops, electric boxes and utility poles. Nodes would be cheap, run independently of the power grid, and could be produced with materials that can be obtained locally. So far, the collective has successfully sent and received text messages across thirteen miles during field testing around Atlanta, Georgia with nodes powered by rechargeable batteries harvested from disposable vapes. [...] The Mycelium Mesh Project is still in its relatively early stages of development. Messages aren't encrypted -- a necessary feature for activists -- and the model isn't ready for long-range use. But developers are hopeful that their open-source model will promote cooperation amongst like-minded coders. "The network that we all use will work pretty much fine in 99.9% of the cases. But then when it doesn't, it's a real big problem," Marlon Kautz, an organizer and developer with the project, told Motherboard. "The authorities' control over our communications infrastructure can just completely determine what is politically possible in a situation where the future is really up for grabs, where people are making a move to change things in a serious and radical way." "This is anti-capitalist work, which is non-commercial. We are not trying to start a business," Kautz explained. "We're explicitly trying to take advantage of open source type concepts. So not not only do we want the code that we're developing to be open source, but our entire production model will be."

Read more of this story at Slashdot.

Posted in News | Leave a comment