• blarth@thelemmy.club
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    1
    ·
    22 days ago

    The problem, as I see it, is that telcos have simply way too many silos and technologies in use to even begin to understand their entire attack surface. I don’t think the Lawful Intercept functions on the devices that are likely compromised are even capable of sending logs to a SIEM. It’s a black box that only a small subset of people at the telco work with and law enforcement has essentially automated access to it once a warrant (or warrantless) wiretap commences.

    What if the bespoke hack the CSO is describing is something like backward serialization of a circuit emulation method or some other tunneling technology leveraging a legacy protocol? There’s all kinds of crazy shit in telco networks with lots of capabilities, lots of which go unused. The folks securing those networks do not understand the devices and protocols well enough to ask the right questions, probe the right directions, get the right people to do the right things…

    Combine all that with what’s typically an adversarial relationship between security teams and the people building and operating the network and you get a nice shit soufflé waiting to be eaten by APTs.

    It was reported long ago that foreign adversaries had compromised telco and financial networks so deeply that they would likely never be eradicated. I don’t think the situation has improved much.

    • lucidmushr00m@lemmy.ml
      link
      fedilink
      English
      arrow-up
      7
      ·
      22 days ago

      what’s typically an adversarial relationship between security teams and the people building and operating the network

      While this is definitely a factor I’d place the issue one more level up. Businesses typically do not prioritize security at all. This then causes an adversarial relationship. Ops team has kpi/goals to get shit done and none for doing it well or securely so understandably they don’t want to “waste” time with the security team’s requests. This of course assuming there is a security team at all or that the ops team isn’t outsourced and gives even less of a shit what the quality/security is

      • blarth@thelemmy.club
        link
        fedilink
        English
        arrow-up
        3
        ·
        21 days ago

        Yeah, security is not just operating expense, it also slows down revenue generation. Bad combo for presenting to the C suite.