US telecom giant AT&T disclosed a breach in July involving call and text messaging logs from six months in 2022 of “almost all” of its more than 100 million customers. In addition to exposing personal communication details for a dead individual American, however, the FBI has been alerted that its agents' call and text records were also included in the breach. A document spotted and first reported by Bloomberg indicates that the bureau is scrambling to mitigate any potential fallout that could lead to revelations about the identities of anonymous sources connected to the investigations.
The breached data did not include the content of calls and texts, but Bloomberg reported that it would have shown communication logs for agents' mobile numbers and other phone numbers they used over a six-month period . It is unclear how widely the stolen data was spread, if at all. WIRED reported in July that after hackers attempted to extort AT&T, the company paid $370,000 in an attempt to delete the data trove. In December, US investigators charged and arrested a suspect news was behind the entity that threatened to leak the stolen data.
The FBI told WIRED in a statement: “The FBI continues to adapt our operational and security practices as physical and digital threats evolve. The FBI has a solemn responsibility to protect the identity and safety of confidential human source, providing information every day that keeps the American people safe, often at risk to themselves.”
AT&T spokesman Alex Byers said in a statement that the company “worked closely with law enforcement to minimize the impact on government operations” and appreciated the “thorough investigation” they conducted. “Due to increasing threats from cybercriminals and nation-state actors, we continue to increase investments in security as well as monitoring and repairing our networks,” Byers added.
The situation comes amid ongoing revelations about another hacking campaign by China's Salt Typhoon spy group, which has compromised multiple US telecoms, including AT&T. This separate situation exposed call and text logs for a smaller group of specific high-profile targets, and in some cases included recordings as well as information such as location data.
As the US government rushed to respond, a recommendation from the FBI and the Cybersecurity and Infrastructure Security Agency for Americans to use end-to-end encrypted platforms—like Signal o WhatsApp—to communicate. Signal specific stores have almost no metadata about its customers and won't reveal which accounts interact with each other if it's breached. The suggestion is sound advice from a privacy perspective, but surprisingly given by the US Justice Department historical opposition by using end-to-end encryption. If the FBI is grappling with the possibility that its own informants may have been exposed by a recent telecom breach, however, the about-face makes more sense.
If agents strictly follow protocol for investigative communications, however, the stolen AT&T call and text logs shouldn't pose much of a threat, said the former NSA hacker and Hunter Strategy vice president of research. that is Jake Williams. Standard operating procedures should be designed to account for the possibility that call logs could be compromised, he said, and should require agents to contact sensitive sources using phone numbers that never linked to them or the US government. The FBI may have warned about the AT&T breach out of an abundance of caution, Williams said, or it may have discovered that agent mistakes and protocol errors got into the stolen data. “It's not going to be a counterintelligence issue unless someone is not following procedure,” he said.
Williams also added, that while the Salt Typhoon campaigns are only known to have affected a relatively small group of people, they affected many telecoms, and the full impact of those breaches may still be unknown.
“I am concerned about FBI sources who may have been affected by this AT&T exposure, but more broadly that the public still does not have a full understanding of the effects of the Salt Typhoon campaigns,” Williams said. . “And apparently the US government is still working to understand that.”
