U.S. telecom giant AT&T disclosed a breach in July that included the six-month call and text message logs of nearly all of its more than 100 million customers in 2022. However, in addition to exposing the personal contact details of scores of Americans, the FBI has warned that its agents’ call and text records were also included in the breach. The document, seen and first reported by Bloomberg, shows that the administration has worked to minimize any potential fallout from disclosing the identities of anonymous sources connected to the investigation.
The data breach did not include the content of calls and text messages, but Bloomberg reports that it did show communication logs for the agents’ cellphone numbers and other phone numbers they used over a six-month period. It is unclear how widespread the stolen information was. WIRED reported in July that after hackers tried to extort AT&T, the company paid $370,000 in an attempt to delete data. In December, US investigators charged and arrested a suspect allegedly behind the entity that was threatened to release the stolen information.
“The FBI continually adapts our operational and security procedures to the evolution of physical and digital threats,” the FBI told WIRED in a statement. The FBI has a serious responsibility to protect the identity and safety of confidential human resources who provide information every day that keeps the American people safe and often puts them in harm’s way.
AT&T spokesman Alex Byers said in a statement that the company worked closely with law enforcement to mitigate the impact on government operations and appreciates their “thorough investigation.” “As the threat from cybercriminals and nation-state actors increases, we continue to increase investment in security as well as monitoring and remediation of our networks,” adds Byers.
The situation comes amid ongoing revelations about a different hacking campaign by Chinese spy group Salt Typhoon that has compromised a number of US telecoms, including AT&T. This separate status showed call and text logs for a smaller group of high-profile targets, and in some cases included recordings as well as information such as location data.
As the US government tries to respond, one recommendation from the FBI and the Cybersecurity and Infrastructure Security Agency is that Americans use end-to-end encrypted platforms (such as Signal or WhatsApp) to communicate. In particular, Signal stores almost no metadata about its customers and, in the event of a breach of this information, does not reveal which accounts are connected to each other. The proposal was sound advice from a privacy perspective, but surprising given the US Department of Justice’s historical opposition to the use of end-to-end encryption. However, it makes more sense if the FBI is grappling with the possibility that its informants may have been exposed by a recent telecommunications breach.
Jake Williams, a former NSA hacker and Hunter’s vice president of strategic research, said that if agents were strictly following investigative communications protocol, however, AT&T’s reports of stolen calls and texts shouldn’t pose much of a threat. He says standard operating procedure should be designed to take into account the possibility that call logs could be compromised, and should require agents to contact sensitive sources using phone numbers that have never been linked to them or the U.S. government. The FBI may have warned about the AT&T breach out of an abundance of caution, Williams said, or it may have discovered that agent errors and protocol errors were recorded in the stolen data. “It’s not going to be a counter-espionage issue unless somebody’s not following the procedure,” he says.
Williams also adds that while the Salt Storm campaigns only affected a relatively small group of people, they affected many telecoms, and the full impact of the breaches is still unclear.
“I’m concerned about FBI sources who may have been affected by this AT&T exposure, but the general public still doesn’t fully understand the implications of the Salt Storm campaign,” Williams said. And it seems that the US government is still working on understanding this.
