The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS-CISA) released an issuance entitled “Mobile Communications Best Practice Guidance” on December 18, 2024.
From the classic cybersecurity practitioner’s perspective, it was full of technical guidance on how to make the mobile computing environment secure.
Having been part of the combined, inter-agency response team for several broad enterprise breaches over the past 20 years, my interest was piqued.
These documents take months and months of analysis, staffing, and inter-agency approval before publishing. Reading through the DHS CISA document, there were several flags that began to jump out at me.
First, the guidance was complex from even the cybersecurity expert’s point of view, much less the average, typical user of mobile computing and smartphones.
Second, the document did not reference any of the “Typhoon” series of Chinese intrusions that were first revealed by Microsoft in May of 2023.
And third, after years of lecturing everyone on the merits and virtues of 2FA (Two Factor Authentication) there was a sentence that belied panic.
The lead was buried in the third point of guidance: “Do not use SMS as a second factor for authentication.”
The DHS CISA response guidance reveals they are getting their butts kicked
Source: CISA
What is the real message in this seemingly prosaic, mundane, and forgettable techie release?
DHS CISA and the entire U.S. Government have been manhandled by the Chinese Typhoon series of intrusions, shoved out of the way, and now the Chinese combined cyber forces including Russia, Iran, North Korea, and Venezuela have forcefully taken over the decisive cyber terrain of American Internet Service Providers.
Data Centers, Routers, and Servers now have been broken into en masse. China is squatting inside of Verizon, Comcast, Google, Apple, Microsoft and all other environments and is essentially saying, “we’re here, we’re in control – come and try to take it from us”.
“Do not use SMS as a second factor for authentication” is a white flag of surrender that admits the Chinese Ministry of State Security (MSS) has created a cyber redoubt inside the ISP networks and can see that 2FA code texted to you, which means they can immediately use that 2FA code to enter your secure website – including U.S. Government Websites, or personal websites such as your banking or investments.
Source: CISA
DHS Director Easterly, FBI Director Wray (now departed), and NSA/Cyber Command General Haugh have been histrionic about the Chinese Cyber Blitz. “The PRC has a bigger hacking program than every other major nation combined,” said FBI Director Christopher Wray. “In fact, if each one of the FBI’s cyber agents and intelligence analysts focused exclusively on the China threat, China’s hackers would still outnumber FBI cyber personnel by at least 50 to 1.”
The DHS CISA release was a screaming klaxon of red alert. But to make up for the failures of the U.S. Government Cyber Team, responsibility for the complex re-configuration and securing of personal IT was placed firmly upon the user. It was a legalistic CYA self-indemnification before change of Administration.
This cyber disaster is the price of Woke-ism and Spying on Americans
This cyber debacle is potentially more damaging than the shameful Biden directed retreat from Afghanistan. Part of the guidance in the DHS-CISA release is for everyone to start using Encrypted messaging.
This presumes encrypted messaging is not already compromised.
If the Chinese have smashed their way into the core of the U.S. Cyber environment, it means they’re moving like an armor piercing sabot round and will blow through the armor of encrypted messaging with only minor additional effort.
And pray tell – how will all the new communication created with encrypted messaging be memorialized in accordance with the Federal Records Act or the Presidential Records Act?
Was this a poison pill for the Trump Team? Is a weaponized Federal Archivist going to be the tip of the spear again to play gotcha with President Trump for failing to ensure encrypted messaging is stored – much like the role they played against President Trump in the first term?
How did we get to this point? When I was in Government, this would never have been allowed to happen.
And if it did, the U.S. Government would have hit back hard in creative ways to stop the bleeding, punish the assailant, and bring things to an end. This breach is the result of Deep State Woke-ism, pure and simple.
We spend close to $1 trillion on Defense, over $100 billion on intelligence, over $3 billion on DHS CISA, and over $11 billion on the FBI and yet the Chinese now occupy the cyber core of American Internet Service Providers?
If the Deep State had spent more time doing their Constitutional duties and less time spying on Americans, this would not have happened.
But with the cancerous effect of Woke-ism, DEI, and CRT, a hapless Deep State Blob has been created that is far more threatened by the American Citizen than the Chinese Communist Party.
China has American Telcom’s in a Headlock – unleash the Navarro
The Obama Team was very upset with China running amok inside the Office of Personnel Management starting around 2014 (about the time of Biden and Hunter’s first trip to China).
But when the Obama Team asked for ideas on how to shut down the Chinese intrusion, almost everything was rejected as too provocative.
Over 22 million records of everyone with a Top-Secret clearance were stolen and China was able to identify, arrest, and execute 100s of Chinese Citizens who were perhaps informants to American Intelligence.
The best way to eject the Chinese Intelligence squatters from the American networks is simple.
On January 20, 2025, President Trump unleashes Dr. Peter Navarro, Scott Bessent (Treasury Secretary), Kristi Noem (DHS), Jamieson Greer (U.S. Trade Representative), and Secretary of State Marco Rubio to hold China financially accountable and limit their access to the Capital Markets starting with the Federal Thrift Savings Program retirement investments for Civil Service and now the new Military Retirement System.
The Chinese cyber foothold will rapidly collapse once their funding source is cut off.
All viewpoints are personal and do not reflect the viewpoints of any organization.
The post DHS CISA in a Panic Over Chinese Penetration of Telecommunication Companies appeared first on The Gateway Pundit.