Nate Foster

Professor of Computer Science

Nate Foster is a professor of computer science at Cornell University. His research attempts to solve problems in networking, databases and security. Foster is the principal investigator of the LANCER (Learning Network Cyberagents) project established to help bolster cybersecurity.

Foster says:

“Americans rely on our telecommunications infrastructure, but it is more complex and vulnerable than many realize. Configuring all of this infrastructure correctly while ensuring that system-wide security policies are enforced is non-trivial. Even small mistakes, like misconfiguring a network router, can cause data to flow where it shouldn't. State actors from China have been attacking it for months.

“The recent recommendation by the FBI and CISA for Americans to use services like Signal and WhatsApp is remarkable, highlighting the extensive scope and ongoing nature of these Chinese attacks.

“Some attacks have targeted parts of the infrastructure that support lawful intercept, also known as wiretapping. There is a technical solution that enables secure communication over insecure infrastructure: end-to-end encryption. Even if an attacker intercepts the data in transit, they cannot read its content without breaking the underlying encryption – something believed to be effectively impossible. 

Gregory Falco

Assistant professor in Cornell Engineering

Gregory Falco, assistant professor of engineering, is a cybersecurity expert.

Falco says:

"Endpoint encryption is going to become more important because the Telco operators are now entirely exposed. WhatsApp has holes all over it as well, so it may be wise to start using Telegram or Signal for messaging. You may also want to consider changing your email provider. Google is not encrypted so Proton Mail could be a better choice. 

 

"The extent to which attackers have embedded themselves in the Telco operators is unknown and it's likely no one will have good answers anytime soon. The upside is that most people are not the target of the nation states that did this, in which case there is little to worry about. We aren't talking about cybercrime gangs who want to blackmail you for Bitcoin and release unsavory pictures sent over messaging apps. These are nation state actors working on industrial espionage. Companies and universities should be concerned. Most often neither use encrypted emails or messaging platforms."