Telecom – Noise

US Disrupts Massive Cell Phone Array in New York

Bruce Schneier — Wed, 24 Sep 2025 11:09:19 +0000

The US Secret Service disrupted a network of telecommunications devices that could have shut down cellular systems as leaders gather for the United Nations General Assembly in New York City.

The agency said on Tuesday that last month it found more than 300 SIM servers and 100,000 SIM cards that could have been used for telecom attacks within the area encompassing parts of New York, New Jersey and Connecticut.

“This network had the power to disable cell phone towers and essentially shut down the cellular network in New York City,” said special agent in charge Matt McCool...

Arguing Against CALEA

Bruce Schneier — Tue, 08 Apr 2025 11:08:13 +0000

At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today’s threat environment and should be rethought:

In other words, while the legally-mandated CALEA capability requirements have changed little over the last three decades, the infrastructure that must implement and protect it has changed radically. This has greatly expanded the “attack surface” that must be defended to prevent unauthorized wiretaps, especially at scale. The job of the illegal eavesdropper has gotten significantly easier, with many more options and opportunities for them to exploit. Compromising our telecommunications infrastructure is now little different from performing any other kind of computer intrusion or data breach, a well-known and endemic cybersecurity problem. To put it bluntly, something like Salt Typhoon was inevitable, and will likely happen again unless significant changes are made...

Enhancing telecom security with AWS

Kal Krishnan — Fri, 07 Feb 2025 18:04:34 +0000

If you’d like to skip directly to the detailed mapping between the CISA guidance and AWS security controls and best practices, visit our Github page. Implementing CISA’s enhanced visibility and hardening guidance for communications infrastructure In response to recent cybersecurity incidents attributed to actors from the People’s Republic of China, a number of cybersecurity agencies […]

Salt Typhoon’s Reach Continues to Grow

Bruce Schneier — Mon, 30 Dec 2024 12:05:00 +0000

The US government has identified a ninth telecom that was successfully hacked by Salt Typhoon.

AWS successfully renews GSMA security certification for US East (Ohio) and Europe (Paris) Regions

Janice Leung — Fri, 29 Dec 2023 19:26:43 +0000

Amazon Web Services is pleased to announce that the AWS US East (Ohio) and Europe (Paris) Regions have been recertified through October 2024 by the GSM Association (GSMA) under its Security Accreditation Scheme for Subscription Management (SAS-SM) with scope Data Centre Operations and Management (DCOM). The US East (Ohio) Region first obtained GSMA certification in […]

Cyberattack on Ukraine’s Kyivstar Seems to Be Russian Hacktivists

Bruce Schneier — Thu, 21 Dec 2023 12:10:10 +0000

The Solntsepek group has taken credit for the attack. They’re linked to the Russian military, so it’s unclear whether the attack was government directed or freelance. This is one of the most significant cyberattacks since Russia invaded in ...

AWS successfully renews GSMA security certification for US East (Ohio) and Europe (Paris) Regions

Janice Leung — Wed, 19 Oct 2022 18:40:09 +0000

Amazon Web Services is pleased to announce that our US East (Ohio) and Europe (Paris) Regions have been re-certified through October 2023 by the GSM Association (GSMA) under its Security Accreditation Scheme Subscription Management (SAS-SM) with scope Data Centre Operations and Management (DCOM). The US East (Ohio) and Europe (Paris) Regions first obtained GSMA certification […]

AWS achieves GSMA Security Certification for Europe (Paris) Region

Janice Leung — Wed, 10 Nov 2021 19:21:23 +0000

We continue to expand the scope of our assurance programs at Amazon Web Services (AWS) and are pleased to announce that our Europe (Paris) Region is now certified by the GSM Association (GSMA) under its Security Accreditation Scheme Subscription Management (SAS-SM) with scope Data Center Operations and Management (DCOM). This is an addition to our […]

AWS achieves GSMA security certification for US East (Ohio) Region

Janice Leung — Fri, 24 Sep 2021 17:17:06 +0000

We continue to expand the scope of our assurance programs at Amazon Web Services (AWS) and are pleased to announce that our US East (Ohio) Region (us-east-2) is now certified by the GSM Association (GSMA) under its Security Accreditation Scheme Subscription Management (SAS-SM) with scope Data Center Operations and Management (DCOM). This alignment with GSMA […]