Stop Texting? The FBI Says You Should.

January 21, 2025

Tales from Cyberland Stop Texting Cybersecurity threats are escalating, and recent warnings from global intelligence agencies reveal a critical risk: major telecommunications providers have been compromised, exposing data to state-sponsored threat actors.

How do we know this? First, in December 2024 the FBI, CIA, and cyber security agencies from Australia, Canada, and New Zealand published a notice warning the public that major telecommunications providers have been compromised and data sent between them has been intercepted and disclosed to state sponsored threat actors. Additionally, the Cybersecurity and Infrastructure Security Agency (CISA) recently published a best practices for mobile communications guide. Be warned, these two publications total more than 5,000 words, and are primarily written for network and security engineers, instructing them on hardening and securing organizational and network traffic.

The good news is Network 1 already implements many of these guidelines across the board for our clients, and many others are on our strategic plans and roadmaps for 2025.

However, many of these guidelines also apply to individuals, instructing us on how to secure our personal communications against threat actors.

Among the FBI recommendations for individuals are:

Use communications systems that are encrypted end to end
- This includes:
  - Apple iMessage
  - Facetime
  - Google Messages
  - Secure messaging apps like Signal and WhatsApp
- This does not include:
  - Text messages
- Use strong Multifactor Authentication (MFA) methods
  - Physical tokens are the strongest form of MFA, followed by passkeys unlocked by biometrics, such as iPhone’s Face ID or Android Phone’s password manager
  - If tokens or passkeys are not available, store MFAs in apps with authenticator codes, such as Microsoft Authenticator or Google Authenticator
  - Avoid using text messages and SMS as a form of MFA
- Do not use a personal virtual private network (VPN)
  - Although VPNs are supposed to safeguard browsing and data exchanges, many VPN services have experienced breaches or have dubious security track records.
  - Using a VPN also increases your attack surface, the total number of ways an unauthorized user can gain access to your system or data.

Is it imperative to follow each and every one of the FBI’s recommendations? No, because each individual has a different risk value and will also view their data and security differently. If all you have is a thousand pictures of your cats on your phone, you may not need to implement the entirety of the Mobile Communications Best Practice Guidance. (Though maybe your cats would be upset if their pictures were seen by foreign national operatives.) You may also have text messages with account passwords (don’t do this by the way!) or texts with your siblings complaining about your uncle’s lack of decorum at Christmas again that you would be embarrassed if he read.

Awareness of security best practices is the first step to ensure that we all can make the best security decisions for ourselves, and now you know.

For additional information or questions, you can reach me at [email protected].

Security Team: We monitor threats, strengthen defenses, deliver policies & training and help keep your business protected. With proactive support, expert guidance, and fast response times, we help prevent breaches before they happen and stop breaches if they do happen.

Network 1 designs, builds and supports the IT you need to run your business more securely, productively and successfully. Whether you want to outsource all of your IT needs to a reliable, responsive, service-oriented company, or need to supplement the work of your internal IT staff, we will carefully evaluate where you are now, discuss where you want to go and implement and support a plan to get you there with as little interruption as possible.

Comments are closed for this post.