Alleged hack EE/BT source code of entire UK mobile network

If true all hell will break loose

Definite political edge on this one. Look at his other videos. And interesting that he names China, NK and Iran as possible state actors but does not name Russia.

Maybe before spreading possible misinformation you might corroborate it from multiple reliable sources.

YouTube not being one of them.

Edited by Nervous (Wed 29-Oct-25 20:19:40)

Curious. I was trying to use the EETV app on my tablet and phone a little earlier it was having trouble accessing the necessary server at bt.com. Coincidence or part of BT taking it down to fix it. Now back up.

Yet to head over for my daily visit to the BT forums where I expect the fuller / correct story on my outage will be being discussed.

In reply to a post by Nervous:

Maybe before spreading possible misinformation you might corroborate it from multiple reliable sources.

YouTube not being one of them.

Maybe you should read the title and what I said .... Alleged and IF .......

It is a highly political YouTube channel.
Please keep politics off ThinkBroadband

Possibly an opportunistic extrapolation (by the youtuber, or his minder, not the OP!) from this:

In reference to www.bbc.co.uk/news/articles/cgr4xpyrkdqo:

Then, in August, the UK finally revealed what many suspected – that it had been hit as part of a highly sophisticated espionage campaign codenamed Salt Typhoon, which compromised telecoms companies around the world.
.
.
"The data stolen through this activity can ultimately provide the Chinese intelligence services the capability to identify and track targets' communications and movements worldwide," the UK's National Cyber Security Centre, an arm of GCHQ, warned in a statement.

(About half-way down)

Edited by billford (Thu 30-Oct-25 09:33:25)

I read the transcript.

Not really, the guy has no idea what he's talking about. Having the 'source code' doesn't allow mass decryption of everything, ever as it's encrypted before it hits anything BT. If they've the code to the network management system that's not ideal but not the end of the world. If they've the code to the billing and provisioning systems that's not ideal but not the end of the world. The customer databases concern me far more.

If they wanted to be really interesting and actually have that data they could have some fun by highlighting the lawful intercept goodness in the BT networks. If they had access to that they could've listened to phone calls, but nothing else bar catching the tiny fraction of Internet traffic that isn't encrypted.

What isn't encrypted is things like regular DNS requests and likely some telemetry from IOT devices but banking, healthcare, government interactions, etc, are all behind encryption no-one has the ability to break at this time or will for a while.

While China did indeed manage the operation to break the RSA encryption scheme with a quantum computer they used a key so small even a regular computer could eat it alive in no time.

Even making the reasonable assumption that the NSA has more advanced capabilities, and they definitely do, a reminder that China factorised a 22-bit key - we've been using 2048-bit keys for some time and before that 1024-bit. Regular computing that we know about has factored an 829-bit key. Each extra bit doubles the key space, it's an exponential rise in complexity. There's a long, long, long way between 22 bits and 2048.

TL;DR even if the main claim is actually true the results are nowhere near what he's claiming.

This guys doesn't know what he's talking about.
I'm not saying there isn't an issue.. but he's drawing conclusions which are completely wrong.. online banking uses encryption beyond what's on a mobile network.
I'd be happy to listen to anyone who could share information about this but would want to verify source.

No sign of my issue being discussed so I am putting it down as a little, local situation.

The response below to Silver Fox HT's video is interesting. A guy with extensive Infrastructure, networking and security experience. He says he's worked as an engineer at BT.

This Brown Geek - YouTube response

I don't think Mr Silver Fox has any significant IT or cyber security experience to make these claims. For instance if 'BT's source code' had been breached, banking systems (etc) will have their own encryption methods.

There are a number of reasons we should be skeptical of Mr Silver Fox, not least his lack of IT/Cyber security acumen.

I watched his video. Alarm bells rang for me when he throws in comments about Digital ID. He is a prolific political commentator on his YouTube channel & has given a lot of coverage to Digital ID, so this is supporting his own narrative. If the systems holding our sensitive data (including biometric) is hacked due to it being held by this DID initiative, it won't be due to 'source code' from BT being discovered.

It's also suspicious why "someone senior in BT" would go directly to a solitary YouTuber to leak this to. Lack of credible sources make not for a legitimate case.

Edited by IronOld (Sat 01-Nov-25 09:13:09)

Hello there,

As you may've been aware, Microsoft (Azure) had issues on Wednesday (started just before 4pm (UK time) and was fully resolved just before midnight. A number of services, including BT & EE I believe were affected. Microsoft supply a large proportion of Internet services & connectivity through Azure, so there's a possibility you were affected.

List of services affected: https://www.scotsman.com/news/uk-news/microsoft-outa...

Hope this helps.

Sounds feasible. Thanks for the update. Curious that the EETV app on my BT Youview box continued to work through this outage. I am guessing because it did not need to authenticate my usage unlike the apps on my phone and tablet.

In reply to a post by IronOld:

I don't think Mr Silver Fox has any significant IT or cyber security experience to make these claims. For instance if 'BT's source code' had been breached, banking systems (etc) will have their own encryption methods.

Can you add, not understanding source code to that list. leaking source code, in itself isn't an issue -its a commerical blow. Most code can be reverse engineered. Weak parts of any code can be exploited easier if the source code is seen, but also it would be fairly easy to update. Further when i was there for a short time i saw custom software updates - updated on a daily basis.

Indeed. Clearly Silver Fox doesn't understand any of the technology. Content like that is dangerous when statements are put out to drive revenue & subscribers.

There are over a thousand comments on his video. The majority are "Keir Starmer should be taken to the tower for treason!!!" and commenting about Digital ID and privacy - all of which are irrelevant to the video and the claims he's making.

Noone, as far as I can see*, has challenged his claims - to query the source, get a reasonable indication why such 'a senior' BT source would release this information to a single YouTube influencer and dispute (eg debunk) his technical understanding & appraisal of his claim. Ultimately these channels have degrees of sensationalism (eg clickbait) without any legitimate evidence.

*Edit: ok, a few have. The comment from SteveHodgson is a good one.

The security of the Digital ID data (and potential Government overreach) is a valid discussion point. However fact checking - particularly technical & scientific - should still be something everyone does. Engage critical thinking rather than just blindly accepting what a single YouTube influencer is saying.

Based on this video from Mr Silver Fox, it unravels all his arguments & makes you question his authenticity.

Edited by IronOld (Sat 01-Nov-25 10:12:26)

In reply to a post by IronOld:

The security of the Digital ID data (and potential Government overreach) is a valid discussion point. However fact checking - particularly technical & scientific - should still be something everyone does. Engage critical thinking rather than just blindly accepting what a single YouTube influencer is saying.

The Digital id data, storage, location and encryption is a valid point to discuss but to conflate with source makes zero sense. Decryption points etc are of importance. Remember that unless the encryption method itself is comprimised, snooping around that makes no sense, but even with end to end encryption, there points where its decrypted and stored in plain text, thats where you target etc. Also any weak points in the encryption projet and if buffer overruns and or injection allows for access.

even a 99% secure software (doesn't exist) can be exploited with a weak or unpatched system. comprimised systems can just have its encrypted data encrypted by bad actors.

In fact releasing the source code can make for a more secure system as it allows various people to peer review the code and point out any potential vulnerabilities. If everyone can see the code then there will be many people looking to make it more secure (especially if those people use the services). This is what the open source community is founded on.