The Brief

It's not often that a piece of FBI advice triggers a Snopes fact check. But the agency's urgent message this month to Americans, often summarized as "stop texting," surprised many consumers.

The warning from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) highlighted vulnerabilities in text messaging systems that millions of Americans use every day.

The U.S. believes hackers affiliated with China's government, dubbed Salt Typhoon, are waging a "broad and significant cyber-espionage campaign" to infiltrate commercial telecoms and steal users' data — and in isolated cases, to record phone calls, a senior FBI official who spoke to reporters on condition of anonymity said during a Dec. 3 briefing call.

The new guidance may have surprised consumers — but not security experts.

"People have been talking about things like this for years in the computer security community," Jason Hong, a professor at Carnegie Mellon University's School of Computer Science, told NPR. "You should not rely on these kinds of unencrypted communications because of this exact reason: There could be snoopers in lots of infrastructure."

So what should you do to keep your messages private?

"Encryption is your friend" for texts and phone calls, Jeff Greene, CISA's executive assistant director for cybersecurity, said on the briefing call. "Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible, if not really hard, for them to detect it. So our advice is to try to avoid using plain text."

In full end-to-end encryption, tech companies make a message decipherable only by its sender and receiver — not by anyone else, including the company. It has been the default on WhatsApp, for instance, since 2016. Along with a promise of greater security, it makes companies "warrant-proof" from surveillance efforts.

The good news for people who use Apple phones is that iMessage and FaceTime are also already end-to-end encrypted, says Hong. For Android phones, encryption is available in Google Messages if the senders and recipients all have the feature turned on.

But messages sent between iPhones and Android phones are less secure. The simplest way to ensure your messages are safe from snooping is to use an end-to-end encrypted app like Signal or WhatsApp, says Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation (EFF). With these apps, "your communications are end-to-end encrypted every single time," she says.

Galperin highlights another danger: A hacker who has managed to get your ID and password for a website can monitor your text messages to intercept a one-time passcode that's used in two-factor authentication (2FA).

"This is a really serious security risk," Galperin says. She recommends getting 2FA messages through an app like Google Authenticator or Authy or by using a physical security key to verify access.

The FBI and CISA also advise users to set their phones to update operating systems automatically.

"Most compromises of systems do not involve taking advantage of vulnerabilities that no one else knows about," Galperin says, adding that "often, the maker of the product has in fact figured out what the vulnerability is, fixed it and pushed out a patch in the form of a security update."

How at risk are you?

You should be aware of your own "threat model" — a core concept in computer security.

Hong says it boils down to three questions: What are you trying to protect? How important is it to you? And what steps do you need to take to protect it?

If the most valuable items on your phone are family photos, he says, you probably shouldn't worry about foreign hackers targeting you. But what if you occasionally text about national or corporate secrets or politically sensitive data?

"If you are in business, if you are a journalist, if you are somebody in contact with democracy protesters in Hong Kong or Shenzhen or Tibet, then you might want to assume that your phone calls and text messages are not safe from the Chinese government," Galperin of the EFF says.

Bad actors such as cybercriminals might have different objectives, Hong says, "but if you just do a few relatively simple things, you can actually protect yourself from the vast majority of those kinds of threats."

What are the hackers doing?

The FBI and CISA raised the alarm two months after The Wall Street Journal reported that hackers linked to the Chinese government have broken into systems that enable U.S. law enforcement agencies to conduct electronic surveillance operations under the Communications Assistance for Law Enforcement Act (CALEA).

"These are for legitimate wiretaps that have been authorized by the courts," Hong says. But in hackers' hands, he says, the tools could potentially be used "to surveil communications and metadata for lots of people. And it seems like the [hackers'] focus is primarily Washington, D.C."

The FBI says that the attack was far broader than the CALEA system and that the hackers are still accessing telecom networks. The U.S. has been working since late spring to determine the extent of their activities. This month, the Biden administration said at least eight telecommunications infrastructure companies in the U.S., and possibly more, had been broken into by Chinese hackers.

The hackers stole a large amount of metadata, the FBI and CISA said. In far fewer cases, they said, the actual content of calls and texts was targeted.

As agencies work to oust the hackers, the FBI called for Americans to embrace tight encryption — an about-face, Galperin says, after years of insisting that law enforcement agencies need a "back door" to access communications.

The agencies also want companies to bolster their security practices and work with the government to make their networks harder to compromise.

"The adversaries we face are tenacious and sophisticated, and working together is the best way to ensure eviction," the senior FBI official said during the news briefing.

As for the risk to everyday consumers, security experts like Hong and Galperin say that with vast amounts of information traveling between our phones, they want to see people get more help in protecting themselves.

"I think it's really incumbent on software developers and these companies to have much better privacy and security by default," Hong says. "That way you don't need a Ph.D. to really understand all the options and to be secure."

The Orange County Board of Supervisors “undermined” the public’s trust when they granted themselves a 25% pay increase, according to the latest OC Grand Jury report released on Monday.

Since 2005, supervisors were set to make 80% of a Superior Court judge’s salary. That changed in June, when the board approved a 25% pay hike, increasing their salaries by about $49,000 to at least $244,000.

The pay increase raised eyebrows over the summer, sparking the Grand Jury investigation. A Grand Jury is a panel of citizens who investigate local government and public agencies. Members serve one year and look into several issues during that time.

It came just weeks after former Supervisor Andrew Do was sentenced to five years in federal prison for accepting more than $550,000 in bribes. The county itself is also financially in hot water following the Airport Fire, which has racked up hundreds of millions of dollars in damage claims against the county.

“The timing was especially troubling as the County of Orange (County) has been facing hiring freezes and budget constraints,” the Grand Jury reported. “This decision was not only tone-deaf — it reflected a deeper disconnect from the Board’s duty to serve the public with transparency and fiscal responsibility.”

What does the Grand Jury say? 

The Grand Jury questioned how the item was presented to the public and whether it was purposefully buried within the county budget agenda item.

“The Board added their salary increase into the $10.8 billion 2025-2026 Orange County Annual Budget adoption process. This resulted in a minimal description in the agenda and minimal opportunity for citizen input,” the Grand Jury reported. “Therefore, the Grand Jury investigated: why did they want to conceal their salary increase, was it warranted at this time and who initiated it?”

The board’s vote, the Grand Jury stated, signifies that the board prioritizes personal gain over accountability and public trust.

“Elected officials are entrusted to serve, not to enrich themselves. When this happens, the foundation of representative democracy is undermined,” the Grand Jury said. “The people of Orange County deserve better, and the people must demand it.”

How are officials responding? 

OC Supervisor Katrina Foley — the lone dissenting vote on the raises — said she was not surprised by the Grand Jury’s findings.

“I think most people felt that it was poor form for that to happen at that time, and given our current economic instability due to what's happening at the federal and the state level,” Foley told LAist.

Following the criticism, Supervisors Vicente Sarmiento and Doug Chaffee said they would donate their increased pay to charity.

“I am open to considering the recommendations in the report for changes to the pay ordinance and how future increases are approved, and I have been open to reconsidering the pay increase,” Sarmiento said in a statement.

A county spokesperson and Supervisor Don Wagner declined to comment. Supervisor Doug Chaffee and Janet Nguyen did not respond to LAist’s request for comment.

What’s next? 

The report made a handful of recommendations, including that the board rescind the pay raise and salary changes by next March “to restore institutional trust and demonstrate a genuine commitment to transparency and accountability.”

It also recommends that the board adopt procedures for proposing, reviewing and approving future supervisor salary changes that include public hearings.

The county has 90 days from the release of the report to respond to the Grand Jury, according to a county spokesperson.

The increase of federal immigration sweeps in Southern California this year made one thing clear to street vendors without authorization to be in the U.S. — running a business outside was risky.

In response, L.A. nonprofit Inclusive Action for the City ramped up an existing program that trains street vendors to work in private catering.

“One of the big successes of the year was the growth of our Hire a Vendor program, where our business coaches essentially became brokers for our street vendors and other entrepreneurs so they can get catering jobs,” said Rudy Espinoza, the group’s CEO.

The program was created in 2024 but the group expanded it this year after the increase of immigration sweeps. The group said in its annual report that 34 small businesses were trained for catering this year and more than 350 catering jobs came to those trainees this year.

The training program includes menu design and pricing, electronic sales systems and marketing

(

Courtesy Inclusive Action for the City

)

“Everywhere from the mayor's house to a small backyard party,” Espinoza said.

The group’s effort is part of actions taken by individuals and groups across the region to help people targeted for detention keep sources of income.

That help has included buyouts of daily inventory of fruit and flowers, as well as the awarding of grants to street vendors who lost income because they stayed home.

Advocates said the loss of income through detentions — many carried out through violent means — often affected family members who were U.S. citizens and has created a humanitarian crisis as families have lost the means to pay bills and buy food.

Street vendors in a Hire a Vendor session organized by Inclusive Action for the City.

(

Courtesy Inclusive Action for the City

)

The vendor training program sought to alleviate that.

“Sometimes, challenges force us to think, be creative and think about how to adapt,” Espinoza said. “The Hire a Vendor program is just an example of how some entrepreneurs really dedicated themselves to build out a different line of business for themselves.”

How it works

The Hire a Vendor program is free to people who seek and receive micro-loans from Inclusive Action for the City.

Four of the program’s nine sessions are "office hours" in which a business coach works one-on-one with the business owner.

The trainings cover:

• Catering basics such as delivery, set-up and presentation
• Invoicing and electronic sale systems
• Menu design and pricing
• Marketing through social media

The trained vendors are free to pursue their own catering jobs but also get catering work through a portal created by Inclusive Action for the City.

Espinoza said one full-time employee oversaw the program this year, and he’d like to add another full-time worker to expand the trainings in 2026.

The Trump administration will resume garnishing wages from student loan borrowers in default in early 2026, the U.S. Education Department confirmed to NPR.

The move comes after a years-long pause in wage garnishment due to the pandemic.

"We expect the first notices to be sent to approximately 1,000 defaulted borrowers the week of Jan. 7," a department spokesperson told NPR. The spokesperson said wage-garnishment notices are expected to increase on a monthly basis throughout the year.

A borrower is in default when they have not made loan payments in more than 270 days. Once that happens, the federal government can try to collect on the debt by seizing tax refunds and Social Security benefits and also by ordering an employer to withhold up to 15% of a borrower's pay. Borrowers should receive a 30-day notice from the Education Department before this wage garnishment begins.

Betsy Mayotte, the president and founder of The Institute of Student Loan Advisors, says even though borrowers have expected this, the timing is unfortunate.

"It will coincide with the increase in health care costs for many of these defaulted borrowers," she said, referring to the premium increases for Affordable Care Act health insurance that kick in in 2026. "The two will almost certainly put significant economic strain on low- and middle-income borrowers."

About 5.5 million borrowers currently are in default, according to a recent analysis of the latest federal student loan data published by the American Enterprise Institute (AEI), a public policy think tank.

Another 3.7 million are more than 270 days late on their payments and 2.7 million are in the early stages of delinquency.

"We've got about 12 million borrowers right now who are either delinquent on their loans or in default," Preston Cooper, who studies student loan policy at AEI, told NPR.

That's more than 1 in 4 federal student loan borrowers.

Cory Turner contributed to this story.

Copyright 2025 NPR