The Chinese government espionage campaign that has infiltrated more than a dozen U.S. telecommunications companies is the “worst telecom hack in our nation’s history — by far,” a senior U.S. senator told BBC News in an interview this week.
The hackers, who belong to a group called Salt Typhoon, have been able to eavesdrop on audio calls in real time and have in some instances switched from one telecommunications network to another based on what they described as trust relationships, Warner, a Democrat from Virginia and the vice chairman of the Senate Intelligence Committee said.
Warner also said that there are still intruders in the networks. While fewer than 150 victims have been identified and notified by the FBI — most of them in the D.C. area, the records of people those individuals have called or sent text messages to are in the “millions,” he said, and that number could go up dramatically.
He said those records could give additional data to help the Chinese identify other people whose devices they wish to target.
“My hair’s on fire,” Warner said. Some of those details have not been previously reported and contribute to the growing awareness of the magnitude of the hack since the end of September when the US government, notified by the industry, started to realize the scale of the problem.
“The American people need to know” how serious the intrusion is, Warner said. It attacked the phones of Trump and his VP candidate Sen.
JD Vance of Ohio and individuals related to Harris’s campaign and State Department personnel.
It was not election-related in the way that the hackers got into the telecom systems months ahead of the election — in some cases even a year ago, Warner pointed out.
The networks are still compromised, and booting the hackers out could mean physically replacing what is essentially thousands and thousands and thousands of pieces of equipment across the country, Warner said.
“This is an ongoing effort by China to infiltrate telecom systems around the world, to exfiltrate huge amounts of data,” he said.
The Salt Typhoon telecom breach makes Colonial Pipeline and SolarWinds, two major cyberattacks that have been attributed to Russian-speaking criminals and the Russian government, respectively, “look like child’s play,” Warner said.
As for the Salt Typhoon hack, it is viewed by the government as a spy action rather than preparation for the critical infrastructure attack.
Hackers have gained access to the system that records US law enforcement interest in criminal wiretapping, thus making the Chinese aware of who is of interest to the police.
Law enforcement uses the collection system to monitor wiretapped calls and, to date, there is no indication that hackers have breached the system through which they listen, the officials said, declining to be identified because of the sensitivity of the matter.
The calls on which Chinese hackers were able to listen in were not part of the “lawful intercept”, or wiretap system, officials said.
But hackers also had access unencrypted communications, such as text messages. Officials said that end-to-end encrypted communications like those on the Signal platform are thought to be secure.
The Post also said that the hackers were able to manipulate Cisco routers to transfer data out of Verizon networks. The intrusion is under investigation by the FBI and other federal agencies.
“In particular, it has been established that [Chinese government]-connected individuals have penetrated the networks of several telecommunications companies to steal their customers’ call records data, intercept the private communications of several people who are primarily engaged in political and governmental activities, and copy some information that was under the U.S. law enforcement requests within the framework of the court orders,” the FBI said in a statement with the Cybersecurity and Infrastructure Security Agency earlier this month. To date, the hack has been attributed to firms such as AT&T, Verizon and T-Mobile, according to US and industry officials.
“This is massive and we have particularly vulnerable system,” Warner said. “Unlike some of the European countries where you might have a single telco, our networks are a hodgepodge of old networks.
The big networks are a whole series of acquisitions and you have equipment out there that’s so old it is unpatchable.”
The intensity of the intrusions underlines the necessity for enhanced protection for an area that is still relatively unconstrained, Warner said, with others in Congress and the Biden administration.
“We’re the telecom envy of the world,” Warner said. I don’t want to slow that innovation. I don’t want to come in with some new, heavy-handed regulation that you all are going to have to deal with.
It should only be about safety and security.” Multiple current and former senior Biden administration officials told Reuters in an interview that Chinese hacking has not slowed down despite attempts at multiple administrations to counter it.
Sanctions, public accusations, network takedowns, indictments — none of it has altered the Chinese agencies’ decision-making process in any meaningful way.
“We have had for the last ten years voluntary public-private partnership initiatives,” said Anne Neuberger, the deputy national security adviser for cyber and emerging technologies.
As China’s hackers have become even more reckless, infiltrating U.S. and other countries’ critical infrastructure ahead of time, “we have to lock our digital doors,” Neuberger said.
Cyber requirements can make the systems of critical infrastructure more difficult to attack, Biden administration officials say, citing emergency cyber standards issued in the wake of the Colonial Pipeline hack.
The first guidelines were criticized by industry as being too proscriptive and not very useful.
Kimberly Denbow, an executive at the American Gas Association, on Tuesday referred to them in congressional testimony as “laden with unrealistic cybersecurity measures and compliance timelines that, instead of enhancing sector cybersecurity, made pipeline system more susceptible to threats and undermined system reliability.”
After consultation with the companies, the Transportation Security Administration released a number of changes, then issued similar requirements for railroads and airports, according to TSA Administrator David Pekoske.
Some of these rules included; establishing a cybersecurity response plan, this comes in handy in case a system is down in a cyber attack, the owners have to quickly bring it back online.
The TSA also laid out certain results that the entities had to deliver, but left it to the companies to decide how, Pekoske said.
Those were for example, the segregation of the operation and administrative network, the implementation of access control to the critical systems, and constant surveillance of those systems.
The new directives are better, Denbow said in an interview. It “made a world of difference” that they’re “performance-based,” she said.
However, the pipeline industry still has concerns that the TSA is telling a company how to manage parts of its operations, like corporate governance and training, she said.
As of October 2023, out of several dozen critical pipeline companies in the country, only 53 percent were in compliance with the requirements, according to Pekoske.
Similarly, only 21 percent of critical rail companies complied with directives by October 2023, despite the fact that these had been issued twelve months prior.
Today, 68 percent are, he said. For critical entities in the aviation sector, which had to adhere to the standards as of March 2023, 57 percent have already done so.
Trump has been largely antagonistic towards big government and most forms of regulation, however, his administration is likely to be filled with China hawks who feel strongly about the need to limit Chinese spying, hacking and supply chain risks.
Brendan Carr, Trump’s pick for Federal Communications Commission chairman, told reporters Thursday that he had been receiving briefings on Salt Typhoon and wanted to drill down on the matter.
“Cyber security is going to be a very big issue” he said. “It is going to be a top priority to ensure that National security is achieved.”
