DHS cyber review board to investigate Chinese hack of US telecoms as victim net widens

The Department of Homeland Security said Sunday that a key cybersecurity review panel will investigate a Chinese infiltration into U.S. telecom networks and affiliated wiretap infrastructure, marking a major escalation in an ongoing federal probe into the breaches that have compromised both government officials and staff on presidential campaigns.

The Cyber Safety Review Board — stood up by the Biden administration in 2022 to scrutinize root causes of major cybersecurity events — “will initiate a review of this incident at the appropriate time,” a DHS spokesperson said in an email. The Wall Street Journal first reported the panel’s decision.

It’s not clear when the probe would start, but it would likely take months before public findings from the analysis are released. The Chinese state-backed hacking collective, dubbed Salt Typhoon, penetrated the networks of AT&T, Verizon, Lumen and around 10 others, and for months was likely inside systems that facilitate court-authorized wiretap requests, according to reports that first surfaced last month.

The network of affected individuals has expanded since U.S. investigators began scrutinizing the incident just weeks ago. The hackers have attempted to access the phone communications of presidential campaign officials, including former president Donald Trump and running mate Sen. JD Vance, R-Ohio, the New York Times reported Friday.

The hackers have also hoovered up audio communications from U.S. political figures, including a Trump campaign advisor, the Washington Post reported Sunday. Salt Typhoon also had access to victims’ unencrypted messages, added the report, which cited people familiar with the matter. At least one U.S. official was notified that hackers had accessed their personal phone.

The targeting was bipartisan in nature. Staff of Senate Majority Leader Chuck Schumer and staff on Vice President Kamala Harris’s campaign were also hit.

“Agencies across the U.S. government are collaborating to aggressively mitigate this threat and are coordinating with our industry partners to strengthen cyber defenses across the commercial communications sector,” the FBI and the Cybersecurity and Infrastructure Security Agency said Friday.

The break-ins into the wiretap request systems may have compromised some of the most sensitive national security data on U.S. surveillance targets, and have raised questions about the security architecture of the backdoor installations enabled by a 30-year-old surveillance law whose oversight falls heavily on the private sector and third-party compliance providers.

“If you want to know what diplomats are thinking, it’s in their email, it’s in their texts. And that’s the kind of stuff that I think people have always targeted,” Kevin Mandia, who founded the eponymously named threat intelligence firm Mandiant, told Nextgov/FCW earlier this month.

It remains uncertain whether other surveillance systems, such as those governed by the Foreign Intelligence Surveillance Act, were penetrated in the hacks. Data from those networks could provide Beijing with insights into U.S. overseas intelligence targets.

The espionage operation likely began months ago. In early September, DHS policy undersecretary Rob Silvers said the Cyber Safety Review Board would announce an investigation “soon” but did not specify any further details.

CSRB’s review was long anticipated to focus on this past summer’s CrowdStrike-enabled IT outages or the 2020 SolarWinds Orion hack, the latter of which motivated establishment of the board. In April, CSRB penned a critical report about Microsoft’s security posture that enabled a separate band of Chinese hackers to access the email inboxes of top U.S. officials around summertime last year.

The telecommunications espionage marks China as now the second major foreign adversary to have explicitly compromised the data and communications of 2024 presidential campaign entities, after Iranian state-affiliated hackers this past summer nabbed Trump campaign documents and floated them to media outlets with hope that they’d be published online. Individuals behind those hacks were charged by the Justice Department last month.

The infiltrations are “really concerning,” former NSA director Gen. Paul Nakasone said in an interview. “The scope and the scale of allegedly being in American telecommunications companies — that’s a different ballgame,” he said. “I think the follow on question now is, okay, what are we doing about it?”