Intelligence community briefed Congress on Chinese telecom intrusions

Nicolas Economou/NurPhoto via Getty Images

It’s believed the hackers, dubbed Salt Typhoon, accessed call records on numerous Americans, including officials and staff affiliated with President-elect Trump.

Representatives from the U.S. intelligence community briefed congressional committees about a recent sweeping Chinese infiltration into a slew of telecommunications firms and infrastructure tied to court-authorized wiretap requests.

Staff from numerous House committees “received a classified briefing [Thursday] from [the Cybersecurity and Infrastructure Security Agency], [Office of the Director of National Intelligence] and the FBI regarding heightened concerns about reports on Salt Typhoon,” according to an aide familiar with the briefings who spoke on the condition of anonymity to be candid about the nature of the closed-door discussions. Examination into the incident is ongoing due to its national security implications, the aide added.

A briefing for Senate members is planned for next week, with the Senate Intelligence Committee already receiving frequent updates, CyberScoop reported Thursday.

The break-in was enabled through infiltration into several telecom companies including AT&T, Lumen, Verizon and others. It’s possible Salt Typhoon embedded into the telecom systems around eight months ago, the Wall Street Journal previously reported.

The Journal on Thursday also reported that one government agency’s Office of the Chief Information Officer has advised staff to cease phone usage for work-related matters, though the agency later said that it had not been compromised by the cyber intruders. Meanwhile, three sources told CNN that the FBI has informed a lead attorney for President-elect Donald Trump that his cell phone was accessed in the months-long operation.

The Department of Homeland Security has confirmed the Cyber Safety Review Board will lead an investigation into the matter, triggered by the creation of a Unified Coordination Group that’s conducting a full-scale government response to the breach.

A different person familiar with Salt Typhoon described the collective as “exceptionally talented,” with members who are very skilled and patient. The person, who spoke on the condition of anonymity to relay their knowledge about the infiltration, said that the targeted telecommunications data is high-grade intelligence that any nation-state adversary would want to access.

It remains unclear whether other surveillance systems, such as those governed by the Foreign Intelligence Surveillance Act, were penetrated in the hacks. Data from those networks could provide Beijing with insights into U.S. overseas intelligence targets.

“If you want to know what diplomats are thinking, it’s in their email, it’s in their texts. And that’s the kind of stuff that I think people have always targeted,” Kevin Mandia, who founded the eponymously named threat intelligence firm Mandiant, told Nextgov/FCW last month.

The infiltrations are “really concerning,” former NSA director Gen. Paul Nakasone said in a recent interview. “The scope and the scale of allegedly being in American telecommunications companies — that’s a different ballgame,” he said. “I think the follow on question now is, 'okay, what are we doing about it?'”

The breach has called into question the security standards governed by the Communications Assistance for Law Enforcement Act, or CALEA, which requires carriers to engineer their systems to allow for law enforcement entities to wiretap them for surveillance.

Under current standards, the Federal Communications Commission says that such companies can develop their own solutions tailored to their networks, purchase solutions from their equipment manufacturers or rely on a third party to determine whether they are compliant with CALEA. Some cyber experts say it’s time for those standards to be overhauled.