White House convened telecom leaders as details of Chinese espionage hack unfold

The White House on Friday hosted telecommunications sector executives to brief them on a pervasive Chinese cyberespionage campaign that has penetrated the networks of what’s now believed to be dozens of telecom and internet providers.

The hacking collective, dubbed Salt Typhoon, has compromised AT&T, Verizon, Lumen, T-Mobile and others in what Senate Intelligence Committee Chairman Mark Warner, D-Va., has called the “worst telecom hack in our nation’s history.”

Some 80 providers — some of which lie outside the U.S. — are believed to have been ensnared in the infiltrations, Politico reported Friday. The Wall Street Journal first reported the hacks in early October, depicting an espionage operation that ballooned to levels unseen from past Chinese spying campaigns.

The White House meeting was hosted by National Security Advisor Jake Sullivan and Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger, according to a readout from the White House.

“The meeting was an opportunity to hear from telecommunications sector executives on how the U.S. government can partner with and support the private sector on hardening against sophisticated nation state attacks,” it said.

It’s possible the campaign had been in the works for around a year, the New York Times reported Friday. Microsoft began warning the firms of the breaches over the summer, added the report, which cited U.S. officials and industry executives. 

Nearly all phone numbers tracked by the Justice Department as part of the government’s lawful intercept wiretapping systems were accessed, providing China with broad insight into America’s government surveillance targets, the NYT report added.

The U.S. internet and telecommunications backbone mainly comprises a small number of major providers that sell network access, infrastructure and services to businesses and consumers, forming the foundation for the country’s digital connectivity. 

But what lies below that are a slew of smaller providers — dubbed Mobile Virtual Network Operators — that sell wireless services under their own brand name while piggybacking off the networks of the larger mobile firms. Infiltrating the core systems of these major providers could create a cascading effect, enabling cyberspies to quietly navigate America’s telecom infrastructure for months.

Some 150 people are thought to be targeted and were notified by the FBI, Warner told the Washington Post Thursday. But the number of calls and texts sent by all of those people run into the millions, potentially allowing the Chinese government to map out the identity of others in the communications stream.

Various elements of the compromised networks were not secured with basic multifactor authentication, a commonplace verification technique that double checks whether a user is masquerading as someone else when logging into a system, according to a person familiar with the matter who spoke on the condition of anonymity because they were not authorized to publicly relay their knowledge of the infiltration.

Many of the breached systems were not properly equipped with logging mechanisms to monitor device activity, delaying investigators’ attempts to piece together the digital sequencing that allowed the campaign to be carried out, the person added.

The dynamic is another chapter in the back and forth spying salvos that the U.S. and China have launched against each other over the years. Communications data has always been prime intelligence for foreign adversaries because it allows them to know what victims are thinking, Kevin Mandia, who founded the eponymously named threat intelligence firm Mandiant, told Nextgov/FCW in October.

Documents revealed by former NSA contractor Edward Snowden a decade ago showed that the U.S. undertook extensive efforts to spy on Huawei, a now dominant Chinese telecom provider that’s been put in the crosshairs of federal regulators concerned that its equipment — when embedded in or near American infrastructure — opens doors for spying and sabotage. 

Lawmakers have called on the Federal Communications Commission to reform the measure that manages wiretapping procedures, known as the Communications Assistance for Law Enforcement Act, or CALEA.

But the FCC does not appear poised just yet to do so. Top officials on Thursday skirted around questions about whether they plan to initiate a CALEA procedure.

“I don’t have a thought on that one at this point,” incoming FCC Chairman Brendan Carr said Thursday when asked about potential CALEA reform, adding that he plans to view inquiries from Capitol Hill. “I’ll continue to get more in-depth briefings. I think I’ve had a pretty good level [of understanding], but I think there’s more that I need to dig down on there.”