Salt Typhoon: An Update on a Potentially Catastrophic Hack of Government Systems by Chinese Cyber Spies

Last weekend, I posted on the Wall Street Journal’s reporting of a potentially catastrophic security breach: the penetration by Chinese intelligence of the systems developed by broadband providers to support the government’s electronic-surveillance operations. (Such operations are commonly referred to as “wiretapping,” but they now involve far more than monitoring of traditional telephone communications.) Congress has mobilized to investigate the breach.

Leaders of the House Select Committee on the Chinese Communist Party –specifically, chairman John Moolenar (R., Mich.) and ranking member Raja Krishnamoorthi (D., Ill.) — sent a letter on Thursday to the CEOs of Verizon, AT&T, and Lumen Technologies, asking about when they learned of the breach and what curative measures they are taking. The committee also seeks suggestions from the companies regarding protective measures the government should take, including legislation, against Chinese cyber espionage. The Journal also has a follow-up report outlining other congressional action on, and Biden-Harris administration concerns about, “Salt Typhoon” — the team of hackers said to be directed by Chinese intelligence services.

Disturbingly, the Journal’s latest report says, “Hackers still had access to some parts of the U.S. broadband networks within the last week, and more companies were being notified that their networks had been breached.”

With significant questions about how engaged and capable the sitting president is at the moment, it’s worth noting the report’s assertion — based on unidentified sources — that information about the hack made it into the president’s daily brief (the “PDB,” a highly classified daily compendium about security threats) in just the last week. The Journal broke the story about two weeks ago. It is unclear when the government and the broadband providers first realized their systems had been penetrated, much less when that penetration began (and to repeat, it may still be going on to some degree).

To be fair, even if the Journal is right that the hack was covered in a PDB in the last few days, that does not preclude the possibility that it had been covered on earlier occasions. That said, this is the type of hostile foreign challenge for which we need energy in the executive. President Biden is not exactly radiating energy these days, and Vice President Harris is, shall we say, occupied at the moment.

As related in my above-linked Saturday post, of all the nightmare scenarios here, the most potentially devastating would be Chinese penetration of the government’s national-security wiretaps — the monitoring of clandestine agents not only of China but of Russia, Iran, and other regimes and terrorist organizations hostile to the United States. This is among the most closely held of intelligence secrets maintained by the government. Also of great concern is the possible penetration of the government’s wiretaps in criminal investigations — which could expose those probes and informants to great peril.

The government thus appears to be in the highly challenging position of trying to continue investigation under circumstances where the full extent of what (and who) has been exposed is not yet known. The threat to methods and sources of intelligence collection is manifest. Less obvious is the opportunity that China may have to feed disinformation into our surveillance channels, creating a distorted picture intended to lead U.S. spy agencies to miss signs of danger (as our agencies did, for example, in the weeks before the 9/11 attacks).

Some government investigators (unnamed) cautioned the Journal that it is too soon to assess the damage inflicted by this Chinese cyber-espionage operation (among others, as to which damage assessments are also under way). That’s undoubtedly true . . . but our intelligence and law-enforcement agencies don’t get to call time-out in the middle of their information-gathering activities while they figure out who and what have been compromised. Scrutiny of the fruits of electronic surveillance frequently elucidates what sources — wittingly or unwittingly — are helping our government. That’s why it’s such tightly held intelligence. If sources are at risk, they have to be pulled, even if the full scope of China’s intrusions is not yet known.

This story has gotten precious little attention with the 2024 election just four weeks away. Much is unknown, but we can say with certainty that we are being overwhelmed by a hostile, malicious actor. In remarks at a security conference in Germany this year, according to the Journal’s first report on the breach, FBI director Chris Wray said “the cyber threat posed by the Chinese government is massive,” and “China’s hacking program is larger than that of every other major nation, combined.” Besides this most recent burrowing into deeply held government surveillance operations, China has focused on vital U.S. infrastructure: airports, energy providers, water-treatment systems, etc.

On that note, a final observation: Many experts believe the regime of Xi Jinping is planning an imminent invasion of Taiwan, likely within the next two to three years. Presumably, Xi’s top objectives include discouraging the United States from  intervening militarily in Taiwan’s defense. Consequently, would it not be in Beijing’s interests to signal that critical U.S. infrastructure and operations are deeply penetrated and vulnerable to Chinese sabotage?