Hackers tied to the Chinese government compromised the law enforcement wiretap network of U.S. telecom companies, and security analysts aren’t sure how bad it is yet.
A group of hackers known as Salt Typhoon gained access to U.S. wiretap systems and likely have had access for several months or longer. The systems, mandated under a 30-year-old federal law, were part of the Communications Assistance for Law Enforcement Act, or CALEA, which became law in 1994.
These systems would have given the group access to a wealth of information on U.S. businesses and citizens alike. Verizon Communications, AT&T, and Lumen Technologies are among the companies whose networks were breached by the recently discovered intrusion, sources told The Wall Stereet Journal.
The goal of the attack seemed to be geared toward intelligence collection and constitutes a major national security risk. The attack is still being investigated as security analysts work to confirm what data — and how much — hackers managed to make off with.
“It will take time to unravel how bad this is, but in the meantime it’s the most significant in a long string of wake-up calls that show how the PRC has stepped up their cyber game,” Brandon Wales, former executive director at the Cybersecurity and Infrastructure Security Agency and a vice president at SentinelOne, told WSJ.
“If companies and governments weren’t taking this seriously before, they absolutely need to now.”
While the wiretap systems had been implemented to grant access to domestic information related to criminal and national security investigations, security researchers have long considered them a major risk.
“I think it absolutely was inevitable,” Matt Blaze, a professor at Georgetown Law and expert on secure systems, told TechCrunch.
China, for its part, has denied its role in the attacks. Liu Pengyu, a spokesman at the Chinese Embassy in Washington, said, “China firmly opposes and combats cyberattacks and cyber theft in all forms.”
This attack isn’t the only one in recent history that has U.S. officials worried. In September, officials disrupted a network of more than 200,000 internet-connected consumer devices that served as entry points into U.S. networks for China. The group responsible for the September hack was known as Flax Typhoon.
And in January, a third group, Volt Typhoon, attempted to infiltrate critical U.S. infrastructure. Had they been successful, the group could have launched an attack that could have crippled U.S. infrastructure operations.