The Journal. - The Chinese Hackers Spying on U.S. Internet Traffic
Episode Date: October 8, 2024WSJ reporting has revealed a major cyberattack from a group tied to the Chinese government. Hackers penetrated the networks of several broadband providers and gained access to the U.S. domestic wireta...pping system. Dustin Volz unpacks what the attack could mean for national security. Further Listening: - ‘Hack Me If You Can’ - Hacking the Hackers Further Reading: - U.S. Wiretap Systems Targeted in China-Linked Hack - Chinese-Linked Hackers Breach U.S. Internet Providers in New ‘Salt Typhoon’ Cyberattack Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
Late last month, The Wall Street Journal broke a story about a major hack into critical U.S.
infrastructure.
Cybersecurity experts believe it was carried out by a Chinese group called Salt Typhoon.
The Wall Street Journal reported that China-linked hackers have breached U.S. Internet providers. It's aimed at accessing sensitive information
and gaining footholds in critical broadband networks.
Hackers potentially access the network the federal government uses
to request court-authorized wiretapping
for criminal and national security investigations.
Our colleague Dustin Volz was one of the reporters on the story.
He says the hack has US officials freaking out.
This hack is particularly alarming to government officials and security investigators because
they not only had deep access, but they were extraordinarily stealthy and were inside the
networks for months, we've been told, potentially,
even far longer than that. And there's deep concerns about the sensitive nature of data
that was potentially compromised in these breaches.
So how big of a deal is this?
This is potentially catastrophic. That is what we are hearing from officials and investigators familiar
with the breaches. The sort of level of panic is extremely unusual. From, you know, my 10
years reporting on cybersecurity issues, this is sort of very much ranking at the top of
the list for what seemingly people are concerned about. They're putting this very much at the
top of the list.
Welcome to The Journal,
our show about money, business, and power.
I'm Ryan Knudsen.
It's Tuesday, October 8th.
Coming up on the show,
what we know about China's monster hack. Hold my hand. Learn about adopting a team from foster care at AdoptUSKids.org.
You can't imagine the reward.
Brought to you by AdoptUSKids, the U.S.
Department of Health and Human Services and the
Ad Council.
All right. So let's talk about this hack.
What happened exactly?
So we don't know a lot about the hack, and that's in part
because the Biden administration and cybersecurity investigators
are still very much in the midst of figuring out what exactly
happened here. It's sort of unusual that details emerge
publicly so early during a discovery of a major breach
like this. But what we do know is that at least three major broadband providers in the United States,
Verizon, AT&T, and Lumen, were all compromised by a Chinese-linked group called Salt Typhoon.
This appears to be espionage-related, and it appears to be something that has potentially
been going on for many months, if not longer.
And all the individuals we've spoken to have described the attacks
as extraordinarily stealthy, extremely sophisticated, and sort of a stunning level of deep intrusions
into these compromised networks.
Verizon, AT&T, and Lumen declined a comment on the hack.
A spokesman of the Chinese embassy in Washington said China opposes cyberattacks in all forms.
By infiltrating U.S. networks,
Chinese spies could potentially get access to all kinds of communication,
like text messages and internet traffic, even phone calls.
On top of that, these Chinese hackers targeted one of the systems the U.S. government uses
for domestic surveillance.
There are signs that they targeted sensitive U.S. surveillance systems that are used to
comply with court-authorized wiretappings that the companies in question have to provide
to the FBI and other agencies
for criminal and national security investigations.
For the past 30 years, there has been a federal law,
known as the Communications Assistance Law Enforcement Act,
that has required telecommunications companies to essentially allow the U.S. government
to access communications data on their networks if they get a court order related
to a targeted criminal or national security investigation. Over time, Congress has modernized
this so it's not just about phone calls but also about digital traffic, think text messages and
other sorts of internet traffic. And we're talking about wiretapping, just like kind of the classic
police investigation movie that you think of is the cops need to wiretap a suspect so they can listen in on their phone
calls and then they can use that to build a case.
Exactly.
Wiretap is maybe not the best term of art in the modern 21st century digital age, but
that is essentially what we're talking about here is a way for the government to access pieces of data on particular suspects related
to national security and criminal investigations that these companies are obligated to comply
with assuming the government gets a court order.
Getting into this wiretap network means the Chinese could have access to whatever US officials
are investigating.
The Chinese were essentially able to spy on what the US government was spying on.
So you might think, well, why do the Chinese care about law enforcement access requests
related to routine criminal investigations happening in the United States?
And they might not care about a lot of them.
They might not care about a New Mexico drug trafficking case might not care about, you know, a New Mexico drug trafficking case
that the FBI is working on or something like that.
But other kinds of investigations could be of much greater interest to the Chinese government.
What they would care about, presumably, are counterintelligence investigations
on Chinese spies who are living and working in the United States,
you know, at maybe various research institutions or technology companies. You know, over the past several years, we've seen any number
of cases come from the Justice Department related to Chinese espionage in the U.S.
And if you're the Chinese intelligence services, you would have deep interest in
knowing about the sort of surveillance that's being done on these targets to be
able to understand what the U.S. knows and be able
to respond to that and potentially better conceal your espionage assets who are living
within the United States.
Behind the hack is a group known as Salt Typhoon.
We don't know that much about Salt Typhoon other than the fact that cybersecurity researchers
have linked its activities to the Chinese government. How does a cell typhoon hack compare to other Chinese hacks that we've seen in the past?
So this is one of a barrage of Chinese-linked cyber attacks targeting major U.S. critical
infrastructure and major U.S. companies over the last several years. They're sort of getting
in everywhere
and they're doing all sorts of really, really alarming things.
What's notable here is that the Chinese used to be kind of
considered the loud drunken burglars of hacking.
Russia was sort of really, really stealthy, really adept.
China, 10 years ago, was stealing enormous amounts of data
from the United States, but they were getting caught.
They were sort of loud.
They were smashing in the front window
and waking everybody up.
Exactly, and they, you know, steal your car,
but they would drive through the garage door
on the way out, and then they-
Knock over a long gnome?
Yeah, they'd knock over a long gnome
and, you know, hit the mailbox down the street,
and then the police would arrive and catch them.
So that was what the Chinese were known for.
This attack and other recent ones attributed to the Chinese have instead been a lot more
like what we've seen from Russia over the years, which is just incredibly stealthy,
incredibly sophisticated, using complex attacks that involve a variety of different techniques that only sort of
the most sophisticated hackers could really engineer to achieve persistent months or years
long access into networks, evade detection, and create ways in which they can sort of
come and go in networks and conceal their traffic.
So essentially there's no way of knowing what they're doing or how long they've been inside.
But while the salt typhoon hack was about gathering intelligence, China has also been
pursuing another type of hack.
One that's aimed at causing chaos in American society.
That's next.
The ambition and scale of Chinese cyberattacks has been growing.
Until recently, U.S. officials thought China was mainly focused on stealing corporate and
scientific secrets.
But it's become clear that China is also trying to hack into different types of critical U.S.
infrastructure.
You know, think transportation systems like airports, oil and gas systems, water sanitation
facilities, the power grid, and basically maintain quiet access for the purposes of later detonating
the cyber equivalent of bombs in these networks to cripple them in the event of a major conflict
with China.
F.B.I. director Christopher Wray warned about the risks posed by the People's Republic of
China or the PRC in congressional testimony earlier this year.
There has been far too little public focus on the fact that PRC hackers are targeting
our critical infrastructure.
Our water treatment plants, our electrical grid, our oil and natural gas pipelines, our
transportation systems, and the risk that poses to every American requires our attention now.
So while that's happening, and that's been sort of a 10 out of 10 on the, you know, panic scale
for officials, along comes Salt Typhoon that we are just now learning about, which is, you know,
quietly engaging and perhaps one of the most successful and most damaging cyber espionage campaigns.
So you take those two campaigns together and it just really broadens the aperture for how
serious and significant these Chinese attacks on the US are and how we really are probably
only even seeing the tip of the iceberg in terms of the full extent of what they've been
able to do, the networks that they've been able to compromise, and the preparations that they're making for a
future conflict with the United States.
So the Chinese government and these Chinese hackers are really just like embedding themselves
all inside the US networks of all kinds and just sort of lying in wait.
That's right.
You know, historically we were concerned about spies embedding themselves.
In the Red Scare there were all sorts of concerns about spies being everywhere in government
and small towns across America.
Those spies being people.
Yeah.
But this is essentially the 21st century equivalent of that, of the sort of the worst case scenario
where you have likely thousands of these digital
spies embedded in networks, big and small, across the United States, ready at a moment's
notice to either do something destructive or stealthily stealing critically valuable
intelligence and information from these compromised networks.
Every time I talk to an American intelligence official,
they're just gobsmacked by how serious this is
and how widespread it is.
So is anybody at fault here,
like for why these hackers were able to get in
and stay undetected for so long?
It's hard to point a finger at any single provider or technology company and say, this
is why this hack happened.
At the end of the day, the Chinese are so incredibly talented at what they're doing,
and they have tens of thousands, if not more, hackers who are working day and night to infiltrate
these networks that most people I speak to say this is inevitable. This is
inevitable that they're going to get in. What we need
to do is be as resilient as possible, as good at
detecting it when it happens, and have systems in
place to respond.
Is it going to be possible to get these hackers out?
I hope so. We don't know the full extent of the
current level of compromise today
within the networks of these providers. Certainly efforts are underway to identify them and kick
them out of the network, but it's not easy to get these guys out. They are extremely good at what
they do. This is not just sort of, you know, finding a burglar, you know, stealing stuff from
your living room and putting cuffs on them and kicking them out.
This is far more complicated than that and eventually I'm sure the companies are confident that they're going to be able to
secure their systems and get the hackers out, but it remains to be seen how long that's going to take or if they've had that success so far.
Was there a way for the US to defend itself better to prevent this sort of thing from
happening?
So, part of the issue here is that so much of our cybersecurity is reliant on the private
sector.
So, whether it's infrastructure like power plants or water systems or transportation
systems or telecommunications firms.
These are private companies and largely they, for the most part, with some
exceptions, don't have a ton of cybersecurity requirements that are
imposed on them by Congress. There are a number of reasons why that hasn't
happened over the years, but critics would say that these companies are sort
of lax in their security standards because they're allowed to be.
That sort of system just makes it so that we are essentially a target-rich environment
for hackers.
We are a highly digitized country.
We love technology.
And that makes it very easy for us to have these sort of single points of failure at
these huge companies that can lead to potentially
catastrophic risk when the hackers come knocking.
That's all for today.
Tuesday, October 8th.
The Journal is a co-production of
Spotify and The Wall Street Journal. Additional reporting in this episode by
Sarah Krauss, Robert McMillan, and Aruna Vishwanatha.
Thanks for listening. See you tomorrow.