top of page

Intel Brief: Chinese Threat Actor Hijacks US Wiretapping Infrastructure


Date: 10/10/2024


Where

  • USA

  • China


Who’s involved:

  • US Federal authorities

  • US Telecoms

    • AT&T

    • Lumen

    • Verizon

  • Chinese Threat Actor

    • Salt Typhoon


What happened?

  • Chinese threat actors infiltrated the wiretap systems of several major US telecom and internet providers.


  • The wiretap systems targeted were mandated by the Communications Assistance for Law Enforcement Act (CALEA), a US federal law that requires telecoms to provide technical support to law enforcement for lawful surveillance–enacted in 1994.


  • These compromised systems may have granted hackers access to vast amounts of internet traffic and customer data, potentially allowing them to gather intelligence on Americans.


  • The breach is considered “potentially catastrophic” by national security sources, given the sensitive nature of wiretaps.


Analysis

  • The breach of wiretap systems is a clear exploitation of the legal backdoors that were designed for lawful interception by law enforcement. This indicates that these systems can be high-value targets for state-sponsored actors.


  • The hackers reportedly accessed systems that law enforcement uses to intercept traffic for criminal investigations. This implies that the attackers gained entry through vulnerabilities or misconfigurations in these systems.


  • The breach likely involved reconnaissance techniques to identify and exploit specific targets within the telecoms' infrastructure that support the lawful interception of communications. This indicates that the threat actors have also developed an intimate knowledge of these systems, regardless of any operational success.


  • The attack could have multiple objectives, including intelligence gathering and reconnaissance in preparation for more destructive cyberattacks in the event of a conflict between China and the US, potentially over Taiwan.


  • The breach has been contextualized within a further debate over the use of backdoors and the inherent security risks. Backdoors, even those created for lawful purposes, are fundamentally insecure and prone to abuse by malicious actors.


  • This incident is expected to renew discussions around encryption policies and push for stronger encryption measures by companies to protect user data. It’s worth noting that European infrastructure is typically better in this regard when compared to that in the US, but a lot of European infrastructure is still reliant on US-based tech giants such as Microsoft.


  • The EU Council is scheduled to debate related issues to encryption backdoors at its session on 10/10.


Conclusion

The breach by a Chinese state-sponsored threat actor is a significant national security concern that may have long-term implications for both US and European intelligence and law enforcement operations. It comes at a time where Chinese cyber operations are continuing to escalate. It also shows the dangers of mandated backdoors in communication systems which can be exploited by adversaries. Moving forward, there will likely be increased pressure on the US government and telecom providers to strengthen encryption and reconsider the use of backdoors in lawful surveillance systems. Hopefully, the outcome of this event will shape future US policies in favor of encryption, make careful choices regarding surveillance, and cybersecurity strategies, with implications for US allies.



 
 



71 views
bottom of page