Industry experts shed more light on the recent Salt Typhoon hacks during a congressional hearing Tuesday as leaders of the Senate Judiciary Subcommittee on Privacy, Technology, and the Law called on the Federal government to “galvanize action now” against the China-linked hacking group’s recent infiltration of commercial telecommunications infrastructure.
In early October, a report from the Wall Street Journal revealed that Salt Typhoon may have accessed the wiretapping systems that carriers AT&T, Verizon, and Lumen maintain for the benefit of law enforcement agencies.
Just last week, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) confirmed Salt Typhoon’s recent hacks in the United States, noting that they have had a “limited” impact on “individuals who are primarily involved in government or political activity.”
During the Nov. 19 subcommittee hearing on China’s cybersecurity threat, Ranking Member Josh Hawley, R-Mo., said that he hopes this recent espionage attempt from China serves has a “wake-up call for our entire government.”
“The scope of the Salt Typhoon hack as we understand it now is truly breathtaking,” Sen. Hawley said in his opening statement.
“I hope it’s also a wake-up call for these American corporations that for too long have been willing to sell out American jobs and American security interests in order to make a quick buck, and in so doing, have threatened all of us,” the senator said. “If there’s ever an advertisement for bringing our critical supply chains home, if there’s ever an advertisement for bringing back core American manufacturing, if there’s ever an advertisement for safeguarding American jobs in every sector – particularly these critical sectors that have to do with telecom and communications – this is it.”
CrowdStrike SVP of Counter Adversary Operations Adam Meyers shed more light onto what type of data the Chinese government may have obtained by hacking into the law enforcement wiretapping systems – noting that they now have access to a “gold mine.”
“This provides full content, and the ability not just see who somebody is calling and when they’re calling, but more information about what the content of that call is, the content of SMS traffic, and what mobile device, what tower it’s talking to,” Meyers explained.
“It can also provide them what is the physical location and not just that but who are they with – what other devices might be present with that individual,” he said. “So, as they move from tower to tower, they could see, are they in a car with other individuals with other devices that can then be additional targets that they might want to collect?”
Meyers warned that once hackers gain access to a mobile provider’s system, they’d “basically be able to do anything the telco can do,” like disrupting communications between specific people or impersonating particular individuals.
The CrowdStrike SVP speculated that many Chinese adversaries are executing espionage campaigns to collect information, but said there also was a concern about prepositioning in the carriers’ networks.
“If there was to be, for example, an escalation around Taiwan, could they use that access to disrupt logistics or disrupt military operations or critical infrastructure in the region that would potentially slow or disrupt the U.S. response,” Meyers wondered.
Meyers offered lawmakers recommendations on actions the Federal government can take to stop adversaries like Salt Typhoon. “We should be looking at how to disrupt these operations. We can no longer sit by and watch them happen,” he said.
“We need to work to identify infrastructure that is being used to conduct these intrusions, we need to look at what tools are being used,” Meyers said.
“And disruption can take many different forms. It can be publicly acknowledging and outing it so that it becomes more aware, and people can stop it,” he said. “It can involve working with providers to disrupt the infrastructure to take down domains and IP addresses that are being used by these threat actors and more aggressive means as well.”
Sen. Richard Blumenthal, D-Conn., who chairs the subcommittee, noted in his opening statement for the hearing that the Federal government is still learning each week about how “sprawling and catastrophic” Salt Typhoon’s hacking campaign has been, and said, “but what we know now … should galvanize action.”
Sen. Blumenthal specifically called on the Federal Communications Commission (FCC) to immediately start a rulemaking process and investigation into the Salt Typhoon hacks.
“It can be started under this administration [and] carried forward under the next,” Blumenthal said. “There should be bipartisan unity on the urgency of that action.”
The Department of Homeland Security’s (DHS) Cyber Safety Review Board (CSRB) announced last month that it would launch an investigation into the China-sponsored infiltrations.
