Chinese hackers Salt Typhon have reportedly continued their cyberespionage efforts by gaining access to U.S. government computers and broadband providers to conduct court-authorized surveillance, according to the Wall Street Journal.
Salt Typhoon threat actors breached the federal wiretapping system by compromising Lumen Technologies, AT&T, and Verizon. They may have been within the infrastructure for months before being discovered. The group’s motives and methods remain under investigation by cybersecurity specialists.
Undermining the “Bold” Wiretap Operation
China’s foreign ministry has denied involvement in a cyberattack involving US hackers, despite reports of China’s hackers conducting cyberespionage attacks. Lumen Technologies, Verizon, AT&T, and the US government have not yet responded to the incident. Sygnia CEO Ram Elboim has stated that the company is monitoring the hacker, Salt Typhon, also known as Ghost Emperor.
Law enforcement organizations use wiretaps to gather private information about suspected criminal or terrorist activities, including phone conversations, messages, and online activity. This demonstrates the sophisticated threats that nation-state actors can pose, even to governments aware of cybersecurity. Elboim argues that these operations reveal the potential for nation-state actors to access lists of entities under surveillance, including individuals who could pose a national security threat, and the tapped material collected and given to police enforcement.
Federal U.S. Wiretapping Systems’ Value
Wiretapping has evolved from traditional methods to a more sophisticated electronic and digital approach, authorized by the Foreign Intelligence Surveillance Court (FISA court) due to incidents like WikiLeaks and Edward Snowden. The Foreign Intelligence Surveillance Act permits the U.S. government to wiretap a foreign power or a foreign power’s agent.
Chinese hackers could have used wiretaps in this way.
Sygnia’s Elboim suggests that a threat actor could bypass law enforcement, secretly add or remove companies, and alter monitoring lists by breaking into wiretapping government systems. They may stop monitoring certain entities or capture unauthorized data. The extent of the federal wiretapping system’s access, whether it covers domestic or international operations, and any changes are unclear.
Private 5G and Segmented Networks: Unattainable Solutions
Cities like Brownsville, Texas, are participating in the world’s most secure public and government systems using highly segmented or private 5G networks. This method eliminates the risk of third-party network compromises. However, the US federal government relies on suppliers with multiple breaches. Parm Sandhu of NTT DATA believes private 5G is intrinsically safe due to its robust foundational layer of security. A 5G network uses data encryption and integrity protection mechanisms to secure data transmission throughout an enterprise.
Sandhu highlights the importance of enterprise 5G microslicing of Virtual Local Area Networks (VLANs) in providing extra security in private 5G networks. This allows IT teams to divide data into discrete communities within the network, enabling them to manage device connections and communicate with other devices across the network. This localizes security vulnerabilities to a single area, preventing them from exposing the entire network and endangering business operations. Therefore, every enterprise security system should have deep visibility and robust access control mechanisms.
Inside the Secret NSA Room 641A and Federal Wiretapping Systems
Terry Dunlap, a former NSA hacker and Senior Vice President of Corporate Strategy and Development at NetRise, discusses the cost of developing private 5G networks as a barrier to federal government adoption of segmentation and network security. He suggests that a separate network is necessary for increased security.
Cloud Range’s Marsland stated that there is no separate infrastructure between providers and the federal government in the United States, with telecommunications infrastructure primarily run by private entities like AT&T, Verizon, and T-Mobile. The infrastructure dates back to the Bell Telephone Company and uses encryption for classified information.
The Bottom Line
China-linked threat groups are conducting global cyberespionage operations while denying them, posing a threat to the U.S. federal government and law enforcement agencies. These persistent breaches target critical national security systems, necessitating investment and reimagining of infrastructure for modern cyberespionage and cyberwarfare.
