State-backed Chinese cyberspies are exploiting vulnerabilities in aging infrastructure to penetrate deeply into US government systems, including even its own phone-tapping networks. This infiltration leverages weaknesses present in systems long considered secure, highlighting a critical gap in national security.
One such vulnerability lies in the widespread use of two-factor authentication (2FA) via SMS messages. While intended to enhance security, this method is susceptible to interception through weaknesses in the SS7 protocol, a decades-old system governing phone calls and messages. SS7’s inherent vulnerabilities allow hackers to redirect SMS messages, track mobile phones globally, listen to calls, and intercept internet traffic. Despite these known risks, the protocol’s integral role in maintaining mobile phone connectivity has resulted in slow action from telecom companies to address the problem. This inaction has spurred intervention from the Federal Communications Commission (FCC), prompted by Senator Ron Wyden’s characterization of SS7 vulnerabilities as a national security threat.
Concerns are escalating in Washington regarding the extent of Chinese penetration into US communications and critical infrastructure, facilitated in part by these vulnerabilities. Anne Neuberger of the White House National Security Council confirmed that Chinese cyberspies have intercepted calls of “very senior” US political figures and compromised eight US telecom providers. Three Chinese hacking groups – Salt Typhoon, Volt Typhoon, and Flax Typhoon – are particularly concerning. Flax Typhoon operated a large botnet before being dismantled by the FBI. Salt Typhoon breached US telecommunications giants Verizon, AT&T, and Lumen Technologies, even compromising their wiretapping systems. Volt Typhoon poses the most significant threat, targeting critical infrastructure like water systems and power grids, using outdated routers lacking security updates. Microsoft reports Volt Typhoon aims to disrupt US-Asia communications during future crises. The breadth of Volt Typhoon’s targets across various sectors underscores its potential for extensive espionage and long-term undetected access.
The combination of these factors paints a concerning picture of US cybersecurity vulnerabilities. The seemingly effortless penetration of even the FBI’s own wiretapping systems by Salt Typhoon highlights the severity of the situation. The continued reliance on the outdated and insecure SS7 protocol further exacerbates these risks. This situation underscores the urgent need for comprehensive upgrades and enhanced security measures to protect vital US infrastructure and sensitive communications.