Chinese Hackers Still Lurk in U.S. Telecommunications systems
But U.S. officials have repeatedly pushed back against Chinese denials, and now say the Chinese breach goes even further than initially thought, impacting telecommunication companies around the world, and that it appears to be part of a larger Chinese government effort to gather information about adversaries worldwide.
“Certainly, the way they went about it was very, very specific,” the senior FBI official said, noting the focus on telecommunications infrastructure and internet service providers. “But it fits into the cyber espionage bucket to really inform global goals for the Chinese.”
Neither CISA nor the FBI would say how many telecommunication companies or how many countries have been impacted.
But the agencies said the Chinese efforts in the U.S. fall into three categories: individual communications, customer call records and U.S. law enforcement requests pursuant to court orders.
The focus on individual communications appears to be on intercepting audio of phone calls and the content of text messages for a select number of high-profile U.S. government officials, such as individuals with the Trump and Harris campaigns.
The mass collection of customer call records appears to be more random.
“Essentially, they stole data about where, when and whom individuals were communicating with,” said the senior FBI official.
“We don’t believe that those were specifically targeted,” the official added. “We essentially think that they were essentially swept up by the adversary.”
The officials said the third category of intercepted information, related to law enforcement requests and court orders, also appears to have been targeted somewhat by chance.
Forensic analysis in two of the instances in which the Chinese hackers accessed law enforcement information “has indicated that the actors were on other parts of their network conducting reconnaissance before pivoting to the [law enforcement portal] and surrounding devices,” the FBI official said.
Just how far the Chinese hackers got, though, is not clear.
Officials said the hacked portal does include some court orders that relate to foreign intelligence collected under the Foreign Intelligence Surveillance Act but declined to say whether any of that information was taken by the China-linked hackers.
“We’re not prepared to answer that question today,” the senior FBI official said.
For now, the FBI and CISA are urging telecommunications companies to harden their defenses, issuing an advisory with cyber agencies in Canada, Australia and New Zealand on steps they can take to reduce the threat.
They also urged companies that think they may have been victimized to come forward.
“The companies that have worked closest with us are the furthest along and kicking the actors off their networks,” the senior FBI official said.
The FBI and CISA are likewise urging consumers to be more vigilant about security, whether that means keeping mobile phones and other devices current with security updates, or by using encrypted platforms for messaging and other communications.
“We are not seeing any novel techniques,” said CISA’s Greene, adding that the Chinese-linked hackers seem to have simply exploited known vulnerabilities in the telecommunications infrastructure environment.
“Encryption is your friend, whether it is on text messaging or if you have the capacity to use encrypted voice communications,” Greene said. “Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible, if not really hard for them, to detect it.”
Jeff Seldin is VOA national security reporter. The article is published courtesy of the Voice of America (VOA).