U.S. Slow to React to Pervasive Chinese Hacking: Experts

He contrasted the relatively muted public response to the recent revelation of a Chinese hacking operation known as Salt Typhoon, which compromised mobile telephone networks throughout the country, with the uproar that accompanied the far less serious appearance of a Chinese spy balloon over the U.S. mainland in 2023.

“That just goes to show this … problem where really grave issues that are intangible — that are just in cyberspace — are really hard to wrap our minds around,” Drexel told VOA.

“For four decades, we intertwined our supply chains very deeply with China, and our digital systems became more and more complex, allowing more and more compounding ways to be hacked, to be compromised,” Drexel said.

“We’ve just started to try to change course on this stuff,” he added. “But there’s so much momentum for so long on these issues, and they continue to compound in complexity, such that it’s just really hard to catch up.”

Warning ‘Highly Targeted’ Americans
The Cybersecurity and Infrastructure Security Agency (CISA) issued guidance on Wednesday, reporting that it “has identified cyber espionage activity by People’s Republic of China (PRC) government-affiliated threat actors targeting commercial telecommunications infrastructure.”

It continued, “This activity enabled the theft of customer call records and the compromise of private communications for a limited number of highly targeted individuals.”

The warning appeared to be related to the Salt Typhoon hack that, according to government investigators, compromised all the major mobile phone carriers in the U.S., giving the Chinese government extraordinary access to the communications among millions of Americans.

The five-page CISA document outlines steps that the agency advises all Americans, but particularly those most likely to be targeted, to take immediately.

The first is to immediately curtail use of standard mobile communications platforms, such as voice calls and Short Message Service (SMS) texting. Instead, the agency advises Americans to restrict their communications to free messaging platforms that offer end-to-end encryption, such as Signal, which support one-on-one and group chats, as well as voice and video calls. Data sent with end-to-end encryption is extremely difficult to decrypt, even if a malicious actor is able to intercept it during transmission.

Among the other advice CISA offered was to avoid using SMS messages for multifactor authentication by switching to apps that provide authenticator codes or, where possible, adopting hardware-based security keys for highly sensitive accounts. Other recommendations included the use of complex and random passwords stored in password manager software, as well as platform-specific suggestions for iPhone and Android users.

TP-Link Concerns
On Wednesday, The Wall Street Journal reported, and other outlets subsequently confirmed, that the Commerce Department, as well as the Justice and Defense departments, are investigating reports that computer routers manufactured by the Shenzhen-based TP-Link are one vector of attack for Chinese hackers.

TP-Link currently dominates the market for computer routers in the U.S., with nearly two-thirds of total market share. In October, a report from Microsoft revealed that one Chinese hacking operation it identified as CovertNetwork-1658 has compromised thousands of TP-Link routers to create a network that is used by “multiple Chinese threat actors” to gain illicit access to computer networks around the world.

The Journal’s reporting also revealed that the Commerce Department is considering a ban on the sale of TP-Link routers in the U.S. next year, an action that could significantly disrupt the U.S. market for networking hardware.

Rip and Replace
Congress on Wednesday took long-delayed action to address a different potential threat from China, allocating $3 billion to a program that will remove telecommunications equipment manufactured by Huawei and ZTE from rural telecommunications networks in the U.S.

Funding for the rip-and-replace program arrives years after the U.S. identified the two companies as posing a potential threat.

Beginning in the first Trump administration and continuing during Joe Biden’s time in office, the U.S. pressured allies around the world to block the installation of Huawei and ZTE 5G cellular communications equipment from their networks, in some cases threatening to stop sharing sensitive intelligence with allies that failed to comply.

Rob Garver is a freelance writer. This article is published courtesy of the Voice of America (VOA).