Using a security loophole that allows the US government access to anybody's electronic traffic, Chinese hackers gained access to an unknown quantity (perhaps all) of internet traffic on American networks. In an exclusive report in Saturday's Wall Street Journal the secret breach was revealed.

Good thread too:https://t.co/jKREtYTBuh

— Matt Johansen (@mattjay) October 5, 2024

The attack SOUNDS like the hackers could potentially have access to everything that crosses certain networks by using backdoor access that the US government mandates to permit wiretapping when authorized by a warrant. In other words, there is a built-in insecurity to the networking systems in order to allow government officials to tap your data. The Chinese got access to the backdoor. 

A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers, potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests.

For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk. The attackers also had access to other tranches of more generic internet traffic, they said.

Verizon Communications, AT&T and Lumen Technologies are among the companies whose networks were breached by the recently discovered intrusion, the people said. 

The widespread compromise is considered a potentially catastrophic security breach and was carried out by a sophisticated Chinese hacking group dubbed Salt Typhoon. It appeared to be geared toward intelligence collection, the people said. 

The wording here is a little vague, and I think intentionally so, about whether the Chinese had access ONLY to data that the US government was wiretapping. That seems impossible, given that the access to wiretapping abilities is not limited to splicing wires or something like that. It is a function of software, and that software was hacked. In this case the Chinese could access whatever they chose. No doubt that didn't include everything, since there would be no way to store and make sense of it all, but as with our own government they could target whomever they wanted using the security hole built into the system. 

The surveillance systems believed to be at issue are used to cooperate with requests for domestic information related to criminal and national security investigations. Under federal law, telecommunications and broadband companies must allow authorities to intercept electronic information pursuant to a court order. It couldn’t be determined if systems that support foreign intelligence surveillance were also vulnerable in the breach.

The attack and its significance was discovered in recent weeks and remains under active investigation by the U.S. government and private-sector security analysts. Investigators are still working to confirm the breadth of the attack and the degree to which the actors observed data and exfiltrated some of it, the people said.

The hackers appear to have engaged in a vast collection of internet traffic from internet service providers that count businesses large and small, and millions of Americans, as their customers. Additionally, there are indications that the hacking campaign targeted a small number of service providers outside the U.S., the people said. 

A person familiar with the attack said the U.S. government considered the intrusions to be historically significant and worrisome.

Again, with the weasel words. To me, this sounds catastrophic for anybody targeted. The Chinese had access to anything from anybody they targeted across these networks. Think of all the sensitive data YOU send over the internet, such as financial information, and multiply that a millionfold for the companies and government. 

There's constant pressure from governments to bake-in systems for access.

Failure to comply with those demands is met with big sanctions. Just look at Durov.

Yet I predict that there will be zero meaningful accountability over this breach.https://t.co/TkgEP3xvYS

— John Scott-Railton (@jsrailton) October 5, 2024

I say weasel words because, if I am reading between the lines, basically everything that travels over the internet (presumably the most sensitive government information uses a closed system, although I don't know that at all) was wide open to the Chinese. Wide open. 

“It will take time to unravel how bad this is, but in the meantime it’s the most significant in a long string of wake-up calls that show how the PRC has stepped up their cyber game,” said Brandon Wales, former executive director at the Cybersecurity and Infrastructure Security Agency and now a vice president at SentinelOne, referring to the People’s Republic of China. “If companies and governments weren’t taking this seriously before, they absolutely need to now.”

Salt Typhoon has been active since 2020 and is a nation-state hacking group based out of China that focuses on espionage and data theft, particularly capturing network traffic, Microsoft said in a research note written in August. “Most of Salt Typhoon’s targets are based in North America or Southeast Asia,” Microsoft said, noting that other cybersecurity companies call the group GhostEmperor and FamousSparrow.

Could any of the recent outages in service, particularly on Verizon, be related to this attack? I do not know, but if so it wouldn't necessarily have to be a direct result of a cyberattack to disrupt the system. It might be possible that efforts to update the security of routers and other equipment might be related. That is just speculation on my part, though. 

Who watchers the watchers? Turns out China does.

My summary:https://t.co/iK65hu7PC8

— Matt Johansen (@mattjay) October 5, 2024

It seems to me that the story downplays how significant this attack was. It sounds catastrophic to me, and it was directly caused by government mandates to require a security loophole. 

Mandates so strict that the French arrested the CEO of Telegram, Pavel Durov, to enforce their demand for access to his platform. No doubt the US pushed for this as well as the French. 

Spies used to risk their lives or imprisonment in order to get blurry photos of classified information. From half a world away, the Chinese got access to almost everything for months...or longer. 

This should be one of the biggest stories right now, not Kamala Harris' appearing on a sex podcast and Howard Stern. 

Our leaders are not serious people.