(Photo by Beata Zawrzel/NurPhoto via Getty Images)
Chinese state-sponsored hackers reportedly breached US internet service providers, including AT&T, Verizon, and Lumen Technology, to potentially steal sensitive US government data.
According to The Wall Street Journal, the incident might be a "catastrophic security breach” because the Chinese hackers, dubbed Salt Typhoon, may have accessed network infrastructure that ISPs use to answer court-authorized wiretapping requests. The access also may have persisted for months.
As a result, the Chinese hackers could have been spying on the US surveillance network to intercept internet-based communications. In addition, Salt Typhoon reportedly had access to certain portions of generic internet traffic, giving them a way to spy on users.
AT&T, Verizon, and Lumen haven’t commented on the alleged breach. But NSA Director General Timothy Haugh told journalists over the weekend that the incident is currently under investigation. "I think it’s premature for us to talk about this specific case. We’re really at an initial stage," he said.
Security researchers, including Lumen’s own Black Lotus Labs, have discovered growing evidence of Chinese hackers infiltrating ISPs. In one case, Chinese attackers exploited a previously unknown vulnerability in networking software to install malware capable of harvesting passwords. In another incident, they infiltrated the ISPs to help them spread malware to unsuspecting users.
Telecommunications firms usually have a legal obligation to report when a data breach occurs. But The Wall Street Journal notes that federal authorities can grant them an exemption if the breach pertains to national security.
In the meantime, the incident is causing some privacy researchers to call out the US government for maintaining a confidential "backdoor" to enable internet-based wiretapping. "Case in point: there's no way to build a backdoor that only the 'good guys' can use," tweeted Meredith Whittaker, president of the encrypted chat app Signal.