Chinese hackers got Trump’s data in a major breach — and possible yours - POLITICO Tech

Summary5 min read

POLITICO Tech: Chinese Hackers Breach US Telecom Networks

Episode: Chinese hackers got Trump’s data in a major breach — and possible yours
Release Date: December 6, 2024
Host: Stephen Overley
Guest: Maggie Miller, POLITICO Cybersecurity Reporter

Introduction

In this gripping episode of POLITICO Tech, host Stephen Overley delves into a significant cyberattack orchestrated by Chinese hackers targeting major US telecommunications networks. The breach, attributed to the hacking group Salt Typhoon, has compromised the call logs and data of millions, including high-profile figures such as President Elect Donald Trump and Vice President Elect J.D. Vance. Maggie Miller provides an in-depth analysis of the attack's scope, the challenges in containment, and the broader implications for US cybersecurity.

Scope and Impact of the Cyberattack

The episode opens with the revelation that Salt Typhoon has infiltrated the largest US phone and Internet networks since their initial detection in spring. Maggie Miller describes the attack as "one of the most breathtaking hacks that has ever faced the US," highlighting its unprecedented scale and the extensive access gained to telecommunications infrastructure.

Notable Quote:

"This may well be one of, to quote one of the senators I spoke with this week, one of the most breathtaking hacks that has ever faced the US."
— Maggie Miller [02:10]

The breach affects major providers such as AT&T, T-Mobile, and Verizon, compromising the privacy of millions of Americans’ calls and texts. The prolonged nature of the attack—remaining undetected for months—has exacerbated the difficulty in containing the breach, as the hackers continue to access and exploit the networks.

About Salt Typhoon: The Hackers Behind the Attack

Salt Typhoon, a relatively new player in the landscape of cyber threats, is closely linked to the Chinese Communist Party. Maggie Miller explains that while Salt Typhoon is emerging this year, it is connected to other established groups like Volt Typhoon, known for their extensive infiltration of US critical networks.

Notable Quote:

"These are top level Chinese government hackers who have been on a very clear path targeting telecommunications of trying to gather intelligence."
— Maggie Miller [03:18]

Salt Typhoon’s primary objective appears to be espionage, aiming to collect data and intelligence on high-profile politicians and, by extension, millions of ordinary Americans. The targeting of figures such as Trump and Vance suggests a strategic intent to gather sensitive information that could influence political dynamics and national security.

Government Response and Challenges

The Biden administration's response to the breach has been under scrutiny, with Maggie Miller noting that despite early detection, a comprehensive handle on the situation remains elusive. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have partnered to investigate, but progress has been slow due to the attack’s complexity and ongoing nature.

Notable Quote:

"Our telecommunications networks are very much wide open and still being accessed at the moment."
— Maggie Miller [07:19]

CISA Director Jen Easterly announced the formal initiation of an investigation by the Cybersecurity Standards Review Board (CSRB), a multi-agency body led by the Department of Homeland Security. However, criticism persists regarding the delayed public acknowledgment and the administration’s handling of the situation.

Identifying Vulnerabilities and Prevention Measures

Preventing such extensive breaches remains a significant challenge. Maggie Miller discusses the varying methods used by the hackers, indicating that each targeted organization experienced different vulnerabilities. Common issues include the lack of high-level security measures like multifactor authentication and susceptibility to phishing attacks.

Notable Quote:

"In many cases they're not saying which it could have been something low level in that there just wasn't high security, there wasn't multifactor authentication."
— Maggie Miller [08:24]

The focus is now on not only removing the hackers from the networks but also strengthening the cybersecurity frameworks of telecom providers to prevent future breaches.

Consumer Protection and Safeguarding Personal Data

In light of the breach, the government has issued guidance for everyday users to protect their information. Maggie Miller emphasizes the importance of encrypted communications as a critical defense mechanism.

Notable Quote:

"If you send messages from an Apple to an Apple phone on iMessage, that is encrypted."
— Maggie Miller [09:33]

She recommends using encrypted messaging apps like Signal or WhatsApp and avoiding unencrypted platforms for sensitive communications. These measures can significantly reduce the likelihood of personal data being accessible to unauthorized entities.

Political Fallout and Legislative Responses

The cyberattack has sparked a bipartisan outcry, with lawmakers pushing for more robust cybersecurity legislation. Senator Marco Rubio labeled the incident as "one of the biggest hacks in history," while Senator Mark Warner is spearheading efforts to establish cyber standards for the telecommunications sector.

Notable Quote:

"There is big bipartisan support... to secure the telecom sectors."
— Maggie Miller [11:02]

The impending congressional hearings and the transition to a new administration in January may influence the speed and nature of the legislative responses. The fear and urgency surrounding the breach have catalyzed unprecedented bipartisan cooperation in addressing cybersecurity vulnerabilities.

Impact on Telecommunications Companies

Private sector telecom providers are under intense pressure to address the breach. Companies like T-Mobile have publicly stated their efforts to expel the hackers from their systems, while others remain less transparent. The federal government is actively collaborating with eight unnamed telecom companies to eliminate the threat.

Notable Quote:

"The White House is working directly with eight unnamed US companies in the telecom sector to root these hackers out."
— Maggie Miller [13:01]

The responsibility largely falls on these private entities to secure their networks, manage the fallout, and implement measures to prevent future intrusions. The success of these efforts is critical to restoring public trust and ensuring national security.

Conclusion

The POLITICO Tech episode underscores the severity of the Salt Typhoon cyberattack and its far-reaching implications for US telecommunications and national security. As the government grapples with containment and legislative responses, the episode highlights the urgent need for enhanced cybersecurity measures both at the governmental and consumer levels. With ongoing investigations and mounting political pressure, the path forward involves concerted efforts to safeguard critical infrastructure and protect personal data from sophisticated foreign threats.

For more detailed insights and continuous updates on this developing story, stay tuned to POLITICO Tech.

Loading summary

Transcript30 lines

[00:01]
US Cellular Ad
This episode is brought to you by US Cellular. Some things are worth waiting for, like getting your diploma or finding the right partner. You know what's not worth waiting for? The cable guy. Fortunately, US Cellular's home Internet is so simple to install, you can do it yourself. And it's just $39.99 per month when bundled with a wireless plan with a three year price lock guarantee. US Cellular Home Internet made simple without the waiting terms apply. Visit uscellular.com for details.
[00:32]
Stephen Overley
Hey, welcome back to POLITICO tech. Today's Friday, December 6th. I'm Stephen Overlay. Chinese hackers have breached the largest US phone and Internet networks, gaining access to the call logs and data of millions of Americans, from President Elect Donald Trump to you or me. The hacking group behind the attack is known as Salt Typhoon. And hackers were actually first detected back in the spring. But the Biden administration only revealed the attack in recent months. And in recent days, officials have acknowledged it is still not under control. Politico cybersecurity reporter Maggie Miller tells me this is being considered one of the broadest cyber attacks in history. And on the show today, she explains why it's been so hard to control and how people can protect their information. Here's our conversation. Hey, Maggie, welcome back to Politico Tech.
[01:35]
Maggie Miller
Thanks so much for having me.
[01:36]
Stephen Overley
So this cyber attack on US Telecom networks was first detected in the spring and it's still ongoing now, months later. How widespread is this problem and why is it so hard to contain?
[01:48]
Maggie Miller
So this problem really just feels like a Pandora's box that just continues to open. So reporters were briefed earlier this week on the fact that this investigation on the federal level into this hack has been ongoing since spring. However, most reporters and most of the world didn't find out about it till October. So really the length of time that this has been ongoing has expanded. And what's become especially clear this week as members of the administration, members of Congress, experts start to speak out about it, is that this may well be one of, to quote one of the senators I spoke with this week, one of the most breathtaking hacks that has ever faced the US it involves Chinese government hackers gaining access to the cellular networks, telecommunications networks of the majority of major U.S. providers. That includes names like AT&T T Mobile, Verizon, but the list is much longer, is global in scale. And what's week is that the administration still doesn't even have a handle of just how deep they are into these networks and that even though they've known since Spring, this hack is ongoing and it's putting the privacy of Americans calls and text messages massively in jeopardy.
[03:10]
Stephen Overley
Got it. So this thing is just sort of so massive it sounds like that that is part of the challenge in trying to contain it and kick these hackers off these networks.
[03:18]
Maggie Miller
Exactly. And I think a thing to underline is these aren't just your average 17 year old hacker in a basement. These are top level Chinese government hackers who have been on a very clear path targeting telecommunications of trying to gather intelligence and clearly access to the phones of many top politicians, but in the process, potentially millions of Americans.
[03:44]
Stephen Overley
Well, so this hacker group is known as Salt Typhoon. They're linked to the Chinese Communist Party, as you said. What do we know about them and sort of their history and their motivations here?
[03:54]
Maggie Miller
Well, Salt Typhoon is actually a fairly new group, at least to rise to this level. However, it's closely linked to other groups that also have the last word Typhoon, which for listeners interested in why Microsoft actually names all China affiliated threat groups with a Typhoon. So interesting. Yeah, so the one we've been talking about a lot in the last two years is Volt Typhoon. And they're another government hacking group that has gained access to a wide swath of U.S. critical networks to basically be there in case of an attack, to shut down networks, make it harder to respond in any sort of war with China, et cetera. Salt Typhoons really come on the scene this year and it seems that their aim is really espionage and is really collecting data and intelligence on, as I said, politicians and in this case, millions of Americans. And when I say politicians. In October it came out that two of the officials who'd been targeted were President elect Donald Trump and Vice President elect J.D. vance. So clearly very top, top people, senior people.
[05:03]
Stephen Overley
Totally. Do we know what they want that information for? I mean, is this just general espionage? Do the officials think they have some particular aim in mind?
[05:11]
Maggie Miller
Well, I mean, you can't really for sure get in their minds, but I would say when you have people such as President elect Trump and Vice President elect Vance on their list of targets, you can speculate they've gained access to call logs, to actual call audio, to texts. And if you think about who some of these officials like Trump and Vance might be talking to, that gives a lot of valuable information to a foreign government. And it's not just them. There's staffers on the Hill and it's clearly something that is aimed at gaining intelligence at a high level. Okay, I have to tell you, I was just looking on ebay, where I go for all kinds of things I love. And there it was, that hologram trading card.
[05:58]
Stephen Overley
One of the rarest.
[05:58]
Maggie Miller
The last one I needed for my set. Shiny like the designer handbag of my dreams. One of a kind.
[06:04]
Stephen Overley
Ebay had it.
[06:05]
Maggie Miller
And now everyone's asking, ooh, where'd you.
[06:08]
Stephen Overley
Get your windshield wipers? Ebay has all the parts that fit my car. No more annoying, just beautiful.
[06:15]
Maggie Miller
Whatever you love, find it on eBay. EBay. Things people love.
[06:22]
Stephen Overley
The fact that this has been going on for so many months now, the Biden administration has come under criticism for not sort of getting a better handle on things. How has the government responded so far, and what have they said they're planning to do going forward?
[06:36]
Maggie Miller
Yeah, so that was the briefing we had earlier this week for reporters was with the FBI and the Cybersecurity and Infrastructure Security Agency. They've paired up on an investigation into this, which is very much still ongoing. They said that they are working with telecom providers directly, having meetings with victims, have reached out to those individuals who have been most heavily targeted in terms of their phone records stolen or at least viewed. And also, as CISA Director Jen Easterly told me on Wednesday, there's a group called the csrb, which is led by the Department of Homeland Security. They're made up of a lot of agencies, and they investigate major cyber incidents. They said in October that they were gonna look into this, and finally, they are kicking off this investigation formally at the end of this week. However, there's been a lot of pushback and criticism from lawmakers, especially as to why this didn't happen earlier. And what Easterly said is that, frankly, many of the agencies that are tasked with investigating this and making recommendations, for example, the Federal Communications Commission, the Department of Homeland Security, the FBI, they're still investigating this because, as everyone said, this hack is not done. It is ongoing. Our telecommunications networks are very much wide open and still being accessed at the moment.
[08:02]
Stephen Overley
One question I had for you, which is, you know, I've talked to enough cybersecurity experts to know that, like, prevention is the best medicine here, right? Like, they all say it's better to keep hackers off your network than to try to get rid of them once they're already there. Have they discovered, like, what vulnerabilities allowed this to happen in the first place, and is anything being done to close those off?
[08:24]
Maggie Miller
Well, I think, as officials said this week, each of these organizations that were hacked, it was not the exact same method every time. This is very high level hacking. Activity where each organization and targeted they find a different vector in. But one thing that has been clear from speaking to senators this week is that in many cases they're not saying which it could have been something low level in that there just wasn't high security, there wasn't multifactor authentication. There were easy ways to get in, clicking on a link, for example, and getting into systems. But you know, it is going to be something that we're gonna have to keep watch in the next few months as more information comes out. But clearly there is a big push to overhaul the cybersecurity of telecom systems after this. But I think the focus right now more than that is simply on getting these hackers out because they're still in there.
[09:20]
Stephen Overley
You know, we don't often on this podcast talk about like, you know, the consumer protection news. Right. But the government has put out some guidance about what everyday people could be doing to like protect their information. Here, talk me through what some of that is.
[09:33]
Maggie Miller
Some of that frankly, is using encrypted communications. Because even though China or the Chinese government may have access to your phone calls to looking at your text messages right now, that doesn't necessarily mean that they're looking at everyone. It's a huge swath of people. But if you want to be much more sure that they won't be able to read what you're sending encrypted communications. So for example, if you send messages from an Apple to an Apple phone on iMessage, that that is encrypted. If you use apps like signal or WhatsApp, that is encrypted. So even if they stole that data, they wouldn't be able to read anything. And the same with calls. I mean, there's been calls from senators this week to the Department of Defense to stop using things like Microsoft Teams, which is not encrypted communications, and move to video calls that are such as FaceTime, get off the landlines, don't use those if you're making national security type calls. So I think while the average American, I think it's very unlikely that Beijing is spending its days looking at every single person's data, if you want to be sure, then encrypted communications might be the name of the game for right now.
[10:45]
Stephen Overley
Right. Well, and I think Congress is going to be digging into that quite a bit. Right. There's already the Senate Commerce Committee has scheduled a hearing on this. As you said, a lot of lawmakers are speaking out now, putting pressure on the Pentagon and pressure on the Biden administration. What political fallout should we expect going forward, do you think?
[11:02]
Maggie Miller
Yeah, absolutely. On Wednesday, there was a briefing by federal officials at Capitol Hill behind closed doors, where senators, the full Senate, were given kind of the rundown and the briefing of what is going on. And many of them emerged quite shaken and angry at how large this is. Senator Marco Rubio, President Elect Trump's nominee for Secretary of State, told me that he saw it as one of the biggest hacks in history, potentially even worldwide. And so there is big bipartisan support, from what I could tell, for legislation around helping to secure the telecom sectors. And I know that Senator Mark Warner, the chair of the Senate Intelligence Committee, is currently crafting legislation, along with several other senators that would try to address this, potentially even creating some sort of cyber standards for the telecommunications sector. Although that would probably be a longer process. I think what's unclear is how much can be done prior to the end of this year, given that this is the end of Congress. There's very few days left. There's going to be a new administration in January. So trying to do what they can now, recognizing that there's very limited time. But I think just coming from the briefing on Wednesday, there's fear about this, there's concern about this, and it is a bipartisan fear which is increasingly rare in this city. So I would be very surprised if we don't see President Elect Trump coming in and addressing this in some way.
[12:31]
Stephen Overley
Yeah, it certainly seems like a big issue that he will inherit right at the top of his administration. I am curious. The companies that have been impacted in the US Itself, and I believe there's about eight of them, as you said earlier, it includes all the big names at&T Verizon, T Mobile. What are they doing or what have they said about this? Because ultimately, these networks are operated by these private companies, and so it will largely fall on them, with the government's help, to get these guys off their networks.
[13:01]
Maggie Miller
And that's a great point because as is always pointed out to me by experts, the federal government can do a lot, but something like 90% of the US critical networks are in private sector hands. So really, it's up to them. And some of these companies really have taken steps. For example, T Mobile claims that they do have these hackers out of their systems and have been pretty public about what they're doing. Some have been less public, but I know that on Wednesday, Ann Neuberger, one of the top cyber officials at the White House, told reporters. Reporters that the White House is working directly with eight unnamed US companies in the telecom sector, probably some very big names to try to root these hackers out. And I think that given any time that there is a major hack of a sector, the spotlight goes right onto those companies. And I'm sure they are feeling the heat from pretty much everyone involved at the federal level to try to get these hackers out as soon as they can and more crucially, ensure that this type of hack can't happen again.
[14:02]
Stephen Overley
Right. Well, and that heat is definitely rising. Maggie, thanks for being here on Politico Tech.
[14:06]
Maggie Miller
Thanks so much for having me.
[14:13]
Stephen Overley
That's all for today's Politico Tech. If you enjoy Politico Tech, be sure to subscribe on Apple, Spotify or your preferred podcast player. And for more tech news, subscribe to our newsletters, Digital Future Daily and Morning Tech. Music in our show comes from the mysterious Brick Master Cylinder. Our managing producer is Annie Reese. Our producer is Afraid Abdullah. And our editors are Steve Hoyser, Daniela Cheslow and Louisa Savage. I'm Stephen Overlea. See you back here on Monday.