How China’s Cyber Threat Looms Over America

Ad Sponsor

This episode is brought to you by Amazon. Sometimes the most painful part of getting sick is the getting better part. Waiting on hold for an appointment, sitting in crowded waiting rooms, standing in line at the pharmacy that's painful. Amazon One Medical and Amazon Pharmacy remove those painful parts of getting better with things like 24. 7 virtual visits and prescriptions delivered to your door. Thanks to Amazon Pharmacy and Amazon One Medical Healthcare just got less painful.

James Rundle

Welcome to Tech News briefing. It's Wednesday, January 8th. I'm James Rundle for the Wall Street Journal. Chinese hackers have been a menace in cyberspace for years, targeting the US Government and the private sector, as well as presidential campaigns. But revelations about how deeply attackers have penetrated US Critical infrastructure have worried senior intelligence officials. Hear from our reporter Dustin Voles about how Chinese digital spies have infiltrated some of the most vital organizations in the U.S. positioning themselves to cause havoc if a conflict breaks out. Two massive hacking operations named Salt Typhoon and Vault Typhoon by researchers have spooked intelligence officials. Chinese hackers have broken into systems across ports, pipelines, water treatment systems and airports across the US in recent years and done nothing. That's according to senior US Officials who say China is preparing to unleash chaos if America were to intervene in a future conflict, likely over Taiwan. Separately, Chinese spies also infiltrated the networks of major telecoms providers, enabling them to spy on text messages and phone calls from government officials, political figures, and others. The WSJ interviewed dozens of national security, law enforcement and private sector officials about these attacks. Our reporter Dustin Volz joins us to discuss how serious China's intrusions are and what Washington is doing about it. Dustin, China has been in the headlines a lot in the past year for cyber activity. Can you put this in perspective? How sophisticated and aggressive have its actions been with its recent campaigns compared with its past activity?

Dustin Volz

China has always been pretty aggressive in cyberspace and for really 15, 20 years now has been targeting US systems, private sector companies, government agencies. In 2008, for example, they hacked both the Obama and McCain presidential campaign. So cyber aggression from China is nothing new. What's new here and what they're doing now is just different and alarming to senior U.S. intelligence officials because instead of stealing private intellectual property from businesses or just mass quantities of personal data, they're breaking into scores of critical infrastructure systems. Think pipelines, water sanitation systems, regional airports for the purpose of preparing for a future conflict, likely over Taiwan, and trying to basically deter or intimidate the US from engaging in a hot conflict. And that combined with these separate intrusions into US Telecom Networks that have been going on for well over a year in some cases, and have allowed the Chinese hackers to surveil high profile targets by listening to their phone conversations and in some cases reading their text messages. These two attacks have combined to really put US Officials on a new level of concern about what Beijing's been doing and just how not only sophisticated, but how vast their cyber hacking resources really are.

James Rundle

So what has China actually been doing once it's compromised these systems in the.

Dustin Volz

Critical infrastructure attacks, which researchers call Volt Typhoon? They aren't actually disrupting system. They're not taking down airports or slowing systems to a halt or anything like that. But what they are doing is lying in wait. Essentially. They're getting in and waiting for future tasking orders to potentially do something that is more disruptive. And the reason U.S. officials are so convinced that this is what they're doing is they're breaking into systems with no clear intelligence value, nothing really worth stealing. So they might break into a municipal emergency response system in Los Angeles, for example, and then lying in wait for months on end, or in some cases years, and pure periodically checking back to make sure that they have maintained that access into the systems. That's it. The inaction there is what's being seen as so alarming by US And Western security officials. Because if they're just lying there and wait, what are their future plans? And the assessment is that their future plans are to wait until there is a conflict directly with the US and then they can start doing things to disrupt these systems.

James Rundle

Sure. And when we start talking about power grids, about water treatment facilities, about ports, pipelines, it has a very chilling effect. What has Washington done about this?

Dustin Volz

A year ago Last January, senior U.S. officials actually came forward and disclosed a lot of the critical infrastructure hacking activity. There was an effort to dismantle a botnet which is sort of hijacked computer systems that were being used to help the Chinese enter these systems. So the authorities came out and dismantled that botnet. They made it very clear publicly that they didn't tolerate this activity and that they were looking for other victims and they were sharing threat intelligence with these different sectors in hopes that they would find other places that the hackers have been burrowing and hiding. And that's what they've been doing for now a couple of years, is detecting dozens of critical infrastructure systems across the country where they are sort of lying in wait and have maintained persistent access. So the campaign to educate these, often under resourced critical infrastructure systems, these providers, to help them protect their systems. The campaign to educate them continues. They're finding the hackers in more places. But what's alarming is that at the same time that the White House and others have been pushing to try to, you know, deal with this issue of the infrastructure hacking, a separate group of Chinese hackers linked to their top intelligence agency had been very sneakily embedding itself into US Telecommunications infrastructure and doing so in a way where they were able to in some cases, surveil directly the conversations of senior U.S. officials and political figures and also access U.S. law enforcement systems they use to wiretap criminal suspects, including potentially Chinese spies in the U.S. it's sort of just, you know, you try to address one problem and then you wake up and there's a whole other crisis. Chinese hackers are everywhere, all at once, and they're preparing for war. And that's really sort of what's so frightening right now for a lot of U.S. officials.

James Rundle

What has the Chinese government said about this?

Dustin Volz

The Chinese government has denied this repeatedly. In fact, US Officials, including Secretary Blinken, have attempted to directly confront senior Chinese Communist Party officials. Last April, while visiting China, Secretary Blinken actually presented essentially evidence saying, we know that you're in all these systems, that your hackers are doing these things, and we really need you to cut it out. And China basically said, we have no idea what you're talking about. This looks like it might be a criminal ransomware group. If anything, we have nothing to do with it. Please stop with these fabricated assertions. And then publicly, Chinese officials will say that they are not doing anything that the US Isn't also doing, that these are smears, these are lies. The true criminal out there when it comes to cybersecurity is the. Is the U.S. government. So that is how China has been responding.

James Rundle

Coming up, we hear about how hackers managed to breach systems at telecom giants and the challenge this presents for President Elect Donald Trump's administration. That's after the break.

Dustin Volz

Taxi.

Waymo Representative

Imagine hailing a cab with no one in the driver's seat.

Ad Sponsor

Welcome. Please buckle your seatbelt and enjoy the ride.

Waymo Representative

Self driving car company Waymo has spent billions developing its tech.

Ad Sponsor

What's changed is machine learning.

Dustin Volz

I'm not really thinking about who's driving.

Waymo Representative

But will this big bet pay off for Waymo and its parent, Google owner, Alphabet? Find out in Waymo and the Robo Taxi Race, a new series in the WSJ's Future of Everything feed.

James Rundle

You mentioned earlier that a lot of critical infrastructure companies tend to be poorly resourced when it comes to cybersecurity. Major telecoms companies we don't generally associate with the lack of resources. Do we know how China has achieved such unprecedented compromise into all these companies?

Dustin Volz

We know some details about it. It's still sort of an evolving process and investigators continue to learn more. But we know that in the telecom hacks, it appears as though in all or nearly all cases, the intrusions relied on unpatched vulnerabilities that were known to the public and known to security analysts and experts. In other words, there was aging old telecom infrastructure that was leveraged and accessed by the hackers because they just didn't have the defenses that they needed and they hadn't been patched and they weren't up to date. And there will be a lot of finger pointing to come in the months ahead as investigators continue to sort through this. But that's really stunning because as you said, these are well resourced telecommunications companies. The victims include Verizon and AT&T, the two biggest in the US as well as a lot of other ones that are smaller. But in each case, and each case was different in some respects. The hackers were able to hijack large network routers, essentially, and use those to conceal their activity, to cover their tracks, to do a lot of espionage. And US Officials in the Biden administration have really pushed over the last four years to install minimum cybersecurity mandates for different industries. For example, after the colonial pipeline hack of 2021 that briefly led to the shutdown of the largest conduit of fuel on the east coast, the Biden administration pushed forward mandates for pipelines, cybersecurity mandates that basically made it so that they had to comply with baseline requirements for cybersecurity the administration has done in a couple of other industries as well, including aviation, but they haven't done it in telecoms. And the officials I spoke to about this, asking them why, it's for a number of reasons. Government can be slow, but also a lot of folks thought that telecoms were actually already well resourced, that they had a pretty good sense of their cybersecurity and were able to invest in it heavily already, and that they didn't need these kinds of executive action regulatory mandates, the same way that some of the other industries seemingly were more urgent and needing of attention. And so now you're seeing that the Federal Communications Commission and others are taking a look at what they can do to potentially increase the cybersecurity standards for telecommunications networks. And the companies are saying they recognize that cybersecurity is existential for them and that they need to do more to make sure that these types of attacks are dealt with and hopefully don't happen again.

James Rundle

So the big question is, now that we know the hackers have been in the networks, are they still there?

Dustin Volz

So the companies say that they believe they have basically addressed this issue in the telecom hacks with the group that researchers at Microsoft and elsewhere have called Salt Typhoon. They say that they're out, essentially, but US Officials say that they're not so sure. A number of people we spoke to who are deeply involved in the investigation here said that they were surprised to see these statements from some of the carriers and that the compromises were so deep and so vast within the major telecommunications networks that it's really going to be hard to definitively say that they are fully out of the network. And to do so at this stage might be somewhat premature.

James Rundle

And, of course, we have a new administration coming in a few weeks, which is resulting in the resignation of a number of senior cyber officials who have been dealing with this. Jenny Stili, the director of the Cyber Security Infrastructure Security Agency. Harry Coker, the National cyber director. How much of a challenge does this present for the incoming administration?

Dustin Volz

It's a huge challenge for the incoming Trump administration. And some officials, including President elect Trump's nominee to be chairman of the Federal Communications Commission, Brendan Carr, have spoken about the telecom hacks and said it's a priority and that we need to do more to deter China. It's absolutely a key national security issue for them. It's unclear what President elect Trump will do here with China, but he's obviously been very, very tough rhetorically on China. So it remains to be seen how they're going to address this and whether or not they're going to be supportive of these cybersecurity mandates on industry that historically Republicans in Congress and elsewhere have been resistant to. They often favor more voluntary arrangements for cybersecurity.

James Rundle

That was our reporter Dustin Voles. And that's it for Tech News Briefing. Today's show was produced by Julie Chang with supervising producer Catherine Milsock. I'm James Rundle for the Wall Street Journal. We'll be back this afternoon with TNB Tech Minute. Thanks for listening.