Transcript of The Chinese Hackers Spying on U.S. Internet Traffic

Late last month, the Wall Street Journal broke a story about a major hack into critical US infrastructure. Cybersecurity experts believe it was carried out by a Chinese group called Salt Typhoon.

The Wall Street Journal reported that China-linked hackers have breached US Internet providers. It's aimed at accessing sensitive information and gaining footholds in critical broadband and networks.

Hackers potentially access the network the federal government uses to request court-authorized wiretapping for criminal and national security investigations. Our colleague, Dustin Vultz, was one of the reporters on a story. He says the hack has US officials freaking out.

This hack is particularly alarming to government officials and security investigators because they not only had deep access, but they were extraordinarily stealthy and were inside the networks for months. We've been told potentially even far longer than that. And there's deep concerns about the sensitive nature of data that was potentially compromised in these breaches. Breaches.

How big of a deal is this?

This is potentially catastrophic. That is what we are hearing from officials and investigators familiar with the breaches. The level of panic is extremely unusual. From my 10 years reporting on cyber security issues, this is very much ranking at the top of the list for what seemingly people are concerned about. They're putting this very much at the top of the list.

Welcome to The Journal, our show about money, business, and power. I'm Ryan Knutson. It's Tuesday, October eighth. Coming up on the show, What We Know About China's Monster Hack. Snakes, zombies, public speaking, the list of fears is endless.

But the real danger is in your hand when you're behind the wheel.

Distracted driving is what's really scary and even deadly. Eyes forward. Don't drive distracted. Brought to you by Nitza and the Ad Council. All right, so let's talk about this hack. What happened exactly?

So we don't know a lot about the hack, and that's in part because the Biden administration and cybersecurity investigators are still very much in the midst of figuring out what exactly happened here. It's unusual that details emerge publicly so early during a discovery of a major breach like this. But what we do know is that at least three major broadband providers in the United States, Verizon, AT&T, and Lumen, were all compromised by a Chinese-linked group called Salt Typhoon. This appears to be espionage-related, and it appears to be something that has potentially been going on for many months, if not longer. And all the individuals we've spoken to have described the attacks as extraordinarily stealthy, extremely sophisticated and a stunning level of deep intrusions into these compromised networks.

Verizon, AT&T, and Lumen declined a comment on the hack. A spokesman of the Chinese Embassy in Washington said China opposes cyber attacks in all forms. By infiltrating US networks, Chinese spies could potentially get access to all kinds of communication, like text messages and internet traffic, even phone calls. On top of that, these Chinese hackers targeted one of the systems the US government uses for domestic surveillance.

There are signs that they targeted sensitive US surveillance systems that are used to comply with court-authorized wiretappings that the companies in question have to provide to the FBI and other agencies for criminal and national security investigations. For the past 30 years, there has been a federal law known as the communications assistance law enforcement act that has required telecommunications companies to essentially allow the US government to access communications data on their networks if they get a court order related to a targeted criminal or national security investigation. Over time, Congress has modernized this, so it's not just about phone calls, but also about digital traffic. Think text messages and other sorts of Internet traffic.

We're When you're talking about wiretapping, just like the classic police investigation movie that you think of as the cops need to wiretap a suspect so they can listen in on their phone calls, and then they can use that to build a case.

Exactly. Wiretap is maybe not the best term of art in the modern 21st century digital age. But that is essentially what we're talking about here is a way for the government to access pieces of data on particular suspects related to national security and criminal investigations that these companies are obligated to comply with, assuming the government gets a court order.

Getting into this wiretap network means the Chinese could have access to whatever US officials are investigating.

The Chinese were essentially able to spy on what the US government was spying on. You might think, Well, why do the Chinese care about law enforcement access requests related to routine criminal investigations happening in the United States? They might not care about a lot of them. They might not care about a New Mexico drug trafficking case that the FBI is working on or something like that.

But other kinds of investigations could be of much greater interest to the Chinese government.

What they would care about, presumably, are counterintelligence investigations on Chinese spies who are living and working in the United States at maybe various research institutions or technology companies. Over the past several years, we've seen any number of cases come from the Justice Department related to Chinese espionage in the US. If you're the Chinese intelligence services, you would have deep interest in knowing about the surveillance that's being done on these targets to be able to understand what the US knows and be able to respond to that and potentially better conceal your espionage assets who are living within the United States.

Behind the hack is a group known as Salt Typhoon. We don't know that much about Salt Typhoon, other than the fact that cybersecurity researchers have linked its activities to the Chinese government. How does the Salt Typhoon hack compare to other Chinese hacks that we've seen in the past?

This is one of a barrage of Chinese-linked cyber attacks targeting major US critical infrastructure and major US companies over the last several years. They're getting in everywhere, and they're doing all sorts of really, really alarming things. What's notable here is that the Chinese used to be considered the loud, drunken burglars of hacking. Russia was really, really stealthy, really adept. China, 10 years ago, was stealing enormous amounts of data from the United States, but they were getting caught. They were loud.

Smashing in the front window and waking everybody up.

Exactly. They steal your car, but they would drive through the garage door on the way out, and then they- Knock over a lawn gnome. Yeah, they knock over a lawn gnome and hit the mailbox down the street, and then the police would arrive and catch them. That was what the Chinese were known for. This attack and other recent ones attributed the Chinese have instead been a lot more like what we've seen from Russia over the years, which is just incredibly stealthy, incredibly sophisticated, using complex attacks that involve a variety of different techniques that only the most sophisticated hackers could really engineer to achieve persistent months or years long access into networks, evade detection, and create ways in which they can come and go in networks and conceal their traffic. So essentially There's no way of knowing what they're doing or how long they've been inside.

But while the Salt Typhoon hack was about gathering intelligence, China has also been pursuing another type of hack, one that's aimed at causing chaos in American society. That's next. The ambition and scale of Chinese cyberattacks has been growing. Until recently, US officials thought China was mainly focused on stealing corporate and scientific secrets. But it's become clear that China is also trying to hack into different types critical US infrastructure.

Think transportation systems like airports, oil and gas systems, water sanitation facilities, the power grid, and basically maintain quiet access for the purposes of later detonating the cyber equivalent of bombs in these networks to cripple them in the event of a major conflict with China.

Fbi Director Christopher Ray warned about the risks posed by the People's Republic of China or the PRC, in Congressional testimony earlier this year.

There has been far too little public focus on the fact that PRC hackers are targeting our critical infrastructure, our water treatment plants, our electrical grid, our oil and natural gas pipelines, our transportation systems, and the risk that poses to every American requires our attention now.

So while that's happening, and that's been a 10 out of 10 on the panic scale for officials, along comes Salt Typhoon that we are just now learning about, which is quietly engaging and perhaps one of the most successful and most damaging cyber espionage campaigns. So you take those two campaigns together, and it just really broadens the aperture for how serious and significant these Chinese attacks on the US are and how we really are probably only even seeing the tip the iceberg in terms of the full extent of what they've been able to do, the networks that they've been able to compromise, and the preparations that they're making for a future conflict with the United States.

So the Chinese government and these Chinese hackers are really just embedding themselves all inside US networks of all kinds and just lying in wait.

That's right. Historically, we were concerned about spies embedding themselves. In the Red Scare, there were all sorts of concerns about spies spies being everywhere in government and small towns across America.

Those spies being people.

Yeah. But this is essentially the 21st century equivalent of that, of the worst case scenario, where you have likely thousands of these digital spies embedded in networks big and small across the United States, ready at a moment's notice to either do something destructive or stealthily stealing critically valuable intelligence and information from these compromised networks. Every time I talk to an American intelligence official, they're just gobsmacked by how serious this is and how widespread it is.

Is anybody at fault here for why these hackers were able to get in and stay undetected for so long?

It's hard to point a finger at any single provider or technology company and say, This is why this hack happened. At the end of the day, the Chinese are so incredibly talented at what they're doing, and they have tens of thousands, if not more, hackers who are working day and night to infiltrate these networks that most people I speak to say this is inevitable. This is inevitable that they're going to get in. What we need to do is be as resilient as possible, as good at detecting it when it happens, and have systems in place to respond.

Is it going to be possible to get these hackers out?

I hope so. We don't know the full extent of the current level of compromise today within the networks of these providers. Certainly, efforts are underway to identify them and kick them out of the network, but it's not easy to get these guys out. They are extremely good at what they do. This is not just finding a burglar, stealing stuff from your living room and putting cuffs on them and kicking them out. This is far more complicated than that. And eventually, I'm sure the companies are confident that they're going to be able to secure their systems and get the hackers out, but it remains to be seen how long that's going to take or if they've had that success so far.

Was there a way for the US to defend itself better to prevent this thing from happening?

Part of the issue here is that so much of our cyber security is reliant on the private sector. Whether it's infrastructure like power plants or water systems or transportation systems or telecommunications firms. These are private companies, and largely, they, for the most part, with some exceptions, don't have a ton of cyber security requirements that are imposed on them by Congress. There are a number of reasons why that hasn't happened over the years, but the critics would say that these companies are lax in their security standards because they're allowed to be. That system just makes it so that we are essentially a target-rich environment for hackers. We are a highly digitized country. We love technology, and that makes it very easy for us to have these single points of failure at these huge companies that can lead to potentially catastrophic risk when the hackers come knocking.

That's all for today, Tuesday, October eighth. The Journal is a coproduction of Spotify and the Wall Street Journal. Additional reporting in this episode by Sara Kraus, Robert McMillan, and Iruna Vishanatha.atha. Thanks for listening. See you tomorrow.