Chinese Hackers Are Pre-Positioned, and Top Officials Could Be Making Matters Worse
Chinese nation-state cyberattacks that breached U.S. telecommunications infrastructure are inevitable – and unless the U.S. government overhauls its cyber defenses, it will happen again.
That was the stark warning from experts who testified Wednesday on the Chinese state-sponsored cyberespionage campaign that breached major U.S. carriers including Verizon and AT&T, exposing data from senior government officials – including then-presidential candidate Donald Trump (see: Feds Probe Chinese ‘Salt Typhoon’ Hack of Major Telecoms). Witnesses cautioned that the Trump administration’s use of unsecured platforms and third-party messaging apps like Signal – now at the center of the White House’s first major security scandal – could leave top government secrets wide open to foreign adversaries.
Politico reported Wednesday that National Security Adviser Mike Waltz’s team set up at least 20 different Signal group chats to discuss sensitive information. The Washington Post reported Tuesday that Waltz’s team also conducted government business using personal Gmail accounts – an even less secure communication channel than Signal.
The telecommunications sector “stands at the front lines of this cyber war” and “cannot defend itself alone,” said Ed Amoroso, a former AT&T chief security officer and CEO of the cybersecurity firm TAG Infosphere. Amoroso urged Congress to “take legislative steps to encourage proactive defense strategies,” including programs to fund critical infrastructure protection and support cyber workforce development.
Democrats and Republicans on the committee clashed over the alleged politicization of “Signalgate,” with Republicans accusing Democrats of exploiting the controversy instead of using the hearing to address critical infrastructure vulnerabilities. “Was it best practice for a reporter to have been included? No,” said Rep. William Timmons, R-S.C., chairman of the House Oversight subcommittee on military and foreign affairs – a reference to The Atlantic Editor-In-Chief Jeffrey Goldberg’s inclusion in by Waltz in a Signal group discussing military strikes against Yemen. “We’re here to talk about Salt Typhoon and what we can do to – as Dr. Amoroso pointed out – avoid the sinkhole.”
Democrats fired back, arguing that the White House is neglecting key security measures while pushing deep cuts to the Cybersecurity and Infrastructure Security Agency and purging cybersecurity officials, leaving telecom, federal agencies and other sectors increasingly exposed to attacks.
“I can understand if Republican members don’t want to say anything about what the Trump administration did on this,” Rep. Steven Lynch, D-Mass., said Wednesday. “But to call it politicization – and also to give a blessing to what they did and call it a success – scares the hell out of me.”
Experts told lawmakers that while Chinese hackers tracked a Salt Typhoon targeted telecom network infrastructure, Signal and mobile devices are vulnerable to a range of state-sponsored threats, including spyware attacks and zero-day exploits.
“Signal’s encryption, we don’t know that it’s perfect,” said Matt Blaze, chair of the Computer Science Department and Georgetown University Law Center. “We don’t know if there is some attack that will be discovered in the future, but it’s probably safe to say that the easiest way to attack an end-to-end encrypted communication is by attacking the endpoint.”
Concerns over Trump administration’s security protocols – or apparent lack thereof – have spiked amid reports indicating top advisers to the president have had their personal data leaked through easily accessible commercial data services. Shortly after the discovery of the Signal chat conversations that accidentally included a prominent journalist, Der Spiegel reported Waltz, Director of National Intelligence Tulsi Gabbard and Secretary of Defense Pete Hegseth have all had their mobile numbers, email addresses and even some passwords leaked online (see: Report: Top Trump Officials’ Private Data Leaked).
The witnesses echoed longstanding warnings that sophisticated threat actors like Salt Typhoon and other Chinese hacking groups have already embedded themselves within U.S. critical infrastructure sectors and warned that the next attacks could involve disruptions to services and systems that millions of Americans rely on everyday.
“America’s industrial and shipping systems are sitting ducks for China,” said Josh Steinman, CEO of the cybersecurity platform Galvanick. “Time to learn from our mistakes before it’s too late.”