Legal Insurrection readers may recall my report from mid-October on China’s Salt Typhoon hacking operation.
The Salt Typhoon hackers are believed to have infiltrated major telecommunication networks (AT&T, Verizon, and Lumen) and potentially accessed critical data from major service providers. The Chinese espionage operation apparently breached systems used by U.S. intelligence to conduct wiretaps.
As investigations into this situation continue, it appears China targeted specific phone numbers linked to top political figures, their staff, and individuals with deep governmental ties. These include key players in the critical US presidential race: President Donald J. Trump, J.D. Vance, and the campaign staff of both the Harris and Trump teams.
The full scale of the hack is not yet known, though officials have said that information related to federal requests for wiretaps was targeted, as well as telephones used by former president Donald Trump, Sen. JD Vance, campaign workers in both the Kamala Harris and Trump campaigns, and members of Trump’s family. It’s not immediately clear whether the hackers were successful in gaining data from those people.“Salt Typhoon’s recent infiltration isn’t just another hack — it’s a high-stakes escalation. It showcases China’s growing cyber-sophistication and relentless ambition to undermine U.S. infrastructure, laying bare the vulnerabilities in our systems,” said Craig Singleton, senior China fellow at the Foundation for Defense of Democracies.
In late October, the FBI informed 40 high-ranking political officials and important business leaders, including Trump and Vance, that they had been struck by Salt Typhoon.
The FBI informed one person who had been compromised that the initial group of identified targets included six affiliated with the Trump campaign, this person said, and that the hackers had been monitoring them as recently as last week. According to that individual, Trump, Vance, Eric Trump, Jared Kushner and two other Trump campaign advisers were told they had been surveilled.“They had live audio from the president, from JD, from Jared,” the person told me. “There were no device compromises, these were all real-time interceptions.”Vance publicly confirmed that his and Trump’s phones were “hacked by Chinese hackers” during his interview with podcaster Joe Rogan released on Thursday. “They only got some offensive memes and me telling my wife to buy more milk at the grocery store,” he said. “They couldn’t get my encrypted messages; I use Signal and iMessage.”
Rep. Raja Krishnamoorthi (Illinois), the ranking Democrat on the House Select Committee on the Chinese Communist Party, assured The Washington Post columnist Josh Rogin there was no evidence of the Chinese using any potentially collected information in this election.
There’s no evidence yet that Beijing plans to use any information collected to interfere in U.S. politics or Tuesday’s presidential election, though it remains a concern, Krishnamoorthi told me.But short of that, Beijing could still use these operations to hurt the United States in several ways, he said. The Chinese government could use its infiltration of U.S. telecom networks to disable them during warfare, for instance. The information collected from Americans could be used for blackmail or disinformation campaigns.“Not only are they potentially inserting malware to disrupt our telecommunications networks. On top of that, it’s a surveillance system,” the congressman told me.
Given how trustworthy our officials have been in recent years, my fears about Chinese interference are not allayed.
Finally, I would like to note that the Chinese were very busy with computer espionage during the Biden years.
Volt Typhoon targeted critical infrastructure organizations in the United States, using a botnet of compromised small-office-home-office devices to route network traffic and evade detection.
Microsoft called the hacking group “Volt Typhoon” and said that it was part of a state-sponsored Chinese effort aimed at not only critical infrastructure such as communications, electric and gas utilities, but also maritime operations and transportation. The intrusions appeared, for now, to be an espionage campaign. But the Chinese could use the code, which is designed to pierce firewalls, to enable destructive attacks, if they choose.So far, Microsoft says, there is no evidence that the Chinese group has used the access for any offensive attacks. Unlike Russian groups, the Chinese intelligence and military hackers usually prioritize espionage.
Flax Typhoon is another operation that has been active since mid-2021 and has targeted government agencies and education, critical manufacturing, and information technology organizations in Taiwan. However, entities have also been targeted elsewhere in Southeast Asia, as well as in North America and Africa.
About half the operations impacted were American.
“But unlike Volt Typhoon – they targeted routers – Flax Typhoon hijacked internet of things devices like cameras, video recorders, storage devices, things typically found across both big and small organizations, and about half of those hijacked devices were located here in the U.S.”
In September, the FBI announced that this operation had been stopped.
The hacking campaign known as Flax Typhoon installed malicious software on more than 200,000 consumer devices, including cameras, video recorders and home and office routers, to create a massive botnet — a network of infected computers. The botnet was used to facilitate cyber crimes, such as the theft of sensitive information from victims’ networks.“Flax Typhoon’s actions caused real harm to its victims, who had to devote precious time to clean up the mess when they discovered the malware,” Wray said at the Aspen Cyber Summit.
CLICK HERE FOR FULL VERSION OF THIS STORY