Federal authorities on Tuesday urged telecommunications companies to step up network security in the aftermath widespread Chinese hacking campaign which gave officials in Beijing access to the private messages and telephone conversations of an unknown number of Americans.
The guidelines issued by the FBI and the Cybersecurity and Infrastructure Security Agency are intended to root out hackers and prevent similar cyberespionage in future. Officials who briefed reporters on the recommendations said the US still does not know the true extent of the Chinese attack or the extent to which Chinese hackers still have access to US networks.
In one sign of the global reach of China’s hacking efforts, the government’s warning was issued alongside the security agencies of New Zealand, Australia and Canada, members of the Five Eyes intelligence alliance, which also includes the US and Britain.
The massive cyberespionage campaign, dubbed Salt Typhoon by analysts, emerged earlier this year after hackers attempted to penetrate the networks of multiple telecommunications companies.
The hackers used their access to telecommunications networks to target the metadata of large numbers of users, including information about the dates, times, and recipients of calls and messages.
Hackers were able to retrieve the actual audio files of the calls and content from the messages of a much smaller number of victims. The FBI contacted victims in this group, many of whom work in government or politics, but officials said it was up to the telecommunications companies to notify users included in the first, larger group.
Despite months of investigation, the true scale of the Chinese operation, including the total number of victims or whether the hackers still have access to the information, is currently unknown.
The FBI said some of the information targeted by the hackers related to US law enforcement investigations and court orders, suggesting the hackers may have been trying to access programs subject to the Foreign Intelligence Surveillance Act, or FISA. The law gives US spy agencies broad powers to monitor the communications of people suspected of being agents of a foreign power.
But on Tuesday, officials said they believe the hackers were more broadly motivated, hoping to penetrate the nation’s telecommunications systems deeply to gain broad access to Americans’ information.
The proposals for telecommunication companies released Tuesday are mostly technical in nature, calling for encryption, centralization and consistent monitoring to prevent cyber intrusions. If implemented, the security measures could help end Operation Salt Typhoon and make it more difficult for China or any other nation to carry out a similar attack in the future, said Jeff Greene, CISA’s executive assistant director for cybersecurity and one of the officials who briefed reporters. . Tuesday.
“We’re under no illusion that once we get these actors out they’re not coming back,” Greene said.
Several recent high-profile hacking incidents have been linked to China in what officials say is an effort by Beijing to steal technical and government secrets while gaining access to critical infrastructure such as the power grid.
In September, the FBI announced that it did disrupted a major Chinese hacking operation which involved the installation of malware on more than 200,000 user devices, including cameras, VCRs, and home and office routers. The devices were then used to create a vast network of infected computers, or botnets, which could then be used to carry out other cyber crimes.
In October, officials said the hackers were linked to China was shooting phones then-presidential candidate Donald Trump and his opponent, Senator JD Vance, along with people associated with Democratic vice-presidential candidate Kamala Harris.
China has rejected accusations by US officials that it engages in cyber espionage against Americans.
On Tuesday, a spokesman for the Chinese embassy in Washington called the US accusations “disinformation”.
The Chinese government “resolutely opposes and fights all kinds of cyber attacks,” spokesman Liu Pengyu wrote in an emailed statement to The Associated Press. “The US needs to stop its own cyber attacks against other countries and refrain from using cyber security to smear and defame China.”