Chinese hackers accessed sensitive cellular logs on a vast number of Americans after penetrating inside a swathe of U.S. telecommunications providers earlier this year, according to two people involved in the response to the hacks.
The two people said a China-backed hacking group dubbed Salt Typhoon gained access to a vast trove of so-called Call Detail Records. Those contain information on who Americans talk to, how often, and when, as well as detailed location data afforded by 5G networking services.
It is not clear if the Chinese hackers stole any of that data or exactly how much they were in a position to exfiltrate, the two people said. Both were granted anonymity due to the ongoing nature of the breaches.
The possible theft of cell records pertaining to millions of Americans has become one of the leading concerns for investigators as they struggle to evict Salt Typhoon from some of the nation’s leading phone companies.
The Biden administration first acknowledged it was investigating “unauthorized access to commercial telecommunications infrastructure” by Chinese hackers two weeks ago. But it has been tightlipped about the cyber intrusion since, even as press reports have emerged suggesting it is one of the most serious breaches in recent years.
The intrusions were first reported in September, but it’s unclear how long Salt Typhoon has lurked inside the county’s telecommunications backbone.
By burrowing inside at least 10 major phone providers, including Verizon, AT&T and Lumen, Salt Typhoon was able to eavesdrop on unencrypted communications from the phones of dozens of senior U.S. political figures, including President-elect Donald Trump and his running mate JD Vance, the New York Times reported last month. Overall, the Chinese likely pinpointed thousands of people for such targeted surveillance, the Wall Street Journal reported Tuesday. The Journal report said Salt Typhoon “appeared to have had the ability” to access data on almost any American, but did not confirm that the group had done so.
The revelation that the hackers accessed the large trove of Call Detail Records adds a significant new dimension to the Chinese spying caper, indicating that Beijing was not just trying to steal communications data from a shortlist of high-profile targets — but potentially sought to snoop on millions of Americans.
“I would say it’s the broadest scope of data that a foreign person has been known to have access to,” said the first person responding to the hacks.
Verizon, AT&T and Lumen did not immediately respond to a request for comment.
The Biden administration has not yet said it has been able to evict the Chinese from phone companies’ networks. The National Security Council did not respond to a request for comment.
The leak of Call Detail Records would constitute a significant national security risk, potentially allowing Beijing to identify American spies, glean intimate details on the lives of U.S. political or business figures, or trace the movements of American troops and law enforcement personnel.
The latter risk, in particular, has worried government investigators.
5G infrastructure is more densely distributed than traditional cell towers. That means providers now retain data that can in some cases pinpoint a phone to within a few meters of the owner’s location — which is far more precise than what was possible in the past. “That’s hugely important for Chinese intelligence,” said the first person.
It is not clear if the Chinese accessed the logs at one telecommunications provider or several, for how long, and whether they still retain access to it. The Wall Street Journal reported Tuesday that Salt Typhoon embedded itself inside some providers at least eight months ago.
Those types of basic questions have proved exceptionally difficult to answer, and the uncertainty surrounding them is emblematic of what some believe is the bigger problem in the breaches: spotting an elusive Chinese hacking crew — and kicking them out.
Salt Typhoon has embedded itself inside often-aging networking equipment, including routers and switches, that do not run the Windows operating system and are hard for digital forensics experts to probe, the second person said. The enormous size and complexity of the phone providers’ networks have exacerbated the work of spotting the Chinese, both people added.
“It’s not a traditional compromise, it’s all this niche networking stuff,” the second person said. “It is hard to figure out how they landed there.”
