"WASHINGTON -- U.S. officials are racing to understand the full scope of a China-linked hack of major U.S. broadband providers, as concerns mount from Congress that the breach could amount to a devastating counterintelligence failure.
Federal authorities and cybersecurity investigators are probing the breaches of Verizon Communications, AT&T and Lumen Technologies. A stealthy hacking group known as Salt Typhoon tied to Chinese intelligence is believed to be responsible. The compromises might have allowed hackers to access information from systems the federal government uses for court-authorized network wiretapping requests, The Wall Street Journal reported last week.
Among the concerns are that the hackers essentially could have been able to spy on the U.S. government's efforts to surveil Chinese threats, including the FBI's probes.
The House Select Committee on China sent letters Thursday asking the three companies to describe when they became aware of the breaches and what measures they are taking to protect their wiretap systems from attack.
Spokespeople for AT&T, Lumen and Verizon declined to comment on the attack. A spokesman at the Chinese Embassy in Washington has denied that Beijing is responsible for the alleged breaches.
Combined with other Chinese cyber threats, news of the Salt Typhoon assault makes clear that "we face a cyber-adversary the likes of which we have never confronted before," Rep. John Moolenaar, the Republican chairman of the House Select Committee on China, and Raja Krishnamoorthi, the panel's top Democrat, said in the letters. "The implications of any breach of this nature would be difficult to overstate," they said.
Hackers still had access to some parts of U.S. broadband networks within the past week, and more companies were being notified that their networks were breached, said people familiar with the matter. Investigators remain in the dark about precisely what the hackers were seeking to do, said people familiar with the response.
The breaches are considered by some investigators to be a possibly catastrophic security lapse that could have enabled China to spy on U.S. domestic wiretapping efforts, but others have cautioned that it is too soon to know the severity of the intrusions.
In separate letters also sent Thursday to the companies, Cathy McMorris Rodgers (R., Wash.), the chairwoman of the House Energy and Commerce Committee, and other lawmakers on Capitol Hill pressed for answers and requested briefings this month.
Sen. Ron Wyden, a Democrat on the Senate Intelligence Committee and a leading voice in Congress on cybersecurity issues, said in his own dispatch Friday to the Justice Department and the Federal Communications Commission that the companies are responsible for their own cybersecurity failures but that "the government shares much of the blame."
The agencies for decades ignored warnings about vulnerabilities in systems required to comply with law-enforcement surveillance requests, Wyden wrote. His office separately asked the FCC for security and integrity plans submitted by AT&T, Verizon, and Lumen under the Communications Assistance for Law Enforcement Act, the federal law that requires telecommunications firms to allow U.S. agencies access to data pursuant to a court order.
The view of the Salt Typhoon hack in Washington has evolved since it was first disclosed publicly by the Journal two weeks ago, when many senior Biden administration officials -- and the companies themselves in some cases -- weren't yet aware of the intrusions.
The hack is one of several ongoing cyber campaigns linked to Beijing's intelligence services that have stunned U.S. officials both in terms of their sophistication and audacious intent. Other recent hacks tied to China have focused on maintaining quiet but persistent access to vital infrastructure ranging from airports to energy providers and water treatment systems.
In contrast, the Salt Typhoon compromise is being treated by the Biden administration as a more traditional cyber-espionage threat.
"If Chinese intelligence operatives were able to get access to the government's foreign-intelligence surveillance systems, either with the ability to identify all or a significant portion of the targets under collection, it would be a counterintelligence failure of the highest order," said Jamil Jaffer, a former White House national security official and executive director of the National Security Institute at the George Mason University's Scalia Law School." [1]
1. U.S. News: U.S. Weighs Severity of China's Hacks --- Lawmakers ask companies what they are doing to protect wiretap systems. Volz, Dustin; FitzGerald, Drew. Wall Street Journal, Eastern edition; New York, N.Y.. 12 Oct 2024: A.7.
Komentarų nėra:
Rašyti komentarą