How China’s Cyber Threat Looms Over America
13:40 Share

This episode is brought to you by Amazon. Sometimes the most painful part of getting sick is the getting better part. Waiting on hold for an appointment, sitting in crowded waiting rooms, standing in line at the pharmacy, that's painful. Amazon One Medical and Amazon Pharmacy remove those painful parts of getting better with things like 24-7 virtual visits and prescriptions delivered to your door. Thanks to Amazon Pharmacy and Amazon One Medical, healthcare just got less painful.

Welcome to Tech News Briefing. It's Wednesday, January the 8th. I'm James Rundle for The Wall Street Journal. Chinese hackers have been a menace in cyberspace for years, targeting the US government and the private sector, as well as presidential campaigns. But revelations about how deeply its hackers have penetrated US critical infrastructure have worried senior intelligence officials.

We'll hear from our reporter Dustin Volz about how Chinese digital spies have infiltrated some of the most vital organizations in the US, positioning themselves to cause havoc if a conflict breaks out. Two massive hacking operations named Salt Typhoon and Vault Typhoon by researchers have spooked intelligence officials. Chinese hackers have broken into systems across ports, pipelines, water treatment systems and airports across the US in recent years,

and done nothing. That's according to senior US officials, who say China is preparing to unleash chaos if America were to intervene in a future conflict, likely over Taiwan. Separately, Chinese spies also infiltrated the networks of major telecoms providers, enabling them to spy on text messages and phone calls from government officials, political figures and others. The WSJ interviewed dozens of national security, law enforcement and private sector officials about these attacks,

Our reporter Dustin Volz joins us to discuss how serious China's intrusions are and what Washington is doing about it.

Justin, China has been in the headlines a lot in the past year for cyber activity. Can you put this in perspective? How sophisticated and aggressive have its actions been with its recent campaigns compared with its past activity? China has always been pretty aggressive in cyberspace and for really 15, 20 years now has been targeting US systems, private sector companies, government agencies. In 2008, for example, they hacked both the Obama and McCain presidential campaigns. So

So cyber aggression from China is nothing new. What's new here and what they're doing now is just different and alarming to senior U.S. intelligence officials because instead of stealing private intellectual property from businesses or just mass quantities of personal data, they're breaking into scores of critical infrastructure companies

systems, think pipelines, water sanitation systems, regional airports, for the purpose of preparing for a future conflict, likely over Taiwan, and trying to basically deter or intimidate the U.S. from engaging in a hot conflict. And that, combined with these separate intrusions into U.S. telecom networks that have been going on for well over a year in some cases, and

have allowed the Chinese hackers to surveil high profile targets by listening to their phone conversations and in some cases, reading their text messages. These two attacks have combined to really put US officials on a new level of concern about what Beijing's been doing and just how not only sophisticated, but how vast their cyber hacking resources really are. So what has China actually been doing once it's compromised these systems?

In the critical infrastructure attacks, which researchers call Volt Typhoon, they aren't actually disrupting systems. They're not taking down airports or slowing systems to a halt or anything like that. But what they are doing is lying in wait, essentially. They're getting in and waiting for future tasking orders to potentially do something that is more disruptive. And the reason U.S. officials are so convinced that this is what they're doing is

They're breaking into systems with no clear intelligence value, nothing really worth stealing. So they might break into a municipal emergency response system in Los Angeles, for example, and then lying in wait for months on end, or in some cases years, and periodically checking back to make sure that they have maintained that access into the systems. That's it.

The inaction there is what's being seen as so alarming by U.S. and Western security officials, because if they're just lying there and wait, what are their future plans? And the assessment is that their future plans are to wait until there is a conflict directly with the U.S., and then they can start doing things to disrupt these systems. Sure. And when we start talking about power grids, about water treatment facilities, about ports, pipelines, it has a very chilling effect. What has Washington done about this?

A year ago, last January, senior U.S. officials actually came forward and disclosed a lot of the critical infrastructure hacking activity. There was an effort to dismantle a botnet, which is sort of hijacked computer systems that were being used to help the Chinese enter these systems. So the authorities came out and dismantled that botnet. They made it very clear publicly that they didn't tolerate this activity and that they were looking for other victims and they were sharing threat intelligence information.

with these different sectors in hopes that they would find other places that the hackers have been burrowing and hiding. And that's what they've been doing for now a couple of years is detecting dozens of critical infrastructure systems across the country where they are sort of lying in wait and have maintained persistent access. So the campaign to educate these often under-resourced hackers

critical infrastructure systems, these providers, to help them protect their systems. The campaign to educate them continues. They're finding the hackers in more places. But what's alarming is that at the same time that the White House and others have been pushing to try to deal with this issue of the infrastructure hacking, a separate group of Chinese hackers linked to their top intelligence agency

had been very sneakily embedding itself into U.S. telecommunications infrastructure and doing so in a way where they were able to, in some cases,

surveil directly the conversations of senior U.S. officials and political figures, and also access U.S. law enforcement systems they use to wiretap criminal suspects, including potentially Chinese spies in the U.S. It's sort of just, you know, you try to address one problem and then you wake up and there's a whole other crisis. Chinese hackers are everywhere all at once and they're preparing for war. And that's really sort of what's so frightening right now for a lot of U.S. officials.

What has the Chinese government said about this? The Chinese government has denied this repeatedly. In fact, U.S. officials, including Secretary Blinken, have attempted to directly confront senior Chinese Communist Party officials. Last April, while visiting China, Secretary Blinken actually presented essentially evidence saying that

we know that you're in all these systems, that your hackers are doing these things, and we really need you to cut it out. And China basically said, we have no idea what you're talking about. This looks like it might be a criminal ransomware group, if anything. We have nothing to do with it. Please stop with these fabricated assertions. And then publicly, Chinese officials will say that they are not doing anything that the U.S. isn't also doing. These are smears, these are lies. The true criminal out there when it comes to cybersecurity is the U.S. government. So that is how China has been responding.

Coming up, we hear about how hackers managed to breach systems at telecom giants and the challenge this presents for President-elect Donald Trump's administration. That's after the break. Taxi! Imagine hailing a cab with no one in the driver's seat. Welcome. Please buckle your seatbelt and enjoy the ride.

Self-driving car company Waymo has spent billions developing its tech. What's changed is machine learning. I'm not really thinking about who's driving. But will this big bet pay off for Waymo and its parent, Google owner Alphabet? Find out in Driverless, Waymo and the Robotaxi Race, a new series in the WSJ's Future of Everything feed.

You mentioned earlier that a lot of critical infrastructure companies tend to be poorly resourced when it comes to cybersecurity. Major telecoms companies we don't generally associate with a lack of resources. Do we know how China has achieved such unprecedented compromise into all these companies? We know some details about it. It's still sort of an evolving process and investigators continue to learn more. But we know that in the telecom hacks, it appears as though in China,

All or nearly all cases, the intrusions relied on unpatched vulnerabilities that were known to the public and known to security analysts and experts. In other words, there was aging old telecom infrastructure that was leveraged and accessed by the hackers because

They just didn't have the defenses that they needed and they hadn't been patched and they weren't up to date. And there will be a lot of finger pointing to come in the months ahead as investigators continue to sort through this. But that's really stunning because, as you said, these are well-resourced telecommunications companies. The victims include Verizon and AT&T, the two biggest in the U.S., as well as a lot of other ones that are smaller. But in each case, and each case was different in some respects, the hackers were able to

hijack large network routers, essentially, and use those to conceal their activity, to cover their tracks, to do a lot of espionage. And U.S. officials in the Biden administration have really pushed over the last four years to install minimum cybersecurity mandates for different industries. For example, after the Colonial Pipeline hack of 2021 that briefly led to the shutdown of the largest conduit of fuel on the East Coast, the

The Biden administration pushed forward mandates for pipelines, cybersecurity mandates that basically made it so that they had to comply with baseline requirements for cybersecurity. The administration has done this in a couple of other industries as well, including aviation, but they haven't done it in telecoms. And the officials I spoke to about this asking them why.

It's for a number of reasons. Government can be slow, but also a lot of folks thought that telecoms were actually already well-resourced, that they had a pretty good sense of their cybersecurity and were able to invest in it heavily already, and that they didn't need these kinds of executive action resources.

regulatory mandates the same way that some of the other industries seemingly were more urgent and needing of attention. And so now you're seeing that the Federal Communications Commission and others are taking a look at what they can do to potentially increase the cybersecurity standards for telecommunications networks. And the companies are saying they recognize that the cybersecurity is existential for them and that they need to do more to make sure that these types of attacks are dealt with and hopefully don't happen again.

So the big question is, now that we know the hackers have been in the networks, are they still there? So the companies say that they believe they have basically addressed this issue in the telecom hacks with the group that researchers at Microsoft and elsewhere have called Salt Typhoon. They say that they're out, essentially, but U.S. officials say that they're not so sure. A number of people we spoke to who are deeply involved in the investigation here said that they were surprised to see these statements from

some of the carriers and that the compromises were so deep that

and so vast within the major telecommunications networks that it's really going to be hard to definitively say that they are fully out of the network. And to do so at this stage might be somewhat premature. And of course, we have a new administration coming in a few weeks, which is resulting in the resignation of a number of senior cyber officials who have been dealing with this. Jenny Sully, the director of the Cybersecurity Infrastructure Security Agency. Harry Koch, the national cyber director. How much of a challenge does this present for the incoming administration?

It's a huge challenge for the incoming Trump administration and some officials, including President-elect Trump's nominee to be chairman of the Federal Communications Commission, Brendan Carr, have spoken about the telecom hacks and said it's a priority and that we need to do more to deter China from

It's absolutely a key national security issue for them. It's unclear what President-elect Trump will do here with China, but he's obviously been very, very tough rhetorically on China. So it remains to be seen how they're going to address this and whether or not they're going to be supportive of these cybersecurity mandates on industry that historically Republicans in Congress and elsewhere have been resistant to. They often favor more voluntary arrangements for cybersecurity. That was our reporter, Dustin Fowles.

That's it for Tech News Briefing. Today's show was produced by Julie Chang with supervising producer Catherine Milsom. I'm James Rundle for The Wall Street Journal. We'll be back this afternoon with TMB Tech Minute. Thanks for listening.