Ahhhh spying. The world’s second-oldest profession. It’s a bit like sniffing your own socks: nobody likes getting caught, but everyone does it.
And yet, something big has been happening lately, with US officials using increasingly spicy language to describe one of China’s hacks: the outgoing FBI director argues it’s “the most significant cyber espionage campaign in history“, and both Dems and Republicans largely agree, with one senator describing a classified briefing he attended as “breathtaking”.
So let’s get you up to speed. Who’s behind this hack?
Stay on top of your world from inside your inbox.
Subscribe for free today and receive way much more insights.
Trusted by 146,000+ subscribers
No spam. No noise. Unsubscribe any time.
China’s various hacking groups seem linked to the Ministry of State Security, its main intelligence agency. The groups get their nicknames from Microsoft, which has a naming system that uses ‘Typhoon’ for espionage-focused groups from China, such as:
- Silk Typhoon, which just hit the US Treasury, a key player in US sanctions, export controls, and the secretive ‘CFIUS’ body to scrutinise foreign investment
- Volt Typhoon, which aims at disrupting US water, transport, energy, and other infrastructure in case of a war, to spook citizens and wobble any US response, and
- Salt Typhoon, which targets digital infrastructure not just in the US but across the broader West and beyond.
So why’s everyone specifically worried about that last one, Salt Typhoon? It’s a mix of the group’s methods, targets, scale, and the resulting implications.
The methods look sophisticated, using a layered approach to exploit old equipment and lax practices to patiently gain access to key targets, which form the backbone of pretty much the entire US internet and communications networks.
Once inside, the hackers then exploit the trust between firms to expand to the next, achieving a massive scale: we’re talking about the ability to geolocate millions of Americans, listen to calls, read texts, and so on. And the implications of that are vast —
- a) Lots of the priority targets appear to have been in the DC area, with possible insights into how the US is thinking about China and pretty much everything else
- b) The hackers also potentially got the names of people under court-approved US surveillance, offering a valuable heads-up on who the US suspects as spies, and
- c) Any good intel agency can also use that vast amount of broader hacked data to paint a detailed picture of who makes what US decisions, how, and what their vulnerabilities might be.
So why’s nobody talking about all this? Well they are — the WSJ first broke this story in September, and (with other outlets) has continued to fill out the picture. But this still isn’t dominating the public debate anywhere near as much as, say, the great spy balloon saga of 2023.
Why not? The details have emerged slowly, are hard to measure, and are often very technical, while the US elections have not only dominated public attention, but also complicated the US ability to respond during a transfer of power. Which brings us to…
What’s the US doing about this?
It’s all spurred plenty of US activity in amongst the panic: DC is now banning the remaining US operations of China Telecom, mulling a ban on China’s TP-Link routers, and even pondering a mass ‘rip and replace‘ operation to swap out every router in the country, building on more targeted efforts already underway.
Plus President Biden is reportedly finalising a cybersecurity executive order for his final days in office, while Trump 2.0 is hinting he might go more on the offence to raise the costs on China’s intelligence services, with hopes of deterring them from any repeats.
Anyway, it’s all shaping up as a costly exercise to bolster US resilience. But it’s also a timely reminder that the one thing costlier than cyber security is the very lack of it.
INTRIGUE’S TAKE
There are a few things we find fascinating about this story.
First, the brazen nature of this hack reflects changes in both China’s capability but also intent: more confidence in challenging US power, even as its own economy sputters.
Second, US security has long rested on a vast gap (technological, economic, military) with the rest of the world, but this latest hack highlights the pressures on that gap.
And third, it’s a reminder of how security works both ways: one of the vulnerabilities China exploited appears to have been the very system the US uses to wiretap suspected spies via back doors built into US tech and telco companies; and likewise, one of America’s own defensive responses seems to be the very same encrypted apps it’s previously criticised for providing security to spies, criminals, and terrorists.
All that to say… there’s no end destination in security. Rather, it’s a constant journey.
Also worth noting:
- China’s foreign ministry has rejected the Salt Typhoon allegations, instead describing the US as “the biggest threat to global cybersecurity.”