Reports: China hacked Verizon and AT&T, may have accessed US wiretap systems

Chinese government hackers penetrated the networks of several large US-based Internet service providers and may have gained access to systems used for court-authorized wiretaps of communications networks, The Wall Street Journal reported Saturday. "People familiar with the matter" told the WSJ that hackers breached the networks of companies including Verizon, AT&T, and Lumen (also known as CenturyLink). "A cyberattack tied to the Chinese government penetrated the networks of a swath of US broadband providers, potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests," the WSJ wrote. "For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful US requests for communications data, according to people familiar with the matter." These "attackers also had access to other tranches of more generic Internet traffic," according to the WSJ's sources. The attack is being attributed to a Chinese hacking group called Salt Typhoon. The Washington Post reported on the hacking campaign yesterday, describing it as "an audacious espionage operation likely aimed in part at discovering the Chinese targets of American surveillance." The Post report attributed the information to US government officials and said an investigation by the FBI, other intelligence agencies, and the Department of Homeland Security "is in its early stages." The Post report said there are indications that China's Ministry of State Security is involved in the attacks.

Verizon reportedly working with FBI

Verizon reportedly set up a war room at its facility in Ashburn, Virginia, where it is working with personnel from the FBI, Microsoft, and Google subsidiary Mandiant. "Hackers apparently exfiltrated some data from Verizon networks by reconfiguring Cisco routers, said one current and one former US official familiar with the matter," according to the Post. "The fact that they were able to make changes in the routers without detection reflects the sophistication of the adversary but also raises questions about Verizon's security posture, analysts said." Both the Post and WSJ reports say it's possible that US wiretapping systems were penetrated but that it hasn't yet been proven. "There is some indication [the lawful intercept system] was targeted," a US security official told the Post. One US official told the Post that President Joe Biden was briefed about the breach. "Whether the hackers got access to actual lists of federal surveillance targets or their communications—or what they might have taken—is not clear, officials said," the Washington Post wrote. "It is also not clear whether the subjects of the surveillance at issue were targeted in domestic criminal investigations or in national security cases, such as espionage, terrorism, or cybersecurity." AT&T and Lumen declined to comment when contacted by Ars today. We also contacted Verizon and Cisco and will update this article with any comment. A spokesperson for the Chinese Embassy in Washington alleged in a statement to the Post that the "US intelligence community and cyber security companies have been secretly collaborating to piece together false evidence and spread disinformation" about the Chinese government supporting attacks on US targets. Some details of the Salt Typhoon campaign were reported by the WSJ on September 26, but that earlier story did not mention specific Internet service providers or the wiretap aspect.