US intelligence and law enforcement agencies are currently facing a major challenge as they try to contain the damage caused by a widespread Chinese espionage campaign targeting US telecoms. This includes the Department of Defense, which has come under scrutiny for its failure to secure its unclassified telephone communications from foreign espionage.
In a letter addressed to the DOD inspector general on Wednesday, Senators Ron Wyden and Eric Schmitt called for an investigation into the department’s security vulnerabilities and its handling of the situation. The FBI and the Cybersecurity and Infrastructure Security Agency have confirmed that a China-linked hacking group, known as Salt Typhoon, has been infiltrating major US telecom companies for over a year. The operation reportedly targeted high-profile individuals such as President-elect Donald Trump and his campaign officials, as well as subjects of interest on the US Justice Department’s “lawful intercept” wiretap list.
Verizon and AT&T, along with other domestic and international telecoms, were among the targeted companies. The US government has been investigating the situation since the spring and is currently working with the affected companies to remove the hackers from their networks and strengthen their defenses against future attacks.
However, the DOD itself was also exposed in this espionage campaign. In their letter, Senators Wyden and Schmitt emphasized that this incident should serve as a wake-up call to all government officials who have neglected to address the issue of communication security, despite repeated warnings from experts and Congress.
The letter also includes two DOD white papers from 2024, which acknowledge the security vulnerabilities of the telecoms the department has contracts with. The DOD stated that it has taken some measures to mitigate these vulnerabilities, such as using encryption for its own communications. However, the department also admitted that certain vulnerabilities, such as the potential for location tracking on mobile devices, can only be addressed by the telecoms themselves.
In August, the DOD responded to questions from Senator Wyden’s office, stating that using encrypted phone communication is acceptable for transmitting nonpublic unclassified information. However, the senators also provided evidence that US telecoms have conducted audits of their systems related to the telecom protocol known as SS7, but have not shared the results with the DOD.
This situation highlights the urgent need for government agencies to prioritize communication security and work closely with telecom companies to address any vulnerabilities. The consequences of failing to do so can have serious implications for national security.