White House deflects blame for Chinese hacking episodes made possible by feds

In a Friday call, the White House’s head of cybersecurity revealed that a ninth telecom company has been attacked by Chinese communist hackers.

The coordinated attacks, dubbed Salt Typhoon, were able to track the precise geolocations of prominent American politicians and record conversations.

“The Chinese gained access to networks, essentially had broad and full access,” Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger told reporters on Friday about the hacks.     

The Biden administration official said that “voluntary” cybersecurity practices by telecom companies have been inadequate to protect against attacks from China, Russia and Iran targeting critical U.S. infrastructure.  

The result is that the Biden White House wants the Federal Communications Commission’s (FCC) five-member board to take immediate action to toughen up required security rules on the telecom industry before President-elect Donald Trump is inaugurated Jan. 20.   

The White House has been pushing for broader regulation of the telecom industry since the Chinese breach, with the FCC proposing a new rule which would create “a legal obligation for telecommunications carriers to secure their networks against unlawful access and interception.” 

But critics have charged that the communist hacking scheme was the direct result of telecoms providing the federal government and law enforcement with access for eavesdropping on customers via the internet, which is now integral to all of the telecom systems. 

The hack took advantage of “backdoors,” which were created under the Communications Assistance for Law Enforcement Act (CALEA) to give law enforcement unfettered access to wiretapping the internet, said one internet privacy advocate, the Electronic Frontier Foundation (EFF). 

“That’s right: the path for law enforcement access set up by these companies was apparently compromised and used by China-backed hackers” in Salt Typhoon, said the EFF, which opposed the CALEA law passed in 1994. 

The system, called the “lawful intercept” system, is a portal that tracks phone metadata, including call records that detail the timing, duration and participants of conversations, and geolocation data used for tracing communication and movement patterns, said NextGov.com, a government trade publication.  

Intercept requests are approved by a telecom company “overseer,” according to NextGov, which likened the latest incident to the SolarWinds hacking scandal in 2020. 

In that breach, the company SolarWinds, whose customers included the U.S. Department of Defense, the Department of Homeland Security and the Treasury Department , saw Russian hackers enter those systems through a backdoor password of “solarwinds123,” said the government trade publication. 

Still, Neuberger said that in light of the attacks, the White House will be looking to also strengthen rules regarding healthcare information security as well under the Health Insurance Portability and Accountability Act (HIPAA).   

“The cost of not acting is not only high, it also endangers critical infrastructure and patient safety,” said Neuberger. 

However, one private cybersecurity expert said the White House is simply trying to deflect blame from the federal government’s law enforcement and intelligence branches for the cyberattacks.  

“By being actively hostile to end to end encryption apps, FBI and DOJ has created the playing field on which Salt Typhoon now operates,” said Jake Williams, vice president of research and development at Hunter Strategy, a cybersecurity firm. “They’re every bit as culpable for texts being intercepted as FCC is for the robocall epidemic.”  

Earlier this month, the Commerce Department took additional measures to ban Chinese telecoms from U.S. networks, in part because of the Salt Typhoon attacks.  

That followed a 2019 executive order by President Trump that allowed the U.S. to ban purchases of foreign-made telecommunications equipment, a ban that was a major blow to Chinese telecom giant Huawei.   

Rep. Mike Waltz, R-Florida, who has been named National Security Advisor by Trump, said that passive defense of America against hacking is not enough.  

“We need to start going on offense and start imposing higher costs and consequences to private actors and nation state actors that continue to steal our data, that continue to spy on us, and even worse, with the [Salt] Typhoon penetration, that are literally putting cyber time bombs on our infrastructure, our water systems, our grids, even our ports,” Waltz told CBS News’ Face the Nation.