US panel to probe cyber failures in massive Chinese hack of telecoms

The panel will investigate how Chinese hackers breached several US telecommunications networks, seeking to spy on prominent Americans including Donald Trump, Kamala Harris.

Dustin Volz

2 min read

4 hours ago

Dow Jones

Both Kamala Harris and Donald Trump were targeted in the hack attack. Picture: AFP.

A US government panel plans to investigate how Chinese hackers breached several US telecommunications networks, seeking to spy on prominent Americans including former President Donald Trump and associates of Vice President Kamala Harris’s campaign, according to people familiar with the matter.

The probe by the Cyber Safety Review Board will examine the lapses that allowed the hackers, who are believed to be working for a Chinese intelligence agency, to orchestrate a series of intrusions that some Biden administration officials fear amounts to a major espionage coup against the U.S.

“The Cyber Safety Review Board will initiate a review of this incident at the appropriate time,” a Department of Homeland Security spokesman confirmed in a statement to The Wall Street Journal. DHS oversees the board, which consists of senior officials and private-sector security experts.

It wasn’t clear when the board will begin its investigation. The Biden administration is still actively responding to the fallout from the intrusions into the telecommunications firms, which were first revealed by the Journal last month. Such a probe is likely to take months and would yield a public report.

The hackers, dubbed Salt Typhoon by investigators, are believed to have compromised the phones of a number of prominent individuals in politics and national security, including some in the US government, according to people familiar with the matter. It is unclear if attempts to steal data from Trump and GOP vice-presidential nominee JD Vance as well as from Harris’s associates were successful.

There could be valuable information to foreign spy services on the phones of top U.S. politicians, including text messages and phone-call records.

The known scope of the attack, which compromised Verizon Communications, AT & T and Lumen, among others, has grown substantially in recent weeks as the investigation has progressed.

The hackers are believed to have targeted systems used by the companies to comply with court-authorised surveillance wiretaps. They attempted to surveil the phones of Senate Majority Leader Chuck Schumer’s staff and of officials within the Biden administration, according to people familiar with the matter.

In total, investigators now believe that the hackers targeted – and in some cases successfully compromised – at least several dozen different companies and people. They attempted but failed to access an account belonging to a Journal reporter after that reporter published articles about the group’s activities.

The Cyber Safety Review Board, formed in 2022 by President Biden, is tasked with examining significant cybersecurity events that affect government, business and critical infrastructure. It is loosely modelled on the National Transportation Safety Board, which investigates and issues public reports on airplane crashes, train derailments and other transportation accidents.

The panel has previously issued reports on vulnerabilities related to the open-source software logging tool called Log4j, a global cyber-extortion group, and the Chinese hack of Microsoft emails belonging to officials at the State and Commerce departments discovered last year.

Dow Jones