China-backed hackers have breached the wiretap systems of several major U.S. telecom and internet providers, exposing critical vulnerabilities and likely collecting vast amounts of internet traffic to gather intelligence on Americans.
These wiretap systems, required by the 1994 Communications Assistance for Law Enforcement Act (CALEA), grant authorised personnel (e.g. law enforcement agencies) almost unfettered access to user data, including internet traffic and browsing histories. However, these systems have long been viewed as security risks, with experts warning of their potential misuse. For example, Georgetown Law professor Matt Blaze called the breach “inevitable,” highlighting the inherent dangers of building backdoors meant for lawful purposes, which are prone to exploitation by malicious actors.
The Wall Street Journal recently reported that the hacking group, known as ‘Salt Typhoon’, breached at least three of the largest U.S. providers - AT&T, Lumen, and Verizon - to access these systems. While the full extent of the damage remains unclear, some US national security sources have described the breach as potentially catastrophic. The hackers are thought to be positioning for future cyberattacks, possibly as part of tensions between the U.S. and China over Taiwan. The breach has reignited debate over the risks of government-mandated backdoors, with experts like Stanford’s Riana Pfefferkorn pointing out that such systems “jeopardise” rather than protect users.
The revelations come amidst growing global concern over government backdoors and encryption, with other countries, including those in the EU, also considering legislation that could weaken digital security. Signal president Meredith Whittaker echoed warnings that “there’s no way to build a backdoor that only the ‘good guys’ can use,” underscoring the wider implications of the breach.
To guard against the risk of such attacks, the advice for businesses is to use strong encryption, limit data access to the minimum necessary personnel, and continuously review and update security practices to close potential vulnerabilities in systems.