Remember China’s Telecom Hack: The Perils of IT Backdoors, By Professor X
In December 2024, reports surfaced that the China-affiliated hacking group Salt Typhoon had exploited backdoors in U.S. telecommunications networks, specifically those mandated by the Communications Assistance for Law Enforcement Act (CALEA), to conduct widespread surveillance. This breach, which targeted major providers like AT&T, Verizon, and Lumen, and even accessed communications of high-profile figures like President-elect Donald Trump, has reignited a fierce debate about the dangers of government-mandated backdoors in technology. The incident, detailed in a Daily Sceptic article by Dr. R P, extracted below, underscores a critical vulnerability: backdoors intended for "lawful" surveillance are a double-edged sword, inviting exploitation by foreign adversaries and undermining both privacy and national security. This post explores the Salt Typhoon hack, the risks of CALEA backdoors, and the broader implications for digital infrastructure and individual freedoms.
The Salt Typhoon campaign, linked to China's Ministry of State Security, began as early as 2022 and targeted U.S. telecom networks with alarming sophistication. By compromising routers, switches, and CALEA-mandated "lawful intercept" systems, the hackers gained access to metadata, details about who communicated with whom, when, and where, and, in some cases, the contents of unencrypted calls and texts. The breach affected at least nine U.S. telecom providers and dozens more globally, targeting high-value individuals, including government officials and political figures. As reported by Reuters and Nextgov, the hackers exploited vulnerabilities in Cisco devices, some unpatched since 2018, to maintain persistent access, often using malware like the GhostSpider backdoor to evade detection.
The CALEA backdoors, established in 1994 to enable U.S. law enforcement to access communications with court approval, proved to be the Achilles' heel. These systems, designed to facilitate wiretapping, were not the initial entry point in all cases but became a critical target for Salt Typhoon, allowing them to monitor U.S. counterintelligence operations and potentially identify Chinese spies under surveillance. This breach, described by Senator Mark Warner as the "worst telecom hack in our nation's history," exposed the communications of millions, including sensitive government operations, raising fears of blackmail and strategic compromise.
The Salt Typhoon hack vividly illustrates the inherent risks of backdoors. As Dr. R. P. notes, CALEA mandates that telecom companies engineer their systems with interfaces for government surveillance, a requirement expanded in 2006 to include broadband providers. These backdoors, while intended for "lawful" use, create vulnerabilities that foreign actors like China can exploit. Security expert Bruce Schneier, cited in the Daily Sceptic, calls this "one more example of a backdoor access mechanism being targeted by the 'wrong' eavesdroppers." The Electronic Frontier Foundation (EFF) has long warned that backdoors cannot be exclusive to "good guys," as they are inevitably discovered and abused by adversaries.
The dangers are multifaceted:
1.National Security Risks: By accessing CALEA systems, Salt Typhoon potentially gained insights into U.S. surveillance targets, compromising counterintelligence efforts. This could allow Chinese operatives to evade detection, as noted by the FBI. Moreover, the ability to monitor high-value targets like Trump and Vice President JD Vance could yield sensitive political or strategic intelligence, increasing risks of coercion or strategic manipulation.
2.Privacy Violations: The breach exposed metadata and, in some cases, unencrypted communications of millions of Americans, undermining personal privacy. Metadata, while not revealing content, can map social networks and movement patterns, posing significant risks for individuals in sensitive roles.
3.Infrastructure Vulnerability: The reliance on outdated systems, like unpatched Cisco devices, and the failure to enforce CALEA's security requirements highlight systemic weaknesses. Reports indicate that some vulnerabilities exploited dated back to 2018, with telecoms neglecting available patches. This laxity amplifies the risk of future attacks, not just by state actors but by cybercriminals as well.
4.Global Reach: Salt Typhoon's campaign wasn't limited to the U.S., targeting telecoms in Europe, Asia, and beyond. Trend Micro reported compromises in Southeast Asian telecoms using the GhostSpider backdoor, indicating a global espionage network that threatens international security.
The irony, as Dr. R P points out, is that the U.S. government's push for surveillance capabilities has backfired. The very systems designed to protect national security have become a liability, with China "backdooring the backdoors."
The Salt Typhoon hack challenges the narrative that backdoors enhance security. Dr. R. P. argues that even if one trusts their government, backdoors invite exploitation by "every other government in the world and every well-resourced band of independent cyber-criminals." This view is echoed by privacy advocates like the EFF, which notes that CALEA, enacted when cell phones were rare, is ill-suited for today's internet-driven world. The UN and European Court of Human Rights have recognised encryption as a cornerstone of free expression, underscoring the human rights dimension of uncompromised privacy.
Yet, surveillance advocates, like MI5's Ken McCallum, argue that "exceptional lawful access" can coexist with privacy. Dr. R. P. challenges this, questioning the expertise of those making such claims and suggesting they prioritise bureaucratic interests over security. The Salt Typhoon breach proves that backdoors are not just a theoretical risk but a proven vector for foreign espionage, undermining the "national security" justification for surveillance.
The hack has spurred calls for reform. FCC Chairwoman Jessica Rosenworcel has proposed requiring telecoms to certify cybersecurity plans annually, aiming to enforce CALEA's security provisions. Senators like Ron Wyden advocate updating CALEA to eliminate backdoor mandates, arguing they are inherently insecure. Dr. R. P. suggests that figures like J. D. Vance, who has warned about backdoor risks, could leverage this incident to push for change, especially under a Trump administration sceptical of entrenched intelligence practices.
Moreover, the Daily Sceptic highlights the potential of figures like Edward Snowden and Julian Assange as advisors, given their long-standing warnings about surveillance vulnerabilities. Their expertise could guide efforts to strengthen encryption and secure infrastructure. The article also ties the issue to broader trends, like Trump's support for Bitcoin, which relies on robust cryptography, suggesting that decentralised, unbackdoored systems align with both civil liberties and national security.
The Salt Typhoon hack is a stark reminder that backdoors, like those mandated by CALEA, are a Pandora's box. They compromise privacy, expose critical infrastructure, and invite foreign adversaries to exploit the very systems meant to protect us. As Dr. R. P. argues in the extract below, governments must choose between clinging to surveillance powers that benefit "deep state" interests or prioritising the security of their citizens and infrastructure. The solution lies in embracing end-to-end encryption, as recommended by CISA and the FBI, and reforming outdated laws like CALEA to eliminate backdoors.
In a world where cryptographic algorithms are already public, governments cannot monitor every message, but they can ensure their infrastructure isn't a welcome mat for espionage. The Salt Typhoon breach is not just a cybersecurity failure; it is a call to rethink the balance between surveillance and security before the next hack strikes.
"Reports have recently emerged that malware from the China-affiliated Salt Typhoon group has been found exploiting CALEA (Commercial Assistance for Law Enforcement Act) backdooring systems within U.S. telecom networks as a means to surveil, for China, customers across America. These customers included U.S. Government officials, so it would seem probable that some of them may have, earlier in their careers, been the very people who demanded the CALEA backdooring systems be installed in the first place. The Chinese access to the system was maintained for months or more. This is therefore a good time to remind readers of the dangers of governments seeking emergency powers with which to access private information and systems. Even if, bizarrely, someone were to trust today's state officials in whichever country they are in, are they willing to trust every other government in the world and every well resourced band of independent cyber-criminals too? Because when one allows a backdoor for one government to be embedded somewhere, he is also allowing in all the other bad actors too.
The Bill Clinton Administration, which also wanted to compromise all computer hardware via a clipper chip scheme, passed CALEA in 1994. This mandated telecom companies to have interfaces within their systems to let backdoor capabilities be easily attached at a later point. With these interfaces in place the U.S. Government could be sure of an easy time when it came to the telecom companies with a specific demand, notionally court-approved, to snoop on somebody's private communications. Mostly this form of backdoor is able to collect metadata, as encrypted internet traffic's contents are immune to spying performed at this level of the network stack, but it can also spy on the content within conventional telephone calls and standard SMS messages if activated to do so. As U.S. companies built this into many telecom backend hardware products, they also ended up sold abroad in a mode which was initially inactive but for which activation was still technically possible. This lead to a number of scandals. Security expert Bruce Schnier has described the recent reports as "one more example of a backdoor access mechanism being targeted by the 'wrong' eavesdroppers".
Backdoors can of course be argued against on far wider grounds than just the obvious hazards they present when opened by a country other than the one who installed them. In rare moments of sanity both the UN, in the form of its Human Rights Office of the High Commissioner, and the European Court of Human Rights have recognised the importance of encryption-enabled privacy, without backdoors, describing it as, in effect, a human right on account of it providing a means to give people the confidence to speak freely. Whilst it is right to criticise many human rights lawyers, who seem to be interested primarily in maximising the range of things which the legal system pries into, thereby maximising their opportunities to take cases, the concept of actual real human rights when applied to the individual freedoms of everyone in this manner still holds worth. But no longer must those of us who care about our privacy use moral arguments as our only strand by which to oppose intrusion. Nor can surveillance apologists, any more, try to avoid criticisms on technical grounds by insisting that other parties getting control of a backdoor 'could never happen'. This news unquestionably demonstrates that backdoors are not just a human rights violation, but are now proven to be a means to let foreign adversaries easily attack your own nation's infrastructure.
Now would be a very good time for J.D. Vance to capitalise on his earlier warnings of the dangers of backdoors. Citing this latest development he should be able to easily fend off any bureaucrats seeking to persuade him to change his tune to their benefit.
Perhaps this news will also cause Ken McCallum, Director General of MI5, to reevaluate the ridiculous assertions which he made earlier this year that: "Privacy and exceptional lawful access can coexist if absolutist positions are avoided. World-class encryption experts are confident of this." To misquote Yes Minister, can he name even three of those supposed experts? If he can then have any of them actually written any code, or analysed any algorithms for themselves, in the last 10 years? Have any of them recently said a little prayer to the god of null pointer dereferencing whilst clicking to compile code for the 50th time? Or are they managerial yes-men in the mould of Whitty, Vallance or Fauci? Mr. McCallum is clearly not a fool: he has shown himself to be level-headed when warning of the dangers of cosying up to the Chinese Communist Party and the dangers of depending on Russian gas supplies. In the light of this news might he recognise just how incorrect his "exceptional lawful access" statement was, and that introducing deliberate vulnerabilities of any kind into any system serves not only to cosy up to the Communist party, but indeed roll out the red carpet for it.
Lastly, if Donald Trump should, hopefully, pardon both Snowden and Assange, then he'd do well to hire them as advisers in the wake of this news. He'd do well to hire them even if they'd only be willing to work remotely from somewhere that the U.S. intelligence apparatus can't so easily menace them. They've both been warning of this kind of thing for over a decade. With Trump now coming into power as an anti-establishment politician, who has for his upcoming presidency carefully chosen a Cabinet of people not allied to what can be termed the deep state, there is a much better chance that he will finally end the era of mass surveillance than could have been hoped for under a Democrat party which had repeatedly renewed NSA powers. Furthermore, as Trump seems rather keen on Bitcoin, he has all the more reasons to make sure the integrity of cryptography and of telecom and internet infrastructure remains sound. Despite limitations, such as extreme fluctuations relative to other currencies, which presently make Bitcoin impractical for typical transactions, what is good for decentralised cryptocurrencies tends to have side effects good for freedom as a whole. Here is a scenario where civil liberties and actual national security, the security of individuals and small-to-medium businesses within a nation rather than the job security of intelligence agency busybodies, are in fact aligned, and together they say no to backdooring.
As Michael Shellenberger said: "The idea that we must censor speech to protect democracy ranks with other Orwellian ideas like 'War is peace' and 'Slavery is freedom'." The argument for backdoors as a means to protect national interests has now been thoroughly exposed to be just as absurd. The time has come for governments across the West to decide what is more important: protecting Sir Humphrey Appleby of the deep state from the sack, or protecting entire countries from autocracies abroad. Governments making that decision should also bear in mind that working unbackdoored cryptographic algorithms are already in the public domain and it will always be possible for private messages to be exchanged which governments cannot read. It will always be possible also for messages to be exchanged anonymously, that is to say without metadata which governments can use to map out who is contacting whom and which the CALEA backdoors are particularly focused on collecting. The decision governments must take is therefore between a world in which they make the infrastructure of our nations vulnerable, yet still can't actually spy on all the people they wish to, and a world in which they abandon petty snooping and focus on keeping infrastructure working (and apolitical) for the people who elected them."
Comments