Talking Tech: A veritable typhoon of digital spying

By Frank Artusa

For as long as there have been nation states, spies have been hard at work trying to gather intelligence for strategic advantage. Historically, the direct victims of such efforts have been government agencies, the military and corporate intellectual property, but recent events have put us all in the crosshairs when it comes to our digital communications.

Though sophisticated methods like collecting radio frequency emanations, tapping above ground and undersea communications cables, and other signals intelligence techniques, have been historically employed by adversary nations, few could have predicted the massive data breach recently perpetrated by an elite hacker group attributed to the People’s Republic of China called Salt Typhoon.

Salt Typhoon, a codename assigned by Microsoft’s cyber threat intelligence team, was first discovered in Fall 2024 to have compromised telecommunications systems and networks belonging to Verizon, T-Mobile, Spectrum and several others. The widespread compromise involved the exposure of data associated with phone calls, voicemails, and text messages impacting millions of Americans. The true extent of this massive breach has yet to be revealed, and it’s unknown whether the affected systems have been fixed.

The idea that any hacker group could obtain access to such critical infrastructure and persist, undetected, for apparently up to a year or more, is difficult to comprehend. The Federal Government’s Cybersecurity and Infrastructure Security Agency (CISA) indicated that Salt Typhoon was able to obtain access due to unpatched network hardware and leveraging entry points designed for use  by law enforcement, or “backdoors”.

Some experts blame the Communications Assistance for Law Enforcement Act (CALEA), a 1994 digital wiretapping law that compels telecommunications companies to assist law enforcement in conducting electronic surveillance with a court order. This tool by the very nature of its existence presents a potential backdoor into the telecom’s network. However, federal, state, and local law enforcement authorities utilize this technique to investigate criminal activity, with probable cause, to uncover evidence of crimes ranging from gang activity, organized crime, public corruption and everything in between. This makes CALEA a double edged sword: supporters laud its criticality to criminal investigations and detractors argue for its potential misuse by hackers or a corrupt government. 

Despite the obstacle described above, in December 2024 the FBI and CISA took the bold step of recommending that individuals utilize communication apps that offer end to end encryption (E2EE). E2EE is an encryption methodology that is used by apps like Whatsapp, Signal, and iMessage (when communicating between apple devices). 

E2EE makes it impossible for an interloper to read data due the advanced encryption utilized to encode data. As an example, it would require thousands, if not millions of years for a supercomputer to break encryption implemented by these applications. Quantum computing, a radical new computer processing technology poses a threat, but this innovation is still years away and governments are aggressively working to develop quantum proof encryption as well.

A clear use of the government’s own utilization of this E2EE technology was recently demonstrated when U.S. national security and defense officials used Signal to communicate tactical war plans in Yemen, albeit with unintended recipients.

Threats posed by advanced nation states capable of funding top tier cyber espionage operations is growing, with dozens of capable groups originating from Russia, Iran and North Korea as well as China. Additionally, this doesn’t include independent cyber criminal groups looking to steal and sell personal data. Considering the wide array of potential threats to digital data, E2EE appears to be one of the few tools guaranteed to stop hackers from eavesdropping on digital communications.

Internet Crime Complaint Center — www.ic3.gov

Frank Artusa, a resident of Smithtown, is a current cybersecurity professional and retired FBI Special Agent.