US lawmakers launch investigation into alleged Chinese infiltration of top telecoms

US lawmakers have launched an investigation into reports that Chinese cyberspies, known as Salt Typhoon, infiltrated the networks of three major telecommunications companies—Verizon, AT&T, and Lumen Technologies—and breached their wiretapping systems. The alleged hacking has raised concerns about national security, with federal regulators urged to hold the companies accountable for their cybersecurity lapses.

Senator Ron Wyden (D-OR) spearheaded the call for action, writing a letter to US Attorney General Merrick Garland and Federal Communications Commission (FCC) Chair Jessica Rosenworcel. In his letter, Wyden demanded that federal agencies take immediate steps to protect US telephone and broadband networks from hackers.

"I write to insist that your agencies finally act to secure US telephone and broadband companies' wiretapping systems from hackers," Wyden stated in his letter sent on Friday last week. He stressed the need for updated security measures, arguing that the current systems are outdated and vulnerable to exploitation.

Just a day before Wyden’s letter, the US House Select Committee on China also sent a letter to the CEOs of Verizon, AT&T, and Lumen Technologies, requesting a closed-door briefing. The lawmakers want to find out about when the telecom giants first discovered Salt Typhoon on their networks and what actions they have taken to enhance their cybersecurity measures.

This probe follows a separate hearing by the same committee earlier this year, which addressed another Beijing-linked cyber espionage group, Volt Typhoon, that had compromised US critical infrastructure networks. Representatives John Moolenaar (R-MI) and Raja Krishnamoorthi (D-IL), who lead the Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party, expressed deep concern about the escalating cybersecurity threats posed by China.

"Taken together with these news reports regarding Salt Typhoon's apparent compromise of our nation's wiretap system, it is clear that we face a cyber-adversary the likes of which we have never confronted before, and we must urgently enhance our nation's approach to cybersecurity," Moolenaar and Krishnamoorthi said in their letter.

Wiretapping Backdoors: A Double-Edged Sword

The systems targeted in the attacks stem from the 1994 Communications Assistance for Law Enforcement Act (CALEA), which mandated that phone companies install wiretapping capabilities into their networks. In 2006, the FCC expanded CALEA to include broadband internet providers.

However, as cybersecurity experts have long warned, government-mandated backdoors can be exploited by malicious actors. Wyden reiterated this point in his letter, highlighting that these wiretapping features pose a significant cybersecurity risk.

"There is, and has long been, broad consensus among cybersecurity experts that wiretapping capabilities undermine the security of communications technology and create an irresistible target for hackers and spies," Wyden wrote.

Calls for Stricter Regulations and Accountability

In the wake of the fresh attacks, Senator Wyden urged the FCC to revise CALEA regulations to include strict cybersecurity standards for telecom carriers. He also called on the Department of Justice (DOJ) to investigate whether Verizon, AT&T, and Lumen violated federal laws by failing to prevent the breaches.

Wyden emphasized that the outdated regulatory framework and the DOJ's insufficient response to cyberattacks must be addressed to protect US communications infrastructure. He also recommended implementing hefty fines for companies that don’t comply with cybersecurity mandates.

"The security of our nation's communications infrastructure is paramount, and the government must act now to rectify these longstanding vulnerabilities," Wyden warned.