David E. Sanger
Appearances
The Daily
How China Hacked America’s Phone Network
Better than Keystone Cops, but not the best picture. cat burglars you ever met. So they started working hard on being stealthy, on hiding their tracks. They began to study how the American systems work in great detail. And then they did something even smarter. They moved a lot of this hacking out of the hands of the army and handed it to the Ministry of State Security.
The Daily
How China Hacked America’s Phone Network
It means that they're going to a group that has more money to invest on intelligence assets that are trained at a higher level, that have the ability, because they're working in secret, to go out and hire and train much more effective hackers who would not be caught as easily. And they learned many more innovative ways to get into American, European, African, Latin American systems.
The Daily
How China Hacked America’s Phone Network
And what's remarkable about it is that the Chinese were able by spending millions of dollars and a lot of time to figure out how to get into the core of what binds the United States together, which gives them access to so much more. What's really striking to me is the degree to which this has freaked out American officials.
The Daily
How China Hacked America’s Phone Network
They began to sell telecommunications equipment, as we were discussing earlier, that would enable them to own the infrastructure and therefore get in. And they learned how to be much more effective at stealing master passwords so that they didn't have to actually write code and malware, but instead could pretend like they were legitimate operators inside a system.
The Daily
How China Hacked America’s Phone Network
...was when they got into the Office of Personnel Management at the end of the Obama administration.
The Daily
How China Hacked America’s Phone Network
Now, this is seemingly the most boring bureaucracy in Washington, right? They are basically the government's HR manager. And they keep the security clearance files for 22 million Americans who have secret, top-secret, compartmentalized clearances and so forth.
The Daily
How China Hacked America’s Phone Network
And the Americans who get clearances have to fill out these enormously detailed forms that describe their financial condition, their medical histories, every relationship they've been in. every foreigner they've ever met and had long interactions with. So this is not just your name and your social security number. This is the details of your life.
The Daily
How China Hacked America’s Phone Network
And obviously, for Chinese intelligence officials, if they could get that kind of understanding of the American elite who are working on every classified project, it's enormously beneficial.
The Daily
How China Hacked America’s Phone Network
And much as in this most recent hack, they were inside the Office of Personnel Management for a year before anyone even knew that they were stealing the files, encrypting them, and broadcasting them back to Beijing.
The Daily
How China Hacked America’s Phone Network
Well, this is the great mystery that the CIA's new or relatively new China operation is constantly trying to figure out, that the NSA is trying to figure out. So there are a couple of theories. The first theory is they just want a complete map of everybody in the U.S. who works in the national security sphere and access to what they do. So it's, first of all, for great intelligence gathering.
The Daily
How China Hacked America’s Phone Network
The second thing they're beginning to do, though, is learn how to plant their malware into critical infrastructure in the United States that may enable them to turn off water pipelines or electric grids if they got into a direct conflict with the US. And we really saw this last year, 2023, with the Chinese hacking group named Volt Typhoon.
The Daily
How China Hacked America’s Phone Network
It's a different group than the group that was just caught inside the telecom system. But their purpose was to be able to get into the utilities that feed American bases in Guam.
The Daily
How China Hacked America’s Phone Network
in Hawaii, on the West Coast, so that if there was ever a incident over Taiwan, say a Chinese invasion or just a slow choking off of Taiwan, that the Chinese could use the code they've put in these systems to turn off the power or turn off the water and slow an American response, an ability to get troops to Taiwan. And that's critically important.
The Daily
How China Hacked America’s Phone Network
The head of the Senate Intelligence Committee, Senator Mark Warner, who was himself a telecoms executive in a previous life, told me it is the worst intrusion into the United States he has ever seen in his career. Wow. Jake Sullivan, the national security advisor, organized in the Situation Room a meeting with the chief executive officers of each of the major telecommunications companies.
The Daily
How China Hacked America’s Phone Network
It's also got a psychological element, which is if there was a crisis in Taiwan and suddenly you were living in San Francisco and there was no water coming out of the tap, you're not thinking about Taiwan.
The Daily
How China Hacked America’s Phone Network
You're thinking about how you get water coming out of your tap for your family.
The Daily
How China Hacked America’s Phone Network
That's absolutely right. And the U.S. discovered this midway through the Biden administration. And through 2023, there were all these kinds of emergency meetings in the Situation Room, and they brought in the heads of the utilities, and they're trying to go clean out the Chinese malware. But the fact of the matter is, Sabrina, you just don't know what you don't know.
The Daily
How China Hacked America’s Phone Network
And the Chinese are excellent at creating an access into a system, testing out whether it could work, and then pulling all the code out so that when somebody came looking for it, they may not find anything other than a little bit of evidence that Chinese hackers had been there.
The Daily
How China Hacked America’s Phone Network
That's right. And so I think to understand what has everybody so worried right now, you have to sort of back up enough to look at these two different kind of operations.
The Daily
How China Hacked America’s Phone Network
So Salt Typhoon, the one that we've been discussing in the telecom system, gives the Chinese an enormous surveillance capability and a chance to monitor national security operations and whether or not we're on to Chinese spies and all that. And the earlier system they discovered, the one that got into the electric grid and the water systems, gives an ability to actually disrupt.
The Daily
How China Hacked America’s Phone Network
When you add these together, you get a current surveillance capability and a prospective disruption capability. Right. That what the Chinese can do now is listen in on President-elect Trump and national security officials if they're on that open line. What they could do in the future is shut down systems.
The Daily
How China Hacked America’s Phone Network
What's the government doing about this? Well, they have begun to talk a little more publicly about these kinds of hacks and particularly about Salt Typhoon. That's what led to that warning last week that people should begin using encrypted apps. But that's a band-aid. It's not a solution, right? If you are really going to fix our telecom system,
The Daily
How China Hacked America’s Phone Network
You would either have to go shut it down and rebuild it with something more modern. Well, no one's going to do that. We need it every day. Or you're going to begin to make incremental fixes and then build a parallel system to it that you can begin to shift over to. You are going to have to go set real standards for cybersecurity.
The Daily
How China Hacked America’s Phone Network
Companies can't live in a world anymore in which it's sort of up to them how much they invest in these. Because what we've discovered about the telecom system is, on the one hand, it's a commercial system. It's owned by companies, not the government. But on the other hand, it's critical to our national security. Right. So we're trying to balance a lot of different complicated values here.
The Daily
How China Hacked America’s Phone Network
One of them is keep the Chinese out of our system, for which you'd want to design something entirely new. But the other is keep the U.S. economy going and keep people communicating, which means you're kind of stuck with the system that's been pasted together over the years. Yeah.
The Daily
How China Hacked America’s Phone Network
So first of all, the world has changed a lot since Donald Trump left office on January 20th, 2021. Obviously, there had been hacking and issues like this during his time. But the level of the Chinese sophistication and the sophistication of others, Russia, Iran, North Korea, has gone up considerably. And we don't know how the president's planning to go handle this.
The Daily
How China Hacked America’s Phone Network
They dragged them to Washington and said, we are going to have to figure out an emergency way to get the Chinese out of your systems and to rebuild those systems so they can't get back in. So the critical question that this hack raises is how could it be this late in the cyber wars, which have been going on for two decades, that China has managed once again to pierce America's defenses? Okay.
The Daily
How China Hacked America’s Phone Network
In fact, whenever he's asked a question about China, his answer usually has to do with tariffs, as if that's going to solve our competition with the only competitor who can take us on militarily, economically, technologically, even culturally. The second big change that was going on, the biggest change since President Trump left office,
The Daily
How China Hacked America’s Phone Network
is that Russia and China, two giant cyber powers, have come together in a partnership that is basically opposing the United States around the world. You've seen it, of course, first in Ukraine, but we're beginning to see it in the cyber world as well, because they want to operate by a set of rules that they define, and we want to operate by a set of global rules that we define.
The Daily
How China Hacked America’s Phone Network
And the third big change that's underway here, of course, is artificial intelligence, because that affects everything in the hacking world. You can build much better defenses to hacking using AI tools. You can also find vulnerabilities in old systems like the telecom system we've been discussing here using those tools.
The Daily
How China Hacked America’s Phone Network
So we have a new arms race underway that's AI-driven to go find or defeat this kind of code in our systems. And those big three things... Trump, the new Cold Wars, the arrival of artificial intelligence is leading to an entirely new era and some real brewing problems.
The Daily
How China Hacked America’s Phone Network
Well, this is probably more the beginning of a conversation on The Daily rather than the end of one.
The Daily
How China Hacked America’s Phone Network
So the first thing we know is that telecom companies were clueless for a year, maybe two years, that the Chinese were in their system. In other words, they had their radars off. In fact, for some parts of their systems, they never had radars on at all. And the second thing is that Microsoft researchers put the telecom companies onto this for the first time.
The Daily
How China Hacked America’s Phone Network
The telecoms missed it entirely, but Microsoft noticed that Chinese hacking groups that they follow were targeting these companies, AT&T and Verizon and many others. And suddenly they realized that the Chinese were inside an American system, and they were the first ones to send up the alert.
The Daily
How China Hacked America’s Phone Network
Not only were the Chinese hackers there, they had figured out a way to go target some very specific national security officials and politicians, including President-elect Trump and Vice President-elect Vance. Then they discovered that the Chinese could actually listen to some conversations.
The Daily
How China Hacked America’s Phone Network
We don't know for sure what they listened to or whether they actually tuned into some of those conversations. But American investigators seem to have a pretty high certainty that they did. And then we also learned that these hackers could read open, unencrypted texts. That would be, for example, if you were sending a text from an iPhone to an Android.
The Daily
How China Hacked America’s Phone Network
So it's not staying within the Apple network and it's going out as an SMS message. The Chinese could read those.
The Daily
How China Hacked America’s Phone Network
It really is. And it tells you how effective they are. And initially, the American investigators thought that the Chinese were just really focusing on Washington and Washington players. But the more they dug in, the more they discovered, no, they were in the entire system around the country. And then it got worse because it turns out that the telecom companies run for the U.S.
The Daily
How China Hacked America’s Phone Network
government the lawful taps that are put on the phones of suspected criminals or spies.
The Daily
How China Hacked America’s Phone Network
That's right. And of course, the government can go get the warrant, but the government doesn't run the phone system. So then they have to take that warrant to AT&T or Verizon or another company and say, we need to tap this phone number. Well, the Chinese got in so deeply that they could figure out which phone numbers they were listening to.
The Daily
How China Hacked America’s Phone Network
And then they could figure out, wow, they're on to this suspected Chinese spy and they're on to this one, but they don't know about this third one.
The Daily
How China Hacked America’s Phone Network
That's right. So just think about this. If the Chinese know... which Chinese spies we're on to and which ones we aren't, it gives them a huge advantage. They begin to know if they need to send more spies in. So there's a huge counterintelligence factor to the salt typhoon hack as well.
The Daily
How China Hacked America’s Phone Network
It's a great question because the Chinese have shown from this that they could get into most of these ordinary phone calls. The question is, would they want to, right? They seem to be quite focused on national security officials, politicians. Now, I can imagine, Sabrina, that for you, they may want to go in and figure out what's going to be on the daily and in a couple of days.
The Daily
How China Hacked America’s Phone Network
But in case they're not interested in that, they're probably not going in to listen to ordinary Americans talk about how much milk and eggs to go pick up on the way home from work. But the fact that they have the capability to go do this throughout the system is pretty shocking. Now, there's an exception to this. When you're talking on an ordinary phone line,
The Daily
How China Hacked America’s Phone Network
The phone conversation is largely unencrypted. But if you're talking over WhatsApp or Signal, or even if you are talking from iPhone to an iPhone or messaging between iPhones, then those are usually encrypted. And the Chinese would be able to see that there was a conversation underway, but they couldn't listen in or look at or read the content.
The Daily
How China Hacked America’s Phone Network
That's right. And, you know, there are some encrypted conversations that with a lot of work you can pierce, but by and large, you're a lot safer on an encrypted line. And last week... The U.S. government, for the first time that I can ever recall, came out and told Americans, you should use encrypted apps to communicate until we have this problem solved. Huh.
The Daily
How China Hacked America’s Phone Network
And that's a big change because it was only back in the Obama administration that the FBI was complaining about encrypted apps. Right. They couldn't listen in if there was a criminal case underway or a kidnapping.
The Daily
How China Hacked America’s Phone Network
That's right. And basically, they've decided now, because of the severity of this act, to reverse their advice and tell Americans, go use encryption.
The Daily
How China Hacked America’s Phone Network
The best I can discern from telecom executives and other experts is they took advantage of the fact that our phone systems are actually the amalgam of really new, sleek digital equipment and really old, creaky equipment that's been sitting around for 40 years. Okay, so how does that make it vulnerable?
The Daily
How China Hacked America’s Phone Network
Because these old systems have been embedded in the telecom system for the longest time, from an age that goes back before hacking. And so there's almost no way to build modern protections into them because these systems were built so long ago, it was before anybody had protections in mind. So let me give you an example. Yeah, please.
The Daily
How China Hacked America’s Phone Network
If you're going to do a banking transaction over your phone, you frequently get a code that comes back from the bank that you have to insert first so that they're sure that they're talking to you on your phone. And you insert it, and we've gotten used to it. It drives us crazy, but we all understand why we need to do it. In the cyber world, that's called multi-factor authentication.
The Daily
How China Hacked America’s Phone Network
So it's something other than just your password to make sure that it's really you. But inside these telecom systems, there was no multi-factor authentication. So once they got the master password, they were in the system. They were able to roam freely across the system without ever being challenged again for credentials or identification. Imagine this.
The Daily
How China Hacked America’s Phone Network
Imagine that you showed your ID once at the airport. Right. But before you got on an international flight, no one asked to see your passport one more time. That's sort of what happened here.
The Daily
How China Hacked America’s Phone Network
That's right, but they did something even more strategic. They realized that our systems were old and rickety, and they looked for the seams between that old equipment and the new equipment because they knew the older equipment was going to be their way inside.
The Daily
How China Hacked America’s Phone Network
We've been spying on each other for decades. And it's always been an article of faith that we can hack into systems better than any other country can. That's always been the assumption. And it was backed up 10 years ago when Edward Snowden, who you'll remember was a contractor for the National Security Agency,
The Daily
How China Hacked America’s Phone Network
revealed a huge trove of documents that exposed that the NSA was getting inside the Chinese telecommunications systems and particularly aiming at Huawei, the Chinese telecommunications giant that's been supported by the government. And for years, the U.S. government has been banning Huawei equipment from the U.S. for fear that if Huawei was inside our networks...
The Daily
How China Hacked America’s Phone Network
It is, Sabrina. It's the big one. It's from China. It was run by the Chinese Ministry of State Security and hackers working for them. It's got a strange name. It's called Salt Typhoon. But the key thing to know here is that this is a hack of America's telecommunication systems. It's a hack of AT&T and Verizon. It's a hack of all of the smaller communication systems.
The Daily
How China Hacked America’s Phone Network
They would have an easy way of diverting phone calls, texts, all kinds of computer data back to Beijing. So what did we learn here? We've learned here that even without Huawei in our system, because most of Huawei's equipment has been banned, the Chinese found a way in anyway. And we've learned that at this point, they are essentially as good as the NSA.
The Daily
How China Hacked America’s Phone Network
No one will say this in public to you, but you get people off the record and they say to me, David, this is the first time I've come to the conclusion the Chinese are completely in the major leagues here, and they can do what we can do.
The Daily
How China Hacked America’s Phone Network
Well, China's invested in it, practiced in it, trained people in it. And, you know, it's like anything else in superpower competition. 20, 25 years ago, the Chinese were almost nowhere in space, right? Now they've got space satellites that can grab our space satellites. And the same is true in cyber.
The Daily
How China Hacked America’s Phone Network
It's just another area where they know they need to be able to dominate the superpower competition in surveillance. And the big improvements in their capability started after Xi Jinping came to power in 2012. The current Chinese leader. The current Chinese leader.
The Daily
How China Hacked America’s Phone Network
And, you know, at the time when Xi came in, the American intelligence reports were, this is not a man who is going to challenge the United States militarily or for intelligence purposes. He's got to focus on building up his own army. economic capabilities. Well, it turns out all those reports were wrong.
The Daily
How China Hacked America’s Phone Network
And it was another of the mistakes we made in sort of assessing where the new cold wars were emerging. So he's the one who decided to make the investments in space. And he's the one who has invested millions, if not billions of dollars in cyber capabilities and
The Daily
How China Hacked America’s Phone Network
They were pretty clunky. They put most of their cyber capability into the hands of the People's Liberation Army. It's China's main military operation. You know, 10 years ago, I was writing about People's Liberation Army Unit, Unit 61398, that was based out of a big white office tower near the Shanghai airport.
The Daily
How China Hacked America’s Phone Network
And they had officers who would go break into American companies and try to steal their secrets and their designs and bring them back to Chinese state-owned or other companies. And were they successful at doing that? Partly. They stole the design for the F-35, the U.S. stealth fighter, and then produced one that looks very much like it, but they make it a lot more cheaply than we do.
The Daily
How China Hacked America’s Phone Network
But along the way, Sabrina, they got caught pretty easily. A company called Mandiant found them breaking into U.S. companies and were able to identify the specific hackers who later got indicted by the United States. There were wanted posters with these hackers' pictures on them, even though they were PLA officers. So like Keystone Cops kind of thing?