Touro GST Search
Go to Top of Touro GST website

Salt Typhoon, the telecoms breach and bright engineering solutions

Top banner image

Request Info

In recent weeks, we have seen headlines and reports of a large-scale hack of several U.S. based telecommunications companies like AT&T, T-Mobile, and Verizon. The emergence of which triggered a slurry of high-level meetings and discussions to outline the very real (and now realized) potential of foreign actors and threat groups to breach U.S. based communication infrastructure.

Following it, we have seen a new publication from CISA(Cybersecurity Infrastructure and Security Agency) providing guidance on securing mobile communications.

But to understand what really happened, we need to first learn about the threat group behind the latest attack. This attack is the handiwork of China’s Salt Typhoon Group. Their motives range from attaining persistence within systems which refers to maintaining a presence with privileged access to critical controls and data within servers and computers to steal intellectual property, personally identifying information but also to position themselves within critical infrastructure environments such as heating, ventilation systems, cooling systems for server rooms for when they wish to disrupt services.

The recent attack took advantage of an intentionally designed ‘backdoor’ — a mechanism put in place to circumvent regular security measures and protections in place that allows access to files and any other kind of data within the system.

In the case of the telecommunications providers (T-Mobile,AT&T and Verizon), these backdoors were put in place to comply with the Communications Assistance for Law Enforcement Act (CALEA) to provide a technical path to executing legal wiretapping activities.

The group is known for employing a type of malware called a ‘rootkit’ for Windows based systems. A rootkit can be understood to be a program that is used to gain full administrative access to a computer. In the case of Salt Typhoon, the rootkit is present at and tends to operate at the core of the Windows operating system that has complete control over the hardware components. The difficulty of detecting it arises from the fact that application software cannot have access to the portion of code dedicated to the kernel. Along with this Salt Typhoon are known for using sophisticated anti-forensics techniques to cover their tracks which could range from disk wiping to encryption, all to gain remote access to targeted servers.

According to NMFTA and as covered in the Wall Street Journal, Salt Typhoon’s infiltration reportedly gave them access to extensive data, including call logs, unencrypted text messages, and even audio recordings of high-profile individuals connected to national security and political campaigns, including members of the Trump and Harris presidential campaigns.”

We have so far seen an impact on digital infrastructure through the exploitation of backdoors designed by ISPs but physical infrastructure like wastewater management systems, purification systems or energy plants that are connected and operated by a digital interface are equally at risk of exploitation by an actor.

To tackle these problems, we are seeing engineers attempt to build security in the design of physical infrastructure. A straightforward way to understand this would be to consider how a water purification system uses chlorination. Under normal circumstances, the right amount of chlorine is used for a given amount of water to complete the process, however an excess could quickly make the water unsuitable for use. It is these controls that impact the level of chlorine and water that when provided an avenue through digital systems become ripe for exploitation. The solution in such a case is to factor in the design of the system such that it is either completely disconnected from a digital interface or has very limited controls in that only the pre-determined safe amount of chlorine stored in the gauge may be released by the control with the precaution that refilling the gauge requires a physical input.

Well thought-out engineering solutions such as the one discussed here might be the way forward and through an increasingly uncertain digital environment.