WASHINGTON >> Leaders of the top telecommunications companies were summoned to the White House on Friday to discuss a security problem that has been roiling the government: how to expel Chinese hackers from the deepest corners of the nation’s communications networks.

The meeting in the Situation Room came after weeks in which officials grew increasingly alarmed by what they had uncovered about the hack.

They now believe the hackers from a group called Salt Typhoon, closely linked to China’s Ministry of State Security, were lurking undetected inside the networks of the biggest American telecommunications firms for more than a year.

They have learned that the Chinese hackers got a nearly complete list of phone numbers the Justice Department monitors in its “lawful intercept” system, which places wiretaps on people suspected of committing crimes or spying, usually after a warrant is issued.

Although officials do not believe the Chinese listened to those calls, the hackers were probably able to combine the phone numbers with geolocation data to create a detailed intelligence picture of who was being surveilled.

As a result, officials said, the penetration almost certainly gave China a road map to discover which of China’s spies the United States has identified and which they have missed.

This article is based on conversations with more than a dozen U.S. and industry officials who spoke on the condition that their names not be used because of the sensitive intelligence assessments of the hack.

Initially, officials thought the hack was limited to the region around Washington. But they have now found evidence of China’s access all around the country, exploiting old or weak entry points in the cellphone network.

Officials now believe that the hack has gone beyond phone companies, to internet service providers, potentially allowing the Chinese to read some emails.

Although some Americans’ phone calls and emails may have been compromised by the Chinese, officials emphasized that encrypted applications, including WhatsApp and Signal, were not penetrated. In addition, messages sent within Apple’s own network were also safe.

And the discovery of the specific targeting of senior national security officials, and some political leaders — including President-elect Donald Trump and Vice President-elect JD Vance — led the FBI and other officials to conclude that the Salt Typhoon hackers were so deep in the system that they could actually listen in to some conversations and read some unencrypted text messages.

“The sophistication was stunning,” said Sen. Mark Warner, D-Va., chair of the Senate Intelligence Committee. He said his biggest concern — one that dominated the Situation Room meeting at the White House — was the conclusion that “the barn door is still wide open.” A White House statement released Friday night gave no details of the breach or any hint of the tensions over how to deal with it, but said the meeting Friday was led by Jake Sullivan, the national security adviser, and one of his deputies, Anne Neuberger, who oversees cybertechnology and emerging technologies.

The U.S. communications system is built on a mishmash of aging systems, which made it far easier for the Chinese to break into upward of 10 telecommunications companies.

At the White House meeting, the message delivered by top American intelligence and national security officials was that despite the aging technology, the telecommunications companies needed to help find a permanent way to keep China’s agents out of the systems. Some officials and others briefed on the hack say that is no small task and that making the necessary fixes could create painful network outages for consumers.

Critical parts of the American telecommunications system are too old to upgrade with modern cybersecurity protections. Some parts of the system date to the late 1970s or early 1980s, when landlines, not cellphones, dominated the network. A participant in the meeting said the only solution to the problem was “ripping out and replacing whole sections of the networks,” a process the companies have been slow to invest in.

The executives who attended the meeting included Verizon’s top leader, Hans Vestberg, and AT&T’s top executive, John T. Stankey. But T-Mobile CEO Mike Sievert — who had initially doubted that the company had been compromised by the Chinese, then discovered it had been — sent a deputy.

The meeting came as arguments have begun to break out over whom was to blame — the telecommunications firms, their regulators or American intelligence agencies — for a hack whose stealth and depth has shaken even veterans of America’s two decades of cyberconflict with China, Russia, Iran and North Korea.

In recent days, government officials have become increasingly vocal in blaming the firms for being too slow to update key nodes of their networks.

In the days leading up to the meeting at the White House, American investigators and national security officials said parts of the telecommunications firms’ systems were not protected with basic “multifactor authentication.” That is the same technology that has become a staple of everyday life for consumers, who have grown accustomed to having a cellphone scan their face, or receiving a six-digit text message before they can access financial accounts or sensitive emails.

The hack was considered so severe that President Joe Biden took it up directly with Chinese President Xi Jinping when they met in Peru last weekend, according to Sullivan. “The issue of the hack of American telecommunications providers did come up,” Sullivan told reporters, although he declined to provide details.

There are limits to how far the United States can press its case with China. So far, the Chinese hack appears to involve only surveillance. That is something that the United States does regularly to Chinese telecommunications companies and is a form of espionage considered fair game as the two superpowers navigate a new, higher-stakes era using updated spy technology.

The documents revealed 11 years ago by Edward Snowden, a former contractor for the National Security Agency, revealed extensive efforts by the United States to get into the telecommunications systems and equipment of leading Chinese makers.

But the Chinese showed remarkable ingenuity and patience — and a willingness to spend heavily to pierce American systems.

“I’d have to say the Chinese have matched, or exceeded, what we can do — and we didn’t see this one coming,” said a senior U.S. official with years of experience in the intelligence community, declining to speak on the record about a classified investigation.

It was a dozen years ago that the scope of China’s cyberambitions were made clear by the exposure of Unit 61398, a hacking operation run by the People’s Liberation Army from a 12-story office tower on the road to the Shanghai airport. Studies found that the targets were often companies focused on critical infrastructure: the electrical power grid, gas lines and water systems. The Defense and State departments were also particular targets.

A few years later, the United States belatedly discovered that China’s spy agency had stolen 22.5 million security clearance files from the Office of Personnel Management.

The Obama administration condemned the hack and what now appear to be related thefts of medical and travel records. Visiting Washington in September 2015, Xi promised to abide by new limits on espionage. For a few months, the accord stuck, and the volume of attacks diminished.

But by the time President Barack Obama left office, it was clear that China’s hacking operations had shifted from its military units to its intelligence services, which work with greater stealth. And China’s hackers began focusing on getting inside the telecommunication networks, knowing that American spy agencies are barred, by law, from monitoring communications facilities on American soil.

The telecommunications companies might still be in the dark about the most recent hack, officials say, had Microsoft’s threat researchers not seen some anomalies, including data on sites used by Salt Typhoon that trace back to nodes on the networks of Verizon, AT&T and other firms. They told the companies and the government, which launched a secret investigation this past summer.

When The Wall Street Journal first reported on elements of the hack, American investigators say, the Chinese intruders receded, making it more difficult to determine what exactly the hackers had done. But officials said investigators are looking through breadcrumbs left by the hackers and believe, with time, they will learn more about what they gained access to and what they did not see.

The hack prompted such alarm within the FBI that field offices were told to check if informants had been potentially compromised and, if necessary, take steps to ensure their safety, such as developing cover stories or getting new phones. In particular, FBI officials were concerned that agents who repeatedly contacted informants using a bureau phone could have left them exposed because of the suspicious pattern of calls.

A similar hacking technique was successfully used against companies in Taiwan, which is a frequent target of espionage from China, according to people familiar with the case. Other elements of the hack had echoes of techniques used against India.

But officials said the operations against Taiwan and India were different enough from the Salt Typhoon operation that it would not have been a clear warning to the United States.

In addition to calling in the telecom officials, White House has already organized a task force to assess the damage, and a newly created cyberinvestigations board has been ordered to identify the failures and the system’s vulnerabilities.

The Biden administration has said very little about the attack. Much of the resistance came from the Justice Department and the FBI, which did not want to upend their own investigations. Although the telecommunications firms knew about the intrusion, the public statements put out by the FBI and the Cybersecurity and Infrastructure Security Agency contained such sparse detail that consumers would have no way of assessing whether their own conversations were at risk.

A senior official deeply involved in the matter said the idea that the U.S. telecommunications system was so vulnerable was deeply embarrassing. But with less than two months until Biden leaves office, officials said they had no idea whether Trump’s national security team, which so far has named no officials responsible for cyberoffense or cyberdefense to senior posts, would press for long-term changes in the system.

———

This article originally appeared in The New York Times.

© 2024 The New York Times Company