Sen. Josh Hawley is worried the suspected Chinese hack of telecommunications companies may have enabled the cyberattackers to impersonate others and trick unwitting victims.
The Missouri Republican raised questions on Tuesday about whether China’s Salt Typhoon hacking group may have impersonated others after successfully breaching telecom companies such as AT&T, Verizon and T-Mobile.
The FBI, National Security Agency and other federal cyber officials are investigating the Chinese hackers and have said they discovered customer data theft and compromised communications of government and political officials.
Chinese cyberattackers’ reported espionage targets in recent months range from President-elect Donald Trump and Vice President Kamala Harris’ campaign to sensitive data on law enforcement requests for court-authorized snooping.
The Senate has an intense interest in understanding the scope of the Chinese hackers’ conduct and suspicious hacking incidents.
Sen. Lindsey Graham, South Carolina Republican, revealed in May that the FBI took possession of his phone. He said he received a message appearing to come from Senate Majority Leader Charles E. Schumer, but it was not from the New York Democrat.
Following Mr. Graham’s disclosure, word spread that other lawmakers received similar messages.
Without referencing the suspected hacking problems in May, Mr. Hawley questioned cybersecurity professionals at Tuesday’s Senate Judiciary Committee hearing about whether the Chinese hackers were impersonating others.
“Could the hackers impersonate particular individuals?” Mr. Hawley asked.
“They could, yes,” said Adam Meyers, CrowdStrike senior vice president.
“Could they disrupt specific communications between particular people?” Mr. Hawley said.
“I’d say it’s fair to say once they gain access to the telco, or to the mobile provider, they could initiate or disrupt communications and it’s at the core of the system, right, so they’d be able to basically do anything the telco could do,” Mr. Meyers replied.
Whether Sen. Hawley is among the lawmakers who received suspicious text messages in May is unclear. Abigail Jackson, Mr. Hawley’s spokeswoman, said he was asking on Tuesday about the hackers’ general capabilities and not any specific incident.
Mr. Graham’s office did not respond when asked if the senator thought the message impersonating Mr. Schumer came from Chinese hackers.
The FBI, NSA, and the Cybersecurity and Infrastructure Security Agency said last week that their investigation into China’s targeting of telecom companies had revealed a “broad and significant cyber espionage campaign.”
“We have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders,” the agencies said in a statement. “We expect our understanding of these compromises to grow as the investigation continues.”
The agencies said the federal government is continuing to provide technical assistance and working to share information with victims of the Chinese hackers.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.