Dan Gavin
A Whirlwind of Trouble as Salt Typhoon Hacks Cellular Wiretap Infrastructure 

The morning of December 4, 2024 was a cold one, with a high temperature of 46 degrees—the sort of weather people generally prefer to observe from the comfort of their heated homes. But US senators had just received news about a cyberattack of unprecedented scope, so instead they gathered in Washington, D.C. for a classified briefing. The attackers were a highly skilled group known as Salt Typhoon. As I write this article, their attack is still going on. In fact, if you use a phone, it’s likely affecting you right now. 

Way back in October 2024, the Wall Street Journal first reported the attack. They suggested a link between Salt Typhoon and the Chinese government. Of course, you might be thinking. It’s always that. This time, though, the motives behind the operation are more mysterious. 

You really only need to worry about this if you have a phone—specifically, a phone with a Verizon, AT&T, or T-Mobile plan. Those seem to be the provider networks infiltrated by Salt Typhoon. I say “seem” because reports have been inconsistent. T-Mobile claims they’ve seen no evidence of malicious presence in their infrastructure. Verizon, on the other hand, admits a command-and-control (C2) presence. But all the providers mentioned above participated in the briefing on December 4. If nothing else, this demonstrates their mutual concern.  

The question is, what specific data has Salt Typhoon accessed? And how could it affect you? The participating service providers claim the attack only affected the infrastructure used to wiretap specific targets. That said, we don’t know the extent to which these providers have been logging information. And whatever that extent is, Salt Typhoon has access to it as well. Under Section 702 of the Foreign Intelligence Surveillance Act (FISA), the FBI cannot target US citizens randomly. But if the infrastructure to tap is in place, and can be turned on for anyone the FBI decides to surveil, it’s quite possible that Salt Typhoon could do the same without FISA-based reservation. Meaning anyone could be a potential target. 

Regardless of your paranoia level, there is something you can (and probably should) do: namely, following the counsel of Jeff Greene, the Executive Assistant Director for Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA). “Our suggestion, what we have told folks internally, is not new here,” he says. “Encryption is your friend, whether it’s on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible.” 

What your Cochise County Cyber Guys recommend is an app called Signal. You can get it on either iPhone or Android, and once you do get it, you can install the companion app on your PC or MacOS. With Signal, you can send and receive encrypted files, text chats, individual and group calls. You can even hold Zoom-style meetings with screen sharing. All this is end-to-end encrypted. That means even Salt Typhoon (and the FBI) won’t know what you’re up to. 

Having said all this, we don’t condone illegal activity. We just think you have a constitutional right to privacy. Everyone does. 

This article was originally published in the Sierra Vista Herald here.