Salt Typhoon: When the Wiretap System Became the Target

For thirty years, the debate over encryption backdoors has run on a hypothetical: "what if the access built for police fell into the wrong hands?" In late 2024, the hypothetical retired. A Chinese state-linked hacking group spent months inside the infrastructure US telecoms use to fulfill court-ordered wiretaps — and the US government's response, remarkably, was to tell Americans to use end-to-end encryption.

The group is tracked as Salt Typhoon. Beginning with reporting by the Wall Street Journal in the fall of 2024 and confirmed in subsequent US government briefings, the picture that emerged was this: hackers attributed by US officials to China's state intelligence apparatus had compromised major American telecommunications providers — AT&T, Verizon, Lumen, and T-Mobile among the companies named in reporting, with officials eventually putting the count at nine or more carriers.

Inside those networks, the intruders did two things that elevated this from "another telecom breach" to one of the most consequential intelligence failures in US history. They accessed systems carriers use to comply with court-authorized wiretap requests — meaning a foreign intelligence service could potentially see which numbers the US government was surveilling. And they collected call records and, in a smaller number of cases, actual call and text content from targeted individuals, reportedly including people associated with both 2024 US presidential campaigns.

CALEA: The Door Was Built On Purpose

The wiretap infrastructure Salt Typhoon reached wasn't an accident of sloppy network design. It exists because of a law: the Communications Assistance for Law Enforcement Act of 1994, or CALEA. CALEA requires telecommunications carriers to build their networks so that lawful intercept — surveillance authorized by a court order — can be performed efficiently. In practice, that means standardized interception capabilities wired into the core of every major carrier's network.

Security researchers warned about this architecture from the start, and the warning was always the same: an interception capability cannot tell who is using it. A mechanism that lets an authorized agent tap a line is a mechanism that lets anyone who compromises it tap a line. The system has no way to distinguish a federal agent with a warrant from an intruder with stolen credentials and patience.

The core problem

A backdoor is a technical capability, not a legal one. Courts and warrants exist in the policy layer; the interception interface exists in the network layer. Compromise the network layer, and the policy layer's safeguards are simply not consulted.

This Has Happened Before

Salt Typhoon is the largest known abuse of lawful-intercept infrastructure, but it is not the first. The pattern is well documented.

The Athens Affair (2004–2005). Unknown attackers activated the lawful-intercept subsystem built into Vodafone Greece's Ericsson switches — a capability Vodafone hadn't even licensed for use — and used it to tap the phones of roughly a hundred people, including Greece's prime minister and senior cabinet, defense, and security officials. The interception ran for months before being discovered. The perpetrators were never publicly identified with certainty.

Juniper Networks (2015). Juniper disclosed "unauthorized code" in its ScreenOS firewall operating system. Researchers found that an attacker had altered the parameters of the Dual_EC_DRBG random number generator — a generator long suspected of containing an NSA-designed backdoor — effectively re-keying someone else's backdoor for their own use. Devices protecting government and corporate networks were silently decryptable by whoever held the new key.

The lesson from Athens, Juniper, and Salt Typhoon is identical: surveillance capabilities don't stay loyal to the people who commissioned them. They serve whoever controls them at the moment of use.

The US Government's Extraordinary Response

What makes Salt Typhoon historically unusual isn't only the breach — it's what officials said afterward. In December 2024, CISA and the FBI published guidance for mobile communications in light of the intrusions. Among the recommendations: use end-to-end encrypted messaging applications, so that even if network infrastructure is compromised, the content of your communications is not.

Read that in context. The FBI — the agency that spent a decade arguing that end-to-end encryption was "going dark" and demanding lawful-access mechanisms — was now advising Americans to adopt the very technology it had campaigned against, because the lawful-access layer of the phone network had been turned against the country that built it.

Plain phone calls and SMS messages traverse carrier networks unencrypted or carrier-decryptable, which is precisely why CALEA-style interception works on them — and why Salt Typhoon could harvest them. Properly end-to-end encrypted communications were the part of the stack the intruders couldn't read, no matter how deep inside the carriers they sat. If you want the mechanics of that guarantee, see our explainer on what end-to-end encryption actually protects.

What This Means for the Backdoor Debate

Proposals to weaken end-to-end encryption keep returning — client-side scanning mandates, "lawful access" requirements, key escrow by another name. We've covered the recurring backdoor proposals, client-side scanning, and the EU's Chat Control push in detail. Every one of these proposals rests on the assumption that an access mechanism can be restricted to authorized use.

Salt Typhoon is the empirical answer to that assumption, delivered at national scale:

The access mechanism was legally mandated, professionally built, and decades-mature — not a prototype or an afterthought. It was still compromised.
The victims included the surveillance system itself. Exposure of which numbers were under US surveillance is counterintelligence damage that can't be patched.
Eviction proved brutally hard. Officials acknowledged for months afterward that they could not say with confidence the intruders were fully out of every network.

There is no version of an encryption backdoor that escapes this logic. A "responsible lawful-access solution" for end-to-end encrypted messaging would be the same architecture Salt Typhoon exploited, moved one layer up the stack — a standing capability, wired into everyone's communications, waiting for its first unauthorized user.

What You Should Actually Do

The practical takeaways are not exotic, and they happen to match the US government's own post-breach guidance:

Treat carrier voice and SMS as compromised by default. Not because your carrier is malicious, but because its network is interceptable by design — and the interception layer has now been demonstrably breached.
Move conversations to end-to-end encrypted channels. Signal, properly configured Haven, or any audited E2EE messenger removes call and message content from the carrier-network attack surface entirely.
Remember what encryption doesn't hide. Even with E2EE, metadata — who talked to whom, when — can still be visible to infrastructure. Salt Typhoon's bulk haul of call records is a reminder that metadata is the surveillance layer that survives encryption.
Avoid SMS for two-factor authentication where you can; the same network weaknesses apply, on top of the SIM swapping problem.

Haven is one option in that E2EE category — PGP-encrypted email and MLS-encrypted chat with keys derived on your device — but the larger point stands regardless of which tool you choose. The phone network's confidentiality was a policy promise, and Salt Typhoon showed what a policy promise is worth against a network-layer adversary. End-to-end encryption is a mathematical promise. After 2024, even the FBI recommends you take the math.