Senators Ron Wyden and Eric Schmitt are putting pressure on the Department of Defense (DoD) over what they’re calling a major security blunder: failing to protect its phone communications from foreign spies. In a letter sent to the Pentagon’s Inspector General, they didn’t hold back, pointing to the recent Salt Typhoon cyberattack by Chinese hackers as a glaring wake-up call.
“Despite repeated warnings from experts and Congress,” the letter reads, “this successful espionage campaign should finally serve as a wake-up call to officials across the federal government who failed to shore up the government’s communications security”. If you haven’t been following, Salt Typhoon broke into multiple U.S. telecom providers, swiping sensitive call records and even private communications involving big political figures like President-elect Trump and Senate Majority Leader Chuck Schumer.
The DoD is pouring billions into its Spiral 4 wireless services contract, but the same carriers it relies on—AT&T, Verizon, and T-Mobile—were hacked during the Salt Typhoon breach. The senators argue that the DoD isn’t leveraging its massive buying power to demand better security from these companies, and worse, it hasn’t fully audited the carriers’ cybersecurity measures.
A big part of this comes down to SS7, an old telecom protocol that routes calls and texts. SS7 is notoriously easy to exploit. Bad actors can use it to intercept calls, track phone locations, or steal text messages—all without ever touching the target’s phone. Fixing SS7 vulnerabilities depends on telecom companies taking action, but the DoD doesn't appear to be pressuring them to do so.
This isn’t the first time spy games have targeted U.S. military communications. Past breaches exploited weak telecom protocols to track troop movements or scoop up sensitive intel. The DoD has tried encryption and other tech workarounds, but location tracking through SS7 remains an Achilles’ heel, according to the senators’ findings.
The letter also highlights how other nations, like the UK and Ukraine, are taking proactive steps to secure their networks. Yet the DoD remains cautious, saying that mandating these measures across U.S. carriers might not yield significant improvements.
The senators also criticized the DoD for still using insecure landlines and platforms like Microsoft Teams that aren’t encrypted by default. While some parts of the military are testing out more secure systems like Matrix, an encrypted, open-source platform, those efforts are limited, leaving most people stuck with potentially insecure tools.
Image via Deposit Photos
1 Comment - Add comment