FBI's own surveillance system hacked! Chinese hacker group "Salt Typhoon" exposes Trump's privacy?

The FBI has confirmed that its network system used for managing legal wiretapping operations was compromised. The intrusion was discovered on February 17 of this year, and the system storing investigation subjects’ personal data and court-authorized wiretap transmission data may have been leaked. The FBI refused to identify the attacker, but the method closely matches that of the Chinese hacking group “Salt Typhoon.”
(Background: AI-assisted crime! Hackers easily infiltrate the Mexican government using Anthropic Claude and steal 150GB of sensitive data)
(Additional context: Wi-Fi vulnerability exposes the largest flaw in history: AirSnitch attacks can perform man-in-the-middle interception of “all plaintext messages,” and DNS poisoning)

According to TechCrunch, the FBI’s network system managing “legal” surveillance was hacked.

This system contains a large amount of sensitive law enforcement data, including “pen register” and “trap and trace” monitoring transmission data obtained through court orders, as well as personally identifiable information (PII) of investigation targets. The system itself is non-classified, but the data within has significant strategic value to foreign intelligence agencies. These records reveal who the US government is monitoring and the content of their communications.

After discovering anomalies on February 17, the FBI launched an investigation and recently officially confirmed the breach. The official statement was very cautious: “We have identified and addressed suspicious activity on the FBI network and mobilized all technical resources to respond.”

The FBI declined to specify who the attacker was and did not confirm whether any data (partially) had been stolen.

Methodology aligns with Chinese hacking group “Salt Typhoon”

Think about it—targeting the FBI, this intrusion is described as a “technically sophisticated attack.” Hackers used infrastructure from commercial network service providers as a springboard to bypass FBI security controls. This approach, leveraging legitimate commercial infrastructure to infiltrate targets and reduce detection chances, is highly consistent with the tactics used by China-backed hacking group “Salt Typhoon,” according to US media and experts.

Salt Typhoon is one of the most active state-sponsored hacking groups in recent years. Since late 2024, the group has infiltrated major US telecom providers such as AT&T, Verizon, Lumen, Charter Communications, and Windstream, with an estimated breach of over 200 US companies.

Salt Typhoon’s attack strategy is targeted—not only stealing communication content but also infiltrating the “legal wiretapping backdoors” established by telecom companies for government use, which are mandated by US law to have interfaces accessible to law enforcement. By controlling these backdoors, attackers can read monitored communications and also learn whom the US government is surveilling—effectively turning the surveillance system against its operators.

In 2024, Salt Typhoon’s attacks reportedly compromised campaign communications of Trump and Vance.

Structural vulnerabilities within the FBI

An important background factor is that, under the current administration’s policies, the FBI has undergone large-scale layoffs, and the loss of cybersecurity professionals may be impacting its network defenses. The oldest US intelligence agency is now protecting more sensitive data with fewer personnel.

The FBI has not yet confirmed whether this intrusion is related to Salt Typhoon; the investigation is ongoing. But one thing is certain: if the attackers obtained access to the wiretapping system, it means they not only know who the FBI has targeted but also what the FBI plans to do next.