U.S. Officials Tell Americans to Use Encrypted Apps as Scope of Cyberattack Grows

FBI and CISA officials this week reportedly urged Americans to use encrypted messaging apps for calls and texting, as details continue to emerge about a significant Chinese Salt Typhoon espionage campaign that has impacted several telecommunications companies and given threat actors access to Americans’ private phone and text conversations.

Separately, on Wednesday, White House official Anne Neuberger gave new details about the staggering scope of the campaign, saying at least eight U.S. telecom firms and dozens of nations were tied up in the attack. Initial reports of the hack had pointed to companies like AT&T, Lumen Technologies, Verizon, and later T-Mobile being impacted. 

According to reports, Neuberger said that while the actors have likely been able to access communications of U.S. government officials and political figures - as the FBI has previously alluded to - the government doesn’t believe any classified communications were compromised.

Why It Matters: The emerging details of Salt Typhoon’s activities paint a dire picture of the hack and its impact on Americans, the U.S. government and the state of security in the telecoms industry. Neuberger said that the impacted companies have not yet been able to fully remove the Chinese actors from these networks. 

The FBI’s calls for Americans to use encrypted apps for calls and texts are also particularly notable. The FBI has previously had a very different narrative around encryption, leading in some cases to rocky relationships with tech manufacturers (remember the battle in 2016 between the FBI and Apple over encryption?).

What they're saying:

• White House Official Anne Neuberger: Confirms scope includes "dozens of nations"

• Sen. Ron Wyden: Telecom companies need accountability for "their lax cybersecurity"

• FBI/CISA: Americans should switch to encrypted messaging apps

The Big Picture: The Salt Typhoon hack makes it abundantly clear that the U.S. needs better guardrails in place to protect against a massive espionage campaign like this. In a security guidance for communications infrastructure released this week, U.S. government agencies said “as of this release date, identified exploitations or compromises associated with these threat actors’ activity align with existing weaknesses associated with victim infrastructure; no novel activity has been observed.”

A major part of the responsibility falls to telecom companies, but senators and cybersecurity experts have been calling for this type of accountability for years. In October, Ron Wyden (D-Ore.) sent a letter to the Federal Communications Commission chairwoman and Justice Department attorney general, stating that telecom companies need to be accountable for “their lax cybersecurity and their failure to secure their own systems.” 

At the same time, senators have pointed to the need for U.S. government agencies to improve their own communication mechanisms to protect themselves should a telecom hack like this occur. In a letter this week to the Department of Defense inspector general, senators Wyden and Eric Schmitt (R-Mo.) called for an in-depth investigation into the Pentagon’s failure to secure unclassified video, voice and text communications with end-to-end encryption technology. The letter also called on the DoD to require accountability from wireless carriers. 

In the meantime, the Department of Homeland Security’s Cyber Safety Review Board is reportedly launching an investigation into the hack later this week, and we’ll likely see more specific recommendations based on the lessons learned from this attack next spring or summer.

More thoughts on this:

This isn't just another hack - it's a wake-up call that's forcing a complete paradigm shift in how we think about communications security. Here's why:

Seismic Shift: The FBI, long the staunchest opponent of end-to-end encryption, is now actively promoting it. Look very closely at this. It means the threat on national security is great enough for them to flip on this issue where they previously wanted backdoors into comms and were major e2ee opponents.

The Infrastructure Problem: Our telecommunications infrastructure was built for reliability, not security. The fundamental architecture needs to change. Completely evicting a threat actor after a hack like this is hard, especially without downtime. Downtime is something the national telephone network doesn’t tolerate.

Economic Implications:

• Massive costs for telecom companies to upgrade security

• Surge in encrypted messaging app adoption

• New market opportunities for secure communication solutions

• Potential regulatory compliance costs

The Geopolitical Game: China has effectively forced the U.S. to admit its communications infrastructure is vulnerable. This is a power move that goes beyond espionage - it's about demonstrating capability.

What This Means For The Future:

• End-to-end encryption becomes the default, not the exception

• Telecom companies face stricter security requirements

• Government communications get a major overhaul

• New security-focused telecom infrastructure emerges

Salt Typhoon represents a watershed moment in telecommunications and national security, forcing government and industry to fundamentally rethink their approach to secure communications.

The real question isn't whether we'll see changes - it's whether those changes will be proactive or reactive. Right now, we're playing catch-up in a game where we should have been leading.