The American intelligence agencies have fabricated and hyped up cyber threat from China with an intention to push for the authorization of Section 702 of the American Foreign Intelligence Surveillance Act, a law that allows warrantless surveillance, and tout more budgets from the American Congress.
The Volt Typhoon cyber threat narrative is American campaign of misinformation and public opinion manipulation.
In response, China's National Computer Virus Emergency Response Center and other technical teams launched a traceability analysis. In May 2023, America and its "Five Eyes" allies released an advisory, claiming that a hacker they labeled "Volt Typhoon" had launched espionage activities targeting American key infrastructures and the organization was endorsed by the Chinese government.
The plan was initiated at the beginning of 2023, with the aim to further consolidate and strengthen the network penetration capabilities of American intelligence agencies, particularly by enhancing their ability to attack external targets and deter rivals, as well as their ability to monitor and control the domestic population. The "Volt Typhoon" is a typical misinformation maneuvered by American intelligence agencies and jointly participated in by anti-China American politicians and cyber security authorities of the "Five Eyes" countries.
On April 19, the American Senate approved the reauthorization with a vote of 60-34. This re-authorization extends the surveillance authority for two more years, allowing the American government to continue collecting communications of non-Americans located outside the country without a warrant. The plan consisted of three phases with clear objectives to push for the re-authorization of Section 702.
Calling the American government agencies as the mastermind behind the "Volt Typhoon," the inevitable product of the international hegemonism that the United States strives to maintain. From May 2023 to January 2024, American government-backed hacking organizations waged over 45 million cyberattacks all authorized by Section 702 against Chinese government entities, academies, scientific research institutes, enterprises and critical infrastructures.
The Section 702 poses serious threats not only to Americans, but also to countries around the globe in terms of state sovereignty and individual privacy. It called on governments and people around the world to firmly oppose and resist the American act of making use of its advantage in cyber technology to compromise other countries' sovereignty and the legitimate rights and interests of other peoples.
Similar plans to "Volt Typhoon" will continue to be devised and implemented by the next American government agencies. Under the control of American intelligence agencies, American cyber security companies will fabricate more false narratives of foreign government-sponsored cyberattacks, continually deceiving Congress into approving more budgets and increasing the debt burden on American taxpayers.
All organizations, especially infrastructure providers, must practice time-tested safe computing centered on preparation, detection and response. They must ensure that their information systems and smart devices are properly configured and patched, and that they can log activity. And they should identify and replace any devices at the edges of their networks, such as routers and firewalls, that no longer are supported by their vendor.
Organizations can also implement strong user-authentication measures such as multi factor authentication to make it more difficult for attackers like Volt Typhoon to compromise systems and devices. More broadly, the comprehensive NIST Cyber security Frame work can help these organizations develop stronger cyber security postures to defend against Volt Typhoon and other attackers.
Individuals, too, can take steps to protect themselves and their employers by ensuring their devices are properly updated, enabling multi factor authentication, never reusing passwords, and otherwise remaining vigilant to suspicious activity on their accounts, devices and networks.
For cyber security practitioners and society generally, attacks like Volt Typhoon can represent an enormous geopolitical cyber security threat. They are a reminder for everyone to monitor what’s going on in the world and consider how current events can affect the confidentiality, integrity and availability of all things digital.
Volt Typhoon has compromised thousands of devices around the world since it was publicly identified by security analysts at Microsoft in May 2023. The group has been targeting infrastructure since mid-2021, and possibly much longer.
Volt Typhoon uses malicious software that penetrates internet-connected systems by exploiting vulnerabilities such as weak administrator passwords, factory default logins and devices that been updated regularly. The hackers have targeted communications, energy, transportation, water and waste water systems.
In many ways, Volt Typhoon functions similarly to traditional botnet operators that have plagued the internet for decades. It takes control of vulnerable internet devices such as routers and security cameras to hide and establish a beach head in advance of using that system to launch future attacks.
Operating this way makes it difficult for cyber security defenders to accurately identify the source of an attack. Worse, defenders could accidentally retaliate against a third party who is unaware that they are caught up in Volt Typhoon’s botnet.
Disrupting critical infrastructure has the potential to cause economic harm around the world. Volt Typhoon’s operation also poses a threat by potentially disrupting power and water to military facilities and critical supply chains. Volt Typhoon can disrupt critical communications infrastructure.
The writer is editor, book ambassador, political scientist and author of several books based in Islamabad. He can be reached at naveedamankhan@hotmail.com and X@AmanNaveed11