Senate Intelligence Committee Chair Mark Warner says he's stunned by the scope of China's breach into the U.S. telecommunications system, which went further than was described by the Biden administration.
"The barn door is still wide open, or mostly open," the Virginia Democrat told The New York Times on Thursday. "We've not found everywhere they are."
The Chinese hackers, which Microsoft named Salt Typhoon, have been able to monitor Americans' cell phone calls and texts, including those made by people such as President-elect Donald Trump and Vice President-elect J.D. Vance.
Microsoft's cybersecurity team discovered the hack this summer, and government officials are still working to find out what China could obtain.
The FBI and other government investigators at first thought the Salt Typhoon hackers were using stolen passwords focusing mainly on a system tapping conversations and texts under court orders.
That system is administered by several of the nation's telecommunications companies, including Verizon, AT&T, and T-Mobile.
However, the investigators have found in recent days that the Chinese hackers were also able to exploit the seams in the networks that connect telecommunications systems, as well as aging equipment.
Warner, a former telecommunications executive, said that it can't be concluded that the hackers are now blocked from the nation's systems or whether investigators know how deep the breach reached.
Chinese hackers have been a concern for two decades, but their recent activity has taken the problem to new levels, Warner said.
In the past, the worry was more for the theft of intellectual property like chip designs and blueprints for military equipment. During the administrations of Presidents George W. Bush and Barack Obama, China turned to intrusions into U.S. government officials' information, including stealing security clearance files involving more than 22 million Americans.
"This is far and away the most serious telecom hack in our history," Warner said. "This makes Colonial Pipeline and SolarWinds look like small potatoes," he added, referring to Russia's intrusions into U.S. security.
Late in Trump's first term, Russian hackers put code into products from SolarWinds, the company that provided software for the federal government and several of the largest companies in the United States.
During the first year of President Joe Biden's administration, Russian-backed hackers were able to get into the network of Colonial Pipeline, a major gas and fuel distributor, and disrupt the supply of gasoline.
But with the Salt Typhoon hackers, "every major provider has been broken into," said Warner.
The hackers couldn't listen to conversations on encrypted applications like WhatsApp or Signal or read encrypted messages such as those sent from one iPhone to another through Apple's systems.
However, they could read text messages sent between iPhone and Android phones, or listen to phone calls over telephone networks.
Investigators concluded that the Chinese were after conversations of national security officials, and a senior investigation officer said that one of the several groups involved could have focused on Trump and Vance.
"It wasn't like the equivalent of a tap on your phone for a constant, 24/7 time," but instead, the hackers could eavesdrop for specific periods, Warner said.
He added that investigators must be allowed to continue their work to learn the extent of the hacking, and that the public must understand that the Chinese were targeting far more than just Washington targets.