In March 2024, the United States and its Five Eyes allies sounded the alarm over “Volt Typhoon”, an alleged Chinese hacking group cast as a dire threat to Western critical infrastructure.

Critics, including China, dismissed it as a fabricated spectre, a ploy to bolster support for the reauthorisation of Section 702 of the Foreign Intelligence Surveillance Act – a law underpinning vast US surveillance powers.

Fast forward to March 2025, and a new report from the China Cybersecurity Industry Alliance again flipped the script, exposing the US intelligence community as the true titan of global cyber operations.

Far from a defensive stance against phantom menaces, the US has been weaving an intricate web of surveillance, targeting the world’s mobile communications with ruthless precision as this new Volt Typhoon saga reveals.

Mobile surveillance machine

The CCIA report, released on 25 March, details how US intelligence agencies — led by the NSA, CIA, and FBI — have turned our mobile devices into unwitting spies.

Using sophisticated tools, they’ve infiltrated SIM cards, operating systems, Wi-Fi, Bluetooth, GPS, and mobile networks, tracking users and intercepting communications on a staggering scale. Zero-click exploits, like those exploiting Apple’s iMessage, install spyware on iPhones without a trace, silently harvesting data for months.

This isn’t limited to individual phones – the US has targeted the entire mobile ecosystem, compromising data centres, IT vendors, and telecom networks to amass personal data, credentials, and geolocation intel.

The Volt Typhoon narrative of a Chinese threat now seems a distraction from this pervasive US operation.

Spyware, Stingrays, and subterfuge

The US toolkit is as diverse as it is invasive. Commercial spyware like Pegasus, originally from Israel’s NSO Group, has been co-opted by the CIA and FBI to monitor global leaders – France, Pakistan, you name it.

The IRRITANT HORN project, run by the Five Eyes Network Tradecraft Advancement Team, hijacks mobile apps and platforms for covert data grabs. On the ground, fake base stations — Stingrays and airborne Dirtboxes — masquerade as cell towers, downgrading connections to scoop up calls and texts thousands at a time.

Meanwhile, the NSA’s Operation AuroraGold has mapped vulnerabilities in 70% of the world’s GSM/UMTS networks, laying the groundwork for future cyberattacks. This isn’t defence; it’s domination.

A legacy of control

The roots of this empire stretch back decades. The NSA’s Tailored Access Operations, now the Office of Computer Network Operations, has been infiltrating global systems since 1998.

From tapping the SEA-ME-WE 4 submarine cable to deploying Regin malware against Belgium’s Belgacom, TAO has collaborated with allies like the UK’s GCHQ to master the art of digital intrusion.

The Quantum system hijacks internet traffic via compromised routers, delivering malware to devices worldwide. Edward Snowden’s leaks and Julian Assange’s WikiLeaks dumps laid bare this machinery years ago — hacking Chinese universities, surveilling world leaders, stealing secrets — yet the CCIA report shows it’s only grown more audacious.

Billions ensnared

The scale is mind-boggling. The Simjacker attack alone compromised more than a billion users across 29 countries by exploiting SIM card flaws.

PRISM and Upstream collection tap into tech giants like Google and Apple, plus the internet’s backbone, for real-time monitoring of millions. US telecoms —AT&T, Verizon — embedded Carrier IQ software in 141 million devices, logging keystrokes and locations for the NSA and FBI.

Allies and adversaries alike fall under this gaze, from European telecoms to Iranian SIM cards. The Volt Typhoon tale warned of Chinese infiltration, but the CCIA report reveals the US as the unrivalled infiltrator, its reach dwarfing any rival.

Corporate collaborators

This isn’t a solo act. US tech and telecom giants play a starring role, whether by choice or compulsion.

AT&T and Verizon’s Carrier IQ deployments show how deeply entwined corporate America is with intelligence goals. Defense contractors and shadowy intermediaries — like those laundering Pegasus access — help evade legal scrutiny.

The CCIA report echoes China’s long-standing claim: the US leverages its tech hegemony to spy on friend and foe alike, a charge Snowden and Assange substantiated with hard evidence of hacked universities and stolen IP.

Sovereignty at stake

The fallout is seismic. The CCIA warns that this unchecked cyber-espionage erodes privacy, threatens national security, and undermines sovereignty. China’s Foreign Ministry, already sceptical of Volt Typhoon, now demands the US explain its “malicious cyber operations".

The report fuels calls for global co-operation to counter this threat, with nations urged to bolster defences against a foe wielding zero-day exploits and hardware-level attacks.

If Volt Typhoon was fearmongering to preserve Section 702, this exposé suggests the provision has long enabled the real “hacker empire”. The report documents 45 million attacks on Chinese university networks from May 2023 to July 2024.

Beyond the phantom

The Volt Typhoon saga painted China as the villain to justify the extension of US surveillance powers. This time, the CCIA report turned the investigative lights on America, revealing a proactive campaign to control global mobile communications – where backdoors are planted, data hoarded, and privacy shattered.

From Simjacker’s billion victims to Quantum’s router traps, the US has built a digital panopticon under the guise of security.

Australia’s quantum computing ties with the US, sold as a “Manhattan Project” for the digital age, take on a darker hue in this light. The international community, China argues, must demand transparency and mutual respect to tame this cyber Wild West.

If Volt Typhoon was a phantom menace, this is the real monster – and it’s been hiding in plain sight.

For related topics, Pearls and Irritations recommends:

https://johnmenadue.com/post/2024/08/the-geopolitics-of-cyber-espionage/