Hackers and the State

The Double-Edged Sword of State Power

The tools of state power are rarely questioned until they fail. When the U.S. granted law enforcement the authority to monitor communications under strict oversight, it was meant to protect public safety and maintain order. But what happens when these tools, designed for security, become weapons in the hands of foreign adversaries?

The recent breach by the Chinese state-backed group Salt Typhoon demonstrates just that. By infiltrating at least eight major U.S. telecommunications firms, including systems designed for lawful surveillance, this advanced persistent threat (APT) group flipped the script on authority. Instead of safeguarding against threats, these tools were turned inward—used to spy on politicians, key figures, and sensitive communications.

This incident is more than a cyber-espionage campaign. It’s a dramatic failure of the structures we entrust with protecting us and a stark reminder that authority without accountability can become a double-edged sword.

Lawful Surveillance and the Question of Authority

The idea of lawful surveillance rests on a simple premise: law enforcement, acting in the public’s interest, should have the ability to monitor criminal activity under clear legal and judicial oversight. This is sold as a necessary compromise, some privacy is sacrificed to ensure security. But the Salt Typhoon hack exposes how fragile this compromise is.

Concentration of Power: By centralizing surveillance capabilities in systems designed for lawful intercepts, telecommunications firms created a single point of failure. These systems weren’t just vulnerable—they became targets of strategic interest.

Blurred Lines of Authority: The same tools meant to protect citizens from harm became instruments of harm, used by foreign adversaries to surveil public officials and undermine national security.

Unintended Consequences: What was originally framed as a mechanism to fight crime and terrorism became a vulnerability that jeopardized the very authority it was meant to support.

This isn’t just about technical failures—it’s a failure of governance and imagination. Authority without safeguards isn’t just ineffective; it can actively work against its original intent.

Salt Typhoon and the Emergence of APT Diplomacy

The role of Salt Typhoon in this breach offers a stark view of the new frontier of state power. While these groups operate in the shadows, their presence shapes the geopolitical landscape in profound ways. Salt Typhoon isn’t just a collection of hackers—it’s a proxy force wielding state-backed authority in a way that sidesteps international norms and accountability.

What gives an APT group like Salt Typhoon its authority? It isn’t derived from laws or democratic mandates. Instead, it comes from three key sources:

Technical Expertise: Their ability to exploit vulnerabilities and operate undetected for years grants them an unparalleled edge in cyber-espionage.

State Backing: By operating under the aegis of the Chinese government, Salt Typhoon acts with impunity, blurring the line between independent actors and instruments of state power.

Strategic Impact: APT groups are no longer just intelligence gatherers—they are tools of influence, capable of shaping diplomacy, destabilizing adversaries, and altering power dynamics.

While espionage has always been part of international relations, APT groups bring a new dimension to the table. They operate in a gray zone, where their actions can be disavowed by the states that sponsor them, creating plausible deniability. This allows countries to pursue aggressive tactics without risking overt retaliation.

By targeting critical infrastructure like telecommunications, APTs erode trust in institutions and disrupt the stability of nation-states. Beyond stealing data, APT groups manipulate and weaponize information, reshaping narratives and public perception in subtle but powerful ways. Cyber-attacks are now central to statecraft. They’re cheaper and less risky than conventional military actions, but their impacts can be just as destabilizing.

The Double-Edged Sword of Cybersecurity

At its core, this breach forces us to confront an uncomfortable reality: the authority granted to institutions is only as strong as the systems and safeguards that underpin it. In this case, the very tools meant to enforce the law and protect democracy were used to undermine it.

Salt Typhoon’s attack reminds us that authority isn’t just about who wields it, but how it’s wielded. In an interconnected world, where power can be subverted with a single vulnerability, authority must be decentralized, transparent, and resistant to exploitation. Without these principles, we’ll continue to see the tools of state power weaponized in ways that work against the public good.

This isn’t just a wake-up call for cybersecurity, it’s a call to rethink how authority operates in the digital age. When authority is centralized and opaque, it becomes brittle. But when it’s shared, transparent, and accountable, it can adapt and thrive.