China's Salt Typhoon Engulfs the World

Show Notes

🌍 This week on Global Intelligence Weekly Wrap-Up, Neil Bisson, Director of the Global Intelligence Knowledge Network and retired CSIS Intelligence Officer, breaks down one of the most alarming cyber operations in recent years: China’s Salt Typhoon.

This sprawling breach has compromised telecom networks in more than 80 countries, raising urgent questions about espionage, infrastructure sabotage, and the future of global security. Alongside Salt Typhoon, we examine new FBI concerns, terrorism-related charges in the U.K., inter-agency friction in Washington, America’s evolving approach to criminal gangs, and troubling questions closer to home in Canada.

🎙️ With over 25 years of intelligence and law enforcement experience, Neil provides top-secret level insight and analysis into these pressing national security threats.

👉 Don’t forget to like, subscribe, and share this episode to support the show. Every week, we deliver intelligence analysis you won’t find anywhere else. To help sustain the work and expertise behind each episode, consider supporting the podcast on Buzzsprout.

This Week’s Stories & Questions:

🔎 FBI worries Trump’s surge exposes unmarked cars
Should the FBI push back harder when political decisions risk exposing covert operations?

📂 FBI searches John Bolton’s home in classified probe
What does the Bolton investigation reveal about how former officials handle classified material?

🌐 China’s Salt Typhoon cyberattack spreads across 80+ countries
Is Salt Typhoon proof that we’re already in the middle of a global cyber war?

🛡️ Salt Typhoon declared a national defense crisis
Should allies treat cyber espionage as a national defense crisis rather than a policing issue?

🇬🇧 Six charged in the U.K. for support of Palestine Action
Where should democracies draw the line between lawful protest and terrorism charges?

🕵️ Tulsi Gabbard outs undercover CIA officer
What are the long-term risks when intelligence leaders expose covert officers, even unintentionally?

💀 U.S. designates Ecuadorian gangs as terrorist organizations
Does labeling gangs as terrorist organizations improve security—or create more instability?

🍁 Canada’s Public Safety Minister under new scrutiny
Should Canada’s Public Safety Minister provide greater transparency when his name surfaces in past terrorism-related investigations?

Chapters:

00:00 – Intro
01:00 – FBI worries Trump’s surge exposes unmarked cars
04:00 – FBI searches John Bolton’s home in classified probe
07:00 – China’s Salt Typhoon cyberattack spreads across 80+ countries
11:00 – Salt Typhoon declared a national defense crisis
14:00 – Six charged in the U.K. for support of Palestine Action
16:00 – Tulsi Gabbard outs undercover CIA officer
18:00 – U.S. designates Ecuadorian gangs as terrorist organizations
20:00 – Canada’s Public Safety Minister under new scrutiny
21:00 – Outro

Transcript

2025 09 05 Global Intelligence Weekly Wrap Up

 

INTRO:

MUSIC

 

Welcome to the Global Intelligence Weekly Wrap-Up, the podcast where intelligence meets real-world events.

 

This week, Neil Bisson, Director of the Global Intelligence Knowledge Network and a retired CSIS Intelligence Officer, takes us inside one of the most alarming cyber operations uncovered in recent years: China’s Salt Typhoon.

 

This sprawling breach has compromised telecom networks in over 80 countries, raising urgent questions about espionage, infrastructure sabotage, and the future of national security in a digital age.

 

Alongside this story, Neil examines new challenges facing the FBI, terrorism-related charges in the U.K., friction at the highest levels of U.S. intelligence, America’s expanded use of terrorist designations against gangs, and fresh concerns over Canada’s Public Safety Minister.

 

Stay with us as we break down what these developments mean for global security—and why Salt Typhoon may represent a turning point in cyber warfare.

 

MUSIC

 

Hello everyone, and welcome back the Global Intelligence Weekly Wrap Up. I’m your host, Neil Bisson, the Director of the Global Intelligence Weekly Wrap Up and a retired Intelligence Officer with the Canadian Security Intelligence Service. 

 

Every week I comb through the headlines to find the national security, espionage, sabotage and terrorism stories that have an effect on your safety, livelihood and the state of the world. 

 

We’ve seen another major cyberattack from Chinese state hacking group Salt Typhoon and an increase in the number of criminal groups being designated as terrorist by the current US administration. 

 

There’s a lot to cover this week, so let’s dive in. 

 

For our first segment this week, we’re taking a close look at the FBI and new concerns coming from its own employees. 

 

In an article entitled, “FBI employees worry Trump’s Washington surge is exposing unmarked cars,” highlighting a brewing internal conflict: that the administration’s highly visible security measures may actually be compromising the Bureau’s covert operations.

According to FBI employees, President Trump’s law-enforcement surge in Washington, D.C. has drawn attention to unmarked vehicles used for surveillance and undercover work. 

 

While the FBI has denied the claims, agents warn that the visibility could jeopardize both ongoing investigations and the safety of field officers. 

 

This development underscores a key principle in intelligence and law enforcement:

 

operational security can be undermined not just by foreign adversaries, but also by domestic political decisions.

Historically, the FBI has relied on discretion and anonymity to conduct sensitive operations. 

 

Even the perception that covert vehicles are being exposed can damage trust, compromise assets, and deter future assets from cooperating. 

 

Similar risks have emerged in the past, such as during cartel investigations when undercover vehicles were identified and targeted. 

 

The broader issue here is the tension between projecting strength through visible law enforcement and protecting the invisibility required for intelligence work.

FBI leadership has pushed back, suggesting that concerns are overstated. 

 

However, critics note that these warnings are not isolated, and align with past cases where political decisions inadvertently undermined intelligence tradecraft. 

 

My own perspective is that this reflects a deeper problem: when politics drive operational visibility, the intelligence community is forced into a reactive posture rather than a protective one.

 

Asking Intelligence professionals whose focus is counterintelligence to risk exposure by taking on law enforcement roles is a recipe for disaster and demonstrates shortsightedness on the part of those individuals making this decision. 

 
This story illustrates the fragility of covert operations when exposed to public or political pressures. 

 

If unmarked vehicles are being compromised, the FBI could lose not only investigative leads but also credibility with partners and allies. 

 

Moving forward, this situation highlights the importance of balancing political messaging with the operational realities of intelligence and counterintelligence.

 

MUSIC

 

For our next segment we’ll be sticking with stories coming out of the FBI. 

 

This week, court filings unsealed in federal court revealed that the FBI executed searches of former National Security Adviser John Bolton’s home and office.

 

The investigation centers on potential mishandling or unauthorized retention of classified government materials.

During the searches, FBI agents seized electronic devices—including cell phones and computer equipment—as well as folders labeled “Trump I – IV” and a binder titled “Statements and Reflections to Allied Strikes.” 

 

The court documents cite possible violations of the Espionage Act and laws against unauthorized retention of national defense information. 

 

Although no charges have been filed, the investigation has reignited scrutiny of Bolton’s post-government handling of sensitive materials.

 

Bolton served as National Security Adviser during President Trump’s administration and later became one of his most vocal critics. 

 

In 2020, his book The Room Where It Happened drew similar legal scrutiny over classified disclosures—but that investigation was closed without charges. 

 

The recent unsealing of this probe underscores deeper concerns about how former officials manage classified archives and the potential reopening of previously dormant legal cases.

 

The seizure of documents tied to national defense raises fundamental questions about accountability and record management in post-administration contexts. 

 

Even without charges, the public nature of this investigation signals a strong message: no one is exempt from scrutiny, and opaque retention of potentially sensitive materials can expose former officials to legal jeopardy.

As this investigation proceeds, it reinforces ongoing debates about transparency, political targeting, and the legal boundaries of historical documentation. 

 

For intelligence professionals and legal watchers alike, it stands as a striking reminder: handling classified material is a responsibility with lasting consequences.

 

MUSIC

We now turn our attention to this week’s main focus, the alarming escalation in global cyber espionage: the Salt Typhoon hacking campaign. 

 

According to The New York Times, this China-linked advanced persistent threat has infiltrated networks in more than 80 countries, targeting telecom operators and siphoning massive amounts of data—possibly including details on nearly every American citizen.

 

Investigators describe Salt Typhoon as one of Beijing’s most sweeping cyber operations to date—ongoing for years and not limited to state or military systems. 

 

Its reach spans major telecommunication providers, raising the specter of untold volumes of private and sensitive communications being swept up in the operation. 

 

The U.S. and other national government’s view this as a clear signal of China’s heightened cyber capabilities and willingness to escalate in the global intelligence arena.

 

This campaign is neither isolated nor new. 

 

For years, China aggressively pushed its state-backed telecom giant Huawei as the global leader in 5G networking. 

 

Canada and its Five Eyes allies were prime targets for these sales pitches, with Beijing emphasizing cost savings and rapid deployment. 

 

But intelligence agencies across the alliance warned that embedding Chinese-made equipment deep into national communications infrastructure would give Beijing potential backdoor access to sensitive government, commercial, and personal data. 

 

The concern was not just about espionage, but about the ability to disrupt or disable networks in the event of conflict.

 

Despite these warnings, Canada hesitated longer than its closest allies. 

 

While the United States, Australia, and the United Kingdom moved early to restrict or ban Huawei from their 5G rollouts, Ottawa delayed its decision for years—fueling speculation that political and economic considerations were outweighing security concerns. 

 

In 2022, Canada finally announced it would bar Huawei and fellow Chinese firm ZTE from its 5G networks, citing national security risks. 

 

The episode underscored how close Canada came to adopting technology that could have handed China a decisive intelligence advantage—an uneasy parallel to today’s Salt Typhoon revelations.

 

 

Salt Typhoon is known to exploit vulnerabilities in network routers and ISP back-end systems, creating long-term access to call metadata and communications traffic without detection.

 

Furthermore, national cybersecurity agencies have joined in raising alarms, warning that China’s intelligence services are increasingly relying on covert cyber operations as part of their broader geopolitical strategy.

 

These revelations underscore the disquieting reality of modern cyber conflict: adversaries don't always burst through firewalls—they often quietly ride within existing network infrastructure, emerging from trusted systems. 

 

The fact that this operation has persisted for years suggests systemic vulnerabilities that go beyond individual failures. 

 

This isn't just a matter of patched routers—it's about defending the digital arteries of intelligence, commerce, and everyday life.

 

Salt Typhoon represents a new phase in strategic cyber conflict—one that blurs the line between espionage, infrastructure sabotage, and broad-spectrum surveillance. 

 

For intelligence agencies worldwide, the questions now are clear: how do we stop a digital storm that’s already inside the walls—and how do we prepare when tomorrow’s breaches are hidden behind tomorrow’s trusted connections?

 

MUSIC

 

Continuing on with this story, in a coordinated response, U.S. officials and allied nations have classified the Salt Typhoon cyber campaign as a national defense crisis—marking a significant escalation in how governments view and respond to cyber espionage.

Framing Salt Typhoon as a crisis elevates the breach from a recurring nuisance to an existential security failure. 

It signals a decisive shift toward treating cyber espionage not merely as a law-enforcement issue but as a full-spectrum national defense threat. 

 

This language unlocks new strategic—and possibly military—options for response and deterrence.

 

Salt Typhoon has already been exposed as a far-reaching operation, breaching telecom networks in over 80 countries and compromising call records of high-profile individuals and civilians alike. 

 

Now, with governments united in urgency, it underscores the campaign's impact across geopolitical and civilian domains.

This reframing speaks volumes. 

 

By declaring the campaign a defense crisis, leaders are acknowledging that digital infrastructure—and the lifeblood of global communications—must be defended with the same rigor as traditional military systems. 

 

It also hints at an operational transference: the lessons learned here may reshape future cyber doctrines, from public policy to interagency coordination.

The Salt Typhoon operation is no longer a covert or isolated threat—it’s a security crisis.

 

Intelligence agencies and global partners are being forced to adapt not only in defenses and attribution, but in doctrine, planning, and readiness. 

 

In the new cyber reality, response strategy must evolve just as swiftly as the threats itself.

 

MUSIC

We move on to the United Kingdom for our next segment where six individuals have been formally charged with terrorism offences for their alleged support of the proscribed group Palestine Action. 

 

The charges stem from organizing public demonstrations and hosting virtual meetings between July and August.

 

According to authorities, the accused arranged protests in cities including London, Manchester, and Cardiff, and participated in 13 Zoom meetings purportedly intended to encourage support for the banned group. 

 

Under U.K. law, supporting or facilitating such a group constitutes a serious terrorism offence—raising fundamental questions about the limits of lawful protest and advocacy.

Palestine Action was designated a terrorist organization under U.K. terrorism legislation in July 2025, following escalating protests and direct actions, including attacks on military infrastructure. 

 

The broader investigation reflects intensified scrutiny of how online platforms and activist networks intersect with legal thresholds for proscribed organizations.

 

This case highlights the increasingly complex legal terrain surrounding protest movements in the digital age. 

 

Virtual gatherings can now carry real-world legal consequences—forcing activists and civil liberties advocates to navigate evolving definitions of support, facilitation, and free expression under anti-terror laws.

As the U.K. legal system takes up this case, it may signal a new chapter in how protest-related activities—particularly those organized online—are policed and prosecuted. 

 

For intelligence and legal professionals, the debate continues: when does political expression cross into criminal support, and how should democracies respond?

 

MUSIC

 

With so many sweeping changes to the US intelligence and law enforcement landscape, we head back to Washington for our next story. 

 

This week brought a startling development within the U.S. intelligence leadership. 

 

National Intelligence Director Tulsi Gabbard reportedly caught CIA Director John Ratcliffe and his leadership team off-guard by disclosing the identity of an undercover CIA officer—adding fuel to already mounting tensions between the two agencies.

 

The sudden revelation has raised serious concerns over operational security and inter-agency communication. 

 

Disclosing the name of an undercover officer, even unintentionally, can place them, their families and the covert missions they work on, at risk. 

 

This breach not only undermines the trust necessary for intelligence coordination but also highlights friction at the highest levels of U.S. intelligence hierarchy.

 

This is not the first time a CIA officer’s identity has been revealed by a U.S. administration. 

 

In 2003, covert operative Valerie Plame was publicly outed in a newspaper column after her husband, former diplomat Joseph Wilson, criticized the Bush administration’s justification for the Iraq war. 

 

The disclosure ended her CIA career, compromised operations she oversaw, and triggered a political firestorm.

 

The fallout became known as the “Plame affair.” 

 

While no one was convicted for the actual leak, White House aide Scooter Libby was found guilty of lying to investigators and obstructing justice, though his sentence was later commuted and ultimately pardoned. 

 

For intelligence professionals, the case remains a cautionary example of how political disputes and carelessness with classified information can shatter lives, derail missions, and undermine national security credibility.

 

Gabbard and Ratcliffe have had a tense working relationship, further strained by broader political and policy disputes. 

 

This incident follows a series of controversies—from staff purges within the intelligence community to disagreements over messaging and trust. 

 

Against this backdrop, the disclosure amplifies existing fears about politicization and the fragility of internal safeguards.

Even in high-stakes political environments, the revealing of covert identities is seen as taboo among intelligence professionals. 

 

These missteps signals deeper challenges—not just in discipline or oversight, but in the cohesion and coordination of national security leadership.

This incident is a sobering reminder: even small cracks in protocol can open doors to larger vulnerabilities. 

 

As the DNI and CIA continue to grapple with internal strife, safeguarding covert identities and operations must remain a non-negotiable priority.

 

MUSIC

We move from outed CIA officers to criminal gangs being added to terrorist lists. 

 

In a forceful move, U.S. Secretary of State Marco Rubio has announced the formal designation of two Ecuadorian gangs—Los Lobos and Los Choneros—as foreign terrorist organizations. 

 

The announcement was made during a visit to Ecuador, signaling an escalation in America’s approach to transnational gang violence.

 

Labeling these gangs as terrorist organizations unlocks a broader toolbox for the U.S.—from asset freezes and sanctions to intelligence sharing and potential military targeting. 

 

The designation marks a shift from traditional law-enforcement tactics toward a more militarized response.

 

Los Choneros and Los Lobos have long been central actors in Ecuador’s organized crime landscape, involved in drug trafficking, extortion, and violence. 

 

This is part of a broader pattern: earlier this year, the U.S. designated multiple cartels—including Tren de Aragua, the Sinaloa Cartel, MS-13, and others—as terrorist groups, reflecting a strategic re-framing of how transnational criminal networks are addressed.

 

By equating criminal gangs to terrorist threats, the U.S. is signaling that these organizations present not just criminal, but national security challenges. 

 

This reclassification potentially reduces legal hurdles for intervention—but risks international controversy, particularly when "terrorist" labels carry political and diplomatic weight.

This move raises important questions about the long-term implications of such designations.

 

Will this crackdown deliver security dividends, or will it provoke escalation and backlash? 

 

As the U.S. reframes its war on drugs in terrorism terms, intelligence and diplomatic minds will be grappling with its broader consequences.

 

MUSIC

 

For this week’s final segment, we return to Canada where, in a surprising twist with national security implications, global news reports reveal that Canada’s current Public Safety Minister, Gary Anandasangaree, had his phone number listed in a document seized during a 2006 RCMP search—long before his political career began.

 

As many of my listeners know, I have been critical of the decision to place Gary Anandasangaree in the position of Public Safety Minister, since it was first announced. 

 

He has recused himself of Tamil Tiger investigations, a listed terrorist entity in Canada. Has previously advocated for an individual who was identified as a terrorist member of the Tamil Tigers to become a Canadian citizen, and when questioned about his advocacy, stated that he was doing it on behalf of a constituent in his riding, which is untrue. 

 

In this latest in a long line of concerns regarding the Public Safety Minister, the document in question was uncovered during an investigation into the World Tamil Movement—a mischaracterized front for Sri Lanka’s banned Tamil Tigers—and listed a roster of so-called "area coordinators," including a contact number matching that of Anandasangaree at the time.

 

While no allegations of wrongdoing are made, the appearance of his number raises still more questions about the Public Safety Minister’s associations in sensitive security context.

 

Let’s be clear, his number being identified in an investigation does not demonstrate his connection to any nefarious activity, but it does raise even more questions that need to be addressed. 

 

At the time of the seizure, Anandasangaree was a law student and not affiliated with any political office; records say he had no known involvement with the group. 

 

Critics, like me, argue that this episode underscores the importance of transparency.

 These potentially benign connections—like a name or number appearing in investigative documents—can amplify the reputational and ethical challenges when that person later oversees the national security portfolio. 

As Minister of Public Safety—tasked with steering Canada’s counterterrorism and intelligence apparatus—Anandasangaree’s situation serves as a reminder: in national security, optics are nearly as important as actions. 

 

Navigating history with transparency and responsibility isn't just good politics—it’s fundamental to trust.

 

And if this trust is to be maintained the Public Safety Minister needs to get out in front of this story and provide all the needed transparency as possible. 

 

He is the minister overseeing the RCMP who conducted this investigation. What does this say if there is not a further inquiry into Mr. Anadasangaree’s connections with Terrorist Entities like the Tamil Tigers?

 

Well, that’s going to wrap up this week’s wrap up. 

 

As always, the links to the stories discussed on this podcast are in the transcript and I highly recommend you check them out to make your own decisions on the insights and intelligence I’ve provided here today. 

 

I want to inform my listeners of an upcoming event. 

 

The Pillar Society, a group of retired and former intelligence professionals, is hosting a Speakers Series at the Shenkman Centre in Orleans / Ottawa on October 14th.  

 

The guest speaker will be Lauren C. Anderson, an internationally recognized national security expert, global strategic advisor, and former senior FBI executive with nearly three decades of leadership in intelligence, counterterrorism, and counterintelligence. 

 

Her topic of discussion will be Shifting Ground: The FBI, Canada, and the Future of the 5-Eyes Alliance. 

 

I highly recommend you get your tickets as soon as they go on sale as this show is likely to sell out early. 

 

I’ll leave a link to the Shenkman Centre website for ticket sales in the transcript.

 

Until next week, Stay curious, stay informed and stay safe. 

 

MUSIC

 

That concludes this week’s Global Intelligence Weekly Wrap-Up.

 

We’ve covered a sweeping cyber crisis in Salt Typhoon, the delicate balance of FBI operations, the risks of exposing covert officers, and troubling questions closer to home here in Canada. 

 

Each of these stories reflects the evolving threats that shape our world—and the urgent need for vigilance and informed debate.

 

A great deal of time, effort, and expertise goes into every episode of this podcast. If you find value in the analysis and insights provided here, I encourage you to support the show. 

 

Visit Buzzsprout and consider contributing—it helps keep the podcast going and ensures these important discussions continue to reach a wider audience.

 

Be sure to subscribe, share the podcast, and leave a review. 

 

Your support makes all the difference.

 

Until next time—stay curious, stay informed, and stay safe.

 

 

 

 

Links:

 

Shenkman Centre tickets: https://shenkmanarts.ca/en/events

 

Story 1: FBI employees worry Trump's Washington surge is exposing unmarked cars

Link: https://www.reuters.com/world/us/fbi-employees-worry-trumps-washington-surge-is-exposing-unmarked-cars-2025-09-04/

 

Story 2: FBI seizes devices and documents from John Bolton’s home amid classified information probe

Link: https://www.cnn.com/2025/09/04/politics/bolton-search-fbi-court-documents

 

Story 3: China’s Salt Typhoon Cyberattack Spreads Across 80+ Countries

Link: https://www.nytimes.com/2025/09/04/world/asia/china-hack-salt-typhoon.html

 

Story 4: U.S. and allies declare Salt Typhoon hack a national defense crisis

Link: https://www.forbes.com/sites/emilsayegh/2025/08/30/us-and-allies-declare-salt-typhoon-hack-a-national-defense-crisis/

 

Story 5: Six charged with terrorism offences over support for Palestine Action

Link: https://ca.news.yahoo.com/six-charged-terrorism-offences-over-220849230.html

 

Story 6: Tulsi Gabbard blindsides CIA leaders after revealing undercover officer’s identity

Link: https://www.nbcnews.com/politics/national-security/tulsi-gabbard-cia-director-john-ratcliffe-rcna223285

 

Story 7: Rubio says U.S. is designating two more gangs as foreign terrorist groups

Link: https://www.ctvnews.ca/world/article/rubio-says-us-is-designating-two-more-gangs-as-foreign-terrorist-groups/

 

Story 8: Public Safety Minister’s phone number found on document seized during 2006 terror probe

Link: https://globalnews.ca/news/11319449/public-safety-minister-gary-anandasangaree-search-rcmp-investigation/