When the most powerful trade delegation in modern history touched down in Beijing, its members had done something almost unthinkable in the 21st century — they had voluntarily gone dark. No iPhones. No MacBooks. No personal tablets. What drove the United States to operate like it was 1975 in the middle of a 2026 diplomatic summit? The answer is a decades-long cyber war that has already cost America more than any bullet ever fired.
When Air Force One touched down in Beijing on May 14, 2026, the scene was one of extraordinary diplomatic theatre — red carpets, military honors, hundreds of young flag-wavers and the assembled might of American corporate power standing alongside the President of the United States. Tim Cook of Apple, Jensen Huang of Nvidia, Elon Musk of Tesla, Larry Fink of BlackRock, David Solomon of Goldman Sachs — a constellation of men whose combined companies represent trillions of dollars of the global economy, all gathered in one place for what the White House billed as the most consequential economic summit in a generation. But behind the pomp, behind the handshakes and the carefully worded communiqués, something deeply unusual was happening. These men, and the hundreds of aides, Secret Service agents, White House staff and press poolers who accompanied them, had done something almost unthinkable in the digital age. They had left their phones behind.
Not misplaced them. Not left them in the hotel. They had deliberately, on the instruction of American security officials, carried stripped-down "clean" devices — temporary burner phones and wiped laptops issued specifically for the trip — rather than their personal electronics, which remained back in the United States. And when the trip concluded and the delegation boarded Air Force One to fly home, even the pins, credentials and accreditation cards handed out by Chinese officials were collected and thrown into a bin at the bottom of the boarding stairs. Nothing that had touched China was permitted to touch the presidential aircraft. A White House press pooler captured the moment in a social media post that went viral: "American staff took everything Chinese officials handed out — credentials, burner phones from WH staff, pins for delegation — collected them before we got on AF1 and threw them in a bin at the bottom of the stairs."
To understand why the most powerful government on earth was treating disposable lanyards like radioactive waste, you have to understand the scale, sophistication and sheer audacity of Chinese state-sponsored cyber espionage — an operation that, by any honest reckoning, represents one of the most consequential intelligence offensives in human history.
The starting point is a phrase that Bill Gage, a former Secret Service special agent and now director of executive protection at Safehaven Security Group, used when speaking to Fox News ahead of the summit: "There are no safe electronic communications in China." That is not hyperbole from a nervous security consultant. It is an operational conclusion drawn from years of watching China transform its cyber capabilities from clumsy opportunism into something resembling a precision instrument of state power. Gage added that briefings for American officials begin well before the president arrives, and that these briefings make clear that "everything is monitored." Everything. The hotel room. The conference hall. The charging port in the lobby. The Wi-Fi network that appears helpfully on your phone's list of available connections. Every single one of these is treated, in the risk calculus of American intelligence, as potentially hostile infrastructure.
Theresa Payton, who served as White House Chief Information Officer and is one of the most respected voices in American cybersecurity, reinforced this when she told Fox News: "We always tell people to assume everything you say and do, both in person and digitally, could be monitored, and to act accordingly." The officials traveling with Trump were issued temporary devices with known "golden images" — essentially a documented, clean baseline of the device's software state — so that security teams could compare the device before and after the trip to detect any tampering or intrusion. It is the digital equivalent of memorizing the position of every object in your hotel room to check if anyone has searched it while you were out.
The cyber threats that drove these extraordinary precautions are not abstract or theoretical. They have names, histories, victims and body counts measured in stolen terabytes. The most alarming of them is a group operating under the codename Salt Typhoon — a designation assigned by Microsoft and adopted by the US government to describe a Chinese state-sponsored hacking collective believed to be operated directly by the Ministry of State Security, China's foreign intelligence and secret police apparatus. Salt Typhoon is not a group of rogue hackers operating in some damp basement. It is a sophisticated, well-funded, strategically directed arm of a nation-state with a clear 100-year horizon, as former NSA analyst Terry Dunlap has described it.
What Salt Typhoon achieved is extraordinary, and the full scale of it is still being understood. In 2024, cybersecurity experts at CISA uncovered a highly sophisticated espionage campaign that had infiltrated virtually all critical telecommunications infrastructure in the United States. Among the most alarming aspects of the attack was that Salt Typhoon managed to compromise the lawful wiretapping systems used by intelligence and law enforcement — the very systems designed to facilitate government investigations into criminals and foreign agents. By seizing control of those systems, Salt Typhoon effectively turned America's own surveillance architecture against it, gaining access to the metadata and private communications of high-ranking officials. The hackers had reportedly been present inside these networks since at least 2021, operating undetected for years before the breach came to light.
Salt Typhoon accessed the computer systems of nine major US telecommunications companies, including Verizon, AT&T, T-Mobile, Spectrum, Lumen, Consolidated Communications and Windstream. These are not small or obscure providers. They are the backbone of American communications, the pipes through which hundreds of millions of phone calls, text messages and internet connections travel every single day. The FBI notified at least 600 organizations that Salt Typhoon had shown interest in their systems, and the campaign had reached across more than 80 countries. Senator Richard Blumenthal, speaking after a classified Senate briefing on the attacks, was uncharacteristically blunt: "The extent and depth and breadth of Chinese hacking is absolutely mind-boggling — that we would permit as much as has happened in just the last year is terrifying."
Among the targets of Salt Typhoon's surveillance were the phone conversations of key American officials, including President Donald Trump himself and Vice President JD Vance. The irony is almost too thick: the man who arrived in Beijing under digital lockdown had already had his own communications compromised by the very intelligence apparatus of the country he was visiting. The hackers had reportedly targeted the systems used for court-approved wiretaps — the oversight mechanism at the heart of American law enforcement — and by gaining access there, they could theoretically monitor anyone who was being legally surveilled, as well as use that access as a springboard into wider government networks.
A joint advisory released in September 2025 concluded that Salt Typhoon, along with related clusters, had been active since at least 2021. That means these intrusions were running silently for years across the Obama and first Trump administrations, surviving the transition of power, surviving countless security reviews, until the sheer scale of the compromise could no longer be ignored. Salt Typhoon also managed to exploit systemic vulnerabilities that may force the US to rethink its lawful intercept systems from the ground up — platforms that often exist as patchwork systems cobbled together from legacy hardware, compliance add-ons, and third-party tools, creating a fragmented and inconsistently secured environment. In plain language, the architecture built to keep America safe had itself become a liability, and Salt Typhoon had found the gaps long before anyone in Washington noticed they existed.
But Salt Typhoon, devastating as it is, represents only one dimension of the threat. A second major operation — Volt Typhoon — is different in character and in some ways even more alarming. If Salt Typhoon is about stealing intelligence — reading emails, listening to calls, exfiltrating the contents of compromised systems — then Volt Typhoon is about something more sinister: pre-positioning. CISA, the NSA and the FBI have assessed that Volt Typhoon actors are seeking to embed themselves inside US critical infrastructure networks specifically to enable disruptive or destructive cyberattacks in the event of a major crisis or conflict with the United States. These are not intelligence collectors. They are saboteurs-in-waiting.
Volt Typhoon actors have been observed maintaining access and footholds within some victim IT environments for at least five years, silently present in the networks that control water utilities, power grids, ports and communications systems, not stealing anything yet, simply waiting. Waiting for what? The most obvious answer is a conflict over Taiwan. The logic is coldly rational: if war breaks out across the Taiwan Strait, China would want to degrade America's ability to mobilize its military, and disrupting power grids, water systems and communications infrastructure on the US mainland would do exactly that. US officials, together with Five Eyes intelligence partners, described in early 2024 how Volt Typhoon had been pre-positioning themselves on US critical infrastructure networks — a pattern of behaviour entirely inconsistent with traditional espionage and instead consistent with preparing to launch destructive attacks.
Understanding this context makes the decision to operate under digital lockdown in Beijing not just prudent, but arguably the minimum reasonable precaution. The delegation was not visiting a neutral country with ordinary commercial interests in corporate espionage. They were entering a country whose intelligence services had already demonstrated the capacity and willingness to compromise the President's own phone calls, infiltrate the nation's telecommunications backbone, and embed hidden access points inside critical infrastructure awaiting a future moment of crisis. In that context, carrying your personal iPhone through Chinese customs is not a privacy risk. It is handing a fully loaded weapon to your most sophisticated adversary.
The threats faced by the delegation were not limited to sophisticated state-level operations conducted by thousands of analysts. Some of the risks were almost embarrassingly low-tech in comparison, and all the more dangerous for their ordinariness. The US government warned delegates against using unknown charging stations or USB cables, due to risks of "juice jacking" — a technique where malicious hardware installed in a charging port can steal data or install malware on a connected device. The term sounds almost comic. The reality is not. A juice jacking attack exploits the fact that the same USB port that charges your phone also creates a data connection. A compromised charging station — one that has been physically modified to include a hidden computer — can silently connect to your phone the moment you plug in, extracting files, installing surveillance software, or mirroring your screen to capture passwords as you type them. You experience nothing except your phone charging. The attack happens in the background, invisibly, over the course of a single charge.
In April 2023, the FBI's Denver office issued a formal warning about juice jacking, urging travelers to avoid free charging stations in airports, hotels and shopping centers, and to carry their own chargers and use electrical outlets instead. Five days later, the Federal Communications Commission issued the same warning. These were not abstract advisories issued for legal protection. They reflected a documented, growing concern that public charging infrastructure had become an attack surface, one especially attractive in the context of a high-stakes diplomatic visit where the identities and schedules of everyone in the delegation were publicly known. Even charging a phone was treated as a cybersecurity threat during the China trip, with the delegation restricted to only verified government chargers and power banks.
Then there is the broader architecture of Chinese digital surveillance that surrounds any visitor to the country, regardless of their precautions. China's strict digital laws enforce deep state control over cyberspace and information flow, mandating intense surveillance and severe penalties for non-compliance or unapproved online speech. Every Wi-Fi network in China is potentially monitored. Every hotel room is considered a possible listening post. Every app on a Chinese device communicates with servers under the jurisdiction of a government that has passed national security laws requiring domestic companies to cooperate with state intelligence demands. When you connect to a Wi-Fi network in a Beijing hotel, you are not simply accessing the internet. You are connecting to an infrastructure whose operators are legally compelled to facilitate government surveillance.
The precautions created a surprisingly analog environment for a modern presidential delegation. Paper documents became more common, digital access was restricted, and aides accustomed to constant communication had to operate through tightly controlled channels. In a world where a senior executive instinctively reaches for their phone to answer any question, confirm any detail or join any call, the forced analog existence must have been genuinely disorienting. But the alternative — carrying personal devices into what US officials openly describe as one of the most aggressive cyber environments in the world — was not a serious option.
The history of what happens when American officials and executives fail to take these precautions is not hypothetical. In 2015, Chinese hackers broke into the Office of Personnel Management, stealing the sensitive personnel records of approximately 21.5 million current, former and prospective federal employees — including security clearance files containing fingerprints, background investigation details, foreign contacts and psychological evaluations. It was, at the time, described as among the most damaging intelligence breaches in US history. The stolen data gave Chinese intelligence a comprehensive map of the American national security apparatus — who had clearances, what their vulnerabilities might be, what information they might be susceptible to pressure over. The OPM hack was not a moment of opportunism. It was a systematic, patient, long-term intelligence collection operation of breathtaking scope.
The US Ambassador to China at the time of the Snowden revelations, former Senator Max Baucus, observed that the Snowden leaks dramatically changed Chinese policy towards the internet, its own people, the United States, and the world with respect to cybersecurity. China watched the exposure of American surveillance capabilities with the attention of a student taking notes, absorbed the lessons about what was technically possible, and began building its own version — not for counterterrorism or criminal investigations, but for strategic intelligence collection, intellectual property theft and, increasingly, the pre-positioning of destructive capabilities. Many Sinologists believe the Snowden revelations helped precipitate the Made in China 2025 strategy, published two years after his leaks, which set out an extraordinary level of ambition for Chinese technological self-sufficiency and dominance.
The scale of China's cyber ambitions is now a matter of documented record rather than intelligence speculation. The US Intelligence Community assesses China to be "the most active and persistent cyber threat" to US institutions, and the Office of the National Cyber Director has highlighted Beijing's ambitions "to hold at risk US and allied critical infrastructure, shape US decision-making in a time of crisis, and use cyber capabilities to augment PRC geopolitical objectives." That phrase — "hold at risk" — deserves particular attention. It is the language of deterrence and coercion. China is not simply trying to steal secrets or monitor communications. It is building the capacity to threaten the basic functioning of American society as a tool of geopolitical leverage. Every power grid access point, every water utility infiltration, every telecommunications backdoor represents a potential bargaining chip in a future crisis — an unspoken threat hovering over any negotiation between Washington and Beijing.
A 37-page joint cybersecurity advisory issued in August 2025, coordinated by the NSA, CISA, FBI and numerous other agencies, concluded that PRC state-sponsored cyber threat actors are targeting networks globally across telecommunications, government, transportation, lodging and military infrastructure. The advisory is not a warning about future risks. It is a documentation of current reality — a landscape in which Chinese state-sponsored hackers are already present, already active, already embedded in networks across dozens of countries, operating with a patience and sophistication that reflects years of institutional investment and strategic direction.
There is a particular irony in the presence of Jensen Huang of Nvidia in the Trump delegation. Huang's company is at the epicentre of the US-China technology war — its AI chips are the subject of sweeping export controls designed to prevent China from acquiring the computational power needed to develop advanced artificial intelligence and military applications. The Trump administration has maintained strict limits on the sale of H200 AI chips to China, citing potential military applications and requiring rigorous third-party verification before any shipments can take place. Nvidia has been pressing the White House to reconsider these restrictions, arguing that prolonged controls could incentivise China to accelerate its own domestic innovation while depriving American firms of a major market. The paradox is striking: the very technology that American officials fear China might use to enhance its cyber capabilities is simultaneously a commercial prize that American companies cannot afford to simply surrender.
Shortly after Trump met Xi on Thursday, Reuters reported that Washington had cleared sales of Nvidia's H200 AI chips to several major Chinese technology firms — a significant concession that reflected the broader deal-making atmosphere of the summit. China's stranglehold on critical and rare earth minerals was a key factor in Beijing's retaliation against US tariffs in 2025, with Beijing curbing some exports before a trade truce came into effect — another reminder that the contest between the two powers encompasses not just cyber operations and trade policy but the physical materials that underpin the entire technology supply chain. Rare earth elements, essential for semiconductors, electric vehicles and advanced weapons systems, are overwhelmingly produced in China, a dependency that American strategists have spent years trying to reduce without success.
The delegation's digital lockdown was therefore not merely a precaution against Chinese hackers. It was a physical expression of a much larger truth: that the United States and China are engaged in a competition for technological supremacy that has no obvious endpoint and no established rules of engagement. The phone left behind in America is a symbol of a contest being fought on every front simultaneously — in chip foundries, in university research labs, in the legislation of trading partners, in submarine cables on the ocean floor, and in the invisible electromagnetic spectrum that carries every phone call, every email, every classified briefing between the two most powerful nations on earth.
The security agencies were concerned that Chinese intelligence services might have installed sophisticated malware or tracking software on devices during the delegation's stay in Beijing. To mitigate this risk, many items were either thrown into trash cans or physically destroyed to ensure that no data could be retrieved or used to infiltrate US networks upon return. There is something almost medieval about the image — diplomats of the most technologically advanced country in history destroying their own equipment at the foot of the President's aircraft, like burning possessions to prevent the spread of plague. But the metaphor is not entirely inapt. In the language of cybersecurity, malware is indeed something that spreads, that hides, that lies dormant until a moment of exploitation, and that can travel from an infected device into every network it subsequently touches.
The Chinese government has, unsurprisingly, rejected all of this. Chinese Embassy spokesperson Liu Pengyu told Fox News: "The Chinese government places a high priority on protecting data privacy and security in accordance with the law. It has never required — and will never require — enterprises or individuals to collect or store data in violation of the law." This denial is entirely predictable and almost certainly meaningless. Every major intelligence agency in the Western world, and the documented technical evidence of Salt Typhoon, Volt Typhoon, Flax Typhoon and the OPM breach, points to a sustained, state-directed campaign of cyber espionage that has been running for decades. The denials are not intended to be believed. They are intended to provide a formal diplomatic position that allows commerce and dialogue to continue despite what both sides know to be true.
What makes this moment particularly significant is not just the precautions taken, but what they reveal about the trajectory of US-China relations. The digital lockdown was not imposed by a hostile adversary or requested by a suspicious host. It was self-imposed by the American side, a unilateral act of defensive security that treats the territory of a major trading partner and summit host as inherently hostile ground. That is an extraordinary statement about the state of trust between the two countries, and it sits uneasily alongside the diplomatic warmth on display at the Great Hall of the People. Xi Jinping and Donald Trump smiled for the cameras. Their intelligence services were simultaneously engaged in a conflict with no ceasefire in sight.
The broader lesson of Trump's digital lockdown in Beijing is not really about phones or charging cables or clean devices. It is about the nature of power in the 21st century, and the realisation — still being absorbed in Washington, Brussels and capitals across the world — that the most consequential battles are now fought in network packets and kernel exploits rather than on battlefields. China's ambitions to "hold at risk US and allied critical infrastructure" and "shape US decision-making in a time of crisis" represent a new kind of strategic threat for which democracies are still developing an adequate response. The answer cannot simply be to go analog every time a diplomat travels abroad. It requires rethinking the entire architecture of digital security, rebuilding compromised systems from the ground up, and accepting that in a world where Salt Typhoon can silently occupy a telecommunications network for three years before anyone notices, the comfortable assumption that security can be bolted on as an afterthought is no longer tenable.
The bin at the bottom of the Air Force One stairs — full of Chinese pins, lanyards and burner phones — is more than a security protocol. It is a monument to how far the digital cold war has already progressed, and a reminder that when the most powerful man in the world travels to meet his most formidable rival, he arrives, in the most important sense, unarmed.
Sources: Fox News | CISA Advisory on Volt Typhoon | New Lines Institute: Salt Typhoon | Congress.gov: Salt Typhoon & Federal Response | RUSI: Typhoons in Cyberspace | BusinessToday: Digital Lockdown
0 Comments