The Chinese-launched spy balloons recently spotted over the US had been using local, commercial service providers to phone home.
This according to a report from NBC News citing unnamed sources within the US government. According to that official, a US based ISP had been used by the balloons in order to link up with controllers based in China.
The spy balloons were spotted over parts of the midwestern and northwestern US and Canada earlier this year. It is believed the intent of the devices, which China claimed were weather balloons, was actually to gather data and imagery on US nuclear missile silos in the more remote, sparsely populated parts of the country.
It was later revealed by officials that the balloons had been recorded flying over US airspace for several years prior and, despite some calls to use surface-to-air or air-to-air missiles to down the balloons, were allowed to fall to earth on their own and then collected by US intelligence agencies for analysis.
While it had been reported the balloons had the ability to remotely transmit data back to China, the exact method and means were not made public. It now seems that the balloons were able to access local networks and link back up with servers behind the Great Firewall.
The report did not name the official or provide details on the targeted ISP, such as whether it was a large national carrier or a smaller regional service provider, though given the extensive range of the balloons and their intended surveillance targets a nationally-spanning ISP is more likely.
According to the unnamed official, efforts by US intelligence to tap into the balloons' data streams began shortly after they were first spotted flying over US airspace.
Officials are said sought an emergency order from the Foreign Intelligence Surveillance Court which would have allowed them to monitor and collect data from the devices. This, presumably, would have allowed them to force the ISP to hand over its logs and network traffic analysis as part of the investigation.
The report noted that the outcome of that request was not made public, potentially meaning such access was never actually granted.
