POSTING DAYS

Postng Days From Monday to Thursday

Feb 18, 2020

Analysis | The Cybersecurity 202: The Huawei fight is getting a Trumpy spin.

By Joseph Marks




U.S. Ambassador to Germany Richard Grenell. (Thomas Kienzle//AFP/Getty Images)
THE KEY
The Trump administration’s pressure campaign on allies to break ties with Huawei is taking a very Trumpian turn with bombastic and neck-wrenching tweets replacing private diplomatic warnings.
Trump’s Ambassador to Germany Richard Grenell tweeted out of the blue on Sunday that President Trump had called him from Air Force One “and instructed me to make clear that any nation who chooses to use an untrustworthy 5G vendor will jeopardize our ability to share Intelligence and information at the highest level.”
That marked a major reversal from just two days earlier when U.S. officials assured an audience at the Munich Security Conference the United Kingdom's decision to allow Huawei to build parts of its next-generation 5G wireless network would not affect intelligence sharing.
The tweet came as Germany, France and Canada all appear likely to follow the United Kingdom in allowing Huawei to build portions of their 5G networks. And, in typical Trump fashion, it threw allies who are mulling multibillion-dollar 5G decisions into a new phase of uncertainty, wondering whether the pronouncement represented an actual shift in policy or just presidential bluster.
U.S. officials have long warned that Huawei is too dependent on China’s Communist Party and can’t be trusted not to aid Chinese spying — especially if it has access to nations’ 5G systems, which will carry far more data than earlier generations of wireless networks. But they’ve stepped back from threats to cut off intelligence sharing as more nations sign on with Huawei.
If the United States did halt sharing intelligence with key allies — especially among the Five Eyes alliance including the United Kingdom and Canada — it would be a momentous move with dramatic national security consequences.
China punched back on Twitter, where Foreign Ministry representative Hua Chunying argued the United States could be just as great a threat to Germans' privacy as Huawei. She referred to a story leaked by NSA contractor Edward Snowden that U.S. spies listened in on Chancellor Angela Merkel’s cellphone, which caused a major rift between the nations in 2013.
The social media sniping comes as time is running out for the United States to convince allies to bar Huawei from their networks entirely. Only a handful of nations have followed the United States' lead in implementing a full ban, including Australia, New Zealand and Japan. And U.S. leaders are bringing out their biggest rhetorical guns.
House Speaker Nancy Pelosi (D-Calif.) slammed Huawei at the Munich Security Conference, saying there was bipartisan U.S. agreement about the telecom’s dangers and that nations contracting with Huawei for 5G are choosing “autocracy over democracy.”
“It is about putting the state police in the pocket of every consumer in these countries,” she said.
That drew swift pushback from Chinese state media. Here’s China Daily E.U. Bureau Chief Chen Weihua:
Secretary of State Mike Pompeo also described Huawei and other Chinese tech firms as “Trojan horses for Chinese intelligence," and Defense Secretary Mark Esper warned “reliance on Chinese 5G vendorscould render our partners’ critical systems vulnerable to disruption, manipulation and espionage.”
But Europeans are starting to push back. Former Estonian president Toomas Hendrik Ilves challenged Esper during the conference, asking whether the United States would put its money where its mouth is by subsidizing Huawei’s 5G competitors Nokia and Ericsson. Those European companies’ 5G services are much more expensive than those from Huawei, which is helped by Chinese state subsidies.
“Many of us in Europe agree that there are significant dangers with Huawei, and the U.S. for at least a year has been telling us, do not use Huawei. Are you offering an alternative?” he asked, as reported by NPR.
German lawmaker Alexander Lambsdorff also complained on Twitter the United States is spending more time complaining about Huawei than suggesting viable alternatives.
The verbal assaults come as U.S. officials are also exploring less drastic measures to weaken Huawei, including imposing new hurdles before Chinese companies can use U.S. components for computer chips, the Wall Street Journal’s Asa Fitch and Bob Davis report.
They’re also mulling expanding restrictions on U.S. companies shipping components to Huawei from their overseas facilities, as my colleagues Ellen Nakashima, Jeanne Whalen and David J. Lynch report. The government placed Huawei on a trade blacklist last year that barred such shipments if a product contains at least 25 percent U.S. parts. But officials are now considering reducing that limit to 10 percent U.S. parts – a move the Pentagon previously opposed because officials feared it would make U.S. companies less competitive.
Sen. Rick Scott (R-Fla.) also introduced legislation that would mandate the new limit.
You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.
Not a regular subscriber?

PINGED, PATCHED, PWNED


Iowa Democratic Party Chairman Troy Price speaks to members of the media on Feb. 10 in Des Moines. (Charlie Neibergall/AP)
PINGED: The Iowa caucus night debacle when an app malfunction delayed the vote-counting by days was the result of years of mismanagement and inattention to technology and cybersecurity, my colleague Isaac Stanley-Becker reports. Based on internal documents and interviews with 54 people, Isaac paints a portrait of miscommunication between the state party and national Democrats, compounded by poor planning, that left significant concerns about election security unaddressed as the caucuses approached.
Among the problems: A contracting request for technology products didn't go out until May 2019 — less than a year before the caucuses. Plans for a virtual caucus using secure teleconference lines, which Iowa Democrats say the DNC initially approved, were scrapped in August, leaving the party scrambling for an alternative.
And once Democrats settled on buying a vote-tallying app from Shadow Inc., launched by veterans of Hillary Clinton’s 2016 campaign, it was never clear whose responsibility it was to vet security for it. The DNC initially took a greater role in vetting the app and paid for a security audit of the software but later expressed concerns about its use, DNC officials said. It's not clear if the party recommended not using it, though.
Those problems were amplified by Insufficient resources to test how the app would work on caucus night, Isaac found. While Nevada conducted a dry run of two similar apps, nothing similar took place in Iowa. Even a week after the caucuses, recently departed Iowa Democratic Party Chairman Troy Price was unable to answer how many precinct chairs had downloaded the app or when training had begun, Isaac reports.

Coffee mugs with the agency logo at the CIA gift shop in McLean, Va. (Bill O'Leary/The Washington Post)
PINGED: The CIA was

 far more aware then previously known about a wave of violence backed by military dictatorships across South America in the 1970s a result of secret access to encrypted communications systems those governments used, my colleague Greg Miller and documentary filmmaker Peter F. Mueller report
The CIA’s secret knowledge about the military crackdowns dubbed Operation Condor highlights a key ethical question of intelligence work: When is it worth burning the secret sources and methods of intelligence to prevent atrocities and other mass violence? It’s also likely to raise concerns among contemporary cybersecurity and privacy advocates as the Justice Department pushes for greater access to encryption systems used by U.S. companies.
The story follows Greg’s blockbuster report last week with the German public broadcaster ZDF that the Swiss company Crypto AG — which governments around the world relied on for decades to keep their communications confidential — was secretly owned by the CIA, which was capable of spying on many of those conversations.
“The U.S. spy agency was, in effect, supplying rigged communications gear to some of South America’s most brutal regimes and, as a result, in a unique position to know the extent of their atrocities,” Greg and Peter write. But “what the documents don’t show is any substantial effort by U.S. spy agencies, or senior officials privy to the intelligence, to expose or stop human rights violations unfolding in their view.”
Those dilemmas also spread far beyond South America. “The list of countries targeted in the Crypto operation suggests that U.S. spies would have had extensive insight into turbulent developments across multiple continents and decades — massacres in Indonesia, abuses under apartheid in South Africa and violent crackdowns against dissidents waged by Hosni Mubarak in Egypt after the 1981 assassination of Anwar Sadat,” Greg and Peter report.

An Israeli soldier stands guard. (Ariel Schalit/AP)
PWNED: The Israeli military exposed a scheme by the Palestinian militant group Hamas to hack into soldiers' phones by posing as attractive women on social media and convincing the interested soldiers to download malware, Josef Federman at the Associated Press reports. The hackers infiltrated the phones of dozens of soldiers but didn’t steal any important information, an Israeli military spokesman said. 
The Hamas operatives targeted soldiers on apps including WhatsApp, Facebook, Instagram and Telegram. Once they built a relationship, they urged soldiers to download a malware program disguised as a Snapchat-like app. This was the third time Hamas hackers attempted such an operation and  by far the most sophisticated effort, Israeli officials said.
Soldiers alerted Israeli army officials to the suspicious messages and the army linked the malware to Hamas servers. There was no immediate comment from Hamas to the AP.

PUBLIC KEY


The door is held for a women on her way in to vote on election Day. (Photo by Tom Lynn/For The Washington Post)
— Microsoft will test its ElectionGuard technology, which gives voters an encrypted code to verify that their votes were counted accurately, in Fulton, Wis., today. The pilot will happen during a primary election for the Wisconsin Supreme Court where only a few hundred people cast votes. But Microsoft is touting it as the first major test of the software, which it hopes will one day help verify election security across the nation.
The official vote count will be tallied with paper ballots printed by a machine, but the ElectionGuard system will provide an encrypted, verifiable digital tally as well.
— More cybersecurity news from the public sector:

The Pentagon, FBI, and Department of Homeland Security plan to publicly identify a North Korean hacking campaign, CyberScoop has learned.
CyberScoop

The attorney who organized Reality Winner’s clemency petition was introduced to her by another client who met the NSA whistleblower behind bars.
The Intercept

Web-services provider Micfo and founder Amir Golestan face 20 counts of wire fraud in U.S. District Court in South Carolina, a case showing how internet hackers and spammers are able to cloak their identities.
The Wall Street Journal

PRIVATE KEY

Cybersecurity news from the private sector:

Dell Technologies is nearing a deal to sell its RSA cybersecurity business to a private-equity firm for more than $2 billion, according to people familiar with the matter.
Wall Street Journal

Hacks of private email and other accounts of two Washington figures were routed through web-services provider Micfo, illustrating the difficulties of tracing and identifying cyber intruders.
The Wall Street Journal

The encryption app is putting a $50 million infusion from WhatsApp cofounder Brian Acton to good use, building out features to help it go mainstream.
Wired

Google had quietly reinstated it in January
The Verge

THE NEW WILD WEST

Cybersecurity news from abroad:

Twitter (TWTR.N) said on Saturday that an official Twitter account of the Olympics and the International Olympic Committee’s (IOC) media Twitter account had been hacked and temporarily locked.
Reuters

Malaysia’s communications minister said the country will choose partners for its rollout of 5G based on the country’s own standards and not U.S.
The Hill

Federal departments or agencies have mishandled personal information belonging to 144,000 Canadians over the past two years, according to new figures tabled in the House of Commons — and not everyone who was swept up in a privacy breach was told about it.
CBC

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Latest Post Published

From The Desk of Fernando Guzmán Cavero.

 Dear friends :  Unfortunately Some Themes, Pages and other features are not working fine in an appropriate manner with quite a few mistakes...