Cyber Week in Review: April 20, 2018
Here is a quick round-up of this week’s technology headlines and related stories you may have missed:
1. Banned! Following a lengthy legal battle, a Moscow court gave Roskomnadzor, the country's internet regulator, the green light to block access to Telegram, a messenger app with over fifteen million users in Russia. Under a 2016 counter-terrorism law, Telegram is required to maintain the ability to decrypt messages for law enforcement purposes but the company has refused to comply. On Monday, Roskomnadzor ordered Russian internet service providers to block IP addresses associated with Telegram. That prompted the app developers to move to new and unblocked IP addresses, triggering a game of whack-a-mole. By Tuesday, Roskomnadzor had ordered the blocking of over 19 million IP addresses, including those associated with Amazon Web Services and Google Cloud Services that host Russian websites and services. The collateral damage was such that small business leaders began pleading with the Russian Attorney General’s Office to reign Roskomnadzor in, and Vladimir Putin's advisor on internet issues suggested the regulator apologize. Roskomnadzor has also ordered Google and Apple to remove Telegram from their respective app stores, though no word yet on whether they have complied. Short of deploying a Chinese-style great firewall, Russia's attempts at blocking the app are unlikely to be successful, especially given its popularity with the elite.
2. Tech embargo. The U.S. Department of Commerce banned U.S. companies from supplying parts and software to the Chinese telecommunications giant ZTE, dealing a huge blow to the Chinese company that sources roughly twenty five percent of its phone components from the United States. ZTE pled guilty last year to ignoring sanctions by supplying U.S. technologies to Iran and agreed to pay $890 million in fines and dismiss and reprimand a number of senior employees. Evidently, the company failed to abide by the settlement, leading the Department of Commerce to take drastic action. However, the larger context of a brewing U.S.-China tech war cannot be ignored. In China, commentators have accused the United States of launching a ‘chip war’ on China, and state-media has vowed that the country will end its dependence on foreign components and hardware.
3. It was a bug, not a feature. Google updated the network architecture of its app engine to prohibit a technique called domain fronting. Domain fronting allows developers to build apps that use Google's App Engine to forward connections to their service. That makes it harder for regimes looking to block specific apps from doing so without banning all of Google, and domain fronting became popular with Signal, TOR, and other apps used to bypass censorship. In explaining the change, Google claimed that domain fronting was only allowed by coincidence and something it had been planning to change for a while. Edward Snowden criticized the move, calling it "the epitaph on the U.S. internet freedom agenda's grave."
4. Your routers are now my routers. The Department of Homeland Security, Federal Bureau of Investigation, and the UK National Cyber Security Center issued a joint warning about Russian efforts to compromise routers in support of their cyber operations. By compromising routers, Russian state-sponsored hackers gain the ability to monitor all traffic running through a device, posing a major cybersecurity risk. Although the United States and UK have begun calling out what they perceive as unacceptable Russian cyber behavior, the lastest alert has some observers scratching their heads. Every country that conducts cyber operations, including the United States, targets routers and other networking kit. In Wired, Andy Greenberg points out that "calling out Russia for the same sort of spying the [United States] routinely does ... only blurs the red lines that Western governments have demanded Russia and other nations respect—prohibitions like disruptive attacks on civilian infrastructure."