Cyber Week in Review: February 1, 2019

Here is a quick round-up of this week’s technology headlines and related stories you may have missed: 

DarkMatter in the Middle East. For years, the UAE has spied on foreign diplomats, human rights advocates, and journalists, per two Reuters reports. The two bombshell reports show how the UAE routinely targets U.S. persons while simultaneously hiring Americans to provide expertise on offensive cyber operations. Concerns about the UAE’s ambitious and wide-ranging cyber operations have been circulating ever since an exposé from The Intercept detailed UAE cyber-intelligence contractor DarkMatter’s initiative to “[build] stealth malware implants to track, locate, and hack basically any person at any time in the UAE.” Reuters revealed this week that DarkMatter has for years managed a team of ex-NSA operatives dubbed “Project Raven” to provide “surveillance techniques taught by the NSA [that] were central to the UAE’s efforts to monitor opponents.” A number of high-profile individuals have been targets of surveillance; one particularly potent iPhone hack named “Karma” was acquired from an unknown, external vendor and used to monitor Oman’s Minister of Foreign Affairs, Turkey’s former deputy prime minister, and 2011 Nobel Peace laureate Tawakkol Karman among others.

Big Cyber, Bigger Threats.  Director of National Intelligence Dan Coats presented the 2019 Worldwide Threat Assessment report to the Senate Select Committee on Intelligence this Tuesday, which lists cyberattacks and “online influence operations and election interference” as top risks facing the United States in the year ahead. According to the report, China and Russia “pose the greatest espionage and cyberattack threats,” with both states possessing the ability to disrupt critical infrastructure. China in particular was singled out as “the most active strategic competitor responsible for cyber espionage” against the U.S. In line with recent tough treatment of Huawei, the United States also expressed concerns about “the potential for Chinese intelligence and security services to use Chinese information technology firms as routine and systemic espionage platforms against the United States and allies.” Online censorship, misinformation, and “deep fakes” were also mentioned as top risks, particularly campaigns conducted by Russia, China, and Iran.

Justice for Tappy. This week the United States ratcheted up its offensive against Huawei, unveiling a series of indictments against the Chinese telecom giant that put the company in further legal jeopardy.  The indictments paint a damming picture of Huawei as a sanction-skirting, industrial theft machine that rewarded employees for stealing trade secrets and lied to federal investigators about Huawei’s business with Iran. One indictment details the alleged theft of T-Mobile’s phone testing robot “Tappy,” which Huawei employees conspired to steal over the course of several years.  

Shortly after the Department of Justice released the indictments, Canada confirmed that it had received a formal extradition request for Huawei CFO Meng Wanzhou. The company’s legal struggles will likely increase the pressure on U.S. allies to bar Huawei from the networks. The European Union is reportedly considering a proposal that would effectively ban Huawei from Europe’s 5G networks. In addition, a German paper reported this week that German officials are drafting rules for tougher security standards that have the potential to limit Huawei’s involvement in the country’s 5G buildout.  

How Tehran Learned to Love Crypto: Almost a year after Venezuela raised $735M for its mysterious “Petro coin,” Iran is considering launching its own state-backed cryptocurrency. After some of its financial institutions were booted from the international SWIFT financial network last November, the country is searching for ways to evade the reach of U.S. sanctions. On Monday, the head of Iran’s Trade Promotion Organization claimed that Iran was “negotiating the use of cryptocurrency in its financial transactions with eight countries” including Switzerland, France, England, Germany, and Russia. That same day, the Central Bank of Iran lifted a longstanding ban on cryptocurrency usage in Iran, although the use of cryptocurrencies as a payment mechanism is still prohibited. On the heels of that decision, Iranian companies announced the creation of a gold-backed cryptocurrency, the “Peyman.” While it’s not quite a state-sponsored cryptocurrency, the Peyman could well be a first step toward one.

Facebook’s High Court. After a number of content-related missteps in recent years including exacerbating the ethnic tensions in Myanmar and playing a role in U.S.-elections interference, Facebook has a long way to go to restore user trust and re-establish credibility. This week, the platform released a preliminary draft charter of its plan to build an “Oversight Board” to moderate content on its platform, emphasizing values such as transparency, consistency, and independence. Like the U.S. Supreme Court, Facebook’s Oversight Board would take case referrals from user appeals and Facebook itself, but it would have the authority to decide whether or not to take a case. The draft also states in a provision reminiscent of the amicus curiae process that the Board may accept arguments and materials from “Facebook users and pertinent stakeholders.” Since the proposal is still a draft at this point, Facebook will hold regional workshops internationally over the next six months to seek expert input on its proposal.