Cyber Week in Review: January 8, 2021

Experts Assessing Cybersecurity Fallout After Raid on Capitol

The rioters that raided the U.S. Capitol building on Wednesday, breaking windows and doors, ransacking offices, and damaging statues, also stole electronics, including at least one laptop from Senator Jeff Merkley’s (D-OR) office. They also stole a laptop from Representative Nancy Pelosi’s (D-CA) office and were able to view the email inbox of one of her staffers. Though none of the devices that the rioters are believed to have accessed contain classified material, other sensitive information from emails and unencrypted files could have been compromised. "This is probably going to take several days to flesh out exactly what happened, what was stolen, what wasn't," said acting U.S. attorney for the District of Columbia Michael Sherwin. “It could have potential national security equities. If there was damage, we don't know the extent of that yet.”

Trump Bans U.S. Transactions on Eight Additional Chinese Apps

On Tuesday, President Trump signed an executive order banning U.S. transactions on eight additional Chinese software applications, including the Alipay payment platform. A senior Trump administration official said in a briefing that the order was intended to prevent the personal data of Americans from falling into the hands of the Chinese government and fueling its “mass tool for global oppression.” Despite the forty-five-day timeline for the order taking effect, the U.S. Department of Commerce plans to identify specific prohibited transactions before President-Elect Biden’s inauguration on January 20. Chinese Foreign Ministry Spokesperson Hua Chunying responded to the ban by calling the U.S. government “hypocritical and ridiculous,” while U.S. Secretary of Commerce Wilbur Ross endorsed President Trump’s “commitment to protecting the privacy and security of Americans from threats posed by the Chinese Communist Party.”

Anne Neuberger Tapped for New NSC Cybersecurity Role

On Wednesday, Politico reported the Anne Neuberger, director of cybersecurity at the National Security Agency, will be named deputy national security advisor for cybersecurity on President-Elect Biden’s National Security Council (NSC). Neuberger’s hiring is another sign that the incoming Biden administration plans to elevate cybersecurity as a major national security priority after President Trump eliminated the cybersecurity coordinator position on the NSC in 2018. Among her first responsibilities is likely to be coordinating the federal response to the SolarWinds hack, which is still under investigation. One congressional staffer remarked that Neuberger’s experience is “needed now more than ever at the highest levels of government, especially in light of recent events and the shifting cyber threat landscape.” 

U.S. Extradition Attempt for Assange Fails

On Monday, a British judge denied a U.S. extradition request for WikiLeaks founder, Julian Assange, due to concerns over his mental health. Assange, who has been indicted on seventeen espionage charges and one charge of computer misuse over WikiLeaks' publication of secret military and diplomatic documents, has been held in a London prison since the Ecuadorean embassy revoked his political asylum in 2019. The U.S. Department of Justice plans to appeal the ruling. If extradited, Assange faces up to 175 years in prison. 

After the ruling was released, the Mexican government announced that it was prepared to offer Assange political asylum. Mexican President Andres Manuel Lopez Obrador said Assange “deserves a second chance,” granted he does not interfere in the political issues of any country.

Singapore Reverses Course on Contact Tracing Data

Singaporean officials revealed on Monday that data from Singapore's COVID-19 contact tracing program, TraceTogether, can be used to assist with criminal investigations, contradicting previous assurances that the data would only be used for contact tracing. The program uses Bluetooth signals from smartphones and wearable tokens to determine who individuals that have tested positive for COVID-19 have been in contact with. To encourage enrollment, the Singaporean government repeatedly stressed that the data would "never be accessed unless the user tests positive" and would only be accessible to a small number of contact tracers. Nearly 80 percent of Singaporeans have adopted the TraceTogether contact tracing app and wearable token to date. Digital Rights Watch expressed concern about the Singaporean government’s decision, saying it was the “worst case scenario that privacy advocates have warned about since the start of the pandemic” and will “erode public trust in future health responses and therefore impede their efficacy.”