Cyber Week in Review: July 23, 2020

Congressional Democrats Demand FBI Briefing on Foreign Disinformation Campaign Targeting 2020 Election

Democratic leaders in the U.S. House of Representatives and Senate released a letter to FBI Director Christopher Wray on Monday requesting a “defensive counterintelligence briefing” for all members concerning foreign efforts to interfere in the 2020 presidential election. The letter [PDF], dated July 13, was signed by House Speaker Nancy Pelosi (D-CA), Senate minority leader Chuck Schumer (D-NY), as well as top Democrats on the House and Senate Intelligence Committees, Representative Adam Schiff (D-CA) and Senator Mark Warner (D-VA). While not mentioning Russia by name, the letter was clearly concerned with Moscow’s efforts to meddle in U.S. elections as it did in 2016 [PDF] and 2018. Public officials have sent mixed messages on foreign cyber efforts to influence the 2020 election. General Paul Nakasone, head of both the National Security Agency (NSA) and U.S. Cyber Command, warned on Monday that the United States was seeing a “rise in capacity” of cyber operations from adversary states. In contrast, Christopher Krebs, head of the Cybersecurity and Infrastructure Security Agency (CISA), said last Friday that CISA had not seen “coordinated” effort of foreign election interference to date.

DOJ Charges Chinese Hackers with Targeting Coronavirus Vaccine Research

On Tuesday, federal prosecutors from the Department of Justice (DOJ) unsealed an indictment against two Chinese citizens, charging them with a combination of financially motivated and espionage-driven hacking operations against hundreds of companies based in the United States and other countries, nongovernmental and human rights organizations, and, most notably, three research firms developing a coronavirus vaccine. An official DOJ press release accused Li Xiaoyu and Dong Jiazhi of being criminal hackers operating as proxies for China’s Ministry of State Security. “China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state,” said Assistant Attorney General for National Security John C. Demers. The indictment is the latest in the U.S. government’s ongoing “naming and shaming” effort to spread global awareness of Chinese cyber espionage.

Major Twitter Breach Likely the Work of “SIM Swapping” Hackers

Following last Wednesday’s massive Twitter breach, which saw numerous high-profile accounts, including those of U.S. presidential candidate Joe Biden and Amazon CEO Jeff Bezos, hijacked to lure users to a bitcoin scam, cyber forensics experts have concluded that a community of young “SIM swapping” hackers were responsible for the attack. SIM swapping refers to the increasingly prevalent crime of bribing, tricking, or coercing employees of mobile phone and social media companies into providing access to a victim’s account. The perpetrators of the Twitter hack, all believed to be men in their early twenties, were known for using SIM swapping to steal social media accounts coveted for their short handles, such as @B, often selling them to individuals for thousands of dollars each. The identity of the hackers allays fears that the Twitter hack was perpetrated by state-sponsored cyber actors. Nonetheless, Twitter reported that the hackers viewed thirty-six accounts’ private direct messages (DMs), including Dutch far-right politician Geert Wilders.

House of Representatives Votes to Ban TikTok on Federal Devices 

On Monday, the U.S. House of Representatives overwhelmingly voted 336-71 for a proposal offered by Representative Ken Buck (R-CO) that would ban Chinese-owned app TikTok on federal devices as part of a package of amendments to the National Defense Authorization Act (NDAA). During a floor speech, Representative Buck called TikTok “a serious national security threat” and said the data collected from U.S. users “could be used in a cyberattack against our republic.” The proposal will generate momentum for a similar measure being considered in the Senate version of the NDAA, making it likely that the ban will be passed into law. Further adding to TikTok and parent company ByteDance’s woes, the Trump administration is considering a blanket ban on the app in the United States, citing national security concerns. Responding to the increasingly unfriendly political environment, TikTok said that it planned to create over 10,000 jobs in the United States over the next three years. "These are good-paying jobs that will help us continue to build a fun and safe experience and protect our community's privacy," a TikTok spokesperson said in a statement.

France Effectively Bans Huawei 5G Equipment by 2028

In an exclusive report by Reuters on Wednesday, three sources indicated that French authorities told domestic telecommunications firms planning to buy Huawei 5G equipment that they would not be able to renew licenses for the gear once they expire in three to eight years, a move that amounts to a de facto ban of the Chinese company by 2028. One source indicated that Huawei equipment will effectively be removed from French networks even before that time, as it would be difficult for telecom operators to take the risk of purchasing Huawei gear, given that it would take roughly eight years for them to yield a return on their investment. “Granting three years amounts to a flat refusal,” the source added. The decision follows last week’s announcement from the United Kingdom that it was requiring its telecom firms to purge Huawei 5G from their networks by 2027, a diplomatic victory for the United States that put additional pressure on its European allies to follow suit. Both Huawei and France’s cybersecurity agency (ANSSI) declined to comment on Reuters’ reporting.