Cyber Week in Review: June 12, 2020

Senate Panel Says U.S. Government Provided Little-to-No Oversight of Chinese Telecoms for Nearly Twenty Years

The Senate Permanent Subcommittee on Investigations (PSI) released a bipartisan report [PDF] on Tuesday detailing how the federal government exercised almost no oversight of three Chinese-state owned telecommunications companies operating in the United States since the early 2000s. The year-long investigation found that the Federal Communications Commission (FCC) and “Team Telecom”—an informal group comprised of U.S. Departments of Justice, Homeland Security, and Defense officials—failed to monitor China Telecom Americas, China Unicom Americas, and ComNet USA. “The Chinese Communist Party uses its state-owned enterprises to further its cyber and economic espionage efforts against the United States, and they’ve been exploiting our telecommunications networks for nearly two decades while the federal government historically put in little effort to stop it,” said PSI Chairman Senator Rob Portman (R-OH). The report follows a show-cause order issued by the FCC to the three Chinese telecom firms in April, requiring the state-owned carriers to explain why the FCC should not revoke their authorization to operate in the United States.

Citizen Lab Uncovers Dark Basin, a Massive Hack-for-Hire Operation

University of Toronto’s Citizen Lab released a report on Tuesday uncovering Dark Basin, a hack-for-hire group that targeted advocacy groups, journalists, government officials, hedge funds, and multiple industries. Notably, Dark Basin targeted U.S. nonprofits working on the #ExxonKnew campaign against Exxon Mobile and repeatedly tried to phish organizations advocating for net neutrality. Citizen Lab asserted with high confidence that the hacking group was linked to BellTroX InfoTech Services, an India-based company whose director, Sumit Gupta, was indicted in California in 2015 for a similar hack-for-hire scheme. After Citizen Lab shared its findings with the U.S. Department of Justice, federal prosecutors in Manhattan opened an investigation into Dark Basin’s operations. Both the report and the investigation point to a growing global hack-for-hire industry, where hacking companies are based overseas and hired through a series of intermediaries to provide clients with plausible deniability as they target opponents.

Danish Defense Minister Says Denmark Only Wants 5G Suppliers From Allied Countries

In an interview with ITWatch, Danish Minister of Defense Trine Bramsen said that Denmark wants to be able to exclude 5G suppliers from non-allies, an implicit rebuke to China’s Huawei. “In order to protect Denmark and the Danes, we want to enter into cooperation with someone with whom we already have close alliances,” the defense minister said. The statement follows similar sentiments expressed by Mette Frederiksen, Denmark’s prime minister, who indicated that Denmark viewed future telecommunications technology as critical infrastructure and that the government would introduce legislation to exclude 5G suppliers from certain countries. While neither the prime minister nor defense minister mentioned Huawei by name, the statements alluded to concerns that China could use the Shenzhen-based telecom as a backdoor spy channel. Accordingly, Danish telecom operators seem to be leaning toward Ericsson for rolling out their 5G networks, with Denmark’s TDC picking the Swedish-based firm over Huawei last year.

Grand Jury Indicts Harvard Professor for Lying About China Funding

A grand jury indicted Harvard chemistry professor, Charles Lieber, on charges of lying to government officials. Charging documents [PDF] say that the Harvard professor concealed a relationship with the Wuhan University of Technology (WUT), where he was a participant in China’s Thousand Talents Plan, while also chairing Harvard University’s Department of Chemistry. Authorities allege Lieber lied to both U.S. Department of Defense investigators and Harvard about the relationship, allowing him to receive grant funding from both the department and National Institutes of Health. A U.S. Department of Justice (DOJ) press release announcing the charges against Lieber said Thousand Talents and similar programs “reward individuals for stealing proprietary information” on behalf of China. The indictment is one of the high-profile cases in the DOJ’s ongoing China Initiative, a project designed to counteract Chinese spying efforts in the United States. Lieber maintains his innocence.

EU Requests Monthly Reports on COVID-19 Disinformation From Social Media Giants

The European Commission released new guidelines [PDF] on Wednesday for social media companies that have signed up to the EU code of conduct on disinformation, asking Facebook, Google, and Twitter to provide monthly reports on their efforts to combat the spread of disinformation on their platforms. The report, “Tackling COVID-19 disinformation–getting the facts right,” calls on the social media companies to provide data "on their actions to promote authoritative content, improve users' awareness, and limit coronavirus disinformation and advertising related to it," and for the firms to be "transparent about implementation of their policies to inform users that interact with disinformation." All three social media giants have struggled to address the deluge of false and inaccurate coronavirus information that has spread online. The commission’s report and code of conduct will be incorporated into binding regulations by the end of 2020. Aside from addressing social media platforms, the same report also accused Russia and China of contributing to a coronavirus “infodemic,” arguing that they are “seeking to undermine democratic debate and exacerbate social polarisation, and improve their own image in the COVID-19 context.”