Here is a quick round-up of this week’s technology headlines and related stories you may have missed:
1. French Cyber Chief Warns of Permanent War in Cyberspace. In a wide-ranging interview, Guillaume Poupard, the head of the French cyber defense agency, ANSSI, warned that cyberspace is approaching a state of “permanent war” between states, criminals and extremist. Poupard’s warning echoes remarks made by National Security Agency Director Adm. Michael Rogers, who recently commented before the Senate Armed Services Committee that states are resorted to “cyber effects” as a means of “maintain[ing] the initiatives just short of war.”
Poupard's interview comes shortly after Russian affiliated APT28 allegedly dumped emails from the presidential campaign of Emmanuel Macron. On alleged Russian interference in the election, however, Poupard responded cautiously. “To say ‘Macron Leaks’ was APT28, I’m absolutely incapable today of doing that,” he said. Poupard contrasted the commonplace methods used to hack the Macron campaign emails from the highly sophisticated means employed in the cyberattack on TV5 Monde in 2015, which used “very specific tool” attributed to APT28.
2. It’s Finally Here! China’s long awaited Cybersecurity Law went into effect this week. The legislation marks the culmination of a multi-year effort to secure China's domestic networks, which gained urgency after the Snowden documents revealed the extent to which U.S. intelligence had penetrated foreign networks. Successive drafts of the law have riled foreign internet and tech companies. In particular, the law’s strong data localization provisions and requirement that technology and internet products in critical industries be ‘secure and controllable’ will likely disadvantage foreign companies, raising the cost of operating in China and exposing their data and intellectual property to industrial espionage. However, as the law goes into effect, the biggest issue for foreign companies is how little they know about the law. Indeed, the law is a “keystone in an arch” – more of a rough sketch than a concise plan – and many details of the law’s most consequential provisions have yet to be released. While Chinese officials offered an eleventh-hour reprieve to foreign companies by delaying the implementation of a controversial cross-border data transfer provision, there’s a sense among foreign companies that the Cybersecurity Law is all-around bad news.
3. Phish Tweeting? Tweet Phishing?The New York Times reported that defense officials and cybersecurity experts are increasingly worried about malicious files buried in URLs sent over social media. Traditionally, cybersecurity training warns users to think twice before opening a link in a suspicious email. This method of transmitting harmful files, known as “spear phishing,” is one of the most common ways of breaching cyber defenses. However, the threat of spear phishing is no longer limited to emails. As Time reported, Russians hackers sent tailored messages with malicious links to 10,000 Twitter users during the 2016 presidential election. Facebook said in a recent white paper that the company was using a detection system to warn and educate users about spear phishing attempts.
4. Intrigue in South East Asia. On May 14, the Intercept and Washington Post reported on transcripts of a call between U.S. President Trump and his Philippines counterpart Rodrigo, which leaked to the media. The reports focused on Trump’s effusive compliments of Duterte and unusual disclosure of the location of a U.S. nuclear submarine. However, as the Cyber Scoop reported this week, there’s more to the story. The leaked transcripts appear to be the work of APT32, a unit attributed to the Vietnamese government. Vietnam has been concerned about Duterte’s warm relationship with China and stated willingness to negotiate a bilateral settlement to the South China Sea dispute, which could hurt Vietnamese interests. The leaked documents, which also include notes from a private conversation between Duterte and Chinese President Xi Jinping, could signal a broader Vietnamese cyber-espionage campaign against the Duterte government.