Cyber Week in Review: May 10, 2019
Here is a quick round-up of this week’s technology headlines and related stories you may have missed:
5G Fractures the Special Relationship?: In London this week Secretary of State Mike Pompeo met with the British press and government leaders to discuss the future of the UK-U.S. intelligence relationship. Pompeo warned against the UK’s alleged plans to open noncore parts of its 5G networks to Huawei, explaining that such a move may prevent the United States from sharing intelligence information with the UK. The United States has urged allies for months against using the Chinese telecoms company for their 5G networks, stressing such a partnership would leave their mobile internet infrastructure vulnerable to Chinese government interference. The lobbying efforts have had little success in Europe. Pompeo cautioned, “[t]his is just what China wants—to divide western alliance through bits and bytes, not bullets and bombs.” The UK has yet to make a final decision on Huawei and is “very carefully” assessing evidence against the company.
Influence Campaigns and Disinformation
Singapore Joins Fight Against Misinformation: Singapore’s parliament passed a law to combat misinformation online. The Protection from Online Falsehoods and Manipulation Bill requires social media companies to correct or take down content that the government deems false, misleading, or potentially harmful to the public. The legislation also applies to platforms with end-to-end encryption such as WhatsApp. Penalties include prison terms up to ten years or fines up to 1 million Singaporean dollars ($735,000). The government believes its country is particularly susceptible to misinformation due to its diverse religious and racial groups, and argues tech companies are not sufficiently addressing harmful online content. Google and Facebook expressed concern over the new law, and human rights groups fear it will have “a chilling effect on internet freedom throughout southeast Asia.”
Chinese Hackers Turn Tables on NSA: Cybersecurity firm Symantec discovered that Chinese hacking group, APT 3 acquired National Security Agency (NSA) hacking tools used against them in 2016 to target U.S. allies. APT 3 is responsible for various attacks on the United States and has been tracked by the NSA for over a decade. Symantec does not believe the group stole the U.S. code, but rather acquired it from an NSA attack on its computers. APT 3 then used the hacking tools in cyberattacks involving five countries in Europe and Asia. This is not the first time U.S. agencies’ cyber weapons have fallen into the wrong hands. The NSA hacking tools acquired by the Chinese were dumped separately on the internet by another hacking group, the Shadow Brokers, and used by Russia and North Korea in global attacks. U.S. agencies did not address Symantec reports but U.S. Cyber Command officials said the government conducts risk analysis before offensive operations, including weighing the likelihood of their tools being repurposed by adversaries.
Spotify and Apple Showdown in Europe: The European Union will reportedly launch an investigation into what it sees as Apple’s unfair competition practices in the upcoming weeks. The probe is based on a complaint filed by Spotify in March, alleging Apple uses its App Store to unlawfully gain dominance in the music streaming industry. Apple currently charges Spotify and other digital content services a 30 percent fee for using Apple’s payment system for subscriptions sold in the App Store. While this charge applies to music subscription services, it does not apply to other apps such as Uber. Spotify is the market leader in the music streaming industry, reaching over 100 million paid subscribers last month; however, the company faces competition from Apple, Google, and Amazon. Investigations by the EU’s competition authority can take years, and Apple could be liable to pay up to 10 percent of its global turnover. This is not Apple’s first run in with EU—in 2017 Apple paid 13 billion euros in back taxes. This decision is currently under appeal at the European Court of Justice with a ruling expected later this year.
U.S. Cyber Command Takes on Moscow: U.S. Cyber Command is working with allies overseas to prevent election interference. In 2018, the United States deployed officials to the Ukraine, Montenegro, and Macedonia to defend midterm elections and gather information on Russia’s new cyber capabilities. Cyber Command plans to redeploy officials to countries currently tackling Russian interference in preparation for the upcoming 2020 elections. The action is part of the agency’s larger strategy to advance its defensive and offensive cyber capabilities by engaging adversaries such as China and Russia in a cyber conflict “gray zone” below the threshold of war. This includes the Cyber Command’s offensive campaign during the 2018 midterm elections which targeted Russian disinformation operatives, and took Russian troll farm Internet Research Agency temporarily offline.
Influence Campaigns and Disinformation