Latest Stock Market News

FCC steps up campaign against Huawei and other Chinese tech companies


Comment

Welcome to The Cybersecurity 202! I hope you had a nice holiday break. Yesterday I ate turkey soup, a tradition with a couple friends of mine. Some of my co-workers didn’t know turkey soup is a thing. Weird.

Below: Chinese-language accounts spam Twitter amid protests, and hackers hit an Iranian news agency. First:

FCC brings out the banhammer for Huawei and other China-based companies

Last week’s long-awaited Federal Communications Commission ban of some Chinese telecommunications companies’ equipment is the latest step in a domestic and international push by the United States to isolate Huawei and other Chinese tech firms.

On Friday, the FCC said it voted unanimously to adopt rules banning U.S. sales and imports of Huawei and ZTE telecommunications equipment, Hytera digital radios and video surveillance systems made by Hikvision and Dahua, citing national security concerns. The ban focuses on equipment designed “for the purpose of public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes.”

  • “The FCC is committed to protecting our national security by ensuring that untrustworthy communications equipment is not authorized for use within our borders, and we are continuing that work here,” Chairwoman Jessica Rosenworcel said. “These new rules are an important part of our ongoing actions to protect the American people from national security threats involving telecommunications.”

The long-expected vote came in response to legislation Congress passed last year. It continues a campaign against Chinese companies like Huawei — and there are limitations on what it can actually accomplish.

But it’s still significant, Dakota Cary, a China-focused consultant at Krebs Stamos Group, told me. “It allows them the ability to revoke previously authorized kit, which is important,” he said.

And here’s FCC Commissioner Brendan Carr on the decision’s importance:

It’s all part of a response to alleged national security risks posed by Chinese-owned tech. For instance:

  • Huawei reportedly helped African governments spy on encrypted communications of  political opponents.
  • In the United States, the FBI reportedly found Huawei equipment on cell towers in the rural Midwest located near U.S. military bases. The bureau determined the equipment could capture and disrupt restricted communications used by the Defense Department, such as U.S. Strategic Command, which is in charge of the nation’s nuclear weapons.
  • The companies have long denied being security risks.

And it’s a campaign that has stretched for some time, heating up during the Obama administration and intensifying during the Trump administration. Joshua Steinman, who served as senior director for cyber policy and deputy assistant to the president in Trump’s National Security Council, laid out that history in this Twitter thread.

It’s also important to note what the order can’t do. It doesn’t much pertain to consumer or small business sales, as the Verge’s Sean Hollister pointed out. It also doesn’t keep those companies from being able to brand their products differently. Carr acknowledged that as a potential worry.

The FCC must “vigilantly monitor compliance with the rules we’ve established today, including by ensuring that entities do not make an end run around our decision by ‘white labeling’ covered gear — a process that involves putting a benign or front group’s name on equipment that would otherwise be subject to our prohibitions,” Carr wrote.

Lastly, few states have followed the U.S. government’s lead on trying to prohibit procurement of foreign information and telecommunications technologies, as a recent report from the Center for Security and Emerging Technology catalogued.

The international telecommunications market is growing increasingly split between a U.S./Europe tech ecosystem and a China-led tech ecosystem, Cary said.

The U.S. government has driven Huawei out of Europe, as Laurens Cerelus and Sarah Wheaton detailed for Politico recently. And it plans to keep pressing its case, as Eric Geller and Maggie Miller reported for the same publication.

Friday’s FCC announcement pairs with the U.K. banning Hikvision at “sensitive sites” last week. Meanwhile, Huawei continues to rack up allegations about how its tech is being abused in other nations.

Chinese-owned ByteDance, the company behind TikTok whose ownership is a subject of federal review, should probably be worried about the FCC decision, Cary said. On the other hand, it’s a fundamentally different company than those named in Friday’s announcement. TikTok has its devoted fans, whereas most Americans don’t care about which companies form parts of telecom backbones — making it politically harder to go after TikTok as aggressively as Huawei.

Several of the Chinese companies at the center of Friday’s announcement have spent significant amounts of money on lobbying this year:

  • Huawei has spent at least $2.4 million on lobbying aimed at Congress this year, according to filings. The company spent around $3.6 million on lobbying last year. The company paid Democratic lobbyist Tony Podesta around $1 million to lobby the White House in the second half of last year, according to lobbying filings. Podesta didn’t report any lobbying activity for the company from July to September.
  • ZTE has paid Akin Gump more than $1 million for lobbying so far this year, according to filings. ZTE paid the law firm $1.2 million last year for lobbying.
  • Hikvision has paid three lobbying firms more than around $2.8 million so far this year.
  • There’s been no recent lobbying by Hytera Communications and Dahua Technology.

Huawei has previously criticized the FCC’s proposals taking aim at Huawei equipment, but declined to comment on the latest action. ZTE, Hytera Communications and Dahua Technology didn’t respond to requests for comment. Hikvision has criticized the FCC decision, saying its products don’t pose a security threat and that the vote “will do a great deal to make it more harmful and more expensive for U.S. small businesses, local authorities, school districts and individual consumers to protect themselves, their homes, businesses and property.”

Twitter battles accounts trying to drown out posts about protests over pandemic lockdowns

The accounts started spamming Twitter with links to adult services alongside the names of Chinese cities, Joseph Menn reports

“The result: For hours, anyone searching for posts from those cities and using the Chinese names for the locations would see pages and pages of useless tweets instead of information about the daring protests as they escalated to include calls for Communist Party leaders to resign,” he writes. “It is not the first time that suspected government-connected accounts have used the technique, according to a recently departed Twitter employee. But in the past, it was used to discredit a single account or a small group by naming them in the escort ads.”

The former employee, who spoke on the condition of anonymity to avoid retribution for disclosing internal processes, said it was a “known problem” at Twitter. Sunday’s campaign was “another exhibit where there are now even larger holes to fill,” the former employee said. “All the China influence operations and analysts at Twitter all resigned.”

A company employee told an external researcher that Twitter was aware of the problem and was trying to resolve it.

Hackers hit Iranian news agency

The semiofficial Fars News Agency, which is affiliated with the Islamic Revolutionary Guard Corps, said it was hit in a “complex hacking and cyberattack operation,” Agence France-Presse reports. It comes as Iranians continue to protest in the wake of the death of Mahsa Amini in the custody of the country’s “morality police.”

“Removing possible bugs … may cause problems for some agency services for a few days,” Fars News wrote on Telegram.

The apparent hack came after an Iranian hacking group published surveillance video footage after twin bombings in Jerusalem that killed a teenager. Officials said the surveillance video footage was taken by a civilian company that works with Israeli authorities, the Times of Israel reports. An official told Army Radio that there wasn’t a “security breach or leakage of classified information.”

Law enforcement takes down phone-spoofing service

Scammers paid iSpoof in cryptocurrency for the service, which would let the criminals impersonate phone numbers, the Guardian’s Jess Clark reports. The arrests of more than 100 people represents U.K. authorities’ largest fraud operation.

Law enforcement also seized iSpoof’s website and began contacting victims, the Guardian reported. The service’s main administrator was arrested in the United Kingdom this month, Europol said. Police sent messages to 70,000 phone numbers that had spoken with fraudsters for more than a minute, BBC News reports.

U.K. police apparently also posted a tongue-in-cheek video making fun of the service on iSpoof’s Telegram channel.

Ransomware gang targets Belgian municipality, hits police instead (Bleeping Computer)

RCMP use of spyware warrants update to Canada’s privacy laws, MPs say (Politico)

Cincinnati State College one of several schools added to ransomware leak sites on Thanksgiving (The Record)

5.4 million Twitter users’ stolen data leaked online — more shared privately (Bleeping Computer)

Brazil’s electoral court rejects Bolsonaro election challenge (Reuters)

  • Deputy national security adviser Anne Neuberger, Maryland Gov. Larry Hogan (R), National Institute of Standards and Technology Director Laurie Locascio and other officials speak at the Quantum World Congress in Washington on Wednesday and Thursday.

Thanks for reading. See you tomorrow.





Read More: FCC steps up campaign against Huawei and other Chinese tech companies

You might also like