Our battle with China over the future of the Internet is just beginning

Placeholder while article actions load

Welcome to The Cybersecurity 202! Before the month is over consider checking out Louis Malle’s 1990 film “May Fools” about the 1968 Paris student riots. Arcade Fire’s “Month of May” isn’t half bad either. 

Below: Twitter will pay a $150 million fine for collecting users’ personal information for security but using it for advertising, and the U.N. Security Council is poised to vote on sanctioning North Korean hackers. 

Huawei mostly lost the 5G fight, but now it’s looking to 6G

The United States has mostly won the fight to restrict China’s role in building next-generation 5G telecom systems over spying concerns.

But the battle over who will control the future of global communications technology is only beginning.

Canada belatedly joined the U.S. and its closest allies this month in blocking the Chinese tech giant Huawei from its 5G system. 

The move followed years of warnings from U.S. officials that Huawei is too closely tied to the Chinese Communist Party and could be leaned on to use such a privileged position to snoop on Western officials or sabotage anything connected to the Western Internet and cellphone system. 

The concerns are supercharged because 5G systems, just being rolled out now, promise to be exponentially more powerful than their 4G forebears and to connect to a far broader range of devices known as the Internet of things. 

Canada’s move essentially ensures a near-term future in which global connected technology is bisected into two major zones with Western firms dominant in one and Chinese firms in the other.

But Huawei isn’t giving up. The firm has long rejected U.S. claims that it’s vulnerable to or complicit in Beijing’s spying. 

The company is already looking forward to the next revolution in communications technology and hoping that developments in cybersecurity or geopolitical shifts will bring the West around to be more open to Chinese products. 

  • “It’s not all about 5G, but it’s about 5.5G, it’s about 6G,” Andy Purdy, chief security officer for Huawei’s U.S. division and a former Department of Homeland Security cyber official, told me. 6G — meaning the sixth-generation mobile network — is largely theoretical at this point and experts suspect it’s a decade or so from being implemented.
  • Purdy added: “The more [cybersecurity] progress is made around the world, the more people and organizations are going to say, ‘Well, we’re addressing the greatest national security threats in the world. So, if Huawei can meet those requirements, Huawei should be able to participate.”

Purdy’s comments accompanied the release of a Huawei-funded white paper by the academic John Lash, which argues that enhanced security and transparency measures would be more effective at limiting spying and hacking dangers in 5G networks than the current U.S. method of banning Chinese technology. 

Western officials and analysts aren’t buying it. For them, there’s seemingly no technological fix that makes the gamble of allowing a Chinese firm to play a role in the most sensitive portions of Western telecom systems worthwhile. They point to issues like the Chinese crackdown in Hong Kong to argue party leaders and President Xi Jinping can’t be trusted. 

“The future looks like two different supply chains [for telecom] — one with a much bigger risk profile,” Jim Lewis, a cyber exert at the Center for Strategic and International Studies and former government cyber official, told me. 

“People don’t like being spied on by the Chinese government and if you’re in China you have no choice about that, but if you’re in other countries you do,” Lewis said. 

There’s no smoking gun evidence tying Huawei to Chinese spying abroad, but a handful of incidents have given fodder to critics who say the firm is too susceptible to Beijing’s pressure.

  • Huawei advocates have argued in the past that — while all nations spy on their adversaries and competitors — Beijing is likely to seek methods other than co-opting Huawei technology, which would risk damaging the credibility and sales of a major state champion.

The fight to restrict Huawei’s role in 5G launched during the Trump administration and is one of the few realms where Biden officials have largely stayed the course on Trump’s policies. 

  • Trump officials crisscrossed the globe urging allies to either restrict Huawei from their 5G builds or limit it to peripheral functions. They ultimately won over the United States’ closest intelligence-sharing allies known as the Five Eyes — which includes Canada, the United Kingdom, Australia and New Zealand.
  • The Trump administration also took harsh measures against Huawei including largely barring the company from using U.S.-produced technology.
  • Europe has taken a country-by-country approach. Many, but not all, European nations have walked a fine line by creating regulations that make it likely Huawei will play a limited and guarded role in their 5G build but stopped short of explicitly banning it or other Chinese firms.
  • Huawei remains a major player in 5G building inside China and is involved in building 5G networks in other nations including Hungary, Iceland, the Netherlands, Turkey, Saudi Arabia and the United Arab Emirates, according to a list from the Council on Foreign Relations.
  • Huawei controls the majority of Africa’s 4G services and is likely to build much of its 5G network.

Twitter to pay $150 million for collecting information to boost user security but using it for advertising

Twitter will pay $150 million to settle allegations that it deceptively used contact information like email addresses and phone numbers to target advertising, Cat Zakrzewski reports. Twitter told users that it was collecting that data to secure accounts, including through multifactor authentication and for recovering passwords.

The FTC also alleged “Twitter used the phone numbers and email addresses to allow advertisers to target specific ads to specific consumers by matching the information with data they already had or obtained from data brokers.”

Twitter will be barred from profiting off the “deceptively collected” data and has to tell users that it used their phone numbers and email addresses for advertising purposes, according to a news release. The company will also have to introduce a new privacy program that will require it to review new products’ security risks.

The company said in a blog post that “keeping data secure and respecting privacy is something we take extremely seriously, and we have cooperated with the FTC every step of the way.” The company first announced that it had “inadvertently” mishandled email and phone numbers for advertising in 2019.

Cybersecurity advocates warned Twitter’s actions could make consumers less likely to turn on multi-factor authentication — likely the most effective consumer-level cybersecurity protection — over mistrust of companies and fears of getting spam ads. 

Consumer Reports’s Justin Brookman:

Ewa Jodlowska, the chief executive of a security start-up who was previously the executive director of the Python Software Foundation:

ReadMe Security Managing Editor Blake Sobczak:

Google links Russian hackers to site hosting leaked Brexit emails

Most of the leaked emails apparently come from pro-Brexit campaigners in the United Kingdom, Reuters’s Raphael Satter, James Pearson and Christopher Bing report. Google’s Threat Analysis Group tied the site to a Russia-based group called “Cold River.” 

The site also included leaked emails from former U.K. foreign intelligence chief Richard Dearlove. Dearlove also blamed the hack on the Russian government, telling Reuters that he is “well aware of a Russian operation against a Proton account which contained emails to and from me.” Dearlove warned Reuters that the leaked emails should be treated cautiously in the context of “the present crisis in relations” with Moscow.

“If the leaked messages are in fact authentic it would mark the second time in three years that suspected Kremlin spies have stolen private emails from a senior British national security official and published them online,” Satter, Pearson and Bing write. 

The site has some similarities to other sites used by Russians to leak sensitive documents, including in the run-up to the 2016 U.S. election, Thomas Rid, a professor at Johns Hopkins University, told Reuters. 

U.N. Security Council poised to vote on sanctioning a notorious North Korean hacking group

The U.N. Security Council is expected to vote in the “coming days” on additional North Korea sanctions that would target the infamous Lazarus hacking group, a senior U.S. official told Reuters’s Michelle Nichols. 

The resolution is unlikely to pass. It will need support from China and Russia, but both countries have “signaled opposition,” Nichols writes.

The U.S. government last month circulated a draft resolution that would freeze the assets of the Lazarus Group, which the U.S. government has said is controlled by North Korean intelligence officials, Reuters previously reported.

The Lazarus Group has been behind a string of brazen heists and other hacks. 

  • This year, the U.S. government linked the hackers to the theft of $600 million in cryptocurrency from the Axie Infinity video game.
  • The U.S. government has also accused Lazarus Group of hacking Sony Pictures Entertainment in 2014 and launching WannaCry 2.0, a worm that hit more than 230,000 computers around the world in 2017, causing millions of dollars in damage.

U.K. to Probe Chinese-Led Takeover of Chip Maker (Wall Street Journal)

Notorious Vietnamese hacker turns government cyber agent (France24)

A surveillance AI firm with hidden ties to China is seeking US infrastructure contracts (Protocol)

Jury sees conflicting evidence on Michael Sussmann’s role at FBI Trump-Russia meeting (Politico)

FBI asks for more than $100M in cyber and data-related increases for 2023 (CyberScoop)

Global oil and gas companies join pledge for cyber resilience (The Hill)

MGM Resorts’ customer data now leaked on Telegram for free (The Register)

Wisconsin Republican quits election board over party’s 2020 falsehoods (Rosalind S. Helderman)

  • Iranga Kahangama has joined the Department of Homeland Security as assistant secretary for cyber, infrastructure, risk and resilience, according to a DHS spokesperson. Kahangama previously worked as the National Security Council’s director of cyber incident response.
  • Secretary of State Antony Blinken outlines the U.S. government’s China policy on Thursday at 10 a.m.
  • The R Street Institute hosts an event on the path forward for a federal privacy law on June 1 at noon.
  • The Atlantic Council hosts an event on the upcoming election for secretary general of the International Telecommunications Union on June 2 at noon.

Thanks for reading. See you tomorrow.