Analysis | Our battle with China over the future of the Internet is just beginning – The Washington Post

A newsletter briefing on cybersecurity news and policy.
with research by Aaron Schaffer
A newsletter briefing on cybersecurity news and policy.
Welcome to The Cybersecurity 202! Before the month is over consider checking out Louis Malle’s 1990 film “May Fools” about the 1968 Paris student riots. Arcade Fire’s “Month of May” isn’t half bad either. 
Below: Twitter will pay a $150 million fine for collecting users’ personal information for security but using it for advertising, and the U.N. Security Council is poised to vote on sanctioning North Korean hackers. 
The United States has mostly won the fight to restrict China’s role in building next-generation 5G telecom systems over spying concerns.
But the battle over who will control the future of global communications technology is only beginning.
Canada belatedly joined the U.S. and its closest allies this month in blocking the Chinese tech giant Huawei from its 5G system. 
The move followed years of warnings from U.S. officials that Huawei is too closely tied to the Chinese Communist Party and could be leaned on to use such a privileged position to snoop on Western officials or sabotage anything connected to the Western Internet and cellphone system. 
The concerns are supercharged because 5G systems, just being rolled out now, promise to be exponentially more powerful than their 4G forebears and to connect to a far broader range of devices known as the Internet of things. 
Canada’s move essentially ensures a near-term future in which global connected technology is bisected into two major zones with Western firms dominant in one and Chinese firms in the other.
But Huawei isn’t giving up. The firm has long rejected U.S. claims that it’s vulnerable to or complicit in Beijing’s spying. 
The company is already looking forward to the next revolution in communications technology and hoping that developments in cybersecurity or geopolitical shifts will bring the West around to be more open to Chinese products. 
Purdy’s comments accompanied the release of a Huawei-funded white paper by the academic John Lash, which argues that enhanced security and transparency measures would be more effective at limiting spying and hacking dangers in 5G networks than the current U.S. method of banning Chinese technology. 
Western officials and analysts aren’t buying it. For them, there’s seemingly no technological fix that makes the gamble of allowing a Chinese firm to play a role in the most sensitive portions of Western telecom systems worthwhile. They point to issues like the Chinese crackdown in Hong Kong to argue party leaders and President Xi Jinping can’t be trusted. 
“The future looks like two different supply chains [for telecom] — one with a much bigger risk profile,” Jim Lewis, a cyber exert at the Center for Strategic and International Studies and former government cyber official, told me. 
“People don’t like being spied on by the Chinese government and if you’re in China you have no choice about that, but if you’re in other countries you do,” Lewis said. 
There’s no smoking gun evidence tying Huawei to Chinese spying abroad, but a handful of incidents have given fodder to critics who say the firm is too susceptible to Beijing’s pressure.
The fight to restrict Huawei’s role in 5G launched during the Trump administration and is one of the few realms where Biden officials have largely stayed the course on Trump’s policies. 
Twitter will pay $150 million to settle allegations that it deceptively used contact information like email addresses and phone numbers to target advertising, Cat Zakrzewski reports. Twitter told users that it was collecting that data to secure accounts, including through multifactor authentication and for recovering passwords.
The FTC also alleged “Twitter used the phone numbers and email addresses to allow advertisers to target specific ads to specific consumers by matching the information with data they already had or obtained from data brokers.”
Twitter will be barred from profiting off the “deceptively collected” data and has to tell users that it used their phone numbers and email addresses for advertising purposes, according to a news release. The company will also have to introduce a new privacy program that will require it to review new products’ security risks.
The company said in a blog post that “keeping data secure and respecting privacy is something we take extremely seriously, and we have cooperated with the FTC every step of the way.” The company first announced that it had “inadvertently” mishandled email and phone numbers for advertising in 2019.
Cybersecurity advocates warned Twitter’s actions could make consumers less likely to turn on multi-factor authentication — likely the most effective consumer-level cybersecurity protection — over mistrust of companies and fears of getting spam ads. 
Consumer Reports’s Justin Brookman:
The FTC previously went after Facebook for similar behavior in 2019.

Taking credentials that users provide for two-factor authentication and then repurposing them for ad targeting is unscrupulous and counterproductive for security, so great to see more of these cases. https://t.co/Jeaop6BnCA
Emsisoft’s Brett Callow:
The penalty is warranted. Misusing info. users provided for security purposes means it's less likely they'll provide that info. in future, which makes everybody less secure. https://t.co/x6ezB4HW1G
Ewa Jodlowska, the chief executive of a security start-up who was previously the executive director of the Python Software Foundation:
No surprise that Twitter can’t be trusted with private personal data. Hope this doesn’t deter people from using MFA. If available, use MFA that doesn’t involve personal information like phone numbers ✅ https://t.co/aR5EPSOZNG
ESET’s Tony Anscombe:
This is the misuse of data by a social media company, not an issue with the authentication technology the data was being used for. The underlying issue is we have grown accustomed to this type of unscrupulous behavior regarding our personal data by social media companies.
ReadMe Security Managing Editor Blake Sobczak:
This could set back official campaigns to promote adoption of multi-factor authentication. With spam calls+texts already haranguing most customers, who wants to set up MFA just to see their phone number/email surreptitiously farmed out to more advertisers? https://t.co/SHsQp9cxhU
Most of the leaked emails apparently come from pro-Brexit campaigners in the United Kingdom, Reuters’s Raphael Satter, James Pearson and Christopher Bing report. Google’s Threat Analysis Group tied the site to a Russia-based group called “Cold River.” 
The site also included leaked emails from former U.K. foreign intelligence chief Richard Dearlove. Dearlove also blamed the hack on the Russian government, telling Reuters that he is “well aware of a Russian operation against a Proton account which contained emails to and from me.” Dearlove warned Reuters that the leaked emails should be treated cautiously in the context of “the present crisis in relations” with Moscow.
“If the leaked messages are in fact authentic it would mark the second time in three years that suspected Kremlin spies have stolen private emails from a senior British national security official and published them online,” Satter, Pearson and Bing write. 
The site has some similarities to other sites used by Russians to leak sensitive documents, including in the run-up to the 2016 U.S. election, Thomas Rid, a professor at Johns Hopkins University, told Reuters. 
The U.N. Security Council is expected to vote in the “coming days” on additional North Korea sanctions that would target the infamous Lazarus hacking group, a senior U.S. official told Reuters’s Michelle Nichols. 
The resolution is unlikely to pass. It will need support from China and Russia, but both countries have “signaled opposition,” Nichols writes.
The U.S. government last month circulated a draft resolution that would freeze the assets of the Lazarus Group, which the U.S. government has said is controlled by North Korean intelligence officials, Reuters previously reported.
The Lazarus Group has been behind a string of brazen heists and other hacks. 
U.K. to Probe Chinese-Led Takeover of Chip Maker (Wall Street Journal)
Notorious Vietnamese hacker turns government cyber agent (France24)
A surveillance AI firm with hidden ties to China is seeking US infrastructure contracts (Protocol)
Jury sees conflicting evidence on Michael Sussmann’s role at FBI Trump-Russia meeting (Politico)
FBI asks for more than $100M in cyber and data-related increases for 2023 (CyberScoop)
Global oil and gas companies join pledge for cyber resilience (The Hill)
MGM Resorts’ customer data now leaked on Telegram for free (The Register)
Wisconsin Republican quits election board over party’s 2020 falsehoods (Rosalind S. Helderman)
This good boy is going to get a "pupcake" IF he sits… a bit…

Love the lips#doggy #cutenessoverload #cute
(Agoldennamedkevin IG) pic.twitter.com/eueyn3gXhu
Thanks for reading. See you tomorrow.

source

Leave a Reply

Next Post

Pokémon Fans Can Make Their Own Games With New RPG Program - Screen Rant

Sat May 28 , 2022
Pokémon Fans Can Make Their Own Games With New RPG Program  Screen Rantsource— Note that any programming tips and code writing requires some knowledge of computer programming. Please, be careful if you do not know what you are doing…
%d bloggers like this: