“‘The intelligence coup of the century’” – The Washington Post. A fascinating read of how the Central Intelligence Agency and National Security Agency and West Germany’s intelligence agency used a Swiss company, Crypto AG, to sell encryption machines to the governments of many countries that enabled the agencies to spy on their communications. This operation ran from the mid-1950’s through the last decade when end-to-end encryption in apps and devices rendered such machines superfluous. According to the source documents and sources, the Germans were appalled by the Americans insistence that even allies be spied upon. The revelations in this article may not help the Trump Administration make the case that Huawei and other Chinese companies are security risks.
“Ransomware Attacks Grow, Crippling Cities and Businesses” – The New York Times. Experts continue to insist the actual number of ransomware attacks are underreported for a variety of reasons, including the fact many victims pay the ransom. However, the reported number of attacks and the average amount of demanded ransom continues to grow. Hackers are growing more creative in who they target and how they try to get payment. Worse still, these attacks are driving a number of smaller and mid-sized businesses to close down when they either choose not to pay the ransom or do not get their data unlocked, a common occurrence.
“U.S. Officials Say Huawei Can Covertly Access Telecom Networks” – Wall Street Journal. According to British, German and U.S. officials, the Trump Administration has been providing evidence that Huawei maintains access through its hardware to telecommunications systems. However, Administration officials would not say whether Huawei or Chinese intelligence has used this access. Huawei denied ever having spied and asserted it would not heed Chinese intelligence if directed to do so. The company did not say whether it has or would allow Chinese intelligence operatives to access these alleged backdoors. Nonetheless, even with this purported evidence, both the U.K. and Germany appear to be willing to use Huawei equipment with certain security mitigation.
“California’s new privacy law is off to a rocky start” – TechCrunch. There continues to be a wide range of compliance with the “California Consumer Privacy Act” (AB 375) and a nascent subindustry of tech companies to help California residents utilize their rights under the new privacy statute.
“Judge orders Pentagon to stop work on JEDI cloud contract” – Politico. A federal court granted Amazon’s request to enjoin the Department of Defense’s $10 billion Joint Enterprise Defense Infrastructure cloud contract that was awarded to Microsoft. Amazon has argued that President Donald Trump’s tweets and other actions prejudiced the company during the procurement. It remains to be seen whether Amazon will prevail.
“How Big Companies Spy on Your Emails” – Vice’s Motherboard. Turns out your email may be the subject of data mining and subsequent sharing of information gleaned from inboxes. The companies identified in the article claim they only utilized anonymized or pseudonymized data.
“Personal Data of All 6.5 Million Israeli Voters Is Exposed” – The new York Times. An app used by Prime Minister Benjamin Netanyahu’s Likud Party made available the personal information of every voter in Israel through apparently shoddy data security or a mistake. White hat hackers flagged the problem, but it is not clear who, if anyone, may have accessed the information.
“Someone Tried to Hack My Phone. Technology Researchers Accused Saudi Arabia.” – The New York Times. In June 2018, a reporter who has written extensively about the rise of Saudi Arabia’s crown prince, Mohammed bin Salman, was sent a suspicious text he never opened that one group of experts claim is Pegasus spyware developed by an Israeli security firm, the NSO Group. It may be malware similar to that sent to Amazon CEO Jeff Bezos phone that his security experts say was sent by Prince Mohammed. The NSO Group has denied any connection.
“EXCLUSIVE: The cyber-attack the UN tried to keep under wraps” – The New Humanitarian. According to a still secret United Nations report, a sophisticated hacker broke into the servers of three offices, including the UN Office of the High Commissioner for Human Rights, and may have accessed and exfiltrated the information of UN personnel and people with whom they have worked. This report follows years of warnings that UN systems were vulnerable. Nonetheless, the UN has not publicly acknowledged the hack nor need they do so are they are exempt from data security regimes such as the General Data Protection Regulation.
“Huawei denies German report it colluded with Chinese intelligence” – Reuters. The international news agency picked up on an article in a German publication, Handelsblatt, that detailed a classified paper sent by a think tank to the German government detailing the likely risks posed by technical backdoors in Huawei products. These backdoors could be used for surveillance or other practices, and the think tank concluded that considering China’s National Intelligence Law, Huawei would be required to use this access to help the Chinese government. Interestingly, Huawei denied that it had ever worked with Chinese intelligence, which was beside the point of the paper. In any event, the German government is said to be considering setting technical requirements high enough for its 5G networks to screen out Huawei without resorting to an out and out ban.
“Federal Agencies Use Cellphone Location Data for Immigration Enforcement” – Wall Street Journal. DHS is buying cellphone location data from at least one private vendor to track, apprehend, and arrest non-U.S. citizens and residents in the U.S. While the Supreme Court has held that law enforcement agencies must obtain a warrant to directly use location data, it appears going to a private sector third-party may serve as a legal workaround. This may be the first of perhaps more ways law enforcement agencies are using and will use cellphone location data in investigating alleged crimes, and critics argue the potential for abuse is high given the lack of oversight.
“EU Deepens Antitrust Inquiry Into Facebook’s Data Practices” – Wall Street Journal. The European Commission (EC) is continuing and deepening its investigation into Facebook’s alleged anticompetitive practices of advantaging or disadvantaging its partners with respect to accessing user data on the basis of perceived threat to the social media giant. The EC claims such practices are inherently anticompetitive and in violation of European Union law, while Facebook has denied the allegations and has characterized the EC’s efforts to obtain internal communications as unacceptably broad. The EC’s examination of Facebook follows other allegations of the company’s possibly anticompetitive practices, notably a lawsuit brought by app developer Six4Three and the two troves of Facebook documents that have been released (here and here.)
“The Billion-Dollar Disinformation Campaign to Reelect the President” – The Atlantic. A very deep examination of the playbook the Trump reelection campaign is expanding for this year’s election, including disinformation, attacks on the media, and other methods to so muddy the waters that people will have trouble telling truth from fiction.