At a glance.
- The Five Eyes and Huawei.
- Information conflict in the Gulf.
- Influence operations push existing anti-US lines.
- Chinese and Iranian intelligence services engage in espionage against US Presidential campaigns.
- Russia denies involvement in Bundestag hacking.
- Britain's COVID-19 contact-tracing app can't shake privacy concerns.
The Five Eyes and Huawei.
Canada is still mulling its national policy with respect to Chinese participation in Canada's 5G infrastructure, and, the CBC reports, it's doing so as the US has said that it would have to reevaluate information sharing with countries that fail to take the risks of such participation seriously. For all that, however, Jeremy Fleming, Director of Britain's GCHQ, sees the Five Eyes alliance as strong and essentially unthreatened, according to remarks quoted in IT News. He sees something of a convergence, or at worst fruitful disagreement, over policy toward Huawei.
Information conflict in the Gulf.
AFP outlines an ongoing disinformation campaign against Qatar. It’s the latest round in a regional dispute that goes back to 2017, when Saudi Arabia, the United Arab Emirates, Bahrain, and Egypt cut ties with Qatar over that country’s alleged closeness to Iran, and thus to Tehran-backed Islamist groups. The recent disinformation includes social media posts that claim a violent coup d’état was in progress in Doha, complete with grainy video of machine gun fire, etc.
Influence operations push existing anti-US lines.
US Attorney General Barr yesterday said, in brief remarks about ongoing civil unrest, that "We are also seeing foreign actors playing all sides to exacerbate the violence." The social media study group Graphika independently described influence campaigns by Russia, China, and Iran, all of which seek to further their agenda by, respectively, drawing attention to fissures in American society, discrediting US criticism of human rights violations, and undermining the legitimacy of US-led sanctions.
This particular influence campaign doesn’t seem to be marked, at least not yet, by the characteristic troll farming inauthenticities that became the distinctive stigmata of earlier Russian influence campaigns.
Chinese and Iranian intelligence services engage in espionage against US Presidential campaigns.
Google's Threat Analysis Group has warned the US Presidential campaigns of both major parties' presumptive nominees that Chinese and Iranian threat groups are targeting campaign staffers' personal email accounts. Google's Shane Huntley tweeted the findings yesterday, and subsequently clarified that the threat groups in question are China's APT31 (Hurricane Panda) and Iran's APT35 (Charming Kitten). The Wall Street Journal reports that Hurricane Panda is interested in the Biden campaign; Charming Kitten has targeted the Trump campaign. Both efforts are believed to have been unsuccessful.
The Washington Post says the two groups have different interests: Hurricane Panda is collecting intelligence on former Vice President Biden's views (and those of his staffers) while Charming Kitten is interested in undermining President Trump's re-election. Russia is also engaged with the election, but neither Iran nor China appear to be following "Russia's playbook," the Post observes.
So, to summarize, Chinese intelligence services want to find out what’s on Candidate Biden’s mind, and Iranian intelligence services would very much like to see President Trump’s reelection campaign fail. The drone strike that killed General Suleimani is offense enough, and the increasingly tight US-led sanctions make Tehran’s dislike for the President overdetermined.
The Chinese interest in collection is as usual thorough and extensive. As the Foreign Policy Research Institute’s Clint Watts told the Washington Post, “China doesn’t just want to know Biden’s opinion about China. They want to know all of Biden’s staff’s opinions about every part of the world.” So, not only thorough and comprehensive, but also very much along the lines of traditional collection.
Iran’s collecting, too, but Tehran’s collection seems more focused. Iran is interested in obtaining and then releasing damaging material. That would indeed be a page from Moscow’s 2016 playbook, when Cozy Bear successfully and quietly penetrated campaigns, and when Fancy Bear doxed the US Democratic National Committee and the Clinton campaign, releasing emails that embarrassed the victims. Should Tehran obtain comparable dirt on this year’s Republican Presidential campaign, they can be expected to engage in the same sort of malign, involuntary, enforced transparency to which Fancy Bear subjected the Clinton campaign in 2016.
Of course, as the Post and others routinely observe, it’s also possible that foreign espionage services could use access to hacked email accounts and other resources to mount disinformation in the form of spoofs and fakes. The fakes could be either deep or shallow. As long as they find takers, it doesn’t matter, because this is information warfare, not art.
That sort of fakery didn’t happen with the email compromises of 2016, but it’s certainly a possibility in 2020.
Russia denies involvement in Bundestag hacking.
As Germany asks its European Union partners to sanction Russian actors for hacking the Bundestag, Russia's Foreign Ministry has, the Washington Post says, "angrily denied" the accusation. The denial is accompanied by a familiar show-us-the-evidence-and-we'll-consider-it. Foreign Ministry spokeswoman Maria Zakharova yesterday said “We resolutely reject the unfounded German allegations of Russian government structures’ involvement in the 2015 hacking attack on Bundestag." The charges, she said, are "nonsense," and added, “Since 2015, Germany hasn’t offered any single (piece of) evidence of Russia’s involvement and hasn’t even explained what is the basis for the accusations against our country.” So, Moscow to Berlin: put up or shut up.
Britain's COVID-19 contact-tracing app can't shake privacy concerns.
Most of the countries who have attempted to develop technological adjuncts to traditional contact tracing have opted for a decentralized approach. The UK's NHSX, however, is still working on its centralized system, and the security of the government's data as well as the privacy implications of even a voluntary system have made their approach a hard sell. Gizmodo sees the two central privacy issues as data retention and data security. Infosecurity Magazine has an op-ed explaining the persistent concerns.