At a glance.
- President Trump says he authorized retaliation for Russian midterm election influence operations.
- UK expected to announce Huawei's exclusion from 5G infrastructure.
- UK braces for Chinese cyberattacks during heightened tensions over Hong Kong.
- New Zealand's new privacy law has passed.
- Financially motivated North Korean hacking may reveal internal regime dynamics.
- Amendment to US 2021 National Defense Authorization Act would establish Office of Joint Cyber Planning.
- US Secret Service establishes Cyber Crime Task Force.
President Trump says he authorized US cyberattack against Russia's IRA during 2018 midterm elections.
US President Trump said, in an interview the Washington Post published late Friday, that he had authorized a US Cyber Command response to Russian interference in the 2018 midterm elections. The Post had reported on the cyber operation in February 2019, sourcing the story to unnamed US officials, but this is the first time the President has claimed direct involvement. The attack knocked the Internet Research Agency offline in a demonstration intended, it was said at the time, to show the Russian government that cyber operations, particularly influence operations, would not be "cost-free." The New York Times says the 2018 operation was intended as both a deterrent and a realistic test of US capabilities against an actual adversary.
HM Government expected to announce tomorrow that Huawei will be gone from 5G infrastructure by 2025.
Computing reports that the British Government is expected to announce in Parliament tomorrow that Huawei will be completely excluded from the UK's 5G infrastructure by 2025. Huawei has requested an eleventh-hour audience with the Prime Minister in hope of achieving some remission, but the prospects of successfully fighting the ban now seem low. In some respects this represents a compromise: the BBC suggests the telecom industry wanted to cushion the financial blow of pulling Huawei gear, but Tory hardliners wished to see the Shenzhen company gone before the 2024 general election.
With the UK having been until recently the Five Eyes power most receptive to Huawei (the US and Australia taking the hardest lines, and Canada and New Zealand having quietly moved to effectively exclude the company from their 5G buildout) the Bull observes that Huawei's "window of opportunity" seems to have closed. The Sydney Morning Herald's take was even blunter: "Huawei has lost the anglosphere."
The UK prepares for Chinese retaliation over British pro-Hong Kong policy.
Coinciding with worsening relations over Huawei are equally poor relations over China's recent imposition of a National Security Law on the formerly semi-autonomous city of Hong Kong. Metro says that ministers have said the British Government is aware of the possibility of a heightened threat of Chinese cyberattack during the Hong Kong crisis and will be prepared accordingly.
New Zealand's new privacy law will take effect in December.
New Zealand's Privacy Bill has passed its third reading in Parliament and received Royal Assent at the end of June. The law will go into effect on December 1st, the National Law Review reports. It will apply to all "agencies" (that is, individuals, businesses, and other organizations) doing business in New Zealand. It prescribes mandatory disclosure of data breaches that "pose a risk of harm, loss or damage to affected individuals," it restricts cross-border transfers of personal information to jurisdictions that afford privacy protections comparable to New Zealand's, and it gives the Privacy Commissioner more teeth for enforcement.
DPRK financially motivated hacking.
The Telegraph reviews North Korean financially motivated hacking, including LinkedIn phishing and cryptocurrency fraud, and notes its opportunistic and indiscriminate character. The Washington Times says the increase in Pyongyang's cyber operational tempo coincides with the rising influence of Kim Yo-jong, sister of DPRK leader Kim Jong-un, who has in recent months assumed a higher profile and has spoken for the government in enunciating, for example, threats of military retaliation against those who distribute anti-DPRK propaganda.
US Government to get new Office of Joint Cyber Planning?
An amendment to the 2021 National Defense Authorization Act would establish, within the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) an Office of Joint Cyber Planning. The new office would "lead Government-wide and public-private planning for cyber defense campaigns, including the development of a set of coordinated actions to respond to and recover from significant cyber incidents or limit, mitigate, or defend against coordinated, malicious cyber campaigns that pose a potential risk to critical infrastructure of the United States and broader national interests." Defense One points out that the amendment is consistent with recommendations offered by the Cyberspace Solarium Commission, and that it therefore enjoys broadly bipartisan support.
US Secret Service forms an online fraud task force.
The US Secret Service last week announced the formation of a Cyber Fraud Task Force: "In recognition of the growing convergence of cyber and traditional financial crimes, the U.S. Secret Service is formally merging its Electronic Crimes Task Forces (ECTFs) and Financial Crimes Task Forces (FCTFs) into a single unified network, which will be known as the Cyber Fraud Task Forces (CFTFs). The CFTF is an evolution, not a revolution from the ECTF and FCTF model. The mission of the CFTF is to prevent, detect, and mitigate complex cyber-enabled financial crimes, with the ultimate goal of arresting and convicting the most harmful perpetrators."
We received reactions from a number of figures in the cybersecurity industry, all of whom gave the new task force positive reviews.
Mark Bower, senior vice president at comforte AG, called it "a welcome move," adding that "while critical to help recover funds stolen from US businesses and interests, especially smaller entities that can be decimated by direct financial attack, it will not be a full deterrent or defense against well-funded organized crime and nation-state attackers. The lure of data theft, identity and financial crime and economic influence through distributed and coordinated attackers capable of operating in jurisdictions outside of the US is great as evidenced by the continued and persistent mass data theft. Organizations facing the dilemma of amassing sensitive data to run, compete and grow business must take first-line defense strategies to secure data before it is stolen. After all, while funds may be recovered, stolen data certainly cannot.”
“This is a meaningful improvement to the U.S. government's approach to combating cyber crime," commented Keith McCammon, chief security officer and co-founder of Red Canary. "An overwhelming majority of threat actors are financially motivated. These criminals manipulate software, end users, and a wide variety of financial services and technologies with increasing sophistication to achieve their objectives. The wide variety of technical and financial systems in play can be viewed as complicating factors in investigations, and they are. But every system that a criminal uses presents an opportunity to identify, track, and ultimately disrupt their operations. Our success requires that investigators have a holistic understanding of modern criminal operations, from how they target and interact with victims to how they get paid, so that any mistake along the way can be used to the advantage of law enforcement. By combining the Financial and Electronic Crimes Task Forces, our expertise across domains can be leveraged more effectively, putting the Secret Service and its partners in a vastly improved position to understand, disrupt, and prosecute modern frauds.”
Shreyans Mehta, co-founder and CTO of Cequence Security concurred that it's important to recognize the financial motivations of many cyber threat actors. “Given the commercialization of cybercrime today, it only makes sense to follow the money. Because the fact is, money from cybercrime is funding even worse activities. Law enforcement is traditionally about investigating and prosecuting, and far less about prevention. It’s almost more important, however, to also focus on prevention, which will help us all be more resilient and less susceptible to crimes in the first place.”
Casey Kraus, CEO of Senserva called the Cyber Fraud Task Force "an important entity," and he thinks it merits support. "The COVID-19 pandemic has created an wide variety of opportunities for criminals to take advantage of the situation. Criminals are using increased and modified phishing attempts aimed at stay-at-home workers as well as malicious 3rd party applications that allow access to personal information to financially exploit individuals and organizations working under new conditions. Understanding these types of attacks and the various schemes that are present in your environment will also help to reduce your potential exposures.”
Lucy Security's CEO Colin Bastable, wrote, “This move makes sense." He also saw the move as a possible signal that some agency equities may be shifting. "We do, however, have a lot of duplication of tasks among the various arms of America’s intelligence community. One tends to associate this type of activity with the FBI, which is, of course, part of the Dept. of Justice. With the US Secret Service being part of Homeland Security, perhaps this is part of a re-alignment of responsibilities.”
Paul Bischoff, privacy advocate with Comparitech, joined those who emphasized the growing threat of financially motivated cybercrime. “If I made a Venn diagram of financial crimes and cyber crimes," he said, "the shared section in the middle would have grown significantly over the last few years. There is certainly no shortage of financial cybercrimes for the CFTF to investigate, and I think combining the ECTF and FCTF makes sense. The FBI, FTC, and local police departments handle much of the domestic financial cybercrime in the US. I suspect they will continue to get assistance from the Secret Service, but I think the CFTF stands to make the biggest impact in thwarting crimes perpetrated by foreign actors. Many scams, malware, and cyberattacks are launched from outside of the USA at targets within the US. Given the Secret Service's plan to expand the CFTF internationally, I think it will have the resources to reach criminals in other countries to a greater extent than those domestic enforcement agencies.”
Finally, Chris Hauk, consumer privacy champion at Pixel Privacy, sees the creation of the task force as a timely move. “With the continuing need for users to work, shop, and try to enjoy a bit of recreation online, the bad actors of the world will only increase their efforts to steal valuable information from both individuals and corporations. The creation of the Cyber Fraud Task Force is an encouraging move on the part of the U.S. Secret Service. The Task Force will hopefully take some of the cyber crime investigation burden off of the shoulders of local and state police departments who are simply not equipped to deal with cyber crime. This is especially true now, due to the movements across the nation demanding the defunding of police departments and other law enforcement agencies.”