At a glance.
- North Korea stalks dissidents.
- India prepares to exclude Huawei and ZTE from 5G trials.
- US seeks to persuade European states to avoid Huawei in their 5G infrastructure.
- White House gives ByteDance ninety days to sell TikTok.
- US Commerce Department imposes new restrictions on Huawei's access to US semiconductors.
- Industry comment on Fancy Bear's Drovorub malware.
- A pardon for Snowden?
Pyongyang's online menacing of defectors.
The Wall Street Journal reports that North Korea is engaging in a campaign of online harassment against former DPRK subjects who’ve defected to South Korea. The channels used to menace defectors include email, texts, social media, and voice calls. Harassment of defectors isn't new (nor are threats to family the defectors may have left behind) but the current efforts show that Pyongyang is deploying its cyber capabilities in a new approach to an old totalitarian task.
India seems likely to exclude both Huawei and ZTE from its 5G infrastructure.
Bloomberg reports that both Huawei and ZTE are likely to be excluded from India's trials of its coming 5G infrastructure. Sections of the Indian press explicitly connect the expected ban with Chinese military actions on its border with India. The country's telecommunications sector is expected to make a large investment in 5G infrastructure: the South China Morning Post estimates the total at $4 billion.
US pushes to exclude Huawei from European markets; Huawei looks to Africa.
US Secretary of State Pompeo is in Europe for talks on a variety of matters, prominent among which is infrastructure security and the risks posed by Chinese hardware, EU Observer reports. His first stop was Slovenia, whose government issued a joint declaration with US concerning 5G security.
But if doors are closing on Huawei elsewhere, African markets continue to welcome the company's affordable technology, the South China Morning Post says.
White House to ByteDance: sell TikTok within ninety days.
Or say good-bye to the US market. The occasion for imposing the deadline was a US Executive Order issued Friday that took official note of ByteDance’s recent acquisition of Musical.ly, and of the integration of Musical.ly with TikTok. The Order served notice that ByteDance had ninety days to divest itself of TikTok and to delete any data it had collected from US-based users of TikTok and Musical.ly. The decision is double-edged. On the one hand it's being read as a reprieve for TikTok, since it gives more time than came with the former mid-September deadline. On the other the new deadline does seem to carry a greater degree of finality than the one it replaced.
More restrictions on Huawei's access to American semiconductors.
The US Commerce Department this morning announced more restrictions on Huawei’s access to US-made semiconductors. A new amendment to the foreign-produced direct product rule applies the restrictions to any transactions “where U.S. software or technology is the basis for a foreign-produced item that will be incorporated into, or will be used in the ‘production’ or ‘development’ of any ‘part,’ ‘component,’ or ‘equipment’ produced, purchased, or ordered by any Huawei entity on the Entity List; or 2) when any Huawei entity on the Entity List is a party to such a transaction, such as a ‘purchaser,’ ‘intermediate consignee,’ ‘ultimate consignee,’ or ‘end-user.’”
The US State Department said the amendment “will prevent Huawei from circumventing U.S. law through alternative chip production and provision of off-the-shelf (OTS) chips produced with tools acquired from the United States. This measure follows the more limited expansion of the Foreign Direct Product Rule in May, which Huawei has continuously tried to evade.”
The amendment also adds thirty-eight additional Huawei affiliates from twenty-one countries to the Entity List: "Huawei Cloud Computing Technology; Huawei Cloud Beijing; Huawei Cloud Dalian; Huawei Cloud Guangzhou; Huawei Cloud Guiyang; Huawei Cloud Hong Kong; Huawei Cloud Shanghai; Huawei Cloud Shenzhen; Huawei OpenLab Suzhou; Wulanchabu Huawei Cloud Computing Technology; Huawei Cloud Argentina; Huawei Cloud Brazil; Huawei Cloud Chile; Huawei OpenLab Cairo; Huawei Cloud France; Huawei OpenLab Paris; Huawei Cloud Berlin; Huawei OpenLab Munich; Huawei Technologies Dusseldorf GmbH; Huawei OpenLab Delhi; Toga Networks; Huawei Cloud Mexico; Huawei OpenLab Mexico City; Huawei Technologies Morocco; Huawei Cloud Netherlands; Huawei Cloud Peru; Huawei Cloud Russia; Huawei OpenLab Moscow; Huawei Cloud Singapore; Huawei OpenLab Singapore; Huawei Cloud South Africa; Huawei OpenLab Johannesburg; Huawei Cloud Switzerland; Huawei Cloud Thailand; Huawei OpenLab Bangkok; Huawei OpenLab Istanbul; Huawei OpenLab Dubai; and Huawei Technologies R&D UK."
Comment on Fancy Bear's Woodcutter.
The joint NSA-FBI advisory on the GRU Drovorub malware campaign has been assessed by industry experts, and they see the alert as welcome. They also see the threat, while serious, as manageable. We've received comment on Drovorub from several companies.
Rosa Smothers, Senior VP of Cyber Operations at KnowBe4, sees Drovorub as a problem for older systems:
"Drovorub is multi-functional malware, a highly advanced rootkit. It can perform several functions like data exfiltration and enabling remote sessions. It's important to note this Linux kernel - 3.7- was retired in March 2013. If you're keeping your Linux distros updated, then you should be spared any problems. My primary concern is all the embedded systems using these older kernels; I suspect there are many out there that remain unaccounted for, thus vulnerable."
Erich Kron, a Security Awareness Advocate also at KnowBe4, thought the advisory a salutary reminder that there's a low-level cyberwar in progress, and that the adversaries defenders face aren't just criminal gangs, but nation-states as well:
"This information about the previously undisclosed malware is a reminder that although we often think of cybergangs running the cybercrime rackets, there is a cyber war being fought between nation states as well. These tend to be extremely well-made types of malware and, as noted here in this case, use advanced techniques to obfuscate itself and evade network detection and endpoint protection products while still gaining kernel-level access.
"Nation state actors attack organizations with the goal of earning money, sometimes to counter economic sanctions and fund other programs, and also with the intent of Intellectual Property (IP) theft or intelligence gathering.
"The NSA and FBI did a great job deconstructing this malware and sharing the details with the public. This type of detailed response really helps organizations as well as other potentially targeted countries to be able to better defend themselves."
Robert Meyers, Channel Solutions Architect at One Identity, sees the alert as a wake-up call for the Linux community, which he sees as overconfident of its immunity to malware:
“One of the largest problems in the Linux community is that people tend to believe the hype that Linux is secure. This tends to leave people not updating Linux as often as they should, or not completing the installations of kernel updates when they should. When you add the lack of privileged access management that is common through the industry, this type of attack is going to be more common than people realize. In other words, this is just one of many.
"The industry needs to change. People need to focus on Windows machines needing to be updated. There is no magic protecting any operating system, someone will be trying to crack each and every one of them. Whenever updates are available, updates should be completed, using standard IT methodology.
"Additionally, if hackers can’t get direct access to a system, they can’t infect it. This is something people forget and is the reason why privileged access management is so successful in protecting systems. If there is personal or private data on a system, how are you securing that system? Would it be possible to put a layer of protection in front of it? In most cases, it is possible and should be done."
But he too thinks that patched and protected systems don't face an undue risk of compromise: "If you patch and protect your systems, this should not be anything more than an announcement to keep your eyes open. If you do not, it is time to change your practices.”
Pardon talk in re Mr. Snowden.
The New York Times reports that President Trump said he’d “look into” pardoning Edward Snowden. The tone of the President's response to the question that prompted his I'll-look-into-it was relatively noncommittal, hedged with disclaimers of specific knowledge of Mr. Snowden and acknowledgement that a number of people have a good opinion of him.