US indicts six GRU officers for conspiracy. Tech regulation. Information operations strategies (and hacking against surveillance).

Summary

By the CyberWire staff

At a glance.

US indicts six GRU officers for conspiracy surrounding NotPetya, other cyberattacks.
EU looks at Big Tech regulation.
US states preserve their own investigations of Google.
Cyber conflict strategies.

Naming and shaming (and indicting) Russia's GRU.

Earlier this afternoon the US Justice Department announced the unsealing of an indictment against six Russian GRU officers belonging to unit 74455, the group commonly known as "Sandworm." In 2018 the US indicted members of the GRU for offenses related to meddling in the 2016 US elections. This present indictment has to do with a conspiracy that began with the disruption of Ukraine's power grid, expanded to the destructive NotPetya attacks that particularly disrupted the transportation and healthcare sectors worldwide, and with subsequent activities directed against French elections and the Winter Olympics hosted by South Korea.

In its press conference announcing the most recent indictments Justice calls the conspirators’ actions on the part of the Russian government “irresponsible,” more like the activities of “a petulant child” than those one would expect from a responsible government interested in observing international norms. The indictment, Justice says, “lays bare Russia’s activities to disrupt the internal politics of other countries.”

The indictments were issued by a Federal grand jury in Pittsburgh, where the US Attorney for the Western District of Pennsylvania and the FBI’s Pittsburgh Field Office led the investigation. Cisco’s Talos Group, Facebook, Twitter, and Google were thanked, as are Five Eyes partners, for their cooperation in the investigation.

To the obvious (and good) question, why is the US charging foreign nationals for actions committed against third-party foreign nations (like Ukraine, France, South Korea, etc.) the Justice Department gave the obvious (and good) answer: the six GRU officers are charged with conspiracy, and overt acts committed elsewhere form part of the conspiracy.

Latest salvo in EU Big Tech battle.

CNBC says Paris and Amsterdam have prepared a joint call for the EU to regulate Big Tech’s “economic footprint” and secure access to company data and functionality. The endgame, according to French Minister of State for Digital Transition and Electronic Communication Cédric O, is “to tackle market foreclosure and ensure freedom of choice for consumers.” Without naming any company names, he said the EU must “be able to ‘break them open.’” Twenty-seven EU nations and the European Parliament would need to authorize the measure.

US states to continue Google investigation independent of federal action.

The Washington Post reports that Arizona, Colorado, Nebraska, Utah, Tennessee, North Carolina, Iowa, and New York state attorneys general intend to continue their own probe of the tech giant instead of immediately joining the Department of Justice’s looming antitrust lawsuit, though the situation is fluid. True to form, Texas is leading a separate investigation. The move preserves the states’ legal autonomy from controversial federal decisions and election year instability. Sources who spoke with the Post on the condition of anonymity project that a dozen states will eventually join the Justice Department’s suit. Google is predicted to “fight ferociously” in a landmark battle over the government and search engine’s respective powers.

Combating disinformation and ethnic cleansing.

Two pieces in Foreign Policy argue that the US should develop a strategy to resist disinformation emanating from Moscow and Beijing, and to interrupt Xinjiang surveillance.

With respect to disinformation, the current whack-a-mole measures in the information war insufficiently answer the escalating threat to national security and the “liberal international order.” Author Doowan Lee recommends a threefold approach: rooting out automated and state-sponsored distribution channels, publicizing content’s sourcing, and nurturing public-private collaborations. Lee concludes, “China and Russia have weaponized the information environment for too long…[the US] has the dual advantages of technological innovation and an unparalleled national security apparatus. It’s time to use them.”

In the piece on repression in Zinjiang, author Limor Simhony proposes hacking as a means of combating Beijing’s cultural genocide since sanctions and censures have failed. Mass surveillance in Xinjiang has created a “virtual cage” and led to the internment of over a million Uyghurs and Kazakhs. The same technology opens an inroad for disruptive and intelligence-gathering cyberattacks, however. The right play, which would have to overcome microsegmentation and deep packet inspection, could shut down cameras and communications, destroy data, and deter future human rights violations. Simhony says Washington should team up with London, Paris, Berlin, Ottawa, and Canberra to overpower Beijing’s defenses, and that they should do so in ways that preserve plausible deniability in order to keep the conflict at the lower end of the spectrum.

Selected Reading

Google details tactics of Chinese hackers who targeted Biden campaign (CyberScoop) Google on Friday offered new details on tactics used by alleged Chinese government-linked hackers who previously targeted Democratic presidential nominee Joe Biden’s campaign, while warning that multiple state-linked hacking groups continue to show an interest in the U.S. election.

Google: Chinese Hackers Are Impersonating McAfee to Phish Victims (Gizmodo) The same Chinese government-linked hackers who targeted the campaigns of both 2020 presidential candidates earlier this year have been trying to trick users into installing malware by posing as the antivirus provider McAfee and using otherwise legitimate online services like GitHub and Dropbox.

How we're tackling evolving online threats (Google) An update on how threat actors are changing their tactics, and how Google’s Threat Analysis Group works to protect our products and the people using them.

Europe to crack down on surveillance software exports (POLITICO) EU needs to make sure ‘China or Russia are not simply given the newest technology,’ lead negotiator says.

China Lawmakers Pass Export Control Law Protecting Tech (Bloomberg) China passed a new law to restrict sensitive exports to protect national security, helping Beijing gain reciprocity against U.S. as tech tensions mount.

WSJ News Exclusive | China Warns U.S. It May Detain Americans in Response to Prosecutions of Chinese Scholars (Wall Street Journal) Chinese government officials are warning their American counterparts they may detain U.S. nationals in China in response to the Justice Department’s prosecution of Chinese military-affiliated scholars, according to people familiar with the matter.

U.S. to Offer Loans to Lure Developing Countries Away From Chinese Telecom Gear (Wall Street Journal) The U.S. government is embarking on a push to persuade developing countries to shun Chinese telecommunications equipment, offering financial assistance to use alternatives that Washington says are safer and have fewer strings attached.

Former NSA chief: Russia can change 2020 election outcome, unlikely to do so (Washington Times) The former head of the National Security Agency and U.S. Cyber Command said Sunday that Russia has the ability to upend the 2020 election but is unlikely to do so.

The United States Isn’t Doomed to Lose the Information Wars (Foreign Policy) China and Russia are ramping up their disinformation campaigns in the lead-up to the November vote. It’s time for Washington to fight back.

‘Weaponized truth’: How the US military plans to compete in the crowded information space (C4ISRNET) The military must empower everyday personnel as well as public affairs officials to combat and compete with adversaries in the information sphere, according to one public affairs professional.

Could Cyberattacks Stop the Cultural Genocide in Xinjiang? (Foreign Policy) State persecution of Muslims in the region depends on high-tech mass surveillance, leaving an open door for other countries to gather intelligence and infiltrate the…

The Abraham Accords plays into Iran’s hands and opens the door for al-Qaeda (Atlantic Council) President Donald Trump and the Gulf states might have fueled a more profound threat that extends Iran’s “axis of resistance” directly into their own houses, including a worrisome al-Qaeda component.

Germany, France push for digital sovereignty to mitigate American dominance (MediaNama) Germany and France are pushing for digital sovereignty in the EU to counteract dominance of American Big Tech firms.

Ukraine’s cybersecurity agency appears to backtrack on Huawei cooperation (KyivPost) Editor’s Note: This story has been updated to add Huawei’s response. The State Service for Special Communications and Information Protection of Ukraine, also known as SSSCIPU or Derzhspetszviazok, has allegedly removed information from its website about cooperation with Chinese tech giant Huawei, Ukraine’s Evropeiska Pravda news outlet reported on Oct. 16. On Oct. 15, the head of […]

Huawei wants Estonian government to re-evaluate communications networks regulation (Intellinews) Chinese communications giant Huawei has asked the Estonian government to review the draft of a regulation on the security of communications networks. ...

Huawei may have found an ally in Japan, for now (Telecoms) Japan will not bar Chinese kit makers – including Huawei – from supplying telecoms network equipment in the country, it emerged this week.

France and the Netherlands call for tough EU powers to curb Big Tech (CNBC) France and the Netherlands have proposed stricter EU rules to oversee large technology firms, such as Alphabet, Facebook and Amazon.

Scaling up the Cybersecurity of Nuclear systems in India (Analytics Insight) India is amongst the top five countries facing cyber threats and targeted attacks. With the advancement of technology, the incidence of security breaches and cyberattacks has heightened. That’s why scaling up cybersecurity in nuclear systems and models are important.

Dem Sens. Say DHS Biometrics Plan Is Unwanted Surveillance (Law360) Democratic senators urged the U.S. Department of Homeland Security to abandon its plan to broaden biometric testing for immigrants to include voice, eye and facial recognition, arguing the proposed expansion is a privacy invasion against already vulnerable populations.

Carney signs order allowing National Guard cyberspace unit to assist in election security (Delaware Business Now) Governor John Carney has signed Executive Order #46, authorizing the Delaware National Guard’s 166th Cyberspace Operations Squadron to assist in the 2020 election security efforts. The squadron’s cybersecurity capabilities will assist in protecting Delaware’s elections infrastructure, a release stated. Delaware, like other states, has been concerned about cyberattacks from foreign actors who seek to disrupt […]

FCC Asks For National Security Review Of 2 Telecoms (Law360) The Federal Communications Commission has asked the national security community to review whether Pacific Networks Corp. and China Unicom Americas present a risk if allowed to continue operating in the U.S.