The CyberWire Daily Podcast 10.9.20
Ep 1191 | 10.9.20

A Parliamentary report alleges active Huawei cooperation with Chinese intelligence. Coordinated inauthenticity, mostly focused on domestic opinion. Guilty pleas from former eBayers.


Dave Bittner: Hey, everybody, Dave here. The CyberWire Daily Show is going to be taking a break for the U.S. Columbus Day holiday on Monday, but we have a special treat for you. We're going to be running a fascinating episode of our "Caveat" podcast. That's the show that's all about privacy, surveillance and the thorny legal and policy matters in cybersecurity. In this episode, we're talking to Drew Harwell from The Washington Post on his article on how colleges are turning students' phones into surveillance machines. We hope you enjoy it. And be sure to subscribe to "Caveat" wherever you get your podcasts.

Dave Bittner: A parliamentary committee issued a scathing report on Huawei's connection to the Chinese government and the Communist Party of China. Facebook takes down coordinated inauthenticity with a domestic focus in four countries. Twitter goes after influence operators in four other countries. Betsy Carmelite addresses threats to telehealth platforms. Our guests are the FBI's Herb Stapleton and the U.S. Secret Service's Greg McAleer on their new multi-agency mission center, which is hoping to tackle the highest priority cybercriminal threats facing the U.S. And two of the former eBayers charged in a cyber-stalking case have taken their expected guilty pleas.

Dave Bittner: From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Friday, October 9, 2020.

Dave Bittner: The BBC reports that a British parliamentary committee yesterday released a report that concluded there was clear evidence of collusion between Huawei and the Chinese Communist Party. While tut-tutting a bit to inoculate itself against charges of ill-informed, anti-China hysteria, the House of Commons defense committee supported its conclusions by noting the subsidies the company has received from the Chinese government - some $75 billion over the last three years. That subsidy enabled Huawei, the report said, to lowball its competition and secure great market share by selling its equipment at a ridiculously low price point. 

Dave Bittner: The report also cites research that alleges that the Shenzhen hardware giant has engaged in a variety of intelligence, security, and intellectual property activities. In sum, the parliamentary study concludes, "it is clear that Huawei is strongly linked to the Chinese state and the Chinese Communist Party, despite its statements to the contrary. This is evidenced by its ownership model and the subsidies it has received." 

Dave Bittner: The report is expected to have the effect of advancing the replacement of Huawei equipment in the U.K.'s telecommunications infrastructure. For its part, Huawei expressed its confidence that people will see through these accusations of collusion and remembered instead what Huawei has delivered for Britain over the past 20 years. 

Dave Bittner: Fortune sees the report as harsher than any official statements other critics of Huawei, including the U.S. and Australian government, have so far offered. It represents a direct, official accusation that Huawei is actively working for the Chinese government. Previous warnings have concentrated on the company's susceptibility to Beijing's influence, and this report goes beyond that. 

Dave Bittner: Yesterday, both Facebook and Twitter disclosed the discovery and suspension of politically motivated or state-connected networks of inauthentic accounts. Facebook's takedowns involve coordinated inauthenticity that sought to engage mostly domestic audiences. A U.S.-based network of thinly veiled personas associated with the Rally Forge marketing firm, which appears to have been working on behalf of Turning Point USA and another conservative political organization that favored the reelection of President Trump. The network's audience was primarily a U.S. domestic one, with secondary audiences in Botswana and Kenya. Those distinctly secondary audiences were delivered content that, oddly, favored big-game hunting, a topic perhaps of concern to factions in those two countries. 

Dave Bittner: Facebook also dismantled a network in Myanmar that consisted of 17 pages, 50 Facebook accounts and six Instagram accounts. Their line was critical of the National League for Democracy and political leader Aung San Suu Kyi. There was also some anti-Rohingya content. The network was linked to members of Myanmar's military. 

Dave Bittner: The social network removed 589 Facebook accounts, 7,906 pages and 4,047 accounts on Instagram based in Azerbaijan. These were engaged in praise of President Ilham Aliyev and the New Azerbaijan Party, criticism of the opposition with accusations of treason and denials that human rights were being abused in Azerbaijan. They also included patriotic content about the ongoing fighting with Armenia over Nagorno-Karabakh. 

Dave Bittner: Finally, in Nigeria, 79 Facebook accounts, 47 pages, 93 groups and 48 Instagram accounts were suppressed. The networks supported Ibrahim Zakzaky and Nigeria's Islamic movement. They were critical of the government.

Dave Bittner: Twitter's cancellations showed little overlap with Facebook's most recent round, although some of them did coincide with Facebook's September enforcement round. Twitter cancelled inauthentic Iranian accounts that aimed principally at deepening U.S. social fissures during the election season. The company also removed more than 500 Cuban accounts. It also canceled Saudi accounts that operated principally against regional rival Qatar. The most interesting takedowns were of a network of accounts associated with the Royal Thai Army that amplified pro-government and anti-opposition content. Stanford's Internet Observatory called the army's operation low impact and cheerleading without fans. The Bangkok Post reports that the Royal Thai Army has denied any involvement in disinformation. 

Dave Bittner: And finally, two former eBay employees, sometime members of the online auction service's global intelligence team, have entered their guilty pleas in a Massachusetts case of cyberstalking. The harassment was directed against a mom-and-pop newsletter that somehow attracted what appears retrospectively to be the disproportionate ire of some eBay managers, none of whom remain employed by the company. Reuters reports that three other global intelligence team alumni are expected to enter their own guilty pleas later this month. A total of seven former eBayers have been charged in the case. 

Dave Bittner: The FBI, the U.S. Secret Service and other federal agencies are partnering in a unique mission center environment to tackle the highest priority cyber criminal threats against the United States, including ransomware. The new mission center, based at the National Cyber Investigative Joint Task Force, will integrate operations and intelligence across agency lines to more effectively impose risks and consequences on cyber adversaries. Joining us to discuss the new initiative, our FBI Cyber Division section chief over cybercrime, Herb Stapleton, and U.S. Secret Service Executive Deputy Assistant Director Greg McAleer. We hear from Greg first. 

Greg McAleer: The interesting thing about the Secret Service's equities in kind of enforcing and investigating cybercrimes is we share many of the same equities as the FBI and we have historically worked very well together. I think what we've figured out now is that this mission set is just so big that everybody has to participate, and we have to combine our forces in order to combat the threat. The Secret Service has the equities in 1030. The difference, I think, with the Secret Service and FBI is we do not have a - necessarily a national security arm. We investigate only crimes within Title 18. Now, since cyber is such a ubiquitous operation, we frequently wind up with national security touch points within our investigations. And there was a natural connection for us to share that information with the FBI and furthering that is the NCIJTF. We're now the Secret Service, the FBI and all our other partners work together with all of our equities at the table. 

Dave Bittner: So, Herb, can you give us some insights here? What do you hope to come out of this partnership? By formalizing this, what are some of the benefits that you hope to achieve? 

Herb Stapleton: Well, you know, one of the ways that we look at the cybercrime problem is sort of like an enormous puzzle. And so one thing that we know is that we don't hold all the pieces to that puzzle here in the FBI. Some of those pieces are held by the Secret Service, some of them by our private sector partners. And so I think really bringing all that talent together from the Secret Service, from the FBI and from other agencies who are willing to work together with us on the cyber crime problem - bring that talent together in one place and try to attack the problem as a whole of government, as one U.S. government instead of each individual agency on its own, I think, really, will lead to better outcomes for the American people by making sure that when we have a priority issue that needs to be solved, we're bringing all the resources of the U.S. government to bear on that particular problem. 

Dave Bittner: Greg, can you give us some examples of the kinds of things that you're hoping to tackle together? Are there certain types of cybercrime that this will lend itself to? 

Greg McAleer: Well, Dave, the creation of the Criminal Mission Center is a very - it's a very forward-leaning idea that AD Gorham had shared with my assistant director and I'm sure many of the other executives in the other agencies. You know, traditionally within the FBI and within the NCIJTF, there were lines of effort that had a national security focus, and then there was criminality within those mission centers. So I think what the - if we were to look at it, the NCIJTF that way, those are the kind of the bones. And the Criminal Mission Center is going to be the muscles and the ligaments that are going to kind of move this whole organization forward. So we will roll up and interact with all the different mission centers and then also explore the criminal elements within these larger campaigns. And I think that that's really what's going to drive this forward. This is a first-time effort by all the agencies to coalesce around the national security issues and then the criminal issues, which, to Herb's point, were not always shared as seamlessly and as effectively as in the past. 

Dave Bittner: Greg, is this sort of, you know, putting the bad guys on notice around the world that this is something that continues to be of growing importance to the US government? 

Greg McAleer: Oh, absolutely. And I am happy and looking forward to putting as many of the bad guys, as you say, on notice. And I think that the NCIJTF is the perfect vehicle for doing that. 

Dave Bittner: Herb, you know, looking at the long-term picture here, what do you hope comes out of this? Is this - can you see other parts of the government joining in? Is this the first step, perhaps, of many? 

Herb Stapleton: Well, certainly the Secret Service and the FBI aren't the only participants here at the NCIJTF. So we certainly see those who are already - those agencies who are already on board at the NCIJTF being a big part of the Criminal Mission Center, even if that's not their primary focus. And we would also just encourage that this is really an open door for those working within the government in the cyber space to come and take advantage of this collaboration opportunity. 

Herb Stapleton: I think over the long term, you know, certainly we hope to achieve operational outcomes that are consistent with our mission - putting bad guys in jail, disrupting the operations of cybercriminals all over the world, having, you know, imposing risk and consequence on that cybercriminal ecosystem that makes all these things possible. But as we go along and do that, I hope that we also send a message to the American public and the people who count on us that the FBI, the Secret Service and our other partners here at the NCIJTF - we aren't working against each other to try to combat this cyber problem. We're working together to try to make sure that this country can stay as secure from cyber threats as possible. 

Dave Bittner: That's the FBI's Herb Stapleton and the U.S. Secret Service's Greg McAleer. There's more to this interview. You can check it out over on our website,, in the CyberWire Pro section. 

Dave Bittner: And joining me once again is Betsy Carmelite. She is a senior associate at Booz Allen Hamilton. Betsy, it's always great to have you back. You know, as we've been going through this COVID-19 pandemic, there has been an explosion in the use of telehealth. And I know that's something that you and your team have been keeping an eye on and working with your customers with. Can you give us some insights? What are some of the things that you're watching? 

Betsy Carmelite: Sure. And I would also say, you know, this is something that I've personally used and adopted, so I've been watching it as well from a personal perspective. But we've seen these telehealth services basically be an essential lifeline between patients and providers in our socially distanced world right now during the COVID-19 pandemic. But it's really important to remember that these telehealth platforms really expand one's attack surface and could be a potential avenue for cyberattacks. So we're seeing private insurers and the U.S. government rapidly extend access to these medical services for just millions of patients and doctors. These platforms are also creating that digital footprint for cybercriminals to target. 

Dave Bittner: What sort of specific concerns are out there as folks are using these things? What are we worried about? 

Betsy Carmelite: Sure. Again, it's a balance against, you know, the benefits of using telehealth. These hidden security challenges could result in risks that outweigh the rewards. So we've seen some softer regulations around security and oversight protections, which is very concerning. So government organizations have stated openly that they may not enforce rules designed to protect patient data or conduct audits for new patient billing. So some - those type of waivers do raise the possibility of patient protection - patient data protection being at risk. It's made things a little bit more nebulous around what is covered and what's going to be regulated. But it's - again, it's striking the balance between accessible health care during this time and protecting the privacy and infrastructure. And that's just a really difficult prospect right now. 

Dave Bittner: Yeah. You know, the easing of the HIPAA requirements is fascinating to me. Because on the one hand, a lot of people I've talked to, including members of my own family, have said, I'm not going back (laughter). 

Betsy Carmelite: Right. 

Dave Bittner: You know, this telehealth is convenient, and I like it. And, you know, it just takes less of my time. And I'm on board with this. So I can't help wondering, as organizations are adopting it, I suppose they shouldn't assume that these HIPAA waivers are going to be permanent. I suppose they should be working towards the possibility that things may tighten up in the future. 

Betsy Carmelite: Absolutely. Because as you just pointed out, we'll probably see the persistence of the need for telehealth. It's something where, you know, it's accelerated the adoption of these platforms. But now we've become accustomed to them, and they've made life easier. Again, if health organizations and government regulators aren't making telehealth a security priority now and maybe reevaluating those type of waivers with that persistent use of these platforms, we'll likely see the exploitation only grow. Cyber criminals are already profiting from these security vulnerabilities in telehealth. You know, they could possibly hack cloud-based services where patient data is stored, and that's potentially COVID-19 health related data. And federal, state, local health departments all need quicker and greater access to that information. So we're only going to see greater use of the cloud storage and cyber criminals exploiting the vulnerabilities in those. 

Dave Bittner: Yeah, it's really fascinating how this whole experience has, really, been kind of a catalyst for moving things forward, for forcing change, I guess, at a much faster rate than anyone had expected. 

Betsy Carmelite: That's right. That's right. And, you know, we saw, for one, these health care organizations needing to store and process far more data because of the pandemic. It's likely that also, in a quick way, expanded their digital infrastructure, tool adoption and the need to secure that technology, but it probably has not kept pace, you know, with the total adoption. 

Dave Bittner: Yeah. All right. Well, Betsy Carmelite, thanks for joining us. 

Betsy Carmelite: Thank you. 

Dave Bittner: And that's the CyberWire. For links to all of today's stories, check out our daily briefing at And for professionals and cybersecurity leaders who want to stay abreast of this rapidly evolving field, sign up for CyberWire Pro. It will save you time and keep you informed. It's the choice of a new generation. Listen for us on your Alexa smart speaker, too. 

Dave Bittner: Don't miss this weekend's "Research Saturday." My conversation with Yuval Avrahami from Palo Alto Networks Unit 42 on escaping virtualized containers. That's "Research Saturday." Check it out. 

Dave Bittner: The CyberWire podcast is proudly produced in Maryland at the startup Studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technologies. Our amazing CyberWire team is Elliott Peltzman, Puru Prakash, Stefan Vaziri, Kelsea Bond, Tim Nodar, Joe Carrigan, Carole Theriault, Ben Yelin, Nick Veliky, Gina Johnson, Bennett Moe, Chris Russell, John Petrik, Jennifer Eiben, Rick Howard, Peter Kilpe. And I'm Dave Bittner. Thanks for listening. We'll be taking a break for the Columbus Day holiday here in the U.S., so we will be back here on Tuesday.