In what the White House says is a precedent-setting move, President Biden has signed an executive order prohibiting use by the U.S. Government of “commercial spyware,” powerful cyber technology used by state actors to spy on journalists, dissidents and human rights activists. The White House defined the class of apps as “sophisticated and invasive cyber surveillance tools sold by vendors to access electronic devices remotely, extract their content, and manipulate their components, all without the knowledge or consent of the devices’ users,” explaining such technology “has proliferated in recent years with few controls and high risk of abuse.” Continue reading Biden Restricts the Government Use of Commercial Spyware

Sundar Pichai, CEO of Google and its parent Alphabet, is urging the U.S. government to step up innovation and more actively police cyberthreats. In a year beset with security breaches attributed to Russian and Chinese hackers, Pichai says it’s time to draft a Geneva Convention for technology, outlining international legal standards, safeguards and behavioral norms for the connected age. Pichai also made an appeal for state-sponsored innovation in the face of competition from China, where the Communist Party under President Xi Jinping has outlined plans to advance artificial intelligence and develop a proprietary semiconductor sector. Continue reading Alphabet CEO Calls for Government Action in Tech Innovation

The Federal Communications Commission has officially designated Huawei Technologies and ZTE, two Chinese telecommunication firms, as national security threats. Last year, the FCC voted to add both companies to the Entity List and barred them from using U.S.-manufactured semiconductors. Now, U.S. carriers cannot use the Universal Service Fund to purchase or maintain products from the two companies. The Fund, managed by the FCC, is an $8.3 billion government subsidy program to expand Internet access in rural and other underserved areas.

Continue reading FCC Formally Names Huawei, ZTE National Security Threats

The U.S. House of Representatives voted 278 to 136 for the USA FREEDOM Reauthorization Act of 2020, to extend provisions of the Foreign Intelligence Surveillance Act (FISA). This legislation established rules for surveillance and information collection “between foreign powers or agents of foreign powers suspected of espionage or terrorism.” Although the House is led by Democrats, the vote was bipartisan, with 152 Democrats and 226 Republicans approving the act. The measure will now go to the Senate, on recess next week. Continue reading House of Representatives Okays Extension of Surveillance Act

The Content Delivery & Security Association (CDSA), in collaboration with the Motion Picture Association of America (MPAA), are responding to next-gen threats with the Trusted Partner Network (TPN), “a voluntary process by which vendors can assess the security preparedness of their facilities, staffs and workflows against industry best practices.” CDSA executive director Guy Finley, who is also MESA president, and CDSA chairman of the board Ben Stanbury, Amazon’s chief security officer, described TPN at the HPA Tech Retreat. Continue reading HPA Tech Retreat: CDSA Promotes Trusted Partner Network

The Trump administration has charged two Chinese citizens accused of involvement in a state-sponsored effort to steal information from government agencies, various businesses and managed service providers. The hackers are said to be members of China’s elite APT10 group, and prosecutors claim there are direct links between the accused and China’s Ministry of State Security. The U.S. says China’s cyberattacks have become significant national and economic security threats. The latest charges indicate that Chinese authorities directed the hacking campaign. Continue reading U.S. Charges Members of China’s Elite APT10 with Hacking

The U.S. government is reportedly pushing for foreign allies to stop using hardware from China-based Huawei Technologies Co. According to people familiar with the initiative, the government is aiming to convince wireless and Internet service providers to avoid telecom equipment that comes from Huawei in an effort to increase security. Washington officials are particularly concerned about countries that host military bases. The U.S. and Australia already have bans in place to curb the risk of cyberattacks. Huawei is the world’s largest telecommunications provider. Continue reading Federal Government Takes Additional Steps to Block Huawei

The Justice Department’s National Security Division claims that seven hackers suspected of working with Russia’s GRU military intelligence unit were part of a conspiracy to hack multiple organizations including the World Anti-Doping Agency, the Democratic National Committee, a nuclear energy company and several media outlets. The Fancy Bear cyber espionage group, also known as Sofacy or APT28, is accused of launching a disinformation campaign leading up to the 2016 U.S. presidential election, and “hacking to obtain non-public, health information about athletes and others in the files of anti-doping agencies in multiple countries.” Continue reading Justice Department Accuses Russian Spies of Cyberattacks

Following a deal made by President Trump, the U.S. Commerce Department has given the go-ahead to Chinese telecom company ZTE to resume its commercial relations with U.S. suppliers. ZTE was told the ban would be lifted once the company placed $400 million into an escrow account and paid a $1 billion fine, part of the penalty the Department had imposed on ZTE for breaking an earlier agreement to not sell to Iran and North Korea. ZTE’s failure to make good on this agreement led the Commerce Department to ban U.S. companies from selling to the Chinese company. Continue reading U.S. Commerce Department Lifts Trade Ban on China’s ZTE

Senate Intelligence Committee vice chair Mark Warner wrote to Alphabet and Twitter to raise questions about their relationships with Chinese vendors. Now, he and other top Committee members want to call in Facebook, Google and Twitter chief executives to a public hearing about their platforms’ security, especially with regard to their relationships with Chinese telecommunication companies. Warner also asked Google for information about its partnership with Tencent for patent sharing and future technology development. Continue reading Government Wants Hearing with Tech Firms Over China Ties

Security companies Morphisec and Cisco reported the extent of the damage caused by a malware attack on security software CCleaner. Experts say that the software, distributed by Czech company Avast, was targeted not simply to disrupt as many computers as possible, but to conduct espionage. Hackers penetrated the software and added a backdoor, ultimately installing malware on more than 700,000 computers. But hackers also sought to find computers among those infected that resided in networks of 20 leading tech firms. Continue reading CCleaner Malware Is Linked to Attack Against 20 Tech Firms

WikiLeaks released thousands of documents yesterday that it claims detail methods used by the CIA “to break into smartphones, computers and even Internet-connected televisions,” reports The New York Times. According to WikiLeaks, the CIA and allied intelligence services bypassed encryption on messaging services including Signal, Telegram and WhatsApp. WikiLeaks also suggests that agencies can collect audio and messaging data from Android phones “before encryption is applied.” The Wall Street Journal notes that such activities, if actually taking place with consumer electronics, could fuel tensions between intelligence agencies and the tech industry, which has been concerned about customer privacy. Mobile devices are a major concern; NYT published an article detailing potential smartphone vulnerabilities. Continue reading WikiLeaks Claims of CIA Hacking Could Impact Tech Industry

In what could mark the largest-ever theft of personal data, Yahoo has confirmed that more than 500 million of its user accounts were hacked in late 2014. The Internet company is pointing the blame at state-sponsored hackers who reportedly stole names, email addresses, birth dates, phone numbers and encrypted passwords after breaking into the Yahoo network. The company does not believe the hack impacted unprotected passwords or financial data such as payment card or bank account info. The breach was discovered after Yahoo began investigating a claim by hackers who were attempting to sell 280 million usernames and passwords. Continue reading Hackers Steal Data From Half a Billion Yahoo User Accounts

The European Parliament recently voted in favor of breaking up Google in European territories. While the nonbinding vote holds no legal power, the decision to vote in favor of such a break-up shows the resistance that Google has encountered from the European Union. The vote comes in the wake of a recent appeal by privacy advocates and the EU to extend the “right to be forgotten” policy for European citizens beyond the European Google search engine. Continue reading European Union Expresses Privacy Concerns Regarding Google

The “Snowden Effect” has caused a ripple among major tech companies trying to assure consumers that their personal information is secure and protected in data centers. Following the surveillance revelations by Edward Snowden, the question on everyone’s mind is whether their private and confidential data has been secured from prying eyes online. A number of companies, concerned by the National Security Agency’s actions, are working to protect their customers’ data.

Continue reading Tech Firms Step Up Efforts on Digital Counter Surveillance