The European Union is hoping to lead a more coordinated response to security concerns over Chinese 5G equipment makers, it has emerged. Brussels wants to ensure it doesn’t end up with a situation where member states have unwittingly allowed Chinese kit to dominate across the region, according to the FT.
One unnamed diplomat told the paper that although 5G auctions can raise billions for governments, the EU is “urging everyone to avoid making any hasty moves they might regret later.” The US, Australia, New Zealand, Taiwan and Japan have all banned Huawei products on security fears to a lesser or greater extent, despite the firm repeatedly protesting its innocence.
Before the internet era, geopolitical tensions drove traditional espionage, and periodically erupted into warfare. Nowadays, cyberspace not only houses a treasure-trove of commercially and politically sensitive information, but can also provide access to control systems for critical civil and military infrastructure.
It’s therefore no surprise to find nation-state cyber activity high on the agendas of governments. In 2019, nation-state cyber activity is expected to increase to unprecedented levels.
Read more about the predictions for nation-state cyber activity in 2019 on ZDNet.
The biggest threats online continued to mirror the biggest threats in the real world, with nation states fighting proxy battles and civilians bearing the brunt of the assault. In many cases, the most dangerous people online are also the most dangerous in the real world. The distinction has never mattered less.
Read the list of most dangerous people on the Internet for 2018 on Wired.
As democracies around the world struggle to hold back the rising tide of authoritarianism, a similar crisis is unfolding online. Three factors converged this year to make 2018 the eighth straight year that global internet freedom declined, according to an annual report from the nonprofit Freedom House: increasing censorship in response to disinformation, the widespread collection of personal data, and a growing group of countries emulating China’s model of digital authoritarianism.
Not only does China once again rank as the worst abuser of internet freedom, it is actively exporting its techno-dystopian model to other countries according to the report.
Read more about the findings of the Freedom House report on Wired.
The strong rebuttal came in the face of charges claiming the individuals – Zhu Hua and Zhang Shilong – stole sensitive data from a vast number of organizations working as part of a hacking crew dubbed APT10, which is linked to the Chinese government. A spokesperson with the Chinese embassy in London said the charges were “egregious” and “gravely violated the basic norms governing international relations and seriously damaged China-US cooperation.”
After the US Department of Justice charged two Chinese nationals for being members of a state-sponsored hacking group and accused the Chinese government of orchestrating a string of hacks around the world, five other governments have stepped in with similar accusations.
Australia, Canada, Japan, New Zealand, and the UK have published official statements today formally blaming China of hacking their government agencies and local companies. All statements are in regards to the supposed involvement of the Chinese Ministry of State Security (MSS) in supporting the activity of a hacking group known as APT10.
The Department of Justice charged two Chinese hackers with stealing “hundreds of gigabytes” of data from more than 45 other governmental organizations and U.S.-based companies. This has potentially significant national security ramifications: Targets included the NASA Goddard Space Center and Jet Propulsion Laboratory; U.S. Department of Energy’s Lawrence Berkeley National Laboratory; and the Navy.
The two hackers, Zhang Shilong and Zhang Jianguo, are alleged to be members of APT10, a well-known China-based threat actor, which is believed to be directly connected to the Chinese Ministry of State Security’s (MSS) Tianjin bureau.
Read more about the charges against the Chinese hackers on ThreatPost.
The following is a joint announcement of the Department of State and Department of Homeland Security:
Since at least 2014, Chinese cyber actors associated with the Chinese Ministry of State Security have hacked multiple U.S. and global managed service and cloud providers. These Chinese actors used this access to compromise the networks of the providers’ clients, including global companies located in at least 12 countries.
The United States is concerned that this activity violates the 2015 U.S.-China cyber commitments made by President Xi Jinping to refrain from conducting or knowingly supporting “cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.” China has also made this commitment with G20 and APEC members as well as in other bilateral statements.
Stability in cyberspace cannot be achieved if countries engage in irresponsible behavior that undermines the national security and economic prosperity of other countries. These actions by Chinese actors to target intellectual property and sensitive business information present a very real threat to the economic competitiveness of companies in the United States and around the globe. We will continue to hold malicious actors accountable for their behavior, and today the United States is taking several actions to demonstrate our resolve. We strongly urge China to abide by its commitment to act responsibly in cyberspace and reiterate that the United States will take appropriate measures to defend our interests.
The Chinese government has been covertly monitoring communication between European government organizations and think tanks potentially for years, researchers claim. In a report (.PDF), researchers from Area 1 Security said that the ongoing campaign has “gained access into the diplomatic correspondence network of the European Union.”
Area 1 Security has attributed the infiltration to the Strategic Support Force (SSF) of the People’s Liberation Army (PLA). An online cybersecurity team was established by the PLA in 2011, but it was not until 2015 before China explicitly admitted to the unit’s existence.
Read more about the state-sponsored Chinese hacking attack on ZDNet.
Huawei has told reporters that any evidence against the company should be revealed. “Maybe not to Huawei and maybe not to the public, but to telecom operators, because they are the ones that buy Huawei,” Chairman Ken Hu said. The Associated Press reported Hu said there has never been evidence of Huawei equipment being a risk, and the company has never “accepted requests to damage the networks or business of any of our customers”.
The call follows the Czech Republic’s national cybersecurity agency issuing a warning over the use of Huawei and ZTE earlier this week. The National Cyber and Information Security Agency (NCISA) said the security threat from the two firms’ products mainly comes down to China’s legal and political system for companies headquartered there.