At a glance.
- China’s attempts to control citizen data risk exposure…in more ways than one.
- US House bill inhibits purchase of foreign surveillance software.
- FBI Cyber Division Director pushes for clarity on sanctions and incident reporting rules.
China’s attempts to control citizen data risk exposure…in more ways than one.
China is currently dealing with what might be the largest data breach in the country’s history, despite the fact that lawmakers have built one of the world’s tightest cybersecurity and data-protection systems. The Wall Street Journal explores how the government’s extensive surveillance network has made it a target for data theft. According to database tracking service LeakIX, China has tens of thousands of unprotected databases exposed on the internet totaling more than 700 terabytes of data, the largest volume of exposed data of any country. What’s more, the data are especially sensitive in nature, largely due to the way China aggregates data from multiple sources in its state-run surveillance platforms. In 2019, Shanghai launched a fully integrated data platform with AI capabilities, gathering data from public security, public healthcare and transportation, and even from private food delivery companies. It has created a house-of-cards scenario where one breach can lead to the exposure of an avalanche of data.
Meanwhile, a story from MIT Review demonstrates how China’s tight grip on data only compels citizens to find creative ways to circumvent the rules. Chinese players on Steam, the world’s largest gaming platform, have been abusing an app called Wallpaper Engine in order to bypass the country’s ban on internet porn. Reviews of the app detail how the software can be used as a cloud drive and video player allowing players to share adult-only content, and Steam’s international high-speed servers and inability to block explicit content makes it the perfect vehicle. Cui Jianyi, a Chinese writer who has researched the phenomenon, says it’s the natural reaction to a government that attempts to too tightly control its citizen’s internet behaviors. “If there are no legitimate porn websites, then people will consume it wherever they can find it,” he stated.
US House bill inhibits purchase of foreign surveillance software.
The US House Intelligence Committee on Wednesday advanced a bill that would give the US Director of National Intelligence the power to block any contract between foreign surveillance software manufacturers and the intelligence community. As Reuters notes, the move follows media reports that Israeli firm NSO Group, maker of the infamous Pegasus spyware, was in talks to be purchased by US defense contractor L3Harris Technologies Inc. Calling the rise in the use of foreign-made commercial spyware “an acute and emergent threat to the national security of the United States,” the bill also gives the White House the authority to sanction foreign spyware makers if they target US spies. Furthermore, the measure would allow the Director of National Intelligence to prohibit any part of the intelligence community from contracting with a US company that had acquired foreign commercial spyware, essentially killing the L3Harris acquisition. The bill must be approved by the full House and pass the Senate before becoming law.
FBI Cyber Division Director pushes for clarity on sanctions and incident reporting rules.
Speaking at this week’s International Conference on Cyber Security, Bryan Vorndran, assistant director of the US Federal Bureau of Investigation’s (FBI) Cyber Division, says the agency is urging the Treasury Department and US Securities and Exchange Commission (SEC) to clarify the rules directed at ransomware attack payments and cyberincident reporting. The Record by Recorded Future explains that for years the Treasury Department’s Office of Foreign Assets Control has threatened to penalize organizations that paid ransoms to sanctioned ransomware groups. But there has been confusion surrounding exactly which groups are sanctioned, especially given that many threat groups don’t make their connections to countries like Russia, Iran, or North Korea public, and Vondran says American companies have come to the FBI seeking clarity. “The guidance from Treasury on sanction payments is opaque. It is not clear. We have gone to Treasury and asked them to clear that up,” Vondran stated. He also noted that the FBI has asked the SEC to add an exception to the reporting rules that would give companies a delay option if disclosure of an attack could pose a threat to national security. “Those discussions are being had at the most senior levels of both FBI and [Department of Justice] with the SEC about the implications on national security,” Vondran said.