Feb 13, 2020 - Technology

Cybersecurity is a government game

Illustration: Aïda Amer/Axios

Forget lone hackers and gangs of digital outlaws: Governments, acting for good and ill, have become the prime movers in the cybersecurity world.

What's happening: Three big stories this week drove home government's central role in a myriad of major breaches, hacks and scams.

1. Equifax: Monday, the Justice Department indicted four members of China's military for executing the 2017 Equifax data breach, which exposed the personal data of nearly 150 million Americans.

  • Equifax had already agreed to a settlement with state and federal authorities for hundreds of millions of dollars, one that focused on efforts to recompense consumers harmed by the breach and to provide incentives to businesses to batten down their hatches against similar future attacks.
  • By attributing the breach to China and bringing the receipts, the U.S. made clear that what had seemed to be a business story was in fact more about China's hunger for data on U.S. citizens — and the ability of its state-employed actors to execute one of the largest data heists in history.

2. Huawei: The Wall Street Journal reported Tuesday that U.S. officials say Huawei, the Chinese telecom giant, has been running a decade-long program of installing secret back doors in its equipment that allow it to monitor network traffic on behalf of the Chinese government.

  • The charges, which Huawei vehemently denies, repeat long-standing U.S. claims against the company, and many experts are critical of Huawei's close ties to the Chinese authorities. But the U.S. has never publicly provided evidence to back the charge.

3. The CIA: For nearly 50 years, a Swiss company called Crypto AG that sold encryption systems to governments around the world operated as a CIA front and enabled the U.S. to monitor those governments' secret communications, a remarkable Washington Post investigation revealed Tuesday.

  • The audacity, scope and span of the operation (from 1970 to 2018) make it "one of the most momentous and simply mind-boggling revelations in intelligence history," as Thomas Rid, professor of strategic studies at Johns Hopkins, said on Twitter.

Flashback: Even when governments aren't directly pulling the levers, their power shapes events in cybersecurity.

  • When a group that called itself the Shadow Brokers stole and shared a trove of NSA hacking tools in 2017, third parties grabbed the NSA code and transformed it into what became known as the WannaCry and NotPetya worms, which caused enormous damage to businesses worldwide.

The bottom line: Modest-size criminal attacks on individuals and businesses can be maddening and destructive, and they come from all directions. But increasingly, we're learning that massive-scale hacks and breaches almost always come with a government's fingerprints somewhere on them.

Go deeper

Justice Department indicts 4 Chinese military members for Equifax breach

Illustration: Sarah Grillo/Axios

The Justice Department announced Monday that it indicted four members of China's military in relation to the 2017 Equifax data breach that compromised the data of more than 147 million Americans.

Why it matters: The announcement comes at a fraught time for U.S.-China relations — just weeks after the signing of a critical "phase one" trade deal that ratcheted down economic tension between the two nations — and marks only the second time that the U.S. government has charged Chinese military hackers.

Go deeperArrowFeb 10, 2020 - World

Huawei loses a round against Congress in federal court

Photo: Smith Collection/Gado/Getty Images

Huawei lost a round in court Tuesday, with a federal judge ruling that Congress was within its rights to exclude agencies and contractors from buying gear from Huawei and ZTE.

The big picture: This is one battle in the larger and more multifaceted conflict between Washington and Beijing that's playing out in courts, through trade negotiations and in public rhetoric.

Huawei makes its case against U.S. hostilities

Illustration: Aïda Amer/Axios

Two top Huawei U.S. executives are at the RSA Conference in San Francisco this week, hoping the crowd of security experts will be more receptive to its position than have been policymakers in Washington, where the Chinese giant has gotten an increasingly hostile reception.

The big picture: Huawei's business has been under all manner of attack from the U.S. government, from trade sanctions to criminal charges to efforts to persuade allies not to buy their gear.