May 23, 2019

Axios Codebook

Axios

Welcome to Codebook, cybersecurity newsletter and electronic brain.

(Smart Brevity count: 1,211 words/<5 min. read)

1 big thing: Huawei delay brings ZTE déjà vu

Huawei Cybersecurity Center in Brussels. Photo: Emmanuel Dunand/AFP/Getty Images

After dramatic U.S. moves to shut Huawei off from suppliers, the Chinese telecom manufacturer received a 90-day reprieve from the Department of Commerce Monday, placing a question mark over the broader anti-Huawei campaign.

Why it matters: A similar previous U.S.-China trade tussle flipped from confrontation to accommodation, leaving experts and lawmakers wondering what the mercurial Trump administration's endgame with Huawei will be.

The big picture: The Huawei case and last year's ZTE conflict seem to share the same outline: A massive Chinese telecom manufacturer accused by the United States of violating sanctions and participating in espionage gets struck with a ban on U.S. technology exports, only to be saved at the last second.

  • Facing a similar set of facts relating to ZTE in the early days of trade negotiations, the Trump administration ultimately removed its export ban, handing a gift to China.
  • The administration's transactional approach — its willingness to exchange national security interests for trade needs— irked Republicans and Democrats alike.

Driving the news: Last week, Huawei was placed on the Department of Commerce's entity list, requiring U.S. firms wishing to sell or license tech to Huawei to get export licenses most assume will be impossible or at least prohibitively burdensome to obtain.

  • However, after issuing the ban, the Department of Commerce quickly offered a 90-day delay on the ban taking effect, allowing Huawei to service Huawei equipment that's already been deployed while owners make other arrangements.
  • Huawei won't close down without U.S. products, but it is not, at current, prepared to manufacture 5G equipment without it.

What's next: "My bet is a ZTE-like resurrection," said James Lewis, senior vice president for the Center for Strategic and International Studies and a former tech policy official, via email.

  • Lewis believes the export ban has already achieved its purpose: Countries and companies that had been ready to ignore U.S. warnings and do business with Huawei are now on notice that the U.S. can pull the rug out from under Huawei at any time.
  • "Part of the goal was to warn the Europeans that if they buy Huawei, they’re taking on risk that Huawei may not be able to fulfill 5G contracts," said Lewis, adding, "We could pull the plug any time in the next couple of years and places like Italy would be left high and dry."

Meanwhile: At the same time the Trump administration banned U.S. companies from providing goods to Huawei, it also released an executive order declaring a "state of emergency" banning U.S. networks from using telecommunications equipment deemed to be a risk to national security. Most people in the know assume this was aimed specifically at Huawei.

  • But "states of emergency" can end in a variety of ways — via joint resolution of Congress, Trump (or a future president) deciding the emergency is off, or a president not annually renewing them when they expire.
  • Sen. Chris Van Hollen (D-Md.) confirmed to Codebook that he and Sen. Tom Cotton (R-Ark.) are working on codifying the "state of emergency" order into law.
  • A different group of Senators proposed other legislation Wednesday to continue policing Chinese equipment in the United States.
  • If either passes, it would make it harder for the Trump team to unilaterally lift the order as a bargaining chip in trade negotiations.
2. U.K. chip firm may sever ties with Huawei

Generally, Huawei is thought to be in a better position to weather a U.S. export ban than ZTE was. But that position may not be as strong as once thought.

The big picture: A leaked memo first reported by BBC shows British chip designer ARM has severed ties with Huawei because its designs contain U.S. intellectual property.

This is a huge deal, because Huawei's ability to make its own chips — one of the key resources the firm has to survive a ban on Qualcomm and Intel chips — is dependent on ARM.

3. Chip firm accusing Huawei exec of IP theft

CNEX, a chip startup funded by Microsoft and Dell, accused a Huawei executive of stealing intellectual property in a pre-trial hearing for a lawsuit headed to court in June.

Why it matters: Obviously (see above) it already wasn't the easiest month for Huawei. The Wall Street Journal, which brought the CNEX suit to light, on Wednesday described new allegations from a hearing that took place in April.

According to the Journal:

  • At the hearing, CNEX cited depositions charging that an engineer claiming to be a member of an academic research team met with the firm in 2017. That engineer, actually from Huawei, pilfered information on CNEX's solid state hard drive technology, sending it to an intelligence database run by Huawei's microchip subsidiary, where it could then be reverse engineered by a Chinese university.
  • Huawei acknowledged meetings with CNEX and that a CNEX document was uploaded to the database, but claims that it had been invited to the meetings and didn't steal anything.
4. Homeland Security sent one cybersecurity staffer to the border

The border barrier between the U.S. (L) and Mexico. Photo: Mario Tama/Getty Images

Last week, The Daily Beast spurred an outcry when it reported that CISA, the Department of Homeland Security's cybersecurity-protection agency, had requested volunteers to aid the department's efforts at the border.

But, but, but: Although CISA got a total of 20 volunteers from the 3,500-person department, only "one or two" of them focused on cybersecurity, according to CISA director Christopher Krebs, who spoke to reporters after a conference on Wednesday.

  • Krebs also noted that management would only approve requests after factoring CISA's priorities.
  • In short, said Krebs, the volunteers would have no "operational impact."

The bottom line: The Trump administration's border policy is controversial and has had clear effects on military readiness, commerce and American global leadership. But the impact on Homeland Security's cybersecurity operations appears to be minimal.

5. Hacktivism is down 95% since 2015

Hacktivism — when activist groups like Anonymous use cyber disruption for political means — declined 95% between 2015 and 2018, according to a report by IBM.

Details: There are a variety of reasons for the decline.

  • Anonymous is in decline. The Guy Fawkes-mask-wearing, decentralized affiliation of hackers and trolls behind attacks on Pay Pal, Stratfor and others was a leading organization platform for political attacks. Anonymous' efforts have decreased, and no one has filled in the void.
  • Governments, including Russia, are impersonating activists, and that's made it harder to know the "real" activists.
  • There have been a ton of arrests, reducing the feeling of invulnerability.

IBM notes that attacks are up in 2019 — not up to 2015 levels, but up from 2018 — spurred in part by the arrest of Julian Assange and a campaign against Saudi targets.

6. In case you missed last week
  • An Indian firm exposed a database of Instagram users to the web without security, leaking contact information on 49 million accounts, including Instagram influencers. It's unclear if the database was accessed by a malicious third party, but it also was not clear how the Indian firm had the data to begin with. (TechCrunch)
  • One possible explanation: an Instagram coding glitch, discovered this week, that exposed contact information in the site's source code. That problem had existed for at least four months, according to the researcher who found it. (CNET)
  • Google stored the passwords for some enterprise customers in plain text. Google acknowledged it notified a "subset" of its 5 or so million business customers that it had unencrypted records of their passwords since 2005. (TechCrunch)
  • Bots rigged the voting of Russia's singing competition "Voice Kids." The television station decided to cancel the vote after a Russian security firm, Group-IB, found suspicious voting patterns leading to the daughter of a Russian millionaire winning the competition. (Channel 1, Group-IB)
  • Hackers hacked the hacking forum OGusers, posting data on 100,000 users to a different forum. OGusers specialized in SIM swapping, and there's no honor among thieves. (Krebs on Security)
7. Odds and ends
Axios