Cyber Week in Review: May 22, 2020

The FBI Unlocks iPhone of Pensacola Shooter 

On Monday, top Trump administration officials announced that the FBI had bypassed the encryption of the iPhones belonging to Mohammed Alshamrani, the alleged shooter that killed three people at a Pensacola Navy base last year. According to a person familiar with the situation who spoke on condition of anonymity, the FBI was able to access the phones by using an “automated passcode guesser.” Law enforcement officials stated that after gaining access to Alshamrani’s phone, they discovered that he had extensive links to al-Qaeda. Critics of tech’s stance on encryption used the announcement to lambast Apple for their refusal to provide so-called “backdoors.” Senator Tom Cotton (R-AR), for example, accused the company of “siding with terrorists over law enforcement.” In a separate statement, Apple rebuked claims that it was helping terrorists and hurting law enforcement efforts, arguing that “It is because we take our responsibility to national security so seriously that we do not believe in the creation of a backdoor.” Despite the rhetoric, there is no indication that lawmakers are any closer to drafting new encryption legislation to address their complaints.

German Court Extends Right to Privacy to Foreign Internet Users 

On Tuesday, Germany’s Constitutional Court, the highest court in the country, ruled that the privacy rights enshrined in the constitution also extend to foreigners living abroad and protect their online data from at-will searches by Germany’s intelligence services. A group of journalists and civil liberties organizations brought the issue before the court, arguing that a 2016 law that permitted Germany’s intelligence agency, the BND, to intercept the communications of foreigners for national security purposes lacked necessary checks and balances. The controversial 2016 law was originally created in response to Chancellor Angela Merkel’s desire to respond to a series of terrorist attacks that had targeted the country. In addition to ordering that the law be clarified by the end of 2021, the court also called for more controls over the BND and limitations on the ability of the intelligence services to share information with international partners. The court’s decision was hailed by privacy advocates yet criticized by conservative German politicians for hampering the BND’s ability to cooperate with foreign partners.

Trump to Withdraw from Open Skies Treaty

According to senior Trump administration officials, the United States has decided to pull out of the Open Skies Treaty, which was signed in 1994 and allows nations to fly over each other’s territory with sensor equipment to ensure that they were not preparing to launch military attacks. U.S. officials have long complained that Moscow has been violating the treaty by not permitting flights over sites where it is suspected of deploying nuclear weapons that could reach Europe. Moreover, in classified reports, the Department of Defense and U.S. intelligence community have warned that Russia has been using flights permitted under the treaty to map out U.S. critical infrastructure that they could target with cyberattacks. Alexander Grushko, Russia’s deputy foreign minister, reacted to the U.S. withdrawal by saying that it would “be not only a blow to the foundation of European security ... but to the key security interests of the allies of the U.S.” For their part, North Atlantic Treaty Organization (NATO) members have been pressing the United States to remain signatory to the treaty.

Japanese Ministry of Defense Investigates Mitsubishi Breach

The Japanese Ministry of Defense is investigating a data breach suffered by Mitsubishi Electric Corp. last year, which is believed to have leaked specifications for a hypersonic glide missile prototype that it has been developing since 2018. Among the details likely stolen were the missile’s range, propulsion, and heat resistance. Only China, Russia, and the United States currently possess missiles of the same kind. Once ready, the Ministry of defense hopes to use the missile to defend islands in the East China Sea that are currently subject to a territorial dispute with China. Attribution for the breach, which Mitsubishi disclosed in January, pointed to Bronze Butler, a Chinese state-linked threat group that has targeted Japanese firms’ intellectual property in the past.

Hundreds of Israeli Websites Hacked

Hundreds of Israeli websites were defaced on Thursday morning by a cyberattack targeting prominent firms, political parties, and at least one health-care organization. The websites affected displayed videos of Israeli cities being bombed and threatening messages. The attack coincides with the last Friday of Ramadan, which Iran has referred to as Quds day and used as an annual holiday to condemn Israel and express support for Palestine since 1979. Although the defacements included Iranian flags, there has not yet been an official indication of who was behind the attack, which occurred almost two weeks after Israel launched a cyberattack that damaged systems at Iran’s Shahid Rajaee port.