Cyber Week in Review: November 15, 2019

Angela Merkel Urges European Union to Reclaim Control Over Data

German Chancellor Angela Merkel has called for the European Union (EU) to develop its own platform to manage the bloc’s data in order to reclaim its “digital sovereignty” from U.S. tech giants. In her speech at an employers’ conference in Berlin, Chancellor Merkel drew attention to Europe’s outsourcing of data processing and storage needs to U.S.-based cloud services run by Amazon, Microsoft, and Google. Chancellor Merkel’s speech follows a joint announcement by France and Germany earlier this month to introduce a government-backed cloud computing initiative, Gaia-X, to serve as a “competitive, safe, and trustworthy data infrastructure for Europe.” Chancellor Merkel has publicly advocated for Europe to forge its own path to data management, one distinct from the U.S. model of private sector dominance and China’s state-controlled approach. She and French President Emmanuel Macron have expressed fears that Europe will be increasingly subject to American and Chinese dominance over global data flows and the digital economy.

Suspected Chinese Hackers Target U.S. Manufacturing Industry Group

Suspected Chinese hackers broke into the internal computer network of the National Association of Manufacturers (NAM) over the summer, according to an unnamed cybersecurity firm. NAM, a powerful industry group, has been a key player in shaping President Donald J. Trump’s trade policies. The attack came amid heightened tensions between the United States and China as they negotiated a “phase one” trade deal to ease bilateral tensions, and it appears the hacks were an attempt by Beijing to learn more about Washington’s policy positions. Chinese Foreign Ministry spokesman Geng Shuang has dismissed the accusations as “creating something from nothing” and driven by “ulterior motives,” claiming that China opposes all forms of hacking.

Brazil to Break Ranks with the United States on Huawei, Says Chinese Ambassador

According to Chinese Ambassador to Brazil Yang Wanming, China is confident that Brazil will choose Chinese telecommunications company Huawei to build its new 5G mobile network. Yang’s statement was released days before Chinese President Xi Jinping met privately with Brazilian President Jair Bolsonaro in Brasilia this week during a BRICS summit that included Russia, India, and South Africa. After the meeting, Bolsonaro stated to reporters, “I am happy with the opportunity to discuss a large bilateral agenda.” China is already Brazil’s largest trading partner, and Mr. Bolsonaro is seeking Chinese capital to finance the modernization of Brazil’s infrastructure. Huawei is set to bid in Brazil’s 5G auction next year, and if the company does eventually build the country’s next generation networks, it will do so despite Mr. Bolsonaro’s close friendship with U.S. President Donald J. Trump and his administration’s condemnation of Huawei on national security grounds, which Mr. Yang has called a campaign of “bad faith and defamation.”

UK’s Labour Party Suffers Two Cyberattacks and a Privacy Gaffe

The United Kingdom’s opposition Labour Party weathered two distributed denial of service (DDoS) cyberattacks on Monday. DDoS attacks aim at overwhelming servers with traffic, often with the use of botnets, in order to take them offline. The pro-Brexit hacking group known as Lizard Squad claimed responsibility for both attacks, and warned more attacks would follow a Labour Party victory in the snap general election in December. An unnamed Labour Party spokesman assured the public that any attempt to breach the data of its digital platforms had been thwarted by its security systems. While there is no evidence of state sponsorship at this time, it is possible that Lizard Squad was hired to carry out the attacks, given its history of offering DDoS-for-hire services. The party had a difficult week of cybersecurity incidents; the Times reported on Tuesday that an apparent security oversight resulted in the Labour Party’s website publishing the names of its donors and the amount of money they contributed, which is a violation of the European Union’s General Data Protection Regulation (GDPR) rules.

Chinese Surveillance Company Hikvision Advertises Racial Profiling Technology

Chinese company Hikvision, a major supplier of surveillance equipment globally, has been advertising cameras that racially profile Uighur Muslims. In an online advertisement that was deleted after being reported on by video surveillance news website IPVM, Hikvision claimed its cameras could detect ethnicity, skin color, and facial features within an accuracy of 90 percent. The company has sold more than 1.3 million cameras to the United Kingdom, United States, Germany, and Brazil. Meanwhile, Hikvision has provided Chinese authorities with AI-enabled technology to surveil the ethnic Uighur Muslim population in the province of Xinjiang. The company won the Xinjiang contract following terrorist attacks in the western province in 2016, after which the Chinese government requested cameras be placed inside mosques to monitor the messaging of religious leaders. Hikvision was added to the U.S. blacklist of Chinese entities earlier this year for human rights abuses. Prior to its blacklisting, Hikvision supplied equipment to the U.S. Army and the city of Philadelphia.