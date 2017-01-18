from the another-black-list-entry dept.
Exclusive: U.S. lawmakers urge AT&T to cut commercial ties with Huawei - sources
U.S. lawmakers are urging AT&T Inc, the No. 2 wireless carrier, to cut commercial ties to Chinese phone maker Huawei Technologies Co Ltd and oppose plans by telecom operator China Mobile Ltd to enter the U.S. market because of national security concerns, two congressional aides said.
[...] Earlier this month, AT&T was forced to scrap a plan to offer its customers Huawei handsets after some members of Congress lobbied against the idea with federal regulators, sources told Reuters.
The U.S. government has also blocked a string of Chinese acquisitions over national security concerns, including Ant Financial's proposed purchase of U.S. money transfer company MoneyGram International Inc.
The lawmakers are also advising U.S. firms that if they have ties to Huawei or China Mobile, it could hamper their ability to do business with the U.S. government, one aide said, requesting anonymity because they were not authorized to speak publicly.
omoc writes:
"From the SPON article:
"The American government conducted a major intelligence offensive against China, with targets including the Chinese government and networking company Huawei, according to documents from former NSA worker Edward Snowden that have been viewed by SPIEGEL. Among the American intelligence service's targets were former Chinese President Hu Jintao, the Chinese Trade Ministry, banks, as well as telecommunications companies. But the NSA made a special effort to target Huawei.
According to a top secret NSA presentation, NSA workers not only succeeded in accessing the email archive, but also the secret source code of individual Huwaei products."
Kaspersky Lab is willing to go to extreme lengths to reassure the U.S. government about the security of its products:
Eugene Kaspersky is willing to turn over computer code to United States authorities to prove that his company's security products have not been compromised by the Russian government, The Associated Press reported early Sunday.
"If the United States needs, we can disclose the source code," said the creator of beleaguered Moscow-based computer security company Kaspersky Lab in an interview with the AP.
"Anything I can do to prove that we don't behave maliciously I will do it."
Also at Neowin.
In Worrisome Move, Kaspersky Agrees to Turn Over Source Code to US Government
Over the last couple of weeks, there's been a disturbing trend of governments demanding that private tech companies share their source code if they want to do business. Now, the US government is giving the same ultimatum and it's getting what it wants.
On Sunday, the CEO of security firm Kaspersky Labs, Eugene Kaspersky, told the Associated Press that he's willing to show the US government his company's source code. "Anything I can do to prove that we don't behave maliciously I will do it," Kaspersky said while insisting that he's open to testifying before Congress as well.
The company's willingness to share its source code comes after a proposal was put forth in the Senate that "prohibits the [Defense Department] from using software platforms developed by Kaspersky Lab." It goes on to say, "The Secretary of Defense shall ensure that any network connection between ... the Department of Defense and a department or agency of the United States Government that is using or hosting on its networks a software platform [associated with Kaspersky Lab] is immediately severed."
Jeanne Shaheen, a New Hampshire Democrat tells ABC News, that there is "a consensus in Congress and among administration officials that Kaspersky Lab cannot be trusted to protect critical infrastructure." The fears follow years of suspicion from the FBI that Kaspersky Labs is too close to the Russian government. The company is based in Russia but has worked with both Moscow and the FBI in the past, often serving as a go-between to help the two governments cooperate. "As a private company, Kaspersky Lab has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts," an official statement from Kaspersky Labs reads.
Source: Gizmodo
According to emails from October 2009 obtained by Jordan Robertson and Michael Riley at Bloomberg it appears that Kaspersky Lab has been working with Russian Intelligence. Despite long standing rumours over these connections Eugene Kaspersky has always denied this to be the case, including as recently as last week in response to questions in the US Senate by Florida Republican Marco Rubio when he stated that "Claims about Kaspersky Lab's ties to the Kremlin are "unfounded conspiracy theories" and "total BS,"" on Reddit, and even offering to hand over the source code to the US Government for inspection.
While the exact nature of the co-operation with the FSB is still unclear, in the emails Kaspersky outlines a project undertaken in secret a year earlier "per a big request on the Lubyanka side," a reference to the FSB offices, that "includes both technology to protect against attacks (filters) as well as interaction with the hosters ('spreading' of sacrifice) and active countermeasures (about which, we keep quiet) and so on," Kaspersky wrote in one of the emails. Kaspersky Lab has confirmed that the emails are authentic. Whether this was legitimate work with the FSB in the prevention of cybercrime or securing FSB facilities or something more nefarious, it seems likely that this is not going to alleviate concerns over the use of their software putting further pressure on Kaspersky's business in other countries.
Kaspersky Lab's tussle with the US government could have ramifications for its dealings with the private sector. A new report claims the FBI has been meeting with companies to warn them of the threat posed by the cybersecurity firm. The briefings are the latest chapter in an ongoing saga concerning the use of Kaspersky's products by government agencies. Officials claim the company is a Russian stooge that can't be trusted with protecting America's critical infrastructure. The company denies these claims -- its CEO Eugene Kaspersky has even offered up its source code in a bid to clear his firm's name.
It appears that olive branch went unnoticed. Throughout the year, the FBI has been meeting with US firms to convince them to remove Kaspersky Lab's tools from their systems, according to officials that spoke to CyberScoop. In view of the cyberattacks that crippled Ukraine's power grid in 2016, the FBI has reportedly focussed its briefings on companies in the energy sector. Although, it has also supposedly met with major tech firms too.
The law enforcement agency has apparently been sharing its threat assessment with the companies, including Kaspersky Lab's alleged deep ties with Russian intelligence. However, the meetings have reportedly yielded mixed results. Whereas firms in the energy sector have been quick to cooperate, tech giants have resisted taking swift action, claims CyberScoop.
Source: EnGadget
The Washington Post is reporting U.S. moves to ban Kaspersky software in federal agencies amid concerns of Russian espionage:
Acting Homeland Security secretary Elaine Duke ordered that Kaspersky Lab software be barred from federal civilian government networks, giving agencies a timeline to get rid of it, according to several officials familiar with the plan who were not authorized to speak publicly about it. Duke ordered the scrub on the grounds that the company has connections to the Russian government and its software poses a security risk.
[...] "The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security."
[...] The directive comes months after the federal General Services Administration, the agency in charge of government purchasing, removed Kaspersky from its list of approved vendors. In doing so, the GSA suggested a vulnerability exists in Kaspersky that could give the Kremlin backdoor access to the systems the company protects.
Someone that is in a position to know all about it tells me that Kaspersky doesn't detect malware created by the Russian Business Network. My fear is that if I named that someone, the RBN will give that someone a bad hair day.
[Ed. addition follows]
The full text of the DHS notice is available at https://www.dhs.gov/news/2017/09/13/dhs-statement-issuance-binding-operational-directive-17-01.
(Score: 0) by Anonymous Coward on Wednesday January 17, @11:04PM (1 child)
AT&T vs Huawei vs. Congress bugs...
(Score: 0) by Anonymous Coward on Thursday January 18, @03:08AM
The New AT&T is formerly Southwestern Bell and in reality Confederate Telephone.
Trust those southern confederate rebels to be in cahoots with Chinese.
(Score: 3, Interesting) by Anonymous Coward on Wednesday January 17, @11:12PM (2 children)
It makes news when the US government blocks foreign control. That should tell you something: it isn't the norm.
Mostly, all of our stuff is up for sale. We sell ownership of companies. Our companies think they are moving into China when they get 49% ownership of a joint venture being operated by patriotic Chinese citizens, and then they turn over all the trade secrets to that joint venture. We welcome foreign nationals into our corporate networks, VPNed past the firewall, to save a dime on IT costs. We welcome foreign nationals physically into our companies, under many kinds of visa, and strangely assume that none will be patriotic to their country of origin.
Our law even prohibits a normal company from refusing to hire an IT worker or engineer due to foreign connections. This is exactly backwards. We let the fox guard the hens. The only way out is to become a defense contractor and find some excuse to require security clearances for everybody.
(Score: 2) by bob_super on Wednesday January 17, @11:52PM
> strangely assume that none will be patriotic to their country of origin.
When given the amazing opportunity to live and work in the Greatest Country On Earth (TM), why would anyone do anything against it? Don't be silly ...
(Score: 0) by Anonymous Coward on Thursday January 18, @12:33AM
Check your collectivism.
(Score: 0) by Anonymous Coward on Thursday January 18, @01:09AM
Sounds like a number of palms are about to be greased.
So it goes.
(Score: 3, Insightful) by MrGuy on Thursday January 18, @03:37AM (1 child)
The US isn't in the best place to be shining a spotlight on "hey, foreign-made software and hardware could in theory be deliberately compromised by their governments to secretly do bad stuff!"
I mean, the NSA is still in business, and more than a few of their tricks are out of the bag recently. [wikipedia.org] The exact same arguments could be used by foreign governments to exclude Apple handsets, Cisco and Juniper routing gear, or any primarily-US telecoms from expanding overseas. With the exception that it's provable that the US DOES do some of the things we currently only SUSPECT China would do...
(Score: 0) by Anonymous Coward on Thursday January 18, @05:57AM
Intel, cough
Facebook, cough
So if Huawei cannot come through the door, there are plenty of windows. "Allies" in the 5-Eyes... here in New Zealand almost ALL the fibre kit is Huawei, so 99.996% of our stuff (including this) is most likely echoed via somewhere in China. They practically OWN NZ already.
Reply to This
(Score: 0) by Anonymous Coward on Thursday January 18, @04:16AM (1 child)
https://en.wikipedia.org/wiki/Investor-state_dispute_settlement [wikipedia.org]
Don't you just love "free trade"?
(Score: 2) by MrGuy on Thursday January 18, @05:15AM
ISDS isn't a "standard" thing - it's relatively new, and it only exists where it's been specifically negotiated. The Trans Pacific Partnership (which did contain an ISDS provision, which is one of the things that made it so controversial) wasn't ratified by the US. And China doesn't (to my knowledge) have a bilateral trade agreement with the US that included ISDS. So your suggested approach won't work.
What you should be talking about is a World Trade Organization [wikipedia.org] case, which is would have to be brought by China (i.e. the WTO member nation), not Huawei directly. China would need to claim that the US is not allowing China access to the US market on equal footing with other nations. That said, the WTO moves slowly, and there would be a number of challenges to getting a claim settled in China's favor, especially if (as would be the case here) the US would assert some level of national security concern, which the WTO may not want to get in the middle of.
Reply to This
