Cyber Week in Review: February 4, 2022

Anne Neuberger, Deputy National Security Advisor, Travels to Europe to Discuss Cyber Issues 

Anne Neuberger, the Biden administration’s deputy national security advisor for cyber and emerging technology, traveled to Europe earlier this week to meet with European Union and North Atlantic Treaty Organization officials. The visit comes in the wake of heightened tensions and threats of invasion between Russian and Ukraine and is part of the Biden administration’s efforts to shore up Ukrainian and European cyber defenses. Russia has targeted Ukrainian infrastructure in the past, and this crisis appears no different. However, the United States has been sending teams into Ukraine and surrounding countries to shore up critical cyber defenses and help protect the region in the event of Russian cyberattacks. 

Pegasus Spyware Detected on Finnish Diplomats’ Phones 

The NSO Group’s hacking tool Pegasus was detected on the phones of Finnish diplomats, the country’s foreign ministry said. The news is the latest in a long line of disclosures that NSO Group’s powerful spyware was used for purposes other than its stated counterterrorism and law enforcement roles. The Finnish foreign ministry said information stored on phones is public or classified at the lowest level and thus the breach did not constitute a significant security risk. There have been several recent disclosures related to NSO Group, including that the FBI bought, but never used, NSO Group spyware and that the NSO Group had attempted to buy access to the Signaling System 7 phone architecture, which would have allowed NSO to track a device’s location and potentially redirect phone calls and texts. 

Beijing Winter Olympics Bring New Privacy and Cybersecurity Risks 

On January 21, the FBI released guidance warning that “malicious cyber activities” pose a threat to those traveling to the 2022 Beijing Winter Olympics and urged athletes to use temporary phones for the duration of the winter games. U.S. officials have also expressed concern that athletes using China’s digital currency, the digital yuan, may be vulnerable to surveillance. This follows the finding that MY2022, a mandatory app for attendees, has serious encryption flaws which place sensitive medical, travel, and passport information at risk. Cybersecurity experts have speculated that disruptive state-sponsored cyberattacks on the games themselves are unlikely, as Russia, Iran, and North Korea, which have attacked Olympic infrastructure in the past, will be hesitant to provoke China. Despite the low probability of state-sponsored attacks, the Olympics present an inviting target for ransomware gangs and hacktivists protesting the Chinese government. 

Myanmar Announces New Cybersecurity Law, Bans VPNs in the Country  

Myanmar’s military government is reportedly set to pass a new restrictive cybersecurity law that would criminalize the use of virtual private networks (VPNs), which enable citizens to circumvent government internet regulations and access banned sites like Facebook. VPNs in Myanmar are especially critical during military-imposed internet shutdowns, which have lasted for weeks at a time since the military coup last February. Over the past year, the military government has increased internet surveillance, consolidating control of telecommunications companies and internet service providers in order to surveil its citizens and censor online speech. Internet restrictions are spreading across Southeast Asia. Cambodia adopted Chinese-style internet controls and imposed an internet gateway through which all web traffic is routed and monitored earlier this year. 

China Emphasizes Nationwide Blockchain Development, Selects Pilot Zones  

Last week, sixteen Chinese government ministries including the Central Cyberspace Affairs Commission, issued a list of national blockchain innovation pilot projects. The proposed pilots span 15 administrative zones and 164 entities, including hospitals, universities, and major companies. According to the announcement, some cities—including Beijing—will feature “comprehensive” blockchain integration, while other trial participants will focus on applying the technology to specific areas and industries. The pilot plans are the latest iteration of a seemingly perplexing blockchain strategy from Beijing. In the past, the Chinese government has both supported blockchain development and engaged in crackdowns on the trade of cryptocurrencies and digital assets.