Security Roundup: US warns ZTE, Huawei may spy for China, bank attack more powerful than expected, governments tighten security

Intelligence panel highly suspicious of Chinese firms

Events in the tech world – particularly in a security context – so often reflect nation state diplomacy and international relations as a whole, and the saga concerning Huawei and ZTE of China and the hostility they are being met with in the United States is turning into an excellent case in point.

Seeing Huawei is run by an ex-officer in the Chinese People’s Liberation Army and that ZTE was conceived by state-owned enterprises, perhaps the US was always likely to be suspicious of the firms’ expansion into the American market. Their business with the States’ number one foe, Iran, certainly hasn’t helped matters, and contributed to the US Congress’ decision to conduct a formal investigation into the threat posed by the telecoms giants - which began in November last year.

The subsequent report, published today by the House of Representatives’ Intelligence Committee, takes a far stronger tone than the more tentative warnings we’ve become used to regarding the issue of Huawei and ZTE. The official document states the investigation “highlighted the potential security threat posed by Chinese telecommunications companies with potential ties to the Chinese government or military. In particular, to the extent these companies are influenced by the state, or provide Chinese intelligence services access to telecommunication networks, the opportunity exists for further economic and foreign espionage by a foreign nation-state already known to be a major perpetrator of cyber espionage.”

It goes on to advise private sector entities in the US to consider the long term risks of doing business with either ZTE or Huawei and urges network providers and systems developers to seek other vendors for their projects. Check out our article published earlier which includes reaction from the Chinese foreign ministry.

Attack on US banks may be more dangerous than expected

One of the main stories grabbing security headlines last month was the spate of cyber attacks on major US banks including JPMorgan & Chase and Bank of America, as their respective websites slowed and suffered a number of glitches. Angered by the provocative Innocence of Muslims video that originated in the US, Islamist hackers claimed responsibility for the DDoS attack. But with little else unearthed, the inquest has continued.

The latest take on the incident comes from Carl Herberger, vice president of security solutions at Israeli firm Radware, who says his researchers have found a variant of the same malware that breached the US banks in Saudi Arabia, but admits this does not necessarily implicate Saudi organisations as responsible. “Whether or not it [the malware] originated there is anybody’s guess,” Herberger conceded to Fox Business.

But the security chief also revealed that the attacks appear to be coming from independent data centre servers of companies that have trusted relationships with banks, rather than from rogue desktops. This discovery is causing “some consternation” he says, as attacks from such powerful sources dramatically enhance the intensity of the threat, giving them a “big-boy bandwidth” of 60 to 70 gigabytes”. With the aggressors promising more attacks to come, the US banking industry will no doubt stay on red alert.

Cisco chief: governments paying more attention to cyber crime

With cyber attacks continuing to target such high-level organisations, government agencies across the world are becoming much wiser to the threats they face, says Senior Vice President of Security and Government at Cisco, Chris Young.

Young was speaking at a roundtable event in London attended by ITProPortal, and said in the past year the penny had certainly dropped regarding network security among national authorities. His claim refutes suggestions from Eugene Kaspersky, who told us in May that nation states are still too slow in the war with cyber crime, and that the importance of such issues has not yet been realised in government circles.

“It’s one of the biggest issues for governments,” insists Young. “We probably don’t have a common executive level conversation with government agencies where security doesn’t come up as an issue. Cisco’s very active with government agencies around the world.”

He continued, “I think most nations are very open to learning about the problem and trying to react and I think that’s very important. I think that very few countries are closed off to the possibility of working with the private sector. If anything I see more of a demand by individual nations around the world to work closely with enterprise to try and solve the problem because they recognise they’re not going to solve it on their own.”

This change in attitudes hasn’t necessarily been replicated at business level however, with Young criticising the “antiquated” security methods of so many enterprises. Follow the link for more on this and other topics covered at the roundtable discussion.

Stories part aggregated by Team Cymru, which runs a private Security News mailing list called 'Dragon News Bytes', covering the most important and interesting news items of the day.