THE KEY

President Trump took a break from denouncing Democrats’ impeachment investigation during a fiery news conference yesterday to publicly pressure Finnish President Sauli Niinisto to block Huawei from his nation’s 5G networks.

Trump also praised the Finnish company Nokia, which is competing with the Chinese telecom for 5G wireless contracts, as “a great company” and “a global leader in 5G technology.”

The comments were among just a few from Trump that didn’t center on the whistleblower and impeachment investigations, and they underscore how critical the administration considers the 5G fight in Europe.

“The United States and Finland are…partnering to ensure the security of 5G networks,” Trump said, adding that “it is critical that we use safe and trustworthy technology providers, components and supply chains” in 5G.

Trump has banned Huawei from playing any role in U.S. 5G networks, citing concerns the company could be complicit in Beijing spying. U.S. envoys have crisscrossed the globe urging allies to do the same.

But that effort has had limited success — especially in Europe, which is a vital U.S. military and intelligence partner.

Officials fear that if Huawei has a foothold in Europe it will give Beijing an inroad to swipe any U.S. government and corporate secrets that touch the continent’s 5G networks. The fear is supercharged because those networks will carry orders of magnitude more data than current networks and will hook into a new generation of Internet-connected technology operating in hospitals, energy plants and other vital infrastructure.

But European nations have been hesitant to follow the United States — partly because Huawei already supplies a lot of their current telecom infrastructure and it would be onerous to shut it out.

“In Europe the situation is maybe a bit different … because the company you mentioned is inside Europe, partly at least,” Niinisto said as he mostly evaded questions about Huawei during the joint news conference.

Niinisto told reporters he was awaiting a risk assessment from the European Union that is expected in the next couple of weeks meant to guide nations’ 5G decisions. But it won’t be binding.

“What the European Union is now doing is … asking each country what kind of experiences, what you have seen and found out … and after that we have to decide together in [the] European Union what kind of tools we need to protect ourselves,” he said.

Niinisto also ducked commenting on Nokia, which is one of only two major Huawei competitors for global 5G infrastructure, along with Sweden’s Ericsson.

“We all know Nokia is a major factor in this area. They will answer for themselves,” he said.

Huawei has consistently denied spying for China and accused the United States of trying to hack its networks and urging employees to bring unsubstantiated claims of wrongdoing against the company.

And despite more than a year of intense U.S. lobbying, only Australia, New Zealand and Japan have embraced total Huawei bans while close U.S. allies including England and Germany have signaled they may allow Huawei to build some parts of their networks.

Trump also hasn’t helped matters by repeatedly wavering and suggesting he might reverse the ban as part of a trade deal with China. That has even prompted Republican and Democratic security hawks in Congress to push legislation that would prevent the president from reversing himself.

The Cybersecurity 202 will publish Oct. 8, 9 and 10 while Congress in recess. We will return to our normal schedule Oct. 14.

PINGED, PATCHED, PWNED

PINGED: Ransomware hacking victims shouldn’t pay off their assailants, the Department of Homeland Security's Assistant Director for Cybersecurity Jeanette Manfra said at the Washington Post Live Cybersecurity Summit yesterday. But she understands why they sometimes do.

“I'm not the person in the midst of making that tough decision about what's going on, and I don't fully understand what their risk calculus is,” Manfra said. “And when you have insurers and others that are going to cover that, that furthers our problem of misalignment of incentives.”

Manfra’s comments reflect the sticky position for federal cybersecurity officials who warn that victims who pay hacker ransoms could be funding criminal enterprises or even rogue nation-states such as North Korea, but also realize many victims aren’t in a good position to stand firm against hackers’ demands. While the FBI firmly recommends victims don't pay up, as recently as 2015 the agency gave conflicting advice.

Manfra urged companies and state and local governments to take precautions to prevent ransomware attacks, such as updating their security systems and backing up data.

Here are some more big moments from the conference.

October is National Cybersecurity Awareness Month, but it also marks the start of Domestic Violence Awareness Month. Electronic Frontier Foundation Director of Cybersecurity Eva Galperin says domstic abuse victims can often be the targets of stealth software. “Most people who are being spied on in their lives are not being spied on by governments or law enforcement. They are being spied on by stalkers or by exes or by people with whom they are currently in an abusive relationship,” Galperin said. 

The U.S. government has been pressing allies to ban Huawei from their 5G networks, but the National Counterintelligence and Security Center’s William Evanina says the problem is much bigger than Huawei. “If Huawei goes away, there's another company that's going to facilitate that role of the Communist Party of China and Xi Jinping's effort to be the global supplier of telecommunications, and I think that's the threat we face,” he said. 

Last year, more than 18 million tips reporting evidence of child sex abuse were sent to the National Center for Missing and Exploited Children and the vast majority of those tips came from Facebook. Sujit Raman, the associate deputy attorney general for the Justice Department, says 75 percent of those tips will “go dark” if social media companies follow through with plans to initiate end-to-end encryption.

PATCHED: Russian President Vladimir Putin joked yesterday that Russia would “definitely” interfere in the 2020 U.S. elections, making light of U.S. intelligence agencies’ unanimous conclusion the country interfered in the 2016 U.S. elections. “Just don't tell anyone,” he told an audience at a Russian energy conference, Nathan Hodge, Olga Pavlova and Mary Ilyushina at CNN report.

The Russian leader also came to Trump's defense as the president faces an impeachment investigation for a controversial call in which he seemingly pressed the leader of Ukraine to investigate former vice president Joe Biden and his family. 

“Based on what we know from the call, there was nothing wrong there,” Putin told reporters. “Trump asked his colleague to investigate possible corruption schemes of previous administrations.”

Putin compared the scandal around the call to similar concerns with a conversation between Trump and the Russian leader in 2018. He said that in that instance it was the White House, not Russia, that objected to releasing the call. “We directly told the administration to just publish it. If somebody wants to know something — just publish it, we don't mind.”

PWNED: Researchers found the tax records of more than 20 million Russian citizens exposed in an online database, Charlie Osborne at ZDNet reports. The unprotected servers contained addresses, residency status, passport numbers, phone numbers, tax IDs, employer names and telephone numbers from 2009 to 2016.

The majority of the records belong to people from Moscow and the surrounding regions, researchers say. It's unclear whether hackers stole the exposed data and why the Ukraine-based server owner had the trove of data in the first place. The owner locked down the two servers containing the data after researchers contacted them in September.

The report follows two similar discoveries of unprotected servers based in Miami and Germany that each contained the personal information of roughly the entire population of Ecuador.

PUBLIC KEY

— Cybersecurity news from the public sector:

National
Former Green Party presidential candidate Jill Stein wants Pennsylvania to block Philadelphia from using touchscreen machines it’s buying ahead of 2020’s elections and is threatening court action
Marc Levy | AP
Senators Mark Warner and Marco Rubio are calling on 11 tech companies to develop a plan to deal with the proliferation of "deepfakes" on their platforms
CBS News
Three hospitals in Alabama were forced to close their doors to all but the most critical new patients.
BBC News
While election interference, espionage and power grid threats get all the attention, nation-states also lean on cyber criminals to conduct operations on their behalf, according to Director James Murray.
Nextgov
PRIVATE KEY

Verizon is joining the Cyber Threat Alliance, a nonprofit threat-sharing organization led by former Obama administration White House cybersecurity coordinator Michael Daniel, the group announced this morning. K7 Computing and Scitum have also joined.

— More cybersecurity news from the private sector:
 

The debate over privacy in the digital age increasingly pits tech companies against law enforcement agencies as explicit imagery explodes.
The New York Times
Turning on the new Incognito Mode in Google Maps won't make you as invisible as it might sound.
Wired
Up to 10,000 Zendesk support and chat accounts may be impacted by a 2016 data breach, the San Francisco-based company announced Wednesday.
CyberScoop
THE NEW WILD WEST

— Cybersecurity news from abroad:

A cybersecurity firm says evidence suggests the Egyptian government carried out cyberattacks on journalists, academics, lawyers and rights activists.
New York Times
Russia's biggest lender, Sberbank, is investigating a potential leak of its...
Reuters
Police seize servers from bulletproof hosting provider that harbored tens of DDoS botnets.
ZDNet
ZERO DAYBOOK

— Coming Up:

  • The Department of Justice will host a Lawful Access Summit on warrant-proof encryption and its impact on child exploitation cases on Friday.