THE KEY

The tide may be turning in the U.S. effort to check the global spread of next-generation telecom equipment from Huawei following months of setbacks.

Officials at the European Union and in Germany and Brazil all made moves during the past few days to restrict Huawei following more than a year of U.S. charges that the Chinese telecom company could be a conduit for Beijing’s digital spying or sabotage.

The U.S. argument also appears to be making some headway in Canada, where White House national security adviser Robert O’Brien savaged Huawei during a security conference over the weekend, winning plaudits from conservative Canadian lawmakers who urged Prime Minister Justin Trudeau to follow the U.S. lead.

“When they get Huawei into Canada … they're going to know every health record, every banking record, every social media post — they're going to know everything about every single Canadian,” O’Brien said. He also warned that U.S. intelligence sharing with Canada “would be impacted if our close allies let the Trojan horse into the city.”

The turnaround suggests allies that were hesitant to join the United States in a blanket ban on Huawei might be willing to take more limited actions that get U.S. officials much of what they want. That could reduce the danger of Chinese dominance over super-fast 5G networks that will carry orders of magnitude more data than existing wireless systems and run a new generation of Internet-driven technology such as autonomous vehicles and automated factories. 

The European Union, for example, endorsed a strict review process for 5G suppliers that includes examining the legal and political frameworks companies are bound by — a requirement U.S. officials have long argued should block Huawei because it’s too beholden to China’s Communist Party. The German parliament passed a similar motion — over the opposition of Chancellor Angela Merkel — blocking 5G equipment from nations where the government holds too much sway over the business world.

Brazil’s national security body also launched a broad 5G risk assessment that could put Huawei out of the running.

Only a handful of nations, meanwhile, have followed the U.S. push for a full Huawei ban including Australia, New Zealand and Japan. Britain previously decided to limit Hauwei contracts to the periphery of its 5G networks rather than core systems, but U.S. officials have argued that still gives the company far too much access.

The shift comes as the U.S. government is expanding its own efforts to restrict Huawei — which already include banning it from 5G networks and government contracts and restricting most U.S. sales to the company.

The Federal Communications Commission voted unanimously Friday to effectively block Huawei from selling new gear to the small network of rural phone and Internet providers it has contracts with, as my colleague Jeanne Whalen reported.

Commissioners also launched a new effort to map out all the Huawei gear running on U.S. networks and to consider funding the approximately $2 billion project of removing and replacing it.

Huawei, which has steadfastly denied aiding Chinese spying, denounced the FCC move, saying it violated “bedrock principles of due process” and is “based on nothing more than irrational speculation and innuendo.”

Lawmakers, on the other hand, were quick to applaud the move:

Sen. Ted Cruz (R-Tex.) called Huawei a “spy agency masquerading as a technology company.”

Here’s Rep. Jim Banks (R-Ind.):

And Rep. Michael McCaul (Tex.), the top Republican on the House Foreign Affairs Committee and former chairman of the House Homeland Security panel:

PINGED, PATCHED, PWNED

PINGED: President Trump continued to push a baseless conspiracy theory about CrowdStrike helping Ukraine influence the 2016 election despite it being soundly debunked during the House impeachment hearing and containing obvious factual errors. 

“They gave the server to CrowdStrike, or whatever it’s called, which is a company owned by a very wealthy Ukrainian,” the president said on Fox and Friends – even though the publicly traded CrowdStrike is a U.S. company with no Ukrainian ownership.

Trump gave the interview a day after former Trump National Security Council member Fiona Hill warned that Russia has promoted the conspiracy theory to undermine U.S. intelligence agencies' unanimous conclusion that it was behind the 2016 attack

Sen. John Neely Kennedy (R-La.) later bolstered Trump's arguments, telling Fox News host Chris wallace he didn't know who was responsible for the DNC hacking. “But it could also be Ukraine,” Kennedy told Wallace. “I'm not saying that I know one way or the other.” 

He also dismissed the idea that claims that Trump held military aid from Ukraine until its president agreed to investigate the son of rival Joe Biden a “red herring.”

PATCHED: The FBI is probing a hacking campaign that targeted more than a dozen U.S. electricity providers cross 18 states, Rebecca Smith and Rob Barry at the Wall Street Journal report. The campaign began sometime earlier this year and could be ongoing, according to security researchers.

The report is especially concerning because many of the targets were close to critical infrastructure such as dams where a power failure could cause extra damage by disrupting water supplies. Hackers tried to trick staff at the facilities into opening malware-laced emails that would have given attackers control of the victims' computers and allowed them to steal information. 

There’s no evidence that any electricity providers were breached. It's also not clear who conducted the hacking campaign, but U.S. officials have warned that U.S. adversaries including Russia and Iran are eager to compromise key U.S. industrial systems.

The FBI declined to comment.

PWNED: A data breach exposed the personal information of more than a million T-Mobile customers, the company confirmed Friday. The company did not disclose how its systems were breached but said its security team had shut down the “unauthorized use,Devin Coldewey at TechCrunch reports

The hackers accessed data including customers’ names, billing addresses, phone numbers, account numbers and plan features. The haul did not include passwords or financial information. A T-Mobile told Devin that the attack was discovered in early November, but would not say how long the data had been exposed.

PUBLIC KEY

— Cybersecurity news from the public sector:

Technology
The e-commerce giant followed through with the threat it made a week ago, challenging the Defense Department's decision to award the lucrative contract to rival Microsoft.
Jay Greene and Aaron Gregg
Prosecutors say forced disclosure permitted by “foregone conclusion.” Justices disagree.
Ars Technica
The rotating cast of officials in top tech and cyber jobs could hinder the department’s ability to develop and execute a consistent digital strategy.
NextGov
Silicon Valley’s rush into the health-care business is challenging the antiquated protections of Americans’ medical histories.
Wall Street Journal

PRIVATE KEY

— Cybersecurity news from the private sector:

The alleged member was arrested around two weeks ago, another member of the hacking group told Motherboard.
Vice
The panel "provides controls to change the intensity of the light fixtures, turn them on, and turn them off."
Vice
So-called lightweight encryption has its place. But some researchers argue that more manufacturers should stick with proven methods.
Wired

THE NEW WILD WEST

— Cybersecurity news from abroad:

Hacking efforts are particularly lucrative for Venezuelans as they are sold for cryptocurrency, a welcome alternative to the country’s own currency, which has endured rapid inflation.
NBC News
Researchers say an advanced hacking group has been using custom-developed hacking tools, expensive surveillance kits, mobile malware, and radio communications interception hardware to spy on Kazakhstan targets.
ZDNet

CHAT ROOM

“Just how sick is Trump's Crowdstrike conspiracy theory?” New York Times cybersecurity reporter Nicole Perlroth asked on Twitter this weekend. She went on to relay a personal story about first meeting CrowdStrike officials.

The personal anecdote was to make a point: the CrowdStrike conspiracy is absurd, she says.

And sharing it supports Russian influence operations -- as U.S. the intelligence community has also said.

ZERO DAYBOOK

— Coming up:

  • The Senate Committee on Foreign Relations will examine the future of United State policy towards Russia at 9:45 a.m. on December 3.