THE KEY

Former heavy-hitter Republican Rep. Mike Rogers says partisan warfare has so handicapped Congress that it's not doing nearly enough to stop a major world threat: Chinese telecom Huawei controlling large portions of next-generation telecommunication networks.

Rogers says the House Intelligence Committee, which he led until 2015, has been especially derelict as members clash over President Trump’s impeachment.  

“Unfortunately, that committee is just broken," Rogers told me, "and it’s going to take a long time for them to get back to any semblance of a functioning oversight intelligence committee. We’ve got to get the whole Congress functioning again so that we can get at these things, [because] the Chinese aren't going to wait for us to get our act together.”

Rogers, a former FBI agent who represented Michigan in Congress, is leading the new advocacy group 5G Action Now, aimed at making the U.S. the global leader in next-generation networks.

His criticism comes as allies across the globe are allowing Huawei to build portions of their next-generation 5G networks, ignoring U.S. warnings that it could aid a surge in global Chinese spying. 

United Kingdom Prime Minister Boris Johnson, in the most significant blow to date, today labeled Huawei a “high risk vendor” but will still allow it to build portions of its 5G infrastructure outside the “core,” which has the greatest access to UK citizens’ data, the Guardian reports. “Our world-leading cyber-security experts know more about Huawei than any country in the world – and they are satisfied that with our tough approach and regulatory regime, any risks can be managed,” a source in Parliament told the publication.

Rogers called the U.K.'s move “a very bad decision that [U.K. officials] are going to regret over the long haul.” 

Speaking before the expected decision, he warned it could open up the U.K. not just to intense spying by the Chinese government but also to sabotage and slowed network traffic during future disputes with China. 

“Imagine your economy sliding along and 10 years from now you run into a significant difference with the Communist Party of China. Guess what? They can start messing with your economic flow by just turning off pieces of the network,” he said. 

Rogers praised the Trump administration for barring Huawei from building this country's next-generation networks and blocking American companies from selling it critical components. He criticized Congress, though, for being too slow to deal with the rise of Huawei and for not doing enough to make American companies competitive in 5G. 

His group, he says, is aimed partly at convincing U.S. lawmakers to take more decisive action. “We're going to have to get members of Congress to understand what's at stake,” he said, adding that “what's frustrating is that it's taking us so long to do the things that we know we have to do to win.”

The committee, with Rogers at the helm for four years, sounded bipartisan alarms about the threat of Chinese digital espionage and Rogers and the committee's top Democrat Dutch Ruppersberger (Md.) published a 60-page report warning about national security threats from Huawei and another Chinese telecom ZTE. 

But five years later, though lawmakers have proposed numerous measures aimed at combating Huawei or making U.S. companies more competitive, none of the boldest bills have become law. That includes an effort this month championed by Senate Intelligence Committee Chairman Richard Burr (R-N.C.) and ranking Democrat Mark Warner (Va.) that would invest $1 billion in domestic Huawei alternatives. 

Congress's main anti-Huawei effort came in a 2018 military spending bill that banned the company from U.S. government networks and which Huawei, which has always steadfastly denied aiding Beijing spying, is challenging in federal court

The group’s main advocacy goal has so far been pushing the Federal Communications Commission to release midrange spectrum for U.S. telecoms to run 5G services, which FCC Chairman Ajit Pai committed to doing yesterday.

Rogers declined to reveal details about the group, including who its members are and who is funding its operations other than to say the group is new and he expects to release more details soon.

He added that “anybody who's interested in beating the Chinese from dominating the 5G network build-out is welcome” to join.

A 5G Action Now representative told me the group’s “goal is to develop a broad base of public, private and grass-roots support” and “as that happens, the public will learn more about our allies and supporters.”

Sitting lawmakers sounded off last night in a last-ditch effort to warn the U.K. government against accepting Huawei. 

“The British people deserve the best and it’s not #Huawei,” Sen. Marco Rubio (R-Fla.) warned on Twitter. 

Rubio also penned a letter to Johnson along with Sens. Tom Cotton (R-Ark.) and John Cornyn (R-Tex.), saying that excluding Huawei was in the best interest “of the U.S.-U.K. special relationship, and the health of a well-functioning market for 5G technologies.” 

Rep. Ted Yoho (R-Fla.) warned that “implementing #Huawei technology into national infrastructure projects is a recipe for long-term security risks.”

The U.K.'s decision is sure to bring debate in Congress over whether to adjust the intelligence sharing practices between the two countries. “If our allies move forward with Huawei in their 5G networks, we will have to re-examine certain aspects of our relationship,” warned Rep. Michael McCaul (R-Texas), ranking member on the House Foreign Affairs Committee. “We will not risk sensitive national security information finding its way back to Beijing."

PINGED, PATCHED, PWNED

PINGED: Twitter and Instagram are investigating a breach of accounts associated with the National Football League and more than a dozen football teams, the companies told my colleague Cat Zakrzewski. The incident underscores how even some of the top social media operations in sports remain vulnerable to such attacks. 

The verified Twitter accounts of the San Francisco 49ers and the Kansas City Chiefs, the two teams playing in the Super Bowl this weekend, were affected. OurMine, a hacker group that has previously infiltrated the accounts of top executives including Twitter chief executive Jack Dorsey, took responsibility for the breach. 

“We are here to Show people that everything is hackable,” the group wrote in a tweet yesterday afternoon on the official Green Bay Packers account. The tweet has been removed. 

“As soon as we were made aware of the issue, we locked the compromised accounts,” said Twitter spokeswoman Katie Rosborough. “We are currently investigating the situation.” 

Twitter also suspended OurMine’s account for violating its community guidelines. 

The group also reportedly broke into and began posting on the official Minnesota Vikings Instagram account. Andy Stone, a spokesman for Instagram’s parent company Facebook, said it's “investigating and working to secure and restore access to any impacted accounts.” Facebook declined to say how many accounts were affected.

PATCHED: Lawmakers are slamming anti-virus company Avast for playing fast and loose with consumer privacy. Their remarks follow a recent report from Motherboard and PCMag that revealed that the company's software collects and sells users' browsing data without their consent. 

No consumer would realistically have an inkling that their anti-virus software could be selling their browsing data, Sen. Mark R. Warner (D-Va.) told Joseph Cox at Motherboard. Congress can’t afford to ignore these issues any longer. Warner also called on the Federal Trade Commission to regulate the anti-virus industry.

The data sold by jump shot, a subsidiary of Avast, included customers’ Google searches, location data, YouTube videos and even visits to porn websites, Motherboard reported. While the data did not include users' names and emails, experts told Motherboard it was possible to figure out people’s identities based on the available data.

Avast stopped collecting user data through its browser extension after Mozilla and Google removed the extension last month. It’s now asking existing anti-virus users to opt into data collection, the company told Joseph. 

Sen. Ron Wyden (D-Ore.), however, told Motherboard he was concerned that the company had not committed to deleting the data it already collected without consent.

The only responsible course of action is to be fully transparent with customers going forward, and to purge data that was collected under suspect conditions in the past, Wyden said.

PWNED: A group of hackers that has targeted more than 30 government agencies and other groups in Europe and the Middle East appears to be acting in the interests of the Turkish government, Jack Stubbs, Christopher Bing and Joseph Menn at Reuters report. Reuters stopped short of attributing the hacks to the Turkish government but noted the campaign “bears the hallmarks of a state-backed cyber espionage operation conducted to advance Turkish interests.”

The nature and scale of the attacks, which tamper with address book of the Internet to send visitors to impostor sites, have sparked serious concern from Western intelligence agencies. Targets of the hacking included Cypriot and Greek government emails services as well as the Iraqi government's national security adviser. Hackers also targeted civilian organizations in Turkey including a chapter of the Freemasons.

Reuters confirmed the attacks using public Internet records. Officials and private cybersecurity investigators say the campaign is ongoing.

The U.K. National Cyber Security Centre and U.S. Office of the Director of National Intelligence declined to comment to Reuters on who was behind the attacks.

PUBLIC KEY

— Cybersecurity news from the public sector:

MEMPHIS, Teen. (AP) — A federal appeals court has sided with a lower court in rejecting a lawsuit that challenges the security of voting machines in Tennessee's largest county. A...
AP
The National Institute of Standards and Technology (NIST) published draft guidelines Monday providing businesses with ways to defend against debilitating ransomware attacks.
The Hiil
FERC’s recently “expanded” reporting requirements leave it up to entities to decide on qualifying events.
Nextgov
As states look to legal frameworks to deter the rising tide of cyberattacks against state and local governments, Maryland is seeking to criminalize the possession of the tools that make them possible.
GovTech

PRIVATE KEY

--A security flaw in video conference service Zoom left meetings vulnerable to hackers, according to a new report from researchers at Check Point.  Zoom issued security changes after researchers brought the findings to the company.

— Cybersecurity news from the private sector:

More of the tools used throughout the private sector are ones that help company staffers better manage or prevent security incidents.
Cyberscoop
Sensing new regulation is coming, Alphabet, Microsoft, Facebook, Apple and others are moving to shape policy discussions, calling for new laws on a range of issues—even as some have already resisted certain measures.
The Wall Street Journal
The technology needed to limit stingrays is clear—but good luck getting telecoms on board.
Wired
Intel's made two attempts to fix the microprocessor vulnerability it was warned about 18 months ago. Third time’s the charm?
Wired

THE NEW WILD WEST

— Cybersecurity news from abroad:

Britain's decision on whether to allow Huawei to supply equipment for 5G mo...
Reuters
DEF CON team is hoping that the 2019-nCoV outbreak will improve and they can go on as planned, or reschedule.
ZDNet

ZERO DAYBOOK

Today

  • The Internet Education Foundation will host the 16th annual State of the Net Conference in Washington.
  • The University of Southern California will launch its 50-state Election Cybersecurity Initiative in Columbia, Maryland.

Coming up:

  • The House Homeland Security Committee will markup the Cybersecurity Vulnerability Identification and Notification Act on Wednesday.
  • The National Association of Secretaries of State convention will take place Thursday through Sunday in Washington.
  • New America’s Open Technology Institute will host an event titled “Privacy’s Best Friend: How Encryption Protects Consumers, Companies, and Governments Worldwide” on Feb. 4 at noon
  • RSA Conference 2020 is scheduled for Feb. 24-28 in San Francisco