Daily Digest (12/22)

Zoom Executive Accused of Working With Chinese Law Enforcement; Journalists at Al-Jazeera Targeted by Spyware; Hong Kong Upholds Mask Ban at Protests; Networks of Texas Capital City Accessed in SolarWinds Attack; Treasury Department Confirms SolarWinds Breach.

Zoom Executive Accused of Working With Chinese Law Enforcement 

Federal prosecutors in the U.S. have charged a former Zoom executive with plotting to disrupt video conference commemorations of the 1989 Tiananmen Square democracy protests.

In a 47-page complaint unsealed Friday by prosecutors in Brooklyn and an arrest warrant, Xinjiang Jin was accused of acting at the direction of Chinese law-enforcement and intelligence officers to disrupt four Tiananmen commemorations earlier this year, The Wall Street Journal reports. 

Zoom said in a statement Friday that it had fully cooperated with U.S. authorities, undertook an internal review and terminated the employee for violating company policies.

Prosecutors said Jin was Zoom’s “security technical leader” and worked to shut down at least four video meetings on the platform commemorating the June 4, 1989, Chinese military assault on demonstrators in Beijing that killed hundreds. 

“It really highlights what it means, when a lot of tech companies will say, ‘We have to follow local laws,’” John Demers, head of the Justice Department’s national security division, told the Journal. 

“It doesn’t just mean within the borders of China, you have to help (China) squelch political speech around the world,” he said.

Sources (all links external): 

Journalists at Al-Jazeera Targeted by Spyware 

Dozens of journalists at the Al-Jazeera news network have been targeted by advanced spyware in an attack likely linked to Saudi Arabia and the United Arab Emirates. 

Citizen Lab at the University of Toronto said it traced malware that infected the personal telephones of 36 journalists, producers, anchors and executives at Al-Jazeera to the Israel-based NSO Group, which has been condemned for selling spyware to repressive governments, The Associated Press reports. 

The messaging service iMessage infected targeted phones without the users taking any action. Through push notifications alone, the malware instructed phones to upload their content to servers linked to the NSO Group, Citizen Lab said, turning journalists’ iPhones into powerful surveillance tools. 

NSO Group’s surveillance software, known as Pegasus, was designed to bypass detection and mask its activity, according to the Journal.

The malware infiltrated phones to vacuum personal and location data and secretly control smartphones and cameras, allowing hackers to spy on reporters’ face-to-face meetings with sources.

“It’s not only very scary, but it’s the holy grail of phone hacking,” said Bill Marczak, a senior researcher at Citizen Lab, told AP. “You can be using your phone normally, completely unaware that someone else is looking at everything you’re doing.”

Hong Kong Upholds Mask Ban at Protests

Hong Kong’s highest court ruled on Monday to uphold the government’s use of a colonial-era law to unilaterally ban masks at the height of protests last year. 

The ruling represented a defeat for Hong Kong’s pro-democracy opposition, now forced out of the Legislature, which tried to establish that the ban was unconstitutional and had violated basic liberties, The Washington Post reports. 

Five judges on the Hong Kong Court of Final Appeal unanimously ruled that the ban on face masks in October 2019, enacted during anti-government protests, were proportionate and necessary. 

The 71-page judgment also detailed the actions of the protesters, highlighting the violence, “unlawfulness” and “vandalism” prevalent in the city last year, using those reasons to uphold the ban on masks.

The ruling came as the courts have been under intense scrutiny and are considered the last protection against Beijing’s efforts to completely overhaul Hong Kong’s institutions, the Post reports. 

In November, British Foreign Secretary Dominic Raab said he would consider pulling British judges from the Court of Final Appeal, the same court that handed down Monday’s ruling.

Networks of Texas’ Capital City Accessed in SolarWinds Attack

The city network of Austin, Texas, has been compromised, adding to the intrusions attributed to Russia over the past few weeks, The Intercept reports. 

The breach in Austin, the state’s capital city, was revealed in documents prepared by the Microsoft Threat Intelligence Center (MSTIC) and obtained by the Intercept, as well as via publicly available malware activity compiled by the VirusTotal site. 

“While we are aware of this hacking group, we cannot provide information about ongoing law-enforcement investigations into criminal activity,” a spokesperson for the city of Austin told the Intercept.

An IP address owned by the city appeared on a list of indicators of compromise, or technical evidence, compiled by MSTIC. Austin’s internet address was the only government IP on the site’s list. 

The hacking group believed to be behind the Austin breach, Berserk Bear, also appeared to have used Austin’s network as infrastructure to stage additional attacks.

“It’s not surprising that hackers, when they find an unsecured server that is in the country that they’re targeting, use that as a jumping off point for lots of other things,” John Scott-Railton, a Citizen Lab senior researcher, told the Intercept. “It makes things a lot easier.”

U.S  Treasury Department Confirms SolarWinds Breach

The Treasury Secretary Steven Mnuchin confirmed Monday that his department had been breached by suspected Russian hackers. 

Mnuchin acknowledged to CNBC that the hackers had penetrated the Treasury’s unclassified network, but he played down the severity of the intrusion, Reuters reports. 

“We do not see any break in into our classified systems,” he said. “Our unclassified systems did have some access.

“I will say that the good news is there has been no damage, nor have we seen any large amounts of information displaced,” the secretary said.

Mnuchin said he would not go into further detail because there were still details “we’re not yet ready to disclose.”

Treasury officials did not immediately return a message seeking additional information on Mnuchin’s comments, Reuters reports. 

— By DPN Staff