In the last couple of weeks two interesting incidents have come to light: while they are very different and seemingly unconnected, they both involve China, the US, cyber espionage, and economic sanctions – past and present – levied against Iran.
The first case concerns the activities of Chinese telecommunications company Huawei, which has been thrown into the spotlight by the arrest in Canada - at the request of the US Justice Department - of the company’s Chief Financial Officer. Meng Wanzhou stands accused of conspiracy to defraud multiple financial institutions. It is alleged that in 2013 she falsely informed US banks that her company was not involved in any business dealings with Iran, when Huawei subsidiary Skycom actually was, meaning that she acted in violation of US sanctions then in place.
Canada is expected to extradite Meng to the US over the charges.
In the days following this high-profile incident, China responded by arresting two Canadians: Michael Kovrig, a former diplomat now working for the International Crisis Group, was detained in Beijing, and businessman Michael Spavor, who organises trips into North Korea, was arrested in Dandong City. The reasons for these actions by the Chinese authorities are unclear.
While diplomatic relations between China and Canada have predictably soured over the arrests, the Canadian government has also warned President Trump about interfering in the legal process. Canada’s foreign minister, Chrystia Freeland, said: “Our extradition partners should not seek to politicize the extradition process or use it for ends other than the pursuit of justice.”
Her comment came after Trump announced he would intervene in the Meng case if he thought it would help national security or his trade deal negotiations with Beijing. “If I think it’s good for what will be certainly the largest trade deal ever made – which is a very important thing – what’s good for national security – I would certainly intervene if I thought it was necessary,” he said.
While Trump can certainly be accused of attempting to politicise the arrest of Meng - and leaving aside the questions surrounding the current trade negotiations going on between the US and China which no doubt influenced his comments - it is worth remembering that Huawei has been put under a great deal of pressure from US authorities in the last couple of years and particularly in recent months. Criticisms centre primarily on national security issues, with the Chinese company routinely accused of using its technology for cyber espionage purposes.
Several US allies, including Australia and New Zealand, have already announced that Huawei has been banned from providing technological equipment for the 5G networks currently being rolled-out globally. Japan has also recently instituted a similar ban, and Germany, Canada, India and Italy have all reportedly been asked to follow suit.
In the UK, MI6 chief Alex Younger voiced doubts about the company when he said Britain must decide how comfortable it is “with Chinese ownership of these technologies”. BT has said Huawei will not be involved in its 5G mobile network, though some of its other equipment will remain in place.
Huawei has denied all the allegations levelled against it.
The second case that emerged this week concerns the response of the Iranian state to President Trump’s withdrawal of the US from the Iran nuclear deal - the Joint Comprehensive Plan of Action (JCPOA) - and the imposition of new economic sanctions on the country. These came into force in November.
According to reports, Iranian state-sponsored hacker group CharmingKitten has recently been attempting to hack into the personal email accounts of around 12 US Treasury officials dealing with the new sanctions. It is also alleged the hackers have been targeting “high-profile defenders, detractors and enforcers of the nuclear deal struck between Washington and Tehran, as well as Arab atomic scientists, Iranian civil society figures and D.C. think tank employees”.
Researchers discovered CharmingKitten had accidentally left a server open last month and from this they were able to harvest 77 Gmail and Yahoo addresses. After analysis it was concluded that the target list included nuclear scientists working on projects associated with Pakistan, Jordan and Syria, pointing to a strong interest on the part of the hackers in the activities of US personnel working within the nuclear sector. Officials who had worked on the Iran Deal negotiated under former President Obama were also targeted.
In addition, US defence companies were on the list: senior staff at Honeywell and Science Applications International Corp. (SAIC), a Pentagon contractor, were identified. Honeywell admitted that an email account of one of its employees had been exposed, but stated the company’s network had not been breached. SAIC said it had not seen any evidence of attacks.
CharmingKitten is a well-known Iranian hacker group which has been around since at least January 2014. The hackers use a number of techniques to obtain information on specific organisations or personnel, including phishing attacks, social engineering and spoofed websites. The group has also been linked with the StoneDrill malware, which can be used for cyber espionage purposes. CharmingKitten’s main targets are organisations in the defence and industrial sectors, and the US government.
Both of the incidents highlighted above have serious implications for companies actively involved in two critical infrastructure sectors in China or Iran: telecommunications and energy. While personnel from western organisations engaged in these industries are routinely instructed to take care when visiting these countries, extra security precautions are currently vital: it is entirely possible that state authorities in Beijing or Tehran could decide to detain business staff for any number of vague reasons, effectively using such hostages as a political or economic weapon.
From a cyber security perspective, it is also critical to ensure that all companies conducting business activities in or with China or Iran ensure that security measures are fully up-to-date at all times, and that staff are regularly reminded of the dangers inherent in phishing activities.
That innocent-looking email purporting to come from your Finance Department could lead to the compromise of your network.