Warning issued over attacks on Internet infrastructure

ICANN headquarters in Los Angeles. (Supplied)
Updated 23 February 2019
0

Warning issued over attacks on Internet infrastructure

  • The list of targets included website registrars and Internet service providers, particularly in the Middle East

SAN FRANCISCO: Key parts of the Internet infrastructure face large-scale attacks that threaten the global system of web traffic, the Internet’s address keeper warned Friday.
The Internet Corporation for Assigned Names and Numbers (ICANN) declared after an emergency meeting “an ongoing and significant risk” to key parts of the infrastructure that affects the domains on which websites reside.
“They are going after the Internet infrastructure itself,” ICANN chief technology officer David Conrad told AFP.
“There have been targeted attacks in the past, but nothing like this.”
The attacks date back as far as 2017 but have sparked growing concerns from security researchers in recent weeks, which prompted the special meeting of ICANN.
The malicious activity targets the Domain Name System or DNS which routes traffic to intended online destinations.
ICANN specialists and others say these attacks have a potential to snoop on data along the way, sneakily send the traffic elsewhere or enable the attackers to impersonate or “spoof” critical websites.
“There isn’t a single tool to address this,” Conrad said, as ICANN called for an overall hardening of web defenses.
US authorities issued a similar warning last month about the DNS attacks.
“This is roughly equivalent to someone lying to the post office about your address, checking your mail, and then hand delivering it to your mailbox,” the US Department of Homeland Security said in a recent cybersecurity alert.
“Lots of harmful things could be done to you (or the senders) depending on the content of that mail.”

DNSpionage attacks might date back to at least 2017, according to FireEye senior manager of cyber espionage analysis Ben Read.
The list of targets included website registrars and Internet service providers, particularly in the Middle East.
“We’ve seen primarily targeting of email names and passwords,” Read said of what is being dubbed “DNSpionage.”
“There is evidence that it is coming out of Iran and being done in support of Iran.”
ICANN held an emergency meeting and is putting out word to website and online traffic handlers to ramp up security or leave users vulnerable to being tricked into trusting the wrong online venues.
DNSpionage hackers appeared intent on stealing account credentials, such as email passwords, in Lebanon and the United Arab Emirates, according to Crowdstrike cybersecurity firm vice president of intelligence Adam Meyers.
Similar attacks took place in Europe and other parts of the Middle East, with targets including governments, intelligence services, police, airlines, and the oil industry, cybersecurity specialists said.
“You definitely need knowledge of how the Internet works you and have to handle a lot of traffic being directed to you,” Meyers said of the DNSpionage hackers.
“With that access, they could temporarily break portions of how the Internet works. They chose to intercept and spy on folks.”


US eases restrictions on China’s Huawei to keep networks, phones operating

Updated 21 May 2019
0

US eases restrictions on China’s Huawei to keep networks, phones operating

  • The company is still prohibited from buying American parts and components to manufacture new products without license approvals
  • Out of $70 billion Huawei spent buying components in 2018, some $11 billion went to US firms
WASHINGTON: The US government on Monday temporarily eased some trade restrictions imposed last week on China’s Huawei, a move that sought to minimize disruption for the telecom company’s customers around the world.
The US Commerce Department will allow Huawei Technologies Co. Ltd. to purchase American-made goods in order to maintain existing networks and provide software updates to existing Huawei handsets.
The company is still prohibited from buying American parts and components to manufacture new products without license approvals that likely will be denied.
The US government said it imposed the restrictions because of Huawei’s involvement in activities contrary to national security or foreign policy interests.
The new authorization is intended to give telecommunications operators that rely on Huawei equipment time to make other arrangements, US Secretary of Commerce Wilbur Ross said in a statement.
“In short, this license will allow operations to continue for existing Huawei mobile phone users and rural broadband networks,” Ross added.
The license, which is in effect until Aug. 19, suggests changes to Huawei’s supply chain may have immediate, far-reaching and unintended consequences for its customers.
“The goal seems to be to prevent Internet, computer and cell phone systems from crashing,” said Washington lawyer Kevin Wolf, a former Commerce Department official. “This is not a capitulation. This is housekeeping.”
Huawei, the world’s largest telecommunications equipment maker, declined to comment.
The Commerce Department said it will evaluate whether to extend the exemptions beyond 90 days.
On Thursday, the US Commerce Department added Huawei and 68 entities to an export blacklist that makes it nearly impossible for the Chinese company to purchase goods made in the United States.
The government tied Huawei’s addition to the “entity list” to a pending case accusing the company of engaging in bank fraud to obtain embargoed US goods and services in Iran and move money out of the country via the international banking system. Huawei has pleaded not guilty.
Reuters reported Friday that the department was considering a temporary easing, citing a government spokeswoman.
The temporary license also allows disclosures of security vulnerabilities and for Huawei to engage in the development of standards for future 5G networks.
Reuters reported Sunday that Alphabet Inc’s Google suspended business with Huawei that requires the transfer of hardware, software and technical services except those publicly available via open source licensing, citing a source familiar with the matter.
Google did not immediately respond to a request for comment on the new authorization.
Out of $70 billion Huawei spent buying components in 2018, some $11 billion went to US firms including Qualcomm Inc. , Intel Corp. and Micron Technology Inc.
“I think this is a reality check,” said Washington trade lawyer Douglas Jacobson. “It shows how pervasive Huawei goods and technology are around the globe and if the US imposes restrictions, that has impacts.”
Jacobson said the effort to keep existing networks operating appeared aimed at telecom providers in Europe and other countries where Huawei equipment is pervasive.
The move also could assist mobile service providers in thinly populated areas of the United States, such as Wyoming and eastern Oregon, that purchased network equipment from Huawei in recent years.
John Neuffer, the president of the Semiconductor Industry Association, which represents US chipmakers and designers, said in a statement that the association wants the government would ease the restrictions further.
“We hope to work with the administration to broaden the scope of the license,” he said, so that it advances US security goals but does not undermine the industry’s ability to compete globally and remain technology leaders.
A report on Monday on the potential impact of stringent export controls on technologies found that US firms could lose up to $56.3 billion in export sales over five years.
The report, from the Information Technology & Innovation Foundation, said the missed opportunities threatened as many as 74,000 jobs.
Wolf, the former Commerce official, said the Huawei reprieve was similar to action taken by the department in July to prevent systems from crashing after the US banned China’s ZTE Corp, a smaller Huawei rival, from buying American-made components in April.
The US trade ban on ZTE wreaked havoc at wireless carriers in Europe and South Asia, sources told Reuters at the time.
The ban on ZTE was lifted July 13 after the company struck an agreement with the Commerce Department that included a $1 billion fine plus $400 million in escrow and replacement of its board of directors and senior management. ZTE, which had ceased major operations as a result of the ban, then resumed business.
(Reporting by Karen Freifeld in New York and David Shepardson in Washington; Additional reporting by Diane Bartz in Washington and Angela Moon; Editing by Lisa Shumaker and Cynthia Osterman)