Apple Squeezed; Russian Propaganda's Limits; No Cyber Pearl Harbor; Chinese Programmer's GitHub Earnings Confiscated; Russian Hackers Bribe Official
What We’re Reading, Hearing, and Watching -- October 5, 2023
China Squeezes Apple
Over the years, Apple has tried hard to comply with Chinese laws and regulations in order to keep its business running in China. In 2017, for example, after the Chinese Cybersecurity Law was implemented, Apple announced it was building a data center in Guizhou, China to offer iCloud services. The data center started operations in May 2021. In August 2020, Apple’s App Store in China removed over 30,000 apps, mostly game-related apps to comply with payment requirements for paid games and the enablement of in-app purchases. However, it seems all these efforts did not stop the Chinese government from further limiting Apple’s business in China. In early September, 2023 China banned its government officials from using iPhones at work, then planned to expand the ban to state-backed companies and agencies, according to Western media.
Then on September 27, China’s Ministry of Industry and Information Technology (MIIT) issued a list of the first batch of 26 application distribution platforms (app stores) that had completed filing business details. (hxxp://www.cac.gov[.]cn/2023-09/26/c_1697385564755915.htm) and are approved for operations in China. All these 26 app stores are run by Chinese companies, including those technology giants such as Tencent, Huawei, and Xiaomi. Apple’s App Store was not on the list. Businesses wanting a place on that list had to comply with the Administrative Provisions on the Information Services of Mobile Internet Applications 2022 (2022 Mobile App Provisions) that the MIIT implemented on August 1, 2022. The 2022 Mobile App Provisions prohibit app providers and app stores from engaging in activities “endangering national security, disturbing social order or infringing upon others’ legitimate rights and interests.” Apps with functions that could influence public opinion or are “capable of social mobilization” will need to “conduct a security assessment.”
Two days after the MIIT disclosed the list that omitted Apple, Apple began requiring app developers to submit the Chinese government-issued “internet content provider (ICP) filing” license when they publish new apps on the App Store in China. Currently, iPhone users in China can use the App Store to download popular apps that are blocked in the country, such as YouTube, Facebook, Instagram and X (formerly Twitter).
US Audiences’ Selective Reception of Russian Propaganda
Natto Team has reported extensively on Russian efforts to influence global public opinion with its own, often distorted, version of events. As NattoThoughts showed in “Troll Humor” and “Setbacks in the Battle Against Disinformation,” techniques such as information laundering and cross-platform synergies can bring Russian messaging to a broad set of audiences for a relatively small expenditure on ads and social media postings, particularly if the messages piggyback on existing social discontents. In a September 2023 article, researchers at the Brookings Institution, a Washington DC think tank, analyzed nearly 2000 episodes of US podcasts as a window onto the effectiveness of Russian propaganda. They examined the podcasters’ coverage of Russian media claims such as that Ukrainians are Nazis, the US maintains biological weapons facilities in Ukraine, and the US blew up the Nord Stream pipeline in September 2022.
Across the political spectrum, the researchers found, only a surprisingly small 4%-7% of all episodes uncritically endorsed Russian state messaging about the war in Ukraine. Rather, Russian “talking points” only enter the US discourse if they fit “existing partisan frameworks” in the United States, particularly when they align with “broader distrust in domestic institutions.” The authors write, “Russian narratives seem to resonate with U.S. audiences when they find common cause with domestic concerns, exploit ambiguities, and/or obfuscate highly technical topics.” On complicated or ambiguous topics that are unfamiliar to most US audiences, “Moscow doesn’t have to convince anyone of its view, but simply clear a much lower bar: that pundits air Moscow’s narrative as a possibility worth considering.” The authors conclude, “these findings highlight the importance of being as transparent and clear as ...possible to undercut the ability of conspiratorial actors to exploit ambiguity” and of “amplifying opinionmakers who push back against Russian propaganda.”
Cyber War Not What We Expected, Say US Defense Officials
US defense officials, learning from the experience of Ukraine, have concluded that cyber threat activity might be less effective than expected in a shooting war, Defense Scoop reported on September 18.
The US Defense Department’s 2023 newly released cyber strategy “notes that cyber capabilities by themselves are unlikely to deter adversaries. Rather, they are best used alongside other instruments of national power,” DefenseScoop wrote. “Cyber is not a tool that is a responsive to battlefield conditions,” US Defense Department official Mieke Eoyang told reporters. As Defense Scoop summarized the problem, “Cyber ops take a long time to plan... the pace of war moves much faster than the so-called ‘gray zone’ competitions short of armed conflict in which much of the malicious cyber activity has taken place to date.” Eoyang also noted that Ukraine’s communications networks showed remarkable resilience despite repeated cyber attacks; in particular, Ukraine’s move to the cloud kept critical data safe from Russia’s kinetic attacks on communications infrastructure.
Analysts have questioned why Russian cyber operations against Ukraine were less destructive than expected; some have concluded that the modern face of cyberwar is less like a “Cyber Pearl Harbor”--a single devastating attack that cripples whole countries–and more like what cybersecurity researcher Alex Orleans dubbed “death by a thousand cuts.” Or as cybersecurity expert Gentry Lane put it, “I do believe [a cyberwar] will look like all aspects of life as we know it are gradually deteriorating, then suddenly stalling as access to critical goods and services falter. In its most extreme condition, it will throw the economy and social order into chaos, forcing the entire country into a survival mode that no one is prepared for.”
Natto Team has pointed out that cyber operations are only one tool in Russia’s hybrid approach to warfare, which can combine destructive activity in the cyber or physical realm, sometimes disguised as criminal ransomware or idealistic hacktivism, with psychological operations to sow panic, demoralize adversaries, and influence their decisionmaking.
A Chinese Local Public Security Bureau Confiscates a Programmer’s GitHub Earnings
A Chinese local public security bureau in Hebei province fined a computer programmer 200 RMB (US$27) for illegally using a virtual private network (VPN). The bureau also confiscated 1.05 million RMB (over US$144,000) that the programmer had earned over three years by taking tasks and answering user support questions on Github. Because the programmer accessed Github through the VPN, the public security bureau considered the income to be “illegally obtained.” The programmer disclosed the case on his Weibo account, reposting the related public security bureau documents, and said he planned to file an administrative appeal. (Weibo has taken down his posts at the time of this writing). Comments for the case on Chinese social media platforms have been overwhelming. Netizens criticized the Chengdu public bureau for “robbing ordinary citizens.”
A report from China Digital Times, a Berkeley, CA based media focusing on China reporting, pointed out that classifying earnings made outside China’s Great Firewall as “illegally obtained income” could have a chilling effect on Chinese professionals who use VPNs to access the Internet for work. One WeChat post reminded those who worked in foreign trade that their earnings may now be considered “illegal income.” For example, using Google, Youtube, TikTok and Facebook for business development may be illegal.
As China’s youth unemployment rate hits record highs, police might want to consider whether confiscating a young person’s hard-earned income is good for keeping Chinese youth from wandering the streets or idly “lying flat.”
Hackers and Russian Security Services: A Tangled Web
An officer of Russia’s Federal Security Service (FSB) in the Perm region faces prosecution in Moscow for taking bribes from hackers, according to a September 14 article in semi-independent Russian business newspaper Kommersant (https://www.kommersant[.]ru/doc/6212079)
In return for ensuring that a case against them would be dropped, the FSB officer had received 100 million rubles (worth $1 million as of October 2023), a hacker who is in the group currently under prosecution testified. The group of hacker suspects, whom the FSB officer had allegedly protected for several years, included a film company director, employees of a construction equipment company and a telecommunications operator in Perm, and two unemployed people.
Kommersant notes that early 2022 saw three major arrests of hacker groups in Russia, based on information that the US Federal Bureau of Investigation had provided. The article implies that the case of the suspected hacker group in Perm is one of these three cases. It says that the Prosecutor General had sent the other two cases to military courts in Moscow and Saint Petersburg, where judges sent them back to the investigators due to jurisdictional issues.
One of those other cases appears to refer to that of 51-year old Aleksey Stroganov (a.k.a. Flint24) and two dozen other suspects in a large-scale carding ring, most of whom were arrested in March 2020; the military court returned that case to investigators on August 1 2023 (more detail here).
The final case related to a group of suspected hackers from the REvil ransomware group, whom Russian officials arrested in January 2022. (More on REvil here and here). Since one of the suspects was a soldier at the time of the alleged crimes, the Petersburg military court returned the case for more investigation and directed that the suspects remain in pre-trial custody until November 14 2023. As NattoTeam has pointed out, Russian intelligence services can use the threat of continued detention and the promise of liberty to pressure hackers to carry out operations for them. At the same time, the criminals might be able to continue their illicit activities through partners while behind bars, as Flint24 reportedly did during an earlier stint in prison. As the case of the FSB officer suggests, officials can also demand bribes in return for protection.
Update April 19 2024: The ex-FSB officer received a 9-year sentence, while some of the hackers who turned him in received relatively light sentences or credit for time served, The Record reported on April 18.
Another great issue, NATTO Team!