Pentagon probes China's rare-earth trolling campaign • The Register

2022-07-02 06:12:49 By : Mr. David Sheng

The US Department of Defense said it's investigating Chinese disinformation campaigns against rare earth mining and processing companies — including one targeting Lynas Rare Earths, which has a $30 million contract with the Pentagon to build a plant in Texas.

Earlier today, Mandiant published research that analyzed a Beijing-linked influence operation, dubbed Dragonbridge, that used thousands of fake accounts across dozens of social media platforms, including Facebook, TikTok and Twitter, to spread misinformation about rare earth companies seeking to expand production in the US to the detriment of China, which wants to maintain its global dominance in that industry. 

"The Department of Defense is aware of the recent disinformation campaign, first reported by Mandiant, against Lynas Rare Earth Ltd., a rare earth element firm seeking to establish production capacity in the United States and partner nations, as well as other rare earth mining companies," according to a statement by Uncle Sam. "The department has engaged the relevant interagency stakeholders and partner nations to assist in reviewing the matter.

Lynas Rare Earths, based in Australia, claims to be the world's second-largest producer of separated rare-earth materials, and the largest outside of China. And in 2021, the US Department of Defense signed an agreement with Lynas to build a Texas plant in response to supply-chain shortages.

Rare-earth materials are used in a variety of consumer items such as smart-phone screens and rechargeable batteries for electric and hybrid cars, along with aerospace and defense products like missile guidance systems and aircraft engines.

Mandiant has been tracking Dragonbridge, and its pro-People's Republic of China narratives, since mid-2019. The campaign is made up of thousands of fake accounts across 30 social media platforms and more than 40 other websites and online forums. The more recent campaigns targeting rare-earth companies included posts in English and Chinese, plus other languages including German, Russian, Spanish, Korean, and Japanese.

While the social-media warriors originally focused on discrediting pro-democracy protests in Hong Kong before expanding into some failed attempts at mobilizing US protesters in response to the COVID-19 pandemic, it has since turned its sights on rare-earth metals, we're told.

According to Mandiant, the misinformation operation targeting Lynas began earlier this year. This campaign spread content claiming Lynas' planned processing facility in Texas would harm the environment and expose neighbors to radioactive contamination, cancer risks, gene mutation, and deformities in newborns.

Then in June, the researchers observed Dragonbridge targeting a Canadian rare-earth mining company, Appia Rare Earths and Uranium Corp, as well as an American rare-earths manufacturing company called USA Rare Earth with more fake news and negative posts about potential or planned production activities.

This more recent campaign coincided with Appia announcing the discovery of a rare-earths bearing zone in Northern Saskatchewan, Canada. Also in June: USA Rare Earth said it planned to build a processing facility in Oklahoma.

In addition to pushing narratives that criticized the mining companies' expansion plans that benefit US rare earth production activities, Mandiant said the ops also promoted content protesting the Biden administration's decision in March to invoke the Defense Production Act — yet another attempt by America to spur domestic production of and lessen US reliance on China to supply its critical minerals. 

"It targeted an industry of strategic significance to the PRC, including specifically three commercial entities challenging the PRC's global market dominance in that industry," the security shop wrote in its analysis.

Another noteworthy aspect of the newer Dragonbridge influence operations, according to Mandiant, is that "the campaign leveraged more nuanced tactics than what we typically see from pro-PRC information operations."

This includes creating fake online accounts posing as Texas residents expressing concern over environment and health issues related to the planned facility, and posting these campaigns in social media groups "predisposed to be receptive to that content," the threat-intel blog said.

While they didn't seem to have had much luck inciting Texans — or anyone else — to take action and protest the plants, this could be a precursor to future misinformation campaigns by Beijing-backed cyber goons, Mandiant warned. 

As the researchers note, the "significantly expanded online footprint," coupled by the attempts to mobilize protesters in the US, "provides early warning that the actors responsible may be starting to explore more direct means of influence and may be indicative of an emerging intent to motivate real-world activity outside of China's territories." ®

TikTok, owned by Chinese outfit ByteDance, last month said it was making an effort to minimize the amount of data from US users that gets transferred outside of America, following reports that company engineers in the Middle Kingdom had access to US customer data.

"100 percent of US user traffic is being routed to Oracle Cloud Infrastructure," TikTok said in a June 17, 2022 post, while acknowledging that customer information still got backed up to its data center in Singapore. The biz promised to delete US users' private data from its own servers and to "fully pivot to Oracle cloud servers located in the US."

That pivot has not yet been completed. According to a June 30, 2022 letter [PDF] from TikTok CEO Shou Zi Chew, obtained by the New York Times on Friday, some China-based employees with sufficient security clearance can still access data from US TikTok users, including public videos and comments.

Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

Feature US and European cops, prosecutors, and NGOs recently convened a two-day workshop in the Hague to discuss how to respond to the growing scourge of ransomware.

"Only by working together with key law enforcement and prosecutorial partners in the EU can we effectively combat the threat that ransomware poses to our society," said US assistant attorney general Kenneth Polite, Jr, in a canned statement.

Earlier this month, at the annual RSA Conference, this same topic was on cybersecurity professionals' minds – and lips.

Chinese web giant Tencent has admitted to a significant account hijack attack on its messaging and social media platform.

In a post to rival social media platform Sina Weibo – a rough analog of Twitter – Tencent apologized for the incident.

The problem manifested on Sunday night and saw an unnamed number of QQ users complain their credentials no longer allowed them access to their accounts. Tencent has characterized that issue as representing "stolen" accounts.

China's internet regulator has launched an investigation into the security regime protecting academic journal database China National Knowledge Infrastructure (CNKI), citing national security concerns.

In its announcement of the investigation, the China Cyberspace Administration (CAC) said:

Google has added API security tools and Workspace (formerly G-Suite) admin alerts about potentially risky configuration changes such as super admin passwords resets.

The API capabilities – aptly named "Advanced API Security" – are built on top of Apigee, the API management platform that the web giant bought for $625 million six years ago.

As API data makes up an increasing amount of internet traffic – Cloudflare says more than 50 percent of all of the traffic it processes is API based, and it's growing twice as fast as traditional web traffic – API security becomes more important to enterprises. Malicious actors can use API calls to bypass network security measures and connect directly to backend systems or launch DDoS attacks.

China's government has outlined its vision for digital services, expected behavior standards at China's big tech companies, and how China will put data to work everywhere – with president Xi Jinping putting his imprimatur to some of the policies.

Xi's remarks were made in his role as director of China’s Central Comprehensively Deepening Reforms Commission, which met earlier this week. The subsequent communiqué states that at the meeting Xi called for "financial technology platform enterprises to return to their core business" and "support platform enterprises in playing a bigger role in serving the real economy and smoothing positive interplay between domestic and international economic flows."

The remarks outline an attempt to balance Big Tech's desire to create disruptive financial products that challenge monopolies, against efforts to ensure that only licensed and regulated entities offer financial services.

Systems Approach Since publishing our article and video on APIs, I’ve talked with a few people on the API topic, and one aspect that keeps coming up is the importance of security for APIs.

In particular, I hear the term “zero trust” increasingly being applied to APIs, which led to the idea for this post. At the same time, I’ve also noticed what might be called a zero trust backlash, as it becomes apparent that you can’t wave a zero trust wand and instantly solve all your security concerns.

Zero trust has been on my radar for almost a decade, as it was part of the environment that enabled network virtualization to take off. We’ve told that story briefly in our SDN book – the rise of microsegmentation as a widespread use-case was arguably the critical step that took network virtualization from a niche technology to the mainstream.

Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

It seems promoters of RISC-V weren't bluffing when they hinted a laptop using the open-source instruction set architecture would arrive this year.

Pre-orders opened Friday for Roma, the "industry's first native RISC-V development laptop," which is being built in Shenzen, China, by two companies called DeepComputing and Xcalibyte. And by pre-order, they really mean: register your interest.

No pricing is available right now, quantities are said to be limited, and information is sparse.

The Register - Independent news and views for the tech community. Part of Situation Publishing

Biting the hand that feeds IT © 1998–2022