Welcome to The Cybersecurity 202! Tim here. If you’re remotely interested in boxing, or maybe even if you aren’t, you’ll definitely want to be watching Saturday night. Errol Spence Jr. versus Terence Crawford is one of the best matchups of the century: two unbeaten fighters, both extra-skilled, fast and powerful.
Reading this online? Sign up for The Cybersecurity 202 to get scoops and sharp analysis in your inbox each morning.
Below: A contested surveillance tool was used on a senator, and a recent Microsoft hack may have exposed other data. First:
Pro-China influence campaign infiltrates U.S. news websites
A Chinese marketing firm that has counted state police and other government bureaus as clients is leveraging newswire services to place pro-Beijing stories on the websites of almost three dozen news outlets across America in an apparent effort to help Beijing improve its image abroad.
The Shanghai-based firm — Shanghai Yihuan Cultural Communication Co., Ltd., which goes by the brand name Haixun Press — says on its website that it can plant news articles globally, and can boost the content by providing paid inauthentic social media likes on platforms including Twitter, Facebook and Instagram.
The articles — which have appeared in financial news subdomains of at least 32 websites including the Arizona Republic and the Pittsburgh Post-Gazette — include Chinese state media stories and scathing critiques of U.S. policymakers, academics and others critical of Beijing.
Haixun has placed the articles using a newswire distribution service called CloudQuote.io, which is run by the California-based firm FinancialContent and provides financial and market content to small news outlets across America, according to a new report by cybersecurity firm Mandiant, which is owned by Google. The articles were still visible last week on sites that use CloudQuote.io content.
While the articles have so far garnered few views compared with the outsize presence of China’s state media outlets on Western social media, they highlight the expanding array of tactics deployed to overhaul Beijing’s image abroad and undermine its political opponents.
“These actors are trying to blur the line between fiction and fact by placing these pro-[China] articles onto legitimate U.S. news outlets, likely without their knowledge,” said Ryan Serabian, senior analyst at Mandiant, which first shared its latest investigation into a campaign it calls HaiEnergy with The Cybersecurity 202. “So, I think it’s very important for us to shine a spotlight on that so that measures are taken to prevent this from happening.”
After being asked about the articles by The Post and Mandiant, the Arizona Republic and the Pittsburgh Post-Gazette redirected visitors of the pages where Haixun content appears to other pages on their website.
The Pittsburgh Post-Gazette’s subdomain began redirecting to its main website after Mandiant contacted the organization with questions in April. Allison Latcheran, director of marketing for the Post-Gazette, told The Post that “we aren’t able to comment on this at this time.”
The Arizona Republic began redirecting the subdomain to its main website after a reporter contacted the news outlet’s owner, Gannett. “These pages no longer include the Arizona Republic branding and we have informed [FinancialContent] of the misinformation,” said a spokesperson, Lark-Marie Anton.
Mark Dierolf, founder and CEO of FinancialContent, hung up on a reporter when reached by phone. Neither he nor anyone at the company responded to subsequent requests for comment.
Haixun did not respond to requests for comment.
The Haixun articles
Mandiant previously reported in August 2022 that Haixun was responsible for a network of 72 inauthentic news sites hosting pro-Beijing news content. However, its discovery of the Haixun-linked newswire represents the first time the Haixun’s content has appeared on the subdomains of legitimate U.S. journalism companies.
The Haixun-linked effort also highlights the difficulties in tracking the scope of Beijing’s overseas influence efforts, which at times take a scattergun approach, employing a mix of rapidly changing tactics despite varying levels of success.
Articles visible on the subdomains of the U.S. newspapers cover a broad range of topics but often have a common theme: highlighting China’s successes while casting doubt on American culture and politics.
Although it’s not clear that Haixun placed the articles for Chinese government entities, the firm appears to have worked for Chinese institutions.
In online sales material and social media postings from Haixun’s website and social media accounts, the company said it works with over 150 clients that include Chinese government departments, police and state media.
During the coronavirus pandemic, the state media articles and blogs from Haixun show that local Chinese police have used analytical software developed by the firm to surveil people’s movements as part of health control restrictions. According to other state media and marketing material, Haixun provides “public opinion management” services to government agencies.
Making it a habit
Campaigns to purchase positive media are not new in China. However, Chinese state and private propaganda operations have since 2017 increasingly focused on turning those operations outward to counter negative narratives about Beijing abroad.
Every government agency in Beijing has a budget to promote its image abroad, said an employee of a public opinion management firm in Beijing that works with the central government. The employee, who spoke to The Post on the condition of anonymity because they were not authorized to speak to reporters, said that agencies “need to prove” they are achieving results, including in English-speaking countries.
The employee said that government bureaus and state-owned enterprises allocate funds for [positive] propaganda work abroad, including positive mentions in foreign media.
The funds also pay for inauthentic social media activity to promote China and its government, and agencies frequently purchase bot services from groups outside China, in Southeast Asia and the United States, said the employee, who does not work directly with Haixun but is familiar with the firm.
“It’s becoming a requirement,” the employee said.
The keys
FBI used surveillance authority on senator, other officials, court opinion says
FBI personnel improperly searched a surveillance database using the names of a U.S. senator and state senator, as well as the Social Security number of a state judge, according to an April court opinion released Friday.
That was one of several developments related to so-called Section 702 surveillance authorities. The surveillance powers are set to expire at the end of this year and are used to target foreigners, but under certain restrictions intelligence officials can use them to obtain information on communications involving Americans. U.S. officials have been pushing for Congress to re-up Section 702, but many experts say they’d make changes to the spy powers.
Critics of how the government has used Section 702 reacted to Friday’s news with displeasure.
“The FBI continues to break the rules put in place to protect Americans, running illegal searches on public officials including a U.S. senator, and it’s long past time for Congress to step in,” said Patrick Toomey, deputy director of the American Civil Liberties Union’s National Security Project. “As Congress debates reauthorizing Section 702, these opinions make clear why fundamental reforms are urgently needed.”
Sen. Ron Wyden (D-Ore.) criticized not only the breadth of Section 702 spying but how much of the court orders had been blacked out: “While I commend the administration for these releases, it remains the case that information the public needs in advance of 702 reauthorization has been unnecessarily redacted.”
Microsoft hack that exposed key government officials’ emails could have jeopardized other files
The hackers that breached the Microsoft email accounts of high-ranking U.S. government officials may have pilfered other documents and files protected by Microsoft login information, our colleague Joseph Menn reports, citing research from cloud security company Wiz.
The Wiz researchers claimed that “anyone with the signing key could have extended their access and signed into other widely used Microsoft cloud offerings including SharePoint, Teams and OneDrive,” as Joseph writes.
While Microsoft revoked that authentication key, the researchers say that the hackers may have built in backdoor access to applications, and that some software could still approve a session with an expired key.
Despite the hack, Raimondo still plans to make a scheduled trip to China later this year, Reuters reported.
Couple accused of laundering billions of bitcoin from 2016 hack set to plead guilty
A couple accused of laundering billions of bitcoin linked to the 2016 hack of the Bitfinex cryptocurrency exchange are poised to plead guilty, Cyrus Farivar reports for Forbes, citing federal court records.
Morgan and husband Ilya Lichtenstein each face “one count of money laundering conspiracy,” and Morgan “also faces one count of conspiracy to defraud the United States,” according to the report. They are expected to plead guilty in D.C. next month.
Government scan
Industry report
Global cyberspace
Cyber insecurity
Encryption wars
Privacy patch
Daybook
Secure log off
Thanks for reading. See you tomorrow.