For years, Registered Agents Inc.—a secretive company whose business is setting up other businesses—has registered thousands of companies to people who appear to not exist. Multiple former employees tell WIRED that the company routinely incorporates businesses on behalf of its customers using what they claim are fake personas. An investigation found that incorporation paperwork for thousands of companies that listed these allegedly fake personas had links to Registered Agents.
State attorneys general from around the US sent a letter to Meta on Wednesday demanding the company take “immediate action” amid a record-breaking spike in complaints over hacked Facebook and Instagram accounts. Figures provided by the office of New York attorney general Letitia James, who spearheaded the effort, show that in 2023 her office received more than 780 complaints—10 times as many as in 2019. Many complaints cited in the letter say Meta did nothing to help them recover their stolen accounts. “We refuse to operate as the customer service representatives of your company,” the officials wrote in the letter. “Proper investment in response and mitigation is mandatory.”
Meanwhile, Meta suffered a major outage this week that took most of its platforms offline. When it came back, users were often forced to log back in to their accounts. Last year, however, the company changed how two-factor authentication works for Facebook and Instagram. Now, any devices you’ve frequently used with Meta services in recent years will be trusted by default. The move has made experts uneasy; this means that your devices may not need a two-factor authentication code to log in anymore. We updated our guide for how to turn off this setting.
A ransomware attack targeting medical firm Change Healthcare has caused chaos at pharmacies around the US, delaying delivery of prescription drugs nationwide. Last week, a Bitcoin address connected to AlphV, the group behind the attack, received $22 million in cryptocurrency—suggesting Change Healthcare has likely paid the ransom. A spokesperson for the firm declined to answer whether it was behind the payment.
And there’s more. Each week, we highlight the news we didn’t cover in depth ourselves. Click on the headlines below to read the full stories. And stay safe out there.
In January, Microsoft revealed that a notorious group of Russian state-sponsored hackers known as Nobelium infiltrated the email accounts of the company’s senior leadership team. Today, the company revealed that the attack is ongoing. In a blog post, the company explains that in recent weeks, it has seen evidence that hackers are leveraging information exfiltrated from its email systems to gain access to source code and other “internal systems.”
It is unclear exactly what internal systems were accessed by Nobelium, which Microsoft calls Midnight Blizzard, but according to the company, it is not over. The blog post states that the hackers are now using “secrets of different types” to breach further into its systems. “Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures.”
Nobelium is responsible for the SolarWinds attack, a sophisticated 2020 supply-chain attack that compromised thousands of organizations including the major US government agencies like the Departments of Homeland Security, Defense, Justice, and Treasury.
Six days before Christmas, the US Department of Justice loudly announced a win in the ongoing fight against the scourge of ransomware: An FBI-led, international operation had targeted the notorious hacking group known as BlackCat or AlphV, releasing decryption keys to foil its ransom attempts against hundreds of victims and seizing the dark web sites it had used to threaten and extort them. “In disrupting the BlackCat ransomware group, the Justice Department has once again hacked the hackers,” deputy attorney general Lisa Monaco declared in a statement.
Two months and one week later, however, those hackers don’t appear particularly “disrupted.” For the last seven days and counting, BlackCat has held hostage the medical firm Change Healthcare, crippling its software in hospitals and pharmacies across the United States, leading to delays in drug prescriptions for an untold number of patients.
The ongoing outage at Change Healthcare, first reported to be a BlackCat attack by Reuters, represents a particularly grim incident in the ransomware epidemic not just due to its severity, its length, and the potential toll on victims’ health. Ransomware-tracking analysts say it also illustrates how even law enforcement’s wins against ransomware groups appear to be increasingly short-lived, as the hackers that law enforcement target in carefully coordinated busts simply rebuild and restart their attacks with impunity.
“Because we can’t arrest the core operators that are in Russia or in areas that are uncooperative with law enforcement, we can’t stop them,” says Allan Liska, a ransomware-focused researcher for cybersecurity firm Recorded Future. Instead, Liska says, law enforcement often has had to settle for spending months or years arranging takedowns that target infrastructure or aid victims, but without laying hands on the attacks’ perpetrators. “The threat actors just need to regroup, get drunk for a weekend, and then start right back up,” Liska says.
In another, more recent bust, the UK’s National Crime Agency last week led a broad takedown effort against the notorious Lockbit ransomware group, hijacking its infrastructure, seizing many of its cryptocurrency wallets, taking down its dark web sites, and even obtaining information about its operators and partners. Yet less than a week later, Lockbit has already launched a fresh dark web site where it continues to extort its victims, showing countdown timers for each one that indicate the remaining days or hours before it dumps their stolen data online.
None of that means law enforcement’s BlackCat or Lockbit operations haven’t had some effect. BlackCat listed 28 victims on its dark web site for February so far, a significant drop from the 60-plus Recorded Future counted on its site in December prior to the FBI’s takedown. (Change Healthcare isn’t currently listed among BlackCat’s current victims on its site, though the hackers reportedly took credit for the attack, according to ransomware-tracking site Breaches.net. Change Healthcare also didn’t respond to WIRED’s request for comment on the cyberattack.)
Lockbit, for its part, may be hiding the extent of its disruption behind the bluster of its new leak site, argues Brett Callow, a ransomware analyst at security firm Emsisoft. He says that the group is likely downplaying last week’s bust in part to avoid losing the trust of its affiliate partners, the hackers who penetrate victim networks on Lockbit’s behalf and might be spooked by the possibility that Lockbit has been compromised by law enforcement.
Government hackers last year exploited three unknown vulnerabilities in Apple’s iPhone operating system to target victims with spyware developed by a European startup, according to Google.
On Tuesday, Google’s Threat Analysis Group, the company’s team that investigates nation-backed hacking, published a report analyzing several government campaigns conducted with hacking tools developed by several spyware and exploit sellers, including Barcelona-based startup Variston.
In one of the campaigns, according to Google, government hackers took advantage of three iPhone “zero-days,” which are vulnerabilities not known to Apple at the time they were exploited. In this case, the hacking tools were developed by Variston, a surveillance and hacking technology startup whose malware has already been analyzed twice by Google in 2022 and 2023.
Contact Us
Do you have more information about Variston or Protect Electronic Systems? We’d love to hear from you. From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or email lorenzo@techcrunch.com. You also can contact TechCrunch via SecureDrop.
Google said it discovered the unknown Variston customer using these zero-days in March 2023 to target iPhones in Indonesia. The hackers delivered an SMS text message containing a malicious link that infected the target’s phone with spyware, and then redirected the victim to a news article by the Indonesian newspaper Pikiran Rakyat. Google did not say who was Variston’s government customer in this case.
An Apple spokesperson did not comment to TechCrunch, asking whether the company is aware of this hacking campaign found by Google.
While Variston keeps getting attention from Google, the company has lost multiple employees over the past year, according to former staff who spoke to TechCrunch on the condition of anonymity because they were under a non-disclosure agreement.
It is not yet known who Variston sold its spyware to. According to Google, Variston collaborates “with several other organizations to develop and deliver spyware.”
Google says one of the organizations was Protected AE, which is based in the United Arab Emirates. Local business records identify the company as “Protect Electronic Systems,” and say it was founded in 2016 and headquartered in Abu Dhabi. On its official website, Protect bills itself as “a cutting edge cyber security and forensic company.”
According to Google, Protect “combines spyware it develops with the Heliconia framework and infrastructure, into a full package which is then offered for sale to either a local broker or directly to a government customer,” referring to Variston’s software Heliconia, which Google previously detailed in 2022.
Variston was founded in 2018 in Barcelona by Ralf Wegener and Ramanan Jayaraman, and shortly after acquired Italian zero-day research company Truel IT, according to Spanish and Italian business records seen by TechCrunch.
Wegener and Jayaraman did not respond to a request for comment by email. Representatives from Protect also did not respond.
While there has been a lot of attention in the last few years on Israeli companies like NSO Group, Candiru, and QuaDream, Google’s report shows that European spyware makers are expanding their reach and capabilities.
Google wrote in its report that its researchers track around 40 spyware makers, which sell exploits and surveillance software to government customers around the world. In the report Google mentions not only Variston, but also the Italian companies Cy4Gate, RCS Lab, and Negg as examples of relatively newer companies that have entered the market. RCS Lab was founded in 1993 and used to be a partner of the now-defunct spyware maker Hacking Team, but didn’t develop spyware on its own until recent years, focusing instead on selling products to conduct traditional phone wiretapping at the telecom providers’ level.
In its report, Google said it is committed to disrupting hacking campaigns conducted with these companies’ tools because they have been linked to targeted surveillance of journalists, dissidents, and politicians.
“Commercial surveillance vendors (CSVs) are enabling the proliferation of dangerous hacking tools,” Google wrote in its report. “The harm is not hypothetical. Spyware vendors point to their tools’ legitimate use in law enforcement and counterterrorism. However, spyware deployed against journalists, human rights defenders, dissidents, and opposition party politicians — what Google refers to as ‘high risk users’ — has been well documented.”
“While the number of users targeted by spyware is small compared to other types of cyber threat activity, the follow-on effects are much broader,” the company wrote. “This type of focused targeting threatens freedom of speech, a free press, and the integrity of elections worldwide.”
The EU’s unrelated effort to funnel cash to Ukraine from its central budget faced serious political resistance, prompting governments to look at alternative sources of money. It took weeks of diplomatic backchanneling before leaders convinced Hungary on Feb. 1 to lift its veto over the EU’s €50 billion cash pot for Ukraine.
Financial stability
The assets confiscation plan could generate over €200 billion to support Ukraine’s postwar reconstruction, according to backers of the proposal. G7 countries are aiming to come up with a coordinated roadmap amid growing pressure from the United States, which, along with the United Kingdom and Canada, has fewer qualms than EU countries such as Germany, France and Italy.
In Europe, there are fears Moscow might retaliate by lodging a flurry of appeals against Euroclear, a Belgium-based financial depository that holds the vast majority of Russian reserves in Europe.
“An institution like Euroclear is a very systemic financial institution,” Belgian Finance Minister Vincent Van Peteghem said | Nicolas Maeterlinck/Belga/AFP via Getty Images
“An institution like Euroclear is a very systemic financial institution,” Belgian Finance Minister Vincent Van Peteghem told reporters at the end of January. “We should … try to avoid an impact [of Russian asset confiscation] on financial stability.”
In a sign of the sort of retaliation countries fear might come, Russian entities have already filed 94 lawsuits in Russia demanding payback to Euroclear, which operates under Belgian law, after their investments and their profits in Europe were frozen, according to a Belgian official with knowledge of the proceedings.
Top Russian lenders, including Rosbank, Sinara Bank and Rosselkhozbank, filed legal claims against Euroclear worth hundreds of millions of rubles.
Once again we look back at the past year in cybercrime and those who we lost… to the law. This year was no different to last: we saw another round of high-profile busts, arrests, sanctions, and prison time for some of the most prolific cybercriminals in recent years.
This is our look back at who got nabbed or otherwise busted, featuring: why a Russian accused of ransomware burned his passport, which notorious malware gang reared its ugly head again, and why one country’s hackers targeted an unsuspecting phone maker.
For a time, Joseph James O’Connor was one of the internet’s most wanted hackers, not just by the feds investigating the breach, but for the curious public who watched his hack play out in real-time.
O’Connor was a member of the hacking group who broke into Twitter to abuse access to an internal admin tool that they used to hijack high-profile Twitter accounts, including Apple, Joe Biden, and Elon Musk (who went on to buy the site) to spread a crypto scam. Twitter took drastic measures to rid the hackers from its network by temporarily blocking all of the site’s 200-million-plus users from posting.
A New York judge sentenced the 24-year-old hacker to five years in prison, two of which O’Connor already served in pre-trial custody.
A screenshot of a tweet from Joe Biden’s briefly-hacked Twitter account displaying a crypto scam. Image Credits: TechCrunch
Federal prosecutors this year accused a former Amazon employee of hacking into a cryptocurrency exchange and stealing millions worth of customers’ crypto. The case appeared at first as an ethical hacker turning rogue by apparently offering to return the funds in return for a bug bounty. But ultimately Shakeeb Ahmed was caught out in part by Googling his own crimes that prosecutors say related to “his own criminal liability.”
In the end, Ahmed pleaded guilty earlier in December, according to the Justice Department, and faces up to five years in prison — and paying back $5 million to victims.
Why did a Russian man accused by U.S. prosecutors of ransomware attacks burn his passport? According to the accused hacker Mikhail Matveev, it’s because U.S. government charges would follow him anywhere he went and most countries would extradite him for the crimes he’s accused of — crimes he hasn’t denied, per se, but rather outwardly embraced. In an interview with TechCrunch, Matveev said the last time he traveled was to Thailand in 2014, but not since.
The FBI’s wanted poster for Mikhail Matveev. Image Credits: FBI
Hackers for the hermit kingdom were busier than ever this year, racking up hacks on popular crypto wallets and major crypto projects with the aim of making as much money for the regime from anywhere it can get it to fund its sanctioned nuclear weapons program.
Some of the cyberattacks linked to North Korea might not have made much sense on the face of it, but breaking into software companies gave the hackers access to the targets they were after. Enterprise phone provider 3CX said that North Korean hackers broke into its systems and planted malware in a tainted software update that rolled out to customers in a long-game effort to target 3CX’s crypto customers. Software company JumpCloud said it too was hacked by North Korean hackers likely in an effort to gather data on a handful of its crypto-related customers.
It took the feds about a decade but their persistence paid off when they finally identified the mastermind behind Try2Check, a credit card checking operation that allowed criminals who buy credit card numbers in bulk to identify which cards are still active. The scheme earned the Russian national, Denis Gennadievich Kulkov, more than $18 million in illicit proceeds — and a place on the U.S. Secret Service’s most wanted list with a $10 million bounty for information leading to Kulkov’s conviction. That might not be any time soon, given Kulkov remains in Russia and squarely out of the hands of U.S. prosecutors.
A prolific hacker and seller of stolen data, the administrator of the cybercrime forum BreachForuns known as Pompompurin, was busted on home turf by the FBI in a leafy town in upstate New York. BreachForums for a time was involved in the sale of millions of people’s data with more than 340,000 active members, to the point where the Justice Department saught to “disrupt” the site to knock it offline. The operation saw the arrest of Conor Brian Fitzpatrick, 20, following an extensive surveillance operation. In the end it wasn’t just charges of computer hacking and wire fraud that brought down the notorious hacking forum administrator, but also possession of child abuse imagery. Fitzpatrick subsequently pleaded guilty and will be sentenced at a later date.
Qakbot was one of the longest running and high-profile hacking groups of the past decade, and once the malware-of-choice for delivering ransomware to companies, organizations and governments around the world, generating tens of millions of dollars in ransom payments. At its peak, the FBI said Qakbot had compromised more than 700,000 devices as of June 2023, with at least 200,000 hacked devices located in the United States. In a daring effort to knock the malware offline for good, the FBI launched Operation Duck Hunt (don’t say that too quickly), which tricked Qakbot-infected computers into downloading an FBI-made uninstaller, ridding the malware from the infected device. The operation was hailed as a success. But recent Qakbot infections suggests that the takedown was little more than a short setback.
In what is likely the last cyber-related conviction of the year: a hacker accused of involvement with the prolific Lapsus$ hacking group will be detained until doctors determine he no longer poses a threat to the public. Arion Kurtaj, a teenager from Oxford, was sentenced to an indefinite hospital order in December, reports the BBC. Kurtaj is one of several hackers who raided Rockstar Games, Uber, Nvidia and telecom giant EE who used social engineering and threats to score access to corporate networks. The judge said the teenager’s skills and desire to continue committing cybercrime meant he remains a high risk to the public.
Arion Kurtaj has been given an indefinite hospital order. Judge rules that he remains a high risk to the public through his skills and motivation. He will remain at a secure hospital for life unless doctors deem him no longer a danger.
Fraudsters continue to do damage in the finance industry, evidenced by recent attacks against Fidelity National Financial and Mr. Cooper, and financial institutions must strengthen their systems to avoid hacks and respond to breaches. In 2023, the average cost of a data breach in the financial industry was $5.9 million, according to data and visualization […]
But the company also said that by accessing those accounts, the hackers were also able to access “a significant number of files containing profile information about other users’ ancestry that such users chose to share when opting in to 23andMe’s DNA Relatives feature.”
The company did not specify what that “significant number” of files is, nor how many of these “other users” were impacted.
23andMe did not immediately respond to a request for comment, which included questions on those numbers.
In early October, 23andMe disclosed an incident in which hackers had stolen some users’ data using a common technique known as “credential stuffing,” whereby cybercriminals hack into a victim’s account by using a known password, perhaps leaked due to a data breach on another service.
The damage, however, did not stop with the customers who had their accounts accessed. 23andMe allows users to opt into a feature called DNA Relatives. If a user opts-in to that feature, 23andMe shares some of that user’s information with others. That means that by accessing one victim’s account, hackers were also able to see the personal data of people connected to that initial victim.
23andMe said in the filing that for the initial 14,000 users, the stolen data “generally included ancestry information, and, for a subset of those accounts, health-related information based upon the user’s genetics.” For the other subset of users, 23andMe only said that the hackers stole “profile information” and then posted unspecified “certain information” online.
TechCrunch analyzed the published sets of stolen data by comparing it to known public genealogy records, including websites published by hobbyists and genealogists. Although the sets of data were formatted differently, they contained some of the same unique user and genetic information that matched genealogy records published online years earlier.
The owner of one genealogy website, for which some of their relatives’ information was exposed in 23andMe’s data breach, told TechCrunch that they have about 5,000 relatives discovered through 23andMe, and said our “correlations might take that into account.”
News of the data breach surfaced online in October when hackers advertised the alleged data of one million users of Jewish Ashkenazi descent and 100,000 Chinese users on a well-known hacking forum. Roughly two weeks later, the same hacker who advertised the initial stolen user data advertised the alleged records of four million more people. The hacker was trying to sell the data of individual victims for $1 to $10.
TechCrunch found that another hacker on a different hacking forum had advertised even more allegedly stolen user data two months before the advertisement that was initially reported by news outlets in October. In that first advertisement, the hacker claimed to have 300 terabytes of stolen 23andMe user data, and asked for $50 million to sell the whole database, or between $1,000 and $10,000 for a subset of the data.
In response to the data breach, on October 10, 23andMe forced users to reset and change their passwords and encouraged them to turn on multi-factor authentication. And on November 6, the company required all users to use two-step verification, according to the new filing.
In a bizarre turn of events, a US nuclear laboratory, the Idaho National Laboratory (INL), fell victim to a hack by a group self-identifying as “gay furry hackers.” The group, Sieged Security (SiegedSec), has an unusual demand: they want the lab to research the creation of real-life catgirls.
The Idaho Nuclear Laboratory Cyber Attack
The Idaho National Laboratory is not just any facility; it’s a pioneer in nuclear technology, operating since 1949. With over 6,000 employees, the INL has been instrumental in nuclear reactor research and development. The unexpected cyber intrusion by SiegedSec marks a significant security breach.
SiegedSec’s demands are out of the ordinary. They have threatened to release sensitive employee data unless the INL commits to researching catgirls. The data purportedly includes Social Security numbers, birthdates, addresses, and more. SiegedSec’s tactics include using playful language, such as multiple “meows” in their communications, highlighting their unique approach.
The group has a history of targeting government organizations for various causes, including human rights. Their recent activities include leaking NATO documents and attacking US state governments over anti-trans legislation.
The Nuclear Laboratory’s Response and Investigation
The Idaho National Laboratory confirmed the breach and is currently working with the FBI and the Department of Homeland Security’s Cyber Security and Infrastructure Security Agency. The investigation aims to understand the extent of the data impacted by the incident.
SiegedSec’s actions, while unusual, shed light on several issues. First, it highlights the vulnerability of even high-profile, secure facilities to cyber attacks. Second, the group’s unique demand for researching catgirls, while seemingly whimsical, echoes broader internet discussions about bio-engineering and human-animal hybrids. Lastly, it demonstrates the diverse motives and methods of hacktivist groups.
The Future of Catgirls and Cybersecurity
While the likelihood of the INL taking up research on catgirls is slim, the breach itself is a serious matter. It underscores the need for heightened cybersecurity measures in sensitive facilities. As for SiegedSec, their influence in the realm of hacktivism is notable, blurring the lines between political activism, internet culture, and cybersecurity.
While the demand for catgirls is likely a playful facade, the breach at the Idaho National Laboratory is a reminder of the ongoing cybersecurity challenges facing institutions today. The INL’s breach is a wake-up call for enhanced security protocols in an era where cyber threats can come from the most unexpected sources.
If you drink wine like 75% of people, you’ve no doubt come across a situation where you screw something up. Years of experience as a sommelier have taught me how to handle most of those situations. Before you panic, here is the trick to open wine without an opener and other hacks to keep handy.
The Fresh Toast – You have been there, so here is a the trick to open wine without an opener and other hacks
Unchilled wine
Probably the most common issue that people have is they realize that, at the exact moment that they want a glass of rosé, the only bottle they have is at room temperature. If patience isn’t a virtue you possess, the absolute fastest method I’ve found to chill down a bottle without access to heavy machinery is to fill a large bucket with ice, add in half cup or so of salt (rock salt is perfect), and then fill about halfway with water. Put the bottle in, and turn it every 30 seconds or so. You should have a chilled bottle within about 5 minutes, though for sparkling wine you’d probably want to give it more like 10; the thicker bottles take longer to chill.
I face this one pretty regularly on the floor of the restaurant, and I have a range of tools at my disposal. Assuming you’re limited to standard wine openers, techniques here vary based on how badly broken the cork is. If the remaining part appears to still be solid, I’d just dive back in: this is where a waiter’s corkscrew comes in handy. If the cork is crumbling though, I often make the decision to just push the cork down into the wine. Some people would then filter the wine through a coffee filter, cheesecloth, or strainer, but I prefer to decant the wine into a clean vessel, and then pour it into another decanter: this allows me to get all or virtually all of the cork out without damaging the wine.
No wine opener
We’ve all been there: a bottle of wine and nothing to open it with. The best approach I’ve found is to us a fairly long key: your car key, perhaps, and to slowly work it into the cork. Once it’s in as far as it will go, you slowly twist the bottle while very gently pulling up. It can take a while, but it’s the safest method I’ve found, both for you and the bottle.
This does require at least a small bit of foresight: cleaning glasses is much easier if you don’t let the wine totally dry out, so at least putting some water in the glass at the end of the night will make your life a lot easier. I then like to use a wet cloth or rag, and no soap if I can avoid it, as I find that soap tends to leave streaks and stains on most wine glasses. If you have a hanging drying rack that’s ideal, but if that’s not an option then I start my glasses face down and then flip them about an hour later. I usually still have to polish them if I want them spotless (and by all means spend $8 on an actual polishing cloth), but it helps minimize the water spots.
There are several reasons why you’d want to use a VPN on your iPhone. Let’s first briefly talk about what a VPN is.
What is a VPN?
A VPN, or virtual private network, is a service that creates a secure connection over the internet between your iPhone and a remote server. This connection hides your IP address and encrypts your data, making it harder for others to track your online activities.
Protect Your Privacy and Security
If you don’t want your ISP, the government, hackers, or your employer to see what you’re doing on the internet, a VPN can help. It adds an extra layer of security, especially when connected to a public Wi-Fi network, protecting your data from potential threats.
Access Geo-Restricted Content
A VPN can also be used to access geo-restricted content. For instance, if you’re traveling in another country but want to access the US version of Netflix, a VPN can make it seem like you’re still at home, allowing you to access content that is typically unavailable in other countries.
So, if you’re concerned about privacy and security or want to access geo-restricted content, a VPN is just what you need on your iPhone. Now let’s discuss which VPN to choose and how to set it up.
When choosing a VPN, consider what you need from the service and how much you’re willing to pay. While there are free VPN options available, it’s recommended to go for paid options for better encryption, faster speeds, and more features.
Here are three paid VPNs that are considered some of the best:
ExpressVPN
This VPN offers high-quality service and a user-friendly app. It has a wide range of server locations and excellent security features. ExpressVPN is priced at $99.95 per year.
NordVPN
NordVPN’s iOS app is simple to use and offers cheaper introductory pricing of $60 for the first year. It provides various speciality servers, like Onion over VPN, which lets you use the Onion network.
Surfshark
Surfshark’s iOS app is the most affordable option, priced at $60 per year ($48 introductory price for the first year). It comes with features like dynamic multihop connections, an IP rotator, and an ad and tracker blocker.
To explore more VPN options, you can check out our full list of the best iPhone VPNs in 2023. However, it’s important to note that free VPNs may offer weaker encryption, slower speeds, and potential security risks due to data collection and advertisements.
Using a VPN on your iPhone is simple. Here’s a step-by-step guide:
Go to the App Store and search for the VPN app you want to use. Download and install it on your iPhone.
Open the VPN application, create an account, and sign up for a plan. Look for any available free trials or special offers.
Choose a location and connect to the VPN server. You may be asked to install a new VPN profile on your iPhone, which can be done by tapping “Allow” and entering your passcode.
Once connected, explore the various settings in your VPN app. Many VPNs allow for multiple simultaneous connections, so you can protect your other devices as well.
If you want quick access to your VPN, go to Settings > VPN. From there, you can easily disconnect and connect to the last VPN server you were connected to.
By following these steps, you can enjoy the benefits of using a VPN on your iPhone and ensure your privacy and security while browsing the internet.
Chinese technology giant Huawei has had it with European Union officials calling it a “high-risk” supplier.
The firm, a leading manufacturer of telecoms equipment, filed a complaint with the European Ombudsman office last month after the bloc’s industry chief Thierry Breton described Huawei and its smaller Chinese rival ZTE as “high-risk suppliers” at a press conference on June 15.
Breton was presenting a report reviewing the EU’s policies on secure 5G, which allow member countries to restrict or prohibit “entities considered high-risk suppliers, notably because they are subject to highly intrusive, third countries laws on national intelligence and data security,” the commissioner said, naming both Huawei and ZTE in his statements.
Huawei told POLITICO in a statement Friday that the company “strongly opposes and disagrees with the comments made by the European Commission representatives publicly naming and shaming an individual company without legal basis while lacking any justification or due process,” confirming the firm is the one behind the complaint with the EU Ombudsman.
“We expect the European Commission to address our claims and rectify their comments for the sake of Huawei’s reputation,” the spokesperson added.
The European Ombudsman found “insufficient grounds to open an inquiry into the comments themselves” but it has asked the Commission to send Huawei a reply to its complaints by November 3, Michal Zuk, a communication officer for the EU watchdog, told POLITICO.
The Shenzhen-based company has been fighting restrictions on the use of its 5G kit for the past few years. It has fought and lost a court challenge in Sweden against the country’s telecoms regulator and more recently filed a lawsuit with a Lisbon court against a resolution by Portugal’s cybersecurity regulator.
At the core of Western concerns surrounding Huawei is whether the firm can be instrumentalized, pressured or infiltrated by the Chinese government to gain access to critical data in Western countries.
The Commission didn’t immediately respond to POLITICO’s request for comment.
Opinions expressed by Entrepreneur contributors are their own.
If your company was hit by ransomware today, who would you call? Or perhaps a better question: How would you call them? It sounds absurd, but as a cybersecurity expert, I’ve seen organizations paralyzed in the first hours after an incident simply because nobody knows anyone’s cell number anymore. Without access to email or messaging systems, communication grinds to a halt and workers, customers and suppliers are all left wondering what is going on. Panic rapidly escalates into a crisis.
There’s a tendency to think about cybersecurity as being the responsibility of the IT or security department. But protecting your company comes down to two things: organizational culture and planning. That’s why some of the most important people on cyber defense aren’t in the IT team — they’re in human resources.
The HR team is uniquely placed to embed cybersecurity preparedness into the everyday working of an organization. It’s responsible for building the policies and processes to mitigate risks and ensure the business has the competencies to be resilient to foreseeable challenges — and those include cyberattacks. And as the custodians of employees’ sensitive personal information, HR teams are themselves prime targets for hackers.
Unfortunately, this vital role is often overlooked. So here are five ways HR can help make your business a tough target for cybercriminals.
Eternal vigilance is the price of our liberty to roam the internet. The number of threats is mind-blowing — a recent report found the average education institution faces more than 2,300 attempts to breach its systems in a week, while healthcare organizations fend off more than 1,600 attacks. With so many digital grenades being lobbed, it’s incredibly hard to catch them all. However, a strong cybersecurity culture helps an organization defend against attacks and limits the blast radius when one does get through. The tough part: Everyone has to be on the same page when it comes to online behaviors.
Step one is to ensure you have the training tools so that employees know what they should and should not be doing. Most organizations are reasonably good at this. Whereas, many fall short by not putting that information into practice every day.
The best way to ensure that everyone considers cybersecurity a fundamental part of their responsibilities is to build it into performance reviews. This should not take the form of calling out workers for every dodgy link they click on. Instead, it should be a constructive conversation about how they’re keeping up with their cyber literacy training. There are cyber health-check tools that workers can use to analyze their online behavior and address weaknesses (like reusing Pa$$w0rd across half the internet or not using two-factor authentication) and often these can be used to track progress toward cybersecurity goals at an organizational level.
When safety precautions are regularly discussed, they just become part of how you do business.
Protect your crown jewels
HR has custody of some of the most sensitive information in an organization — and hackers know this. In the past five years or so, many companies have adopted platforms that enable employees to self-serve routine tasks like vacation requests. However, third-party platforms come with risks. Hackers target them in so-called supply chain attacks, knowing that if they get lucky, they can access troves of information from multiple companies. In 2021, more than 300 organizations were breached in a hack of a widely used file transfer system. One of these was the University of California, which said the information exposed included employees’ social security numbers, driver’s licenses and passport details (the UC system offered its staff free ID monitoring services).
Job one for HR professionals is to ensure employee data remains confidential. Perform extensive due diligence before your organization signs up for any third-party HR service. Only consider companies that comply with international standards (SOC 2 and ISO 27001 are the main ones to look out for) and check online for reports of security incidents at the site in the past few years. Also, look into where your data is being stored and how it is being backed up. Depending on your location and industry, you may have to comply with data residency laws.
Stop hoarding data
Updating the data retention policy should be on the to-do list of every HR department. I say updating because every company has a data retention policy whether they know it or not. If yours isn’t written down, then your policy is simply to keep everything forever. And that exposes you to considerable risk. The more data you have, the worse a breach can be — it’s especially bad if you’re hoarding data you no longer need. Many jurisdictions have limits on how long companies should retain sensitive information — it’s often around seven years for records on former employees.
Figure out who will call the shots when a breach happens
Cybersecurity may be everyone’s day-to-day responsibility, but when an attack gets through there should be one person in charge of the response. In cybersecurity lingo, we call this the incident commander. While everyone can have an opinion on the best course of action, decision-making power rests with them.
The job spec for incident commander only has one line: It’s whoever best understands cybersecurity issues in your organization. Depending on the size of your business, that might be a cybersecurity leader, the head of IT or it could be Joanne in accounting who took a few courses on this stuff. Whoever it is, make sure you’ve identified them before an incident happens and have clearly communicated that to your team. Once a cybersecurity incident happens, events move quickly — in one case I was involved in, the hackers gave a 45-minute warning before starting to post sensitive information — so you don’t want to waste time figuring out who’s in charge.
Run some drills
Planning is only one half of the equation. Practice is the other. Plenty of research has shown that people don’t think clearly in stressful situations. We perform drills for fires and earthquakes to give us a framework to fall back on in an emergency. The same idea works for cybersecurity incidents. Set aside two hours once a year to run a tabletop exercise with key staff that simulates what you’ll do if the company is hacked. In these exercises, someone takes the role of a moderator to explain the nature of the attack and what’s been affected, while everyone else plays out how they’d respond.
The first time you conduct the exercise, it’ll likely be a mess — but that’s the point. The scramble to figure things out will reveal the gaps in your plans. Over time, the drills will become second nature.
Put the incident team’s phone numbers down on paper and update the list regularly. Yes, it’s old school. Yes, it’s annoying. And yes, one day you’ll be thankful you did.
Opinions expressed by Entrepreneur contributors are their own.
Data is the most valuable asset in today’s interconnected world, where ones and zeroes reign supreme. However, securing every last byte of the predicted 181 zettabytes of data that will be consumed by 2025 is a dystopia in and of itself. So, as a business leader, it’s not a matter of if but when your organization will face a cyber incident.
Immediate financial losses aren’t the worst part of a data breach. In fact, the lasting effects are the more troublesome ones. Long-term implications of a data breach spread across a company and impact its reputation, customers, workforce, databases and even its network architecture.
How you react following an attack has an enormous influence on the effectiveness of your recuperation efforts and the long-term viability of your organization. In this article, we will explore the essential steps business leaders should take and the pitfalls to avoid in the challenging journey after a hack.
Much like death and taxes, cyberattacks are now a part of everyday life. By following a prepared strategy, the actions you take can maintain data security, significantly reduce risk and help mitigate some of the fallout.
The first hours and days following a cyberattack are crucial. Unfortunately, in many cases, weeks and months can pass before companies realize they are breached. The sooner you respond, the better your chances of minimizing its impact on your organization. Quickly finding breached endpoints and servers and rapidly segregating them should be prioritized. This strategy prevents lateral movement within the corporate network and hinders dangerous code from infecting further systems.
Successful containment brings us to the next phase — assessing the scope of the hack. A major part of efficient recovery depends on knowing how large the breach is. Conduct a thorough investigation to determine what data has been compromised and how it could affect your company’s operations. Before restarting operations, do a comprehensive analysis, uncover any vulnerabilities, fix them and ensure all affected systems are secure. Depending on the scope and resources of your in-house IT team, you can either employ vulnerability management tools or engage the expertise of a seasoned cybersecurity firm.
Perform a thorough evaluation of your current security protocols, policies and technologies when there is even a slight indication of a breach. Identify any vulnerabilities or loopholes that were exploited during the assault and put strong measures in place to stop similar attacks in the future.
The primary actions to consider here include implementing a Secure Access Service Edge solution (SASE), an Identity Access Management solution (IAM), Endpoint Threat Detection and Response (EDR) cloud security solutions and a combination of Unified Endpoint Management (UEMs) and endpoint security solutions. Regardless of the blend of tools and solutions you choose, the end goal should always be to promote a culture of zero trust in the digital landscape.
Employees tend to be the most vulnerable branch of a company’s security architecture. Cybercriminals exploit these human vulnerabilities through social engineering and phishing attacks. Reports show that 74% of all attacks last year were instigated due to human error. So, routinely instruct your employees on cybersecurity best practices, highlighting the need to use strong passwords, spot phishing scams and adhere to safe protocols. When executed successfully, employee education is a strong deterrent against future assaults.
Like a seasoned gladiator ready for battle, merely arming yourself for the hack is insufficient; you must also be prepared to defend yourself from attacks. Frequently put your crisis response plans to the test and refine them via simulated exercises. Through such drills, you can identify any shortcomings or deficits in your response capabilities and fine-tune the process. A well-trained team can react swiftly and efficiently to reduce the damage brought on by a breach.
Critical mistakes to avoid post-hack
Recovering from a hack is a strenuous and exhausting endeavor, and there are certain obstacles or pitfalls to avoid that could turn a fiery blaze into a roaring inferno.
The most important thing is that there is no room for denial. Hiding a breach under the rug or downplaying its severity only worsens the situation and builds distrust among stakeholders. Transparency is crucial after a cyberattack. Inform your staff, clients, business partners and the proper authorities as soon as possible about the incident and its severity. It’s also important to control your reputation and communicate effectively. Ignoring public relations can have a long-lasting negative effect on your brand and customer loyalty.
Another mistake is overlooking the importance of cybersecurity insurance. Cyber insurance is a critical part of any company’s risk management strategy. Even companies with robust security systems are susceptible to hacking, and cyber insurance may help shield them from the resulting financial fallout. The global average cost of a single data breach was $4.25 million last year. Compared to that, the cost of a comprehensive insurance policy is only a fraction of that amount.
A cyberattack is likely to happen to any organization that functions digitally, but how an organization responds to such an incident matters. Successfully navigating the path to recovery helps organizations emerge stronger, more resilient and better prepared to turn victimhood into vigilance. Life following a hack presents an opportunity to grow and fortify your organization against new threats looming over the horizon.
On April 4, Sam Sabetan, an offensive security engineer at Amazon, published findings that Nexx’s smart device products are subject to chilling vulnerabilities — including hackers being able to remotely open users’ garage doors without their consent. Other vulnerabilities include being able to take control of alarms and switch smart plugs on and off for any user.
Sabetan stated that hackers could open garage doors from anywhere in the world.
“It is estimated that over 40,000 devices, located in both residential and commercial properties, are impacted,” he wrote in a Medium blog post. “Furthermore, I determined that more than 20,000 individuals have active Nexx accounts.”
Sabetan also stated that Nexx has “consistently ignored” all attempts at communication from him, the media and the Department of Homeland Security. Sabetan advises any Nexx users to immediately disconnect all devices until the issues are confirmed to be resolved.
The Cybersecurity and Infrastructure Security Agency also posted a warning about the Nexx Garage Door Controller, Smart Plug and Smart Alarm’s vulnerabilities.
Nexx has not responded to the claims. However, on its website, the tabs for Garage, Alarm and Plug all show a “Page Not Found” message as of Thursday morning.
Screenshot of Nexx’s Smart Garage tab on Thursday, April 6, 2023, at 11:01 a.m.
Opinions expressed by Entrepreneur contributors are their own.
Who would know better about protecting a complex system from exploitation than a gifted hacker tasked with destroying it?
That is how the now decades-old cottage industry of white-hat hackers continues to thrive across sectors in tech development. For those unfamiliar, a “white hat” refers to an ethical security hacker, typically hired by companies or governments to identify security vulnerabilities in a system or software. These hackers operate under the owner’s consent to test out many attacks against programs or even entire infrastructures to uncover potential exploitations before someone more nefarious reaches it.
Despite its legal ambivalence, white hats are still commonly used as a high-intensity stress test, specifically in cybersecurity. More recently, “white hat” has become a marketing term used to launch products created by individuals with a past in more unscrupulous hacking circles —repurposing their skills to create a product or program of superior, “hacker-proof” quality.
But the concept of a white hat or products created by a benevolent troublemaker has fallen out of style in many mainstream fields of tech development. Now, any tech entrepreneur is a free agent to whichever tech trend happens to be in vogue, and “disruptors” is a hollow buzzword deployed by startup marketing teams.
Just look at how many projects and funds have pivoted back to AI now that the industry is reaching new heights of innovation and adoption. Trends drive funding and growth in any industry, but it becomes increasingly apparent when leading funds and investors radically change the projects they back, and every other accelerator follows suit to ride a wave. It creates an environment where worthy projects might miss out on valuable funding or attention because their industry isn’t in a trendy tech investment listicle.
With that in mind, do entrepreneurs and investors have the wrong mindset when exploring certain tech sectors?
Part of the charm of white hat security comes from adopting a new perspective on a seemingly taboo or illicit part of tech culture and communities. It’s a real-life example of keeping your friends close but your enemies closer. But with so many tech entrepreneurs and VCs chasing trends, it’s harder for other parts of tech to escape being overlooked.
Some might argue the taboo parts of tech culture have nothing that might benefit mainstream adoption. This argument is understandable, considering how underground tech fixtures are either built to be exploitative or harnessed for unsavory purposes. Reframing fringe developments for other uses may look like an endorsement or put projects in a morally grey area.
That being said, tech entrepreneurs and investors historically don’t have a problem with being in the grey when it comes to backing projects or entire sectors. Case in point: Bitcoin and crypto, in general, were perceived as a tool for overtly criminal activity, such as buying drugs on the dark web.
The dark web is probably one of the murkiest parts of the internet, yet many everyday users don’t actually understand what it entails. The dark web allows private computer networks to communicate and transact completely anonymously by hosting internet content through highly-guarded overlay networks that can only be accessed through specific software or authorization. This kind of technology could be highly beneficial if it wasn’t infamously associated with terrorism, child exploitation and other forms of violence.
Polls repeatedly show Americans don’t like government and corporate surveillance. And even Westerners who aren’t as concerned about companies like Meta and Google tracking their internet activity understand the value censorship resistance offers activists and journalists seeking to share information under totalitarian regimes.
But most entrepreneurs wouldn’t even consider repurposing the dark web’s technological underpinnings due to its reputation. A white-hat mentality, for example, could be enormously beneficial in trying to keep the good in the dark web while finding ways to mitigate or even eliminate the bad.
tomi, an anonymous project that claims to be led by crypto-industry leaders, has taken this approach in building its own alternative internet network. The idea is to ensure the free flow of information without government or corporate surveillance and prevent violence and illicit activity via tomiDAO, its community-led governance model.
Even AI has already been utilized for disreputable purposes. AI-based facial recognition has landed companies in hot water for illegal usage, not to mention the controversy caused by deepfakes and data privacy being compromised by generative AI. Yet there are few convincing arguments to completely abandon AI for benevolent reasons because it’s being used for dubious purposes.
Innovation can often come from the most unlikely places, but adopting a trend-focused or narrow-minded approach to tech development will cause entire sectors to be discarded or pushed further to the sidelines. If we want to see more white hat-style development that creates the most interesting and generous tech products possible, it will require entrepreneurs and investors to shift their perspective. While not every seedy sector of tech has a hidden treasure trove of use cases waiting to be discovered, it would be worthwhile to look at the perimeter to at least examine how certain technologies can be used to benefit everyone.
Italy’s National Cybersecurity Agency (ACN) warned on Sunday of a large-scale campaign to spread ransomware on thousands of computer servers across Europe and North America.
France, Finland and Italy are the most affected countries in Europe at the moment, while the U.S. and Canada also have a high number of targets, the ACN warned, according to Italian news agency ANSA.
The attack targets vulnerabilities in VMware ESXi technology that were previously discovered but that still leave many organizations vulnerable to intrusion by hackers.
“These types of servers had been targeted by hackers in the past due to their vulnerability,” according to ACN. “However, this vulnerability of the server was not completely fixed, leaving an open door to hackers for new attacks.”
France was the first country to detect the attack, according ANSA.
The French cybersecurity agency ANSSI on Friday released an alert to warn organizations to patch the vulnerability.
It is estimated that thousands of computer servers have been compromised around the world, and according to analysts the number is likely to increase. Experts are warning organizations to take action to avoid being locked out of their systems.
Europe’s largest economy Germany hasn’t kicked its habit of using Chinese kit for its 5G telecoms networks yet.
A new study analyzing Huawei’s market share in Europe estimates that Germany relies on Chinese technology for 59 percent of its 5G networks. Other key markets including Italy and the Netherlands are also among eight countries where over half of 5G networks run on Chinese equipment.
The study, by Copenhagen-based telecoms consultancy Strand Consult, offers a rare glimpse of how some telecoms operators have relied on Chinese vendors Huawei and ZTE in the early stage of Europe’s 5G rollout. The figures also underline one of Western officials’ fears: that Europe’s pushback against Chinese technology for communications networks was slow to wean operators off Huawei.
“It’s easier to preach than to practice,” said John Strand, founder of the consultancy, of EU governments’ hesitance to throw up clear barriers to using Chinese telecoms equipment.
“It is more dangerous to be dependent on Chinese telecoms networks than to be dependent on Russian gas. Digital infrastructure is the fundament of society,” Strand said.
The study matches a warning by the European Commission’s digital chief Margrethe Vestager, who said last month that “a number of countries have passed legislation but they have not put it into effect … Making it work is even better.”
“It is not only Germany, but it is also Germany,” Vestager said in November.
Germany’s ministries of digital affairs, interior and economic affairs didn’t immediately respond to a request for comment.
Huawei also didn’t immediately respond to a request for comment.
Clinging to Huawei kit
European governments in the past two years have imposed security policies on the telecoms industry to cut down on Chinese kit.
In some countries, this has led to a full stop on using Huawei and its smaller Chinese rival ZTE. Strand’s study estimates that nine EU countries, as well as Norway and the Faroe Islands, have no Chinese equipment in new 5G networks at all. France (17 percent) and Belgium (30 percent) have a much lower presence of Chinese kit in 5G than was the case in their 4G and 3G networks.
But the EU regime on using Chinese technology in 5G is a patchwork. In other EU countries those policies either allow for operators to still rely on Huawei for parts of their networks or require the government to actively step in to stop deals.
The Berlin government in the past two years was criticized for being slow in setting up the legal framework that now allows it to intervene on contracts between operators and vendors if ministers choose to do so. Olaf Scholz’s government has taken a more critical stance on Chinese technology and just last month blocked Chinese investors from buying a German chip plant over potential security threats.
But Germany’s largest operator Deutsche Telekom has also maintained a strategic partnership with Huawei for years and it and others have worked with Huawei on the early stages of rolling out 5G, Strand’s report suggests.
In Italy, the government has “golden powers” to stop contracts with Huawei. The former government led by Mario Draghi, seen as close to the U.S., intervened on a couple of deals but it is still unclear how the current government led by far-right Prime Minister Giorgia Meloni will position itself.
In other, smaller countries like the Netherlands, operators were quick to launch 5G networks and some did so using Huawei, especially in “radio access network” (RAN) parts — effectively preempting EU and national decisions to cut down on Chinese kit.
Strand’s data, gathered from European industry players in the past months, show Huawei was quick to provide operators with 5G gear in the first stages of Europe’s rollout.
But another boutique telecoms consultancy, Dell’Oro, compiled data recently that showed the firm in the past year started running into serious obstacles in selling its kit.
As of early last year — right as European officials were changing direction on 5G security — Sweden’s Ericsson overtook Huawei in market share of new European sales of radio access network (RAN) equipment for 3G, 4G and 5G equipment, according to updated figures Dell’Oro compiled this summer, shared with POLITICO by an industry official. Radio access networks make up the largest chunk of network investment and include base stations and antennas.
For 5G RAN specifically, Huawei lost its initial position as a market leader at the start of the rollout; it now provides 22 percent of sales, with Ericsson at 42 percent and Nokia at 32 percent in Europe, Dell’Oro estimated.
A POLITICO investigation last month revealed how the Chinese tech giant was consolidating its operations in Europe and scaling down its lobbying and branding operations across a series of important markets, including France, the United Kingdom and its European representation in Brussels.
Pressed by the United States and increasingly shunned on a continent it once considered its most strategic overseas market, Huawei is pivoting back toward the Chinese market, focusing its remaining European attention on just a few countries, among them Germany.
China hawks, however, fear that Huawei could continue to supply 5G equipment because of the loopholes and political considerations of national governments.
The new figures could serve as “an eye opener for a lot of governments and regulators in Europe,” Strand said.
PARIS — A Moroccan secret service agent, identified as Mohamed Belahrech, has emerged as one of the key operators in the Qatar corruption scandal that has shaken the foundations of the European Parliament. His codename is M118, and he’s been running circles around European spy agencies for years.
Belahrech seems at the center of an intricate web that extends from Qatar and Morocco to Italy, Poland and Belgium. He is suspected of having been engaged in intense lobbying efforts and alleged corruption targeting European MEPs in recent years. And it turns out he’s been known to European intelligence services for some time.
Rabat is increasingly in the spotlight, as focus widens beyond the role of Qatar in the corruption allegations of European MEPs, which saw Belgian police seizing equipment and more than €1.5 million in cash in raids across at least 20 homes and offices.
Belgian Justice Minister Vincent Van Quickenborne last week provided a scarcely veiled indication that Morocco was involved in the probe. Speaking to Belgian lawmakers, he referred to “a country that in recent years has already been mentioned … when it comes to interference.” This is understood to refer to Morocco, since Rabat’s security service has been accused of espionage in Belgium, where there is a large diaspora of Moroccans.
According to Italian daily La Repubblica and the Belgian Le Soir, Belahrech is one of the links connecting former MEP Pier Antonio Panzeri to the Moroccan secret service, the DGED. The Italian politician Panzeri is now in jail, facing preliminary charges of corruption in the investigation as to whether Morocco and Qatar bought influence in the European Parliament.
In a cache of Moroccan diplomatic cables leaked by a hacker in 2014 and 2015 (and seen by POLITICO), Panzeri is described as “a close friend” of Morocco, “an influential ally” who is “capable of fighting the growing activism of our enemies at the European Parliament.”
Investigators are now looking at just how close a friend Panzeri was to Morocco. The Belgian extradition request for Panzeri’s wife and daughter, who are also allegedly involved in the corruption scandal, mentions “gifts” from Abderrahim Atmoun, Morocco’s ambassador to Warsaw.
For several years, Panzeri shared the presidency of the joint EU-Morocco parliamentary committee with Atmoun, a seasoned diplomat keen on promoting Morocco’s interests in the Brussels bubble.
But it’s now suspected that Atmoun was taking orders from Belahrech, who is “a dangerous man,” an official with knowledge of the investigation said to Le Soir. It’s under Belahrech’s watch that Panzeri reportedly sealed his association with Morocco’s DGED after failing to get reelected to the Parliament in 2019.
Belharech may also be the key to unraveling one of the lingering mysteries of the Qatar scandal: the money trail. A Belgian extradition request seen by POLITICO refers to an enigmatic character linked to a credit card given to Panzeri’s relatives — who is known as “the giant.” Speculation is swirling as to whether Belahrech could be this giant.
The many lives of a Moroccan spy
Belahrech is no newbie in European spy circles — media reports trace his presence back to several espionage cases over the past decade.
The man from Rabat first caught the authorities’ attention in connection to alleged infiltration of Spanish mosques, which in 2013 resulted in the deportation of the Moroccan director of an Islamic organization in Catalonia, according to Spanish daily El Confidencial.
Belahrech was allegedly in charge of running agents in the mosques at the behest of the DGED, while his wife was suspected of money laundering via a Spain-based travel agency. The network was dismantled in 2015, according to El Mundo.
Not long after, Belahrech reemerged in France, where he played a leading role in a corruption case at Orly airport in Paris.
A Moroccan agent, identified at the time as Mohamed B., allegedly obtained up to 200 confidential files on terrorism suspects in France from a French border officer, according to an investigation published in Libération.
The officer, who was detained and put under formal investigation in 2017, allegedly provided confidential material regarding individuals on terrorist watchlists — and possible people of interest transiting through the airport — to the Moroccan agent in exchange for four-star holidays in Morocco.
French authorities reportedly did not press charges against Belahrech, who disappeared when his network was busted. According to a French official with knowledge of the investigation, Belahrech was cooperating with France at the time by providing intelligence on counterterrorism matters, and was let off for this reason.
Moroccan secret service agents may act as intelligence providers for European agencies while simultaneously coordinating influence operations in those same countries, two people familiar with intelligence services coordination told POLITICO. For that reason, European countries sometimes turn a blind eye to practices that could be qualified as interference, they added, so long as this remains unobtrusive.
Contacted, the intelligence services of France, Spain and Morocco did not immediately reply to a request for comment.
As to Belahrech: Five years after his foray in France, the mysterious M118 is back in the spotlight — raising questions over his ongoing relationship with European intelligence networks.
Hackers have allegedly demanded approximately Rs 200 crore in cryptocurrency from the All India Institute of Medical Sciences (AIIMS), Delhi, whose server has been down for six days in a row, news agency PTI reported quoting sources.
It is feared that the breach discovered on Wednesday morning may have compromised the data of 3–4 crore patients.
The report quoted sources as saying that because the server was still down, patient care services in the emergency, outpatient, inpatient, and laboratory wings were managed manually.
The ransomware attack is being looked into by the Delhi Police, the Ministry of Home Affairs, and the India Computer Emergency Response Team (CERT-IN).
The Intelligence Fusion and Strategic Operations (IFSO) division of the Delhi Police has filed a case of extortion and cyberterrorism.
Internet access has reportedly been disabled on hospital computers based on the recommendations of the investigating agencies.
Several VIPs, including former prime ministers, ministers, bureaucrats, and judges, had their data stored.
“Hackers have allegedly demanded around Rs 200 crore in cryptocurrency,” one of the sources told PTI.
The NIC e-hospital database and application servers have been back online in the interim. Other e-hospital servers at AIIMS that are necessary for the provision of hospital services are being scanned and cleaned by the NIC team.
The databases and applications have been scanned and prepared for four physical servers set up for restoring e-hospital services.
In addition, the AIIMS network is being sanitised. Antivirus solutions for servers and computers have been planned. It has been installed on nearly 1,200 of the 5,000 computers available. Twenty out of fifty servers have been scanned, and this activity is ongoing 24 hours a day, seven days a week.
The Chinese telecoms giant is pushing out its pedigreed Western lobbyists, retrenching its European operations and putting its ambitions for global leadership on ice.
The reasons for doing this have little to do with the company’s commercial potential — Huawei is still able to offer cutting-edge technology at lower costs than its competitors — and everything to do with politics, according to interviews with more than 20 current and former staff and strategic advisers to the company.
Pressed by the United States and increasingly shunned on a Continent it once considered its most strategic overseas market, Huawei is pivoting back toward the Chinese market, focusing its remaining European attention on the few countries — Germany and Spain, but also Hungary — still willing to play host to a company widely viewed in the West as a security risk.
“It’s no longer a company floating on globalization,” said one Huawei official. “It’s a company saving its ass on the domestic market.” Like most of the other Huawei employees interviewed for this article, the official spoke on the condition of anonymity to freely describe the company’s travails.
Huawei’s predicament was summed up by the company’s founder Ren Zhengfei in a speech to executives at the company’s Shenzhen headquarters in July. He laid out the trifecta of challenges the company has faced over the last three years: hostility from Washington; disruptions from the coronavirus pandemic; and Russia’s invasion of Ukraine, which upended global supply chains and heightened European concerns about over-dependence on countries like China.
“The environment we faced in 2019 was different from the one we face today,” Ren said in his speech, which wasn’t made public but was seen by POLITICO. “Don’t assume that we will have a brighter future.”
“We previously had an ideal for globalization striving to serve all humanity,” he added. “What is our ideal today? Survival!”
‘The moment globalist Huawei died’
As the company goes into hibernation in the West, it’s sidelining or pushing out the senior Western managers it hired just a few years ago to counter the U.S. assault on its business.
“Westerners were listened to,” one Huawei official working in Europe said. “This is no longer the case … No one is listening.”
Huawei’s Brussels office — once a key hub for the company to lobby against European restrictions on its kit — has been folded fully into European management, now headquartered in Düsseldorf.
The office this summer lost its head of communications, Phil Herd, a former BBC journalist who joined the company in October 2019 at the start of its pushback against political pressure in Europe. The office has also recently lost at least three other key staff members handling lobbying and policy. (Tony) Jin Yong, the chief representative to the Brussels institutions, is now in charge of government affairs across Western Europe and spends most of his time in the Düsseldorf office.
Employees sits in a meeting room inside Huawei Technologies Co. Cyber Security Transparency Centre in Brussels | Yuriko Nakao/Bloomberg via Getty Images
In London, Huawei’s U.K. Director of Communications Paul Harrison left his role in October, with other officials leaving around the same time. Harrison joined Huawei from a senior news editing job at U.K. broadcaster Sky News in 2019.
In Paris, the company’s Marketing and Communications Director Stéphane Curtelin left his role in September, the local magazine Challenges reported. Before then, the Paris office lost its Head of Government and Security Affairs Vincent de Crayencour, a veteran French cybersecurity official with extensive government experience who joined Huawei in 2020. The company’s Chief Representative of the Paris Office Linda Han also left her role before the summer.
In Warsaw, the company’s local PR manager Szymon Solnica departed Huawei in September. “The crises I’ve dealt with on a daily basis in recent years were colossal ones,” he wrote in a LinkedIn post announcing his departure.
Huawei officials speaking in authorized interviews dismissed the departures as regular turnover. “There is a fluctuation always in companies, not only in Huawei … Some people are leaving and some other people are coming,” a spokesperson for Huawei Europe said in an authorized interview last week.
But others in the company privately acknowledged the departures reflect a radical shift that began in September 2021.
“The moment Meng got off the plane was the moment the globalist Huawei died,” one official said.
As the daughter of the founder — and the presumptive heir to the company’s leadership — Meng had played a key role in the legal and public relations fight between Huawei and Washington. Since returning from Canada, she reached Huawei’s top ranks as deputy chairwoman at the company’s headquarters and triggered a corporate reshuffle at the top.
(Catherine) Chen Lifang, who led the firm’s global communications department during the height of American pressure, was moved off the board of directors and into a role on the supervisory board.
The global comms department is now represented on Huawei’s board by Peng Bo, known in Europe as Vincent Peng, the former president of Huawei’s Western Europe region. Peng’s ascendency is part of the company’s efforts to move its European operations closer to Shenzhen.
The agenda to streamline public affairs in Europe is led by Guo Aibing — a former journalist for Bloomberg News in Hong Kong. Guo was parachuted into Europe and is executing cuts and consolidation of the firm’s lobbying and communication across the Continent.
The company is also restructuring its activities in Europe. The company’s plans — previously unannounced — are to consolidate the entire Continent into just one area of operations, headquartered in Düsseldorf.
Hampers and gifts at the new Huawei store in Barcelona | Paco Freire/SOPA Images/LightRocket via Getty Images
Huawei currently divides the Continent into two markets: Western Europe, run from Düsseldorf; and Eastern Europe and the Nordics, with a top executive based in Warsaw.
The restructuring “will help us to bring more synergies within the whole European business operation; will bring more value more directly to our customers here in Europe,” said the Huawei Europe spokesperson.
Broadly, the company’s staffing levels, currently around 12,000 people, will remain “stable,” the spokesperson said.
The company is also retrenching elsewhere, according to Ren. “We will give up markets in some countries,” the firm’s founder said in his speech this summer. “For example, we will give up markets in the Five Eyes countries and India.”
The “Five Eyes” refers to an intelligence-sharing arrangement between the U.S., U.K., Canada, Australia and New Zealand. All five countries have banned or are in the process of banning Huawei and other Chinese companies from their critical infrastructure because of security concerns.
Instead, Huawei is concentrating on its domestic market, which accounts for a large proportion of global 5G and where Sweden’s Ericsson and Finland’s Nokia are struggling to maintain market share.
Trump effect
Huawei’s strategic retreat is remarkable for a company that until recently poured millions of euros into lobbyists and PR campaigns in an effort to expand and maintain its European foothold.
Throughout most of the 2010s, Huawei was considered by many in Europe to be a friendly face among the tech firms cuddling up to power. Peculiar in its approaches, yes, but cordial and — to many — beneficial to the Continent’s interests because it increased competition and cut the price tag on the next generation of telecoms networks.
The company became known for its generous gift bags, often including a Huawei phone, and lavish parties in glamorous venues featuring fancy buffets and dance performances — like its reception celebrating the Chinese new year at the Concert Noble in Brussels.
Glitzy bashes later became part of a supercharged response to political headwinds from Washington over concerns that the Chinese-built telecoms infrastructure poses a serious security and spying risk.
Those headwinds started blowing under U.S. President Barack Obama’s administration but reached hurricane force following Donald Trump’s election. By 2019, the company was under American sanctions, with Ren’s daughter Meng in Canada awaiting the result of a U.S. extradition request.
Keith Krach, a former under-secretary of state in the Trump administration, recalled how Washington was “hitting the panic button.”
He recalled asking European ministers about their relationship with China. “And they’d say, ‘Well, they’re an important trading partner’ and all that. And then they looked at both sides of the room, there’s nobody in the room, and whispered to me: ‘But we don’t trust them.’”
To navigate the geopolitical storm, the firm offered six-figure salaries to top operators across the Western world. It assembled a high-caliber team of former Western journalists and politicians with direct lines to places of power like the Elysée and Westminster, POLITICO learned from several who received such offers.
Initially, the gambit seemed to work.
Huawei’s message — that the U.S. itself posed spying risks and that Washington’s aggression was driven by economic interests — gained traction, particularly in places like Germany, where Trump proved a useful foil.
“The case that Trump made was almost more counterproductive,” said Thorsten Benner, director of the Global Public Policy Institute in Berlin. Huawei also received support from big telco operators, who saw value in the cheap equipment combined with responsive customer service.
By the beginning of 2020, Huawei seemed to have weathered U.S. calls for all-out bans. On January 28, then-U.K. Prime Minister Boris Johnson gave the company the green light to build part of the country’s 5G infrastructure. Just a day later, the European Union presented a plan to shift away from over-reliance on Chinese vendors but left the door open for Huawei to lobby national governments to keep market access for its technology.
Keith Krach said the U.S. was hitting the panic button | Riccardo Savi/Getty Images for Concordia Summit
Then came the pandemic. With the coronavirus originating from Wuhan killing thousands, Trump ramped up his anti-China broadside in May 2020 with fresh sanctions against Huawei that basically cut off their supply of semiconductors.
By July, the U.K.’s Johnson completely reversed course and announced all Huawei equipment would have to be stripped from British 5G networks, even as the government estimated the move would delay the rollout of the technology and add half a billion pounds in costs.
Throughout 2020 and 2021, European governments including France, Sweden, Romania, the Baltic countries, Belgium and Denmark either banned Huawei equipment in key parts of the country’s 5G network or required its operators to wean themselves off its kit in the medium term.
Huawei’s smartphone business — once on its way to challenging Apple and Samsung in Europe — meanwhile was crushed by U.S. sanctions that cut its devices off from Android, the Google-owned operating system.
Putin changes the calculus
These setbacks were painful, but they weren’t yet considered fatal. Trump’s election loss and the ebbing of the pandemic in Europe seemed to offer an opportunity for a counteroffensive.
At the beginning of 2021, Huawei’s Brussels lobbyists were still optimistic that Europe’s hunger for cheap, speedy 5G installation would win out over security concerns. They even had meetings lined up in the European Parliament to make their case.
Those meetings got canceled on February 24, the day Putin launched his all-out invasion of Ukraine. For many in Europe, the risk-benefit calculation regarding Huawei had changed overnight.
“The biggest change I’ve seen came from the realization that we’re dependent on Russian gas — especially in Germany,” said John Strand, a telecoms analyst who has tracked Huawei’s market impact in Europe for the past years. “It begs the question: What’s worse, being dependent on Russian gas or on Chinese telecoms infrastructure?”
Under President Joe Biden, pressure on Huawei only increased, and Washington’s warnings now come from a more sympathetic messenger. In October, the European Commission issued a fresh warning against using Huawei technology to underpin 5G networks, and the U.K. government reaffirmed its requirement to strip Huawei equipment from British telecoms infrastructure.
The company’s travails have knocked the legs from underneath its lobbying efforts — and eaten into its market share.
Before the pandemic, the company regularly hosted European politicians, journalists and business leaders at its Shenzhen headquarters, a massive campus with buildings in different European architectural styles showcasing its global ambitions.
China’s zero-COVID policy made that impossible.
The company for years was the biggest spender at the annual Mobile World Congress in Barcelona, the world’s largest telecoms industry event. This year, the company’s on-the-ground presence was a pale imitation of previous showings, which it used to launch new products with razzle-dazzle and astronomical marketing budgets.
But perhaps no high-flying event illustrates the extent of the turnaround than the World Economic Forum in Davos, which once counted Huawei among its main sponsors. On January 21, 2020, just a week before Johnson sided with Huawei over Trump, Ren was onstage at the alpine resort, discussing the future of AI with “Sapiens” author Yuval Noah Harari.
The next year, the global gathering of political power players and financial titans in Davos was, thanks to the pandemic, canceled. When it reconvened in the summer of 2022, Huawei top chiefs missed the gabfest. Under Beijing’s zero-COVID policy, they couldn’t leave China.
Geopolitics hits the balance sheets
The firm still has a solid share in some big national markets, among them Germany and Spain, industry analysts say.
A 2020 study by Strand Consult — still the most comprehensive public overview of Huawei’s footprint in Europe — showed just how deeply the Chinese firm was ingrained in European markets: In 15 out of 31 countries Strand studied, more than half of all 4G radio access network equipment (RAN) came from Chinese vendors.
But in many of these markets, authorities have imposed measures forcing operators to phase out or at least significantly limit the use of “high-risk vendors” — commonly understood to be state-affiliated Huawei and the Chinese military-linked telecom ZTE — in coming years.
These are beginning to bite.
In the early race to implement 5G, Huawei outpaced its rivals in Europe. However, as of early last year — right as European officials were changing direction on 5G security — Sweden’s Ericsson overtook Huawei in market share of new European sales of radio access networks, according to proprietary figures compiled by boutique telecoms research firm Dell’Oro, shared with POLITICO by an industry official. Radio access networks make up the largest chunk of network investment and include base stations and antennas.
The latest update, from the second quarter of 2022, showed Ericsson at 41 percent, Huawei at 28 percent and Finnish Nokia at 27 percent. This includes new sales of base stations and antennas across 3G, 4G and 5G — some of which is part of running contracts with operators.
For 5G RAN specifically, the shift is even clearer: Huawei lost its initial position as market leader at the start of the rollout; it now provides 22 percent of sales, with Ericsson at 42 percent and Nokia at 32 percent in Europe, Dell’Oro estimated.
Industry analysts say Huawei’s move to consolidate and scrap key public affairs roles could hurt the company in countries where it still has skin in the game: Most importantly, Germany, Italy and Spain. In these large European markets, governments have been slow to impose measures on “high-risk vendors” — and particularly slow and soft in enforcing them.
Europe’s largest operators, like Deutsche Telekom and Vodafone, also have running contracts with Huawei, meaning the Chinese firm is at least still providing maintenance and keeping networks running — and potentially still supporting parts of the 5G rollout.
But in Germany, at least, Olaf Scholz’s new government has taken a more critical stance on Chinese technology. This month, Economy Minister Robert Habeck — who has taken a hawkish approach to China — formally blocked Chinese investors from buying a German chip plant over potential security threats.
Budapest nights
Huawei, of course, hasn’t completely given up on Europe.
Those still giving the company face time in Brussels this summer were presented with a weighty gift bag.
In addition to glossy hardcovers from the company’s PR operation — with titles like “Choose a Smarter Future: A contribution to Europe’s next digital policy” and “Ten Years of Connecting Europe” — the bag contained a memoir by Frédéric Pierucci. A former executive with the French infrastructure manufacturer Alstom, Pierucci was arrested by the FBI on bribery charges in 2013 — just as the American conglomerate General Electric was negotiating to take over Alstom’s nuclear operations.
Titled “The American Trap,” the book argues that its author was a hostage in Washington’s secret economic war on its allies.
“One after the other, some of the world’s largest companies are being actively destabilized to the benefit of the U.S., in acts of economic sabotage that seem to be the beginning of what’s to come…” reads the publisher’s summary.
It’s a narrative with deep appeal inside the company, and one that creates a natural rapport with other governments that see themselves as standing up to liberal superpowers. As Huawei searches for friends on the Continent, Hungary — increasingly in opposition to the rest of the EU on how to engage with China and Russia — remains a vocal ally, and the company is leaning into that relationship.
This year, in September, Huawei’s CEE & Nordic region unit held its annual Innovation Day event in Hungary, home to the company’s largest European logistics center.
On the banks of the Danube, tech entrepreneurs schmoozed in English and Hungarian, with some Chinese and German mixed in, over made-to-order coffee and plentiful canapés at Budapest’s cupola-topped Castle Garden Bazaar.
Inside the conference hall, bilingual hosts teed up mini-documentaries about protecting local salmon breeds in Norway and preventing floods in Hungary. Small business execs highlighted drones that monitor crops in Austria and potential forest fires in Greece, all on Huawei 5G networks.
With simultaneous translation available in Hungarian, Huawei featured research it commissioned from the Economist Intelligence Unit reiterating Europe’s laggard status on 5G use and implementation. It was an implicit reminder that dismantling Huawei’s infrastructure will have real consequences.
But the company also highlighted what it hopes will be a bigger part of its portfolio: products less likely to inspire security concerns, like inverters for solar panels.
Foreign Affairs and Trade Minister Péter Szijjártó said Hungary will stand firm against international pressure | Laszlo Balogh/Getty images
“Huawei is committed to the vision of a green Europe,” said Jeff Wang, the company’s current head of public affairs and comms, in a video address to the Budapest crowd, where he noted the 10 years he spent working on the Continent.
For weeks leading up to the event, Huawei officials were pushing to get Prime Minister Viktor Orbán to speak. While that didn’t pan out, Orbán sent one of his top lieutenants — Foreign Affairs and Trade Minister Péter Szijjártó — to deliver a message.
“We are not going to discriminate [against] any investing company because of their country of origin,” Szijjártó said. Budapest will stand firm against “international pressure” he added, to block “the presence of Huawei here in Hungary.”
Radoslaw Kedzia, Huawei’s vice president for the CEE & Nordic region (and the first non-Chinese to achieve CEO status inside the company, in the Czech Republic in 2015), said there was no political calculation behind the double-down in Hungary.
“Let’s not demonize us, OK? We are like any other company,” Kedzia said.
If a business assessment offers the “prospect of the next 10-20 years of stable operation, then you think it is good to concentrate some of your resources in that particular country,” he added.
Likewise, the European spokesperson insisted, Huawei communicates with every country in the “same way, on the same level.” The company focuses on technology and does “not engage,” he said, in “political games.”
One thing is certain: When it comes to the great European game, Huawei has lost — and sent all its political players home.
Peter O’Brien, Elisa Braun, Stuart Lau and Matt Honeycombe-Foster contributed reporting.
