Connect with us

Technology

Canada, China and US were all doomed to lose in Meng Wanzhou’s case | Huawei

Voice Of EU

Published

on

The deal allowing Meng Wanzhou to return home to China nearly three years after her arrest will come as a relief to all the participants in a saga that rapidly turned from a narrow legal dispute into an escalating geopolitical battle.

After the Huawei finance chief was detained on a US warrant in Vancouver airport in December 2018, Canada, China and the US soon found themselves locked into a court case which they were all – at least in political terms – doomed to lose.

Meng’s case was never going to turn purely on the idiosyncrasies of Canadian extradition law or the frankness with which she had told Huawei’s bankers HSBC about the relationship between her company and a subsidiary accused of violating US sanctions against Iran.

For one thing, even though the justice department may have felt they were doggedly acting on information about a potential breach of US sanctions law, Donald Trump made the case explicitly political by saying he would intervene to drop the charges if he thought it would help US-China trade negotiations.

China, meanwhile, felt Meng and Huawei were being used as a weapon in a wider battle. It was highly unusual for the prosecution to be directed at the chief finance officer personally and not at the corporation. Last year, Airbus agreed to pay $4bn in penalties to resolve a bribery case. In 2015, Deutsche Bank was fined $258m for violating Iran- and Syria-related sanctions. But no executives were detained in either case.

Since Meng was the daughter of Huawei’s founder, Ren Zhengfei, this was viewed as a personal attack not just on the firm but on a business hero.

Beijing responded to her detention on three tracks.

Within days, the Chinese government detained two Canadians, former diplomat Michael Kovrig and entrepreneur Michael Spavor, on dubious charges. A Chinese court in August found Spavor guilty of espionage and sentenced him to 11 years in prison. He has appealed the ruling. The verdict for Kovrig has yet to be announced.

Second, Huawei prepared one of the most legally sophisticated, multi pronged and expensive court challenges to an extradition ever mounted – one that would likely have taken years to wind its way through the Canadian courts. After two years of hearings, the court was due to announce in October when it would rule on Meng’s extradition. The substantive hearing in the US – now cancelled – would have been equally drawn out.

Finally, the Chinese government made life as difficult as possible for Canada.

Caught between two superpowers and desperately aware of the need to display the independence of its courts, Canada has tried to avoid provocation. It still has not announced its decision on Huawei 5G or the on listing of China CGTN television network . Nor has it been at the forefront of those defending Taiwan from Chinese threats. It was not a member of the Aukus security pact announced this week. The emphasis has been on quiet diplomacy, and making clear through its declaration on arbitrary detention that state hostage taking is unacceptable – although even that prompted a furious reaction from Beijing.

So why has a settlement been reached now? The US justice department said the out-of-court settlement is not dissimilar to one discussed between the two sides last year. At the time Meng refused to make any admission of guilt at all. Since then she may have realised her chances of avoiding extradition were vanishingly small. The court’s room for discretion in extradition cases is low. The judge cannot hold a substantive trial of the charges just to test if the alleged crime would be considered illegal in Canada, and whether there had been abuse of process.

Meng may find this frustrating, given the evidence shown in court.

Her lawyers argued that internal HSBC emails and memos showed she had been upfront with senior HSBC staff about Huawei’s relationship with the subsidiary accused of sanctions-busting, Skycom.

Indeed, at a hearing in August, the judge in the case said that the case against Meng seemed very unusual. No one lost money, the allegations were several years old, and the intended victim, a global bank, knew the truth even as it was allegedly being lied to.

Heather Holmes, associate chief justice, asked: “Isn’t it unusual that one will see a fraud case with no actual harm many years later? And one in which the alleged victim, a large institution, appears to have had numerous people within the institution who had all the facts that are now said to be misrepresented?”

In reaching the out of court settlement the US may have acknowledged its case at trial was hardly watertight.

But the deal struck on Friday contains damning admissions by Meng that she had been knowingly untruthful in telling HSBC about the links between Huawei and its subsidiary operating in Iran. The DPA does not set out whether HSBC independently knew anyway about the degree of connection, merely that facts in the presentation were inaccurate.

Her return to China will come as a welcome gift to the re-elected Justin Trudeau – even if he still has to negotiate the release of the two Michaels.

Source link

Technology

UK government’s risk planning is weak and secretive, says Lords report | Politics

Voice Of EU

Published

on

Assessment and planning by the government relating to risks facing the UK are deficient and “veiled in secrecy”, a report has found.

The 129-page report, entitled Preparing for Extreme Risks: Building a Resilient Society, was produced by the House of Lords select committee on risk assessment and risk planning – a group appointed in October 2020.

James Arbuthnot, chair of the committee, said that while the UK’s risk assessment processes had been praised across the world before the pandemic, the impact of Covid suggested there may be problems.

“It had been advised that if there were to be a coronavirus pandemic, as a country we would suffer up to 100 deaths,” he said. “Over 140,000 deaths later, we realised that we could perhaps have been doing rather better in our assessment and our planning.”

The report – which draws on sources including oral evidence from 85 witnesses, including from the chief scientific adviser, Sir Patrick Vallance, during 29 sessions – looked at the country’s approach to assessing and preparing for a wide range of risks, from chemical warfare to the climate crisis and severe space weather.

“If you ask, what keeps me awake at nights, it is the growing possibility of major disruption due to more and more frequent cyber-attacks,” said Lord Rees, a committee member. “And even more, I worry on a timescale of tens of years about bioterrorism, bioengineered viruses and all that, which are going to be feasible.”

The report’s conclusions point to a number of shortcomings. Among them the committee highlighted a tendency for the government to focus on immediate problems rather than preparing for the long term.

“The likelihood of major risks actually occurring during the term of the government is low,” said committee member Lord Mair, noting as a result there is no incentive to prepare for them.

The committee also flagged concerns over the National Risk Register and the National Security Risk Assessment (NSRA), and called for better processes to categorise risks, including looking at how vulnerable the country would be to certain threats, and better modelling of how risks can cascade – with Arbuthnot noting as an example the impact of Covid on school exams.

Among other issues the report criticised a lack of transparency by the government. “The current risk management system is veiled in an unacceptable and unnecessary level of secrecy,” the report noted, adding that in turn has hampered the country’s preparedness, with frontline responders including local government and volunteer groups struggling to access the information they need.

It is not the first time the government has been accused of secrecy over risk assessment and planning: a report on Exercise Cygnus, the 2016 government simulation of how the country would handle a fictitious “swan flu”pandemic was only made public after a copy was leaked to the Guardian.

Among other actions, the latest report recommends:

  • The establishment of an Office for Preparedness and Resilience by the government, headed by a newly created post of government chief risk officer.

  • A presumption of publication by the government, and the publication of the content of the Official-Sensitive National Security Risk Assessment except where there is a direct national security risk.

  • The publication, every two years, by the government of a brochure on risk preparedness to inform the public on topics including what to do in an emergency.

“[It’s] much better to face some of these issues, having prepared for, and practised for, and exercised for them in advance rather than doing them first in the heat of battle,” said Arbuthnot

Arbuthnot added the Covid pandemic had offered the chance to “address a public that is ready to be addressed. And people have proved that they’re up to it.”

Prof David Spiegelhalter, chair of the Winton Centre for Risk and Evidence Communication at Cambridge University, and who contributed evidence to the report, welcomed its publication.

“It’s extraordinary that the National Risk Register does not get any public promotion or media coverage, and I welcome the committee’s recommendation to radically improve the communication with the public about the risks they face,” he said. “These vital issues deserve to be widely known and discussed.”

Source link

Continue Reading

Technology

Ubiquiti dev charged with data-breaching own employer • The Register

Voice Of EU

Published

on

A Ubiquiti developer has been charged with stealing data from the company and extortion attempts totalling $2m in what prosecutors claim was a vicious campaign to harm the firm’s share price – including allegedly planting fake press stories about the breaches.

US federal prosecutors claimed that 36-year-old Nickolas Sharp had used his “access as a trusted insider” to steal data from his employer’s AWS and GitHub instances before “posing as an anonymous hacker” to send a ransom demand of 50 Bitcoins.

The DoJ statement does not mention Sharp’s employer by name, but a Linkedin account in Sharp’s name says he worked for Ubiquiti as a cloud lead between August 2018 and March 2021, having previously worked for Amazon as a software development engineer.

In an eyebrow-raising indictment [PDF, 19 pages, non-searchable] prosecutors claim Sharp not only pwned his employer’s business from the inside but joined internal damage control efforts, and allegedly posed as a concerned whistleblower to make false claims about the company wrongly downplaying the attack’s severity, wiping $4bn off its market capitalisation.

Criminal charges were filed overnight in an American federal court against Sharp, of Portland, Oregon. The indictment valued the 50 Bitcoins at $1.9m “based on the prevailing exchange rate at the time.”

US attorney Damian Williams said in a US Justice Department statement: “As further alleged, after the FBI searched his home in connection with the theft, Sharp, now posing as an anonymous company whistle-blower, planted damaging news stories falsely claiming the theft had been by a hacker enabled by a vulnerability in the company’s computer systems.”

Sharp is alleged to have downloaded an admin key which gave him “access to other credentials within Company-1’s infrastructure” from Ubiquiti’s AWS servers at 03:16 local time on 10 December 2020, using his home internet connection. Two minutes later, that same key was used to make the AWS API call GetCallerIdentity from an IP address linked to VPN provider Surfshark – to which Sharp was a subscriber, prosecutors claimed.

Later that month, according to the prosecution, he is alleged to have set AWS logs to a one-day retention policy, effectively masking his presence.

Eleven days after the AWS naughtiness, the indictment claims, he used his own connection to log into Ubiquiti’s GitHub infrastructure. “Approximately one minute later,” alleged the indictment, Sharp used Surfshark to ssh into GitHub and clone around 155 Ubiquiti repos to his home computer.

“In one fleeting instance during the exfiltration of data,” said the indictment, “the Sharp IP address was logged making an SSH connection to use GitHub Account-1 to clone a repository.”

For the rest of that night, prosecutors said, logs showed Sharp’s personal IP alternating with a Surfshark exit node while making clone calls. Although it was not spelled out in the court filing, prosecutors appeared to be suggesting that Surfshark VPN was dropping out and revealing “the attacker’s” true IP.

Ubiquiti discovered what was happening on 28 December. Prosecutors claimed Sharp then joined the company’s internal response to the breaches.

In January 2021 Ubiquiti received a ransom note sent from a Surfshark VPN IP address demanding 25 Bitcoins. If it paid an extra 25 Bitcoins on top of that, said the note, its anonymous author would reveal a backdoor in the company’s infrastructure. This appears to be what prompted Ubiquiti to write to its customers that month alerting them to a data breach. Ubiquiti did not pay the ransom, said the indictment.

Shortly after Federal Bureau of Investigation workers raided Sharp’s home, prosecutors claim he “caused false or misleading news stories to be published about the Incident and Company-1’s disclosures and response to the Incident. Sharp identified himself as an anonymous source within Company-1 who had worked on remediating the Incident. In particular, Sharp pretended that Company-1 had been hacked by an unidentified perpetrator who maliciously acquired root administrator access [to] Company-1’s AWS accounts.”

This appears to be referencing an article by infosec blogger Brian Krebs that was published that day, on 30 March 2021. He spoke “on condition of anonymity for fear of retribution by Ubiquiti”, and El Reg (among many other outlets) followed up Krebs’ reporting in good faith. In that article, the “whistleblower” said he had reported Ubiquiti in to the EU Data Protection Supervisor, the political bloc’s in-house data protection body.

We have asked Krebs for comment.

Sharp is innocent unless proven guilty. He is formally charged with breaches of the Computer Fraud and Abuse Act, transmitting interstate threats, wire fraud and making false statements to the FBI. If found guilty on all counts and handed maximum, consecutive sentences on each, he faces 37 years in prison. ®

Source link

Continue Reading

Technology

Limerick’s Serosep crowned Irish Medtech Company of the Year 2021

Voice Of EU

Published

on

Other winners at the Irish Medtech Association awards included Alcon Ireland, West, Vertigenius, Luminate Medical, BioMEC, Jabil Healthcare, Cook Medical and Aerogen.

Limerick-headquartered business Serosep has been named Irish Medtech Company of the Year at a virtual conference hosted today (2 December) by The Irish Medtech Association with Enterprise Ireland and IDA Ireland.

The Irish Medtech Association which represents the medtech sector in Ireland made the announcement at its annual Medtech Rising conference. This year’s awards ceremony was the first to feature new categories. Alcon Ireland won the Sustainable Medtech company of the Year, while West scooped the Best Medtech Talent Strategy Award.

According to the association’s director Sinéad Keogh, the annual awards ceremony offers the medtech community a chance to “recognise and celebrate the strength and importance of the industry in improving life.”

“The sector has remained resilient despite the challenges of the Covid pandemic, with over 42,000 people now working in the industry, across 450 companies,” she added.

The overall winner, Serosep, is a self-funded, family run business, which manufactures clinical diagnostic products at its base in Annacotty, Co Limerick. It serves more than 35 different countries spread over 5 continents. The company is 25 years in business and employs 114 people. Earlier this year, it announced a five-year contract to supply its gastroenteritis diagnostic system to Liverpool University Hospital. The company already supplies the NHS.

Serosep CEO and founder Dermot Scanlon, said he was “humbled” to receive the award, adding that the company’s innovative diagnostic test tools have “changed the way gastroenteritis is tested in clinical laboratories.”

“We are currently manufacturing in excess of one million tests in our state-of-the-art facility,” he said, explaining that the award would motivate the whole company to “continue forging ahead, achieving bigger and better things.”

Other award winners included:

Trinity College Dublin spin-out Vertigenius, winner of the eHealth Innovation of the Year Award. Vertigenius is a platform which aims to enhance clinical and patient engagement in the treatment of balance problems.

Luminate Medical, winners of the Emerging Medtech Company of the Year Award. The NUI Galway spin-out has developed a technology to prevent chemotherapy induced hair loss.

NUI Galway’s Biomechanics Research Centre (BioMEC) won the Academic Contribution to Medtech Award. The company’s technology integrates the latest in silico computational models to simulate the mechanical performance of implanted coronary stents.

Bray-based Jabil Healthcare scooped the Medtech Partner/Supplier of the Year Award for its new Covid-19 PCR testing device.

Cook Medical received the Women in Leadership Company initiative Award for its commitment to gender balance in the workplace.

The Covid-19 Response Recognition Award was awarded to Aerogen which has developed an inhaled vaccine station. The company’s products have been used on more than 3m critically ill people since March 2020, according to Enterprise Ireland’s head of life sciences, Deirdre Glenn. Aerogen won last year’s Medtech Company of the Year award.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!