Security News

Britain is expected to announce next week whether to allow China's Huawei to develop its 5G network, an official said on Friday, setting out reasons for agreeing despite US opposition. There had been speculation that Britain would allow Huawei into "Non-core" elements of the next-generation 5G mobile networks, such as antennae and base stations attached to masts and roofs.

The Government Reviewer of Terrorism Laws has declared that safeguards protecting Britons from police workers demanding passwords for their devices must be watered down. In a speech delivered to conservative think tank the Henry Jackson Society yesterday, Jonathan Hall QC, the "Independent Reviewer of Terrorism Legislation"* said section 49 of the Regulation of Investigatory Powers Act 2000 is too "Difficult" for police and others to work with.

Britain's main anti-hacker law, the Computer Misuse Act 1990, is "Confused", "Outdated" and "Ambiguous", according to a group of pro-reform academics. A report launched this morning by the Criminal Law Reform Now Network described a "Range of measures to better tailor existing offences in line with our international obligations and other modern legal systems" in a call for the 30-year-old Act to be overhauled.

Prime Minister Boris Johnson on Tuesday challenged US opponents of Britain's potential decision to let China's Huawei telecoms giant develop its 5G network to come up with a better choice. The United States and Australia have both banned their 5G providers from using Huawei on security grounds.

Those known risks are twofold: Huawei's coding practices are pisspoor, as Britain's Huawei Cyber Security Evaluation Centre found last year; and there is the ever-present fear that Huawei, or people within Huawei, could be forced to abuse their product knowledge to serve the Chinese regime, perhaps through espionage conducted on UK comms networks or helping with denial-of-service attacks. Although the US have been claiming for years that Huawei poses a threat to communication security, given the well-documented activities of American spy agencies over the last couple of decades this seems like a hollow concern.

British and American officials are meeting as U.K. Prime Minister Boris Johnson's government prepares to decide on whether there's a future for Chinese equipment maker Huawei in the country's next-generation telecom networks, his spokesman said Monday. "We have strict controls for how Huawei equipment is currently deployed in the U.K. The government is undertaking a comprehensive review to ensure the security and resilience of 5G and fiber in the U.K.".

The UK Information Commissioner's Office has kicked £280m in data breach fines against British Airways and US hotel chain Marriott into the long grass. As spotted by City law firm Mishcon de Reya, the ICO has extended the time before it will fine the two companies what it claimed would be a total of £282m, split between BA's £183m and Marriott's £99m. In a statement the UK's data protection regulator said: "Under Schedule 16 of the Data Protection Act 2018, BA and the ICO have agreed to an extension of the regulatory process until 31 March 2020. As the regulatory process is ongoing we will not be commenting any further at this time."

A man accused of hacking UK National Lottery accounts via credential stuffing attacks has been sentenced to nine months in prison, the UK's National Crime Agency reported on Friday. According to the NCA, Batson used a tool called Sentry MBA to launch credential stuffing attacks on accounts belonging to National Lottery customers.

The UK Data Protection Regulator has issued a monetary penalty of £500,000 against Dixon Carphone for what it describes as "Multiple, systemic and serious inadequacies" in the firm's security posture. This allowed Dixons to argue that the PAN was not personal data, and that this aspect of the breach was consequently not subject to the personal data focus of the data protection laws.

British regulators have fined Dixons Carphone, a large electronics and phone retailer, &pound500,000 for a breach that exposed millions of payment card details and personal data due to point-of-sale malware. In January 2018, the ICO fined it &pound400,000 for a 2015 breach of its Carphone Warehouse subsidiary after an attacker exploited an outdated WordPress installation.