Information Technology

During the current COVID-19 crisis, working from home is a business necessity and no longer just a nice-to-have. In a normal year, only 5% of information workers primarily work from home, but since March 2020, 47% of respondents to a Forrester survey say their organization has transitioned at least half of their workforce to remote work.  

It is unclear whether this trend is confined to the current crisis or whether the pandemic will usher in a future with more flexibility for remote work. In our recent research around the best practices to protect your homeworkers’ endpoints, we outline best practices to protect devices that enable remote work.  
Key measures to mitigate risk due to work-from-home include: 
Promoting app-centric security. In the current environment, many employees have been forced to use their personal devices to work from home. To protect company assets that are being accessed on personal devices, invest in app-based solutions such as app virtualization, app containers, and app security that enable security professionals to deemphasize device-centric endpoint protection. 
Automating threat detection to reduce the burden on security teams. Widespread remote work has created new burdens for security professionals. Automated security tools such as threat prevention, detection, response, and data encryption help take some of the onus off the admins, allowing them to focus energy on adapting to new challenges caused by remote work. 
Employing unified endpoint management (UEM) platforms. UEM platforms can simplify the process of rolling out security updates and patching assets across various operating systems (OSes). Invaluable for a remote workforce, these tools also allow the security team to manage native security capabilities, gain greater visibility across devices, and enforce encryption standards across OSes. 
This post was written by Senior Analyst Christopher Sherman and Analyst Andrew Hewitt, and it originally appeared here. 

remote work More

A ransomware gang has infected the internal network of Telecom Argentina, one of the country’s largest internet service providers, and is now asking for a $7.5 million ransom demand to unlock encrypted files.
The incident took place over the weekend, on Saturday, July 18, and is considered one of Argentina’s biggest hacks.
Sources inside the ISP said hackers caused extensive damage to the company’s network after they managed to gain control over an internal Domain Admin, from where they spread and installed their ransomware payload to more than 18,000 workstations.
The incident did not cause internet connectivity to go down for the ISP’s customers, nor did it affect fixed telephony or cable TV services; however, many of Telecom Argentina’s official websites have been down since Saturday.

Since the attack’s onset, multiple Telecom employees have now also taken to social media to share details about the incident, and how the ISP has been managing the crisis.

According to images shared online, the ISP appears to have detected the intrusion right away and has been actively warning employees through internal alerts to limit their interaction with the corporate network, not to connect to its internal VPN network, and not open emails containing archive files.
Image source: [protected]

Image source: [protected]
The attackers have also been identified as the REvil (Sodinokibi) ransomware group, according to a now-deleted tweet showing the ransomware gang’s dark web portal — the page where victims are directed to make payments.
This web page currently shows a ransom demand of 109345.35 Monero coins (~$7.53 million), a sum that will double after three days, making this one of the largest ransom demands requested in a ransomware attack this year.

Image source: [unknown]
Telecom Argentina has not commented on the incident, when contacted by local press, and did not say if it intends to pay the ransom demand.
Local media has also reported that the ISP believes the hacker’s point of entry is a malicious email attachment received by one of its employees, but this does not generally fit with the REvil gang’s normal modus operandi.
According to a report from security firm Advanced Intel, for the past year, the REvil gang has specialized in carrying out network-based intrusions, targeting unpatched networking equipment as the entry point into victim organizations, and before spreading laterally through a company’s network.
In the past, REVil operators have targeted Pulse Secure and Citrix VPN and enterprise gateway systems as entry points.
In a conversation on Sunday, threat intelligence company Bad Packets has told ZDNet that Telecom Argentina not only ran Citrix VPN servers, but had also ran a Citrix instance vulnerable to the CVE-2019-19781 security bug months after a patch had been made available.
Some security researchers have pointed the finger at two files uploaded on the VirusTotal web antivirus scanner as being used in the Telecom Argentina attack, although we could not immediately verify this claim.
The REvil ransomware gang also maintains a dakr web portal where it leaks data it stole from infected hosts in case the companies don’t pay. At the time of writing, the REvil “leak site” did not list Telecom Argentina as one of the victim organizations the REvil gang planned to leak files from.
This is also the REvil gang’s second attack against the network of an internet service provider. The REvil gang also targeted Sri Lanka Telecom, the larged fixed telephony providers in Sri Lanka, in May. More

A rare 1944 four-rotor M4 Enigma cipher machine, considered one of the hardest challenges for the Allies to decrypt, has sold at a Christie’s auction for £347,250 ($437,955).
The winning bid for the electromechanical cipher machine was just above the top estimate of £300,000 expected at the auction. 
As noted by Christie’s, the M4 Enigma has a special place in computing history as the Allied efforts to break its encryption led to the development of the first programmable computer, the one developed at Bletchley Park that was used to secretly break the M4, giving Allied forces visibility into German naval planning during the Battle of the Atlantic until its surrender in mid-1945. 
The M4 Enigmas are considered rare because they were made in smaller numbers than three-rotor machines. After Germany capitulated, the country ordered troops to destroy remaining Enigmas in order to keep them from Allied forces. After the war Winston Churchill also ordered all remaining Enigmas destroyed to help preserve the secret of Allied decoding successes at Bletchley.
The M4 Enigmas were made on the order of Admiral Karl Dönitz, the commander of the German U-boat fleet, who had concerns over repeated Allied successes against his submarines. The M4 became available to the U-boat fleet in May 1941, preventing Allies from knowing where German’s U-boats were positioned for almost a year until Turing and Joe Desch in Dayton, Ohio developed the computer that broke M4 encryption to decipher German messages. 

By mid-1943 the majority of M4 Enigma messages were being read by the Allies, but it was not until the 1970s that knowledge of the Allied successes against the Enigma was made public.
“The machine’s use of 4 rotors, instead of 3, and the operator’s ability to select these from a pool of 8 interchangeable rotors, together with stricter operating procedures, gave the M4 Enigma a much higher level of encryption,” Christie’s noted. 
“For 10 months – a long time in war – the M4 defeated the previously successful decryption of Allied codebreakers. So confident was Dönitz in the M4 Enigma that, in his later trial at Nuremberg, he declared that the Allies could not possibly have deciphered his Enigma messages; instead he attributed the destruction wreaked upon his fleet to advanced radar and direction finding alone,” it added.
Rival auction house Sotheby’s sold an M4 Enigma last year for $800,000, which may have reached a higher selling price because it was one of one of 15 Enigma machines found in a bunker at Germany’s key Northern European naval base in Trondheim, Norway, which Germany had occupied since 1940. 
That model included the original oak case with a leather handle, a control panel with a raised “QWERTZ” keyboard consisting of 26 Bakelite keys, a lockable rotor cover to hide wheel settings, a battery compartment and 4V power socket and key, a removable light panel, as well as spare parts such as patch cables, bulbs, and so on.  More

Special feature

Cyberwar and the Future of Cybersecurity
Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.
Read More

Two more cyber-attacks have hit Israel’s water management facilities, officials from the Water Authority said last week.
Officials said the attacks took place last month, in June, and didn’t cause any damage to the attacked organizations.
The first attack hit agricultural water pumps in upper Galilee, while the second one hit water pumps in the central province of Mateh Yehuda, local media reported last week.
“These were specific, small drainage installations in the agriculture sector that were immediately and independently repaired by the locals, causing no harm or any real-world effects,” the Water Authority said in a statement.
The two attacks come after Israel suffered a first cyber-attack on its water supply system in April.

Initial reports played down the April attack, but a Financial Times report from June citing Western intelligence sources claimed that hackers had gained access to some of Israel’s water treatment systems and tried altering water chlorine levels before being detected and stopped. If the attack had been successful and water chlorine levels had been adjusted, attackers could have caused mild poisoning of the local population served by the affected treatment facility.
Following the intrusion, the Israel National Cyber-Directorate (INCD) and the Water Authority sent out an alert urging water treatment facilities to change the passwords of their internet-connected equipment “with emphasis on operational systems and chlorine control devices in particular.”
Israeli officials never attributed the April attack, but the Washington Post, citing foreign intelligence officials, said the intrusion was linked to Iran.
Two weeks later, in mid-May, a cyber-attack crippled the port of Shahid Rajaei in the Iranian city of Bandar Abbas, which the Washington Post, citing the US intelligence sources, linked to Israel, as a likely payback for the April attack.
The attack on Israel’s water utility seems, however, to have been an important moment between the two countries, as it also marked the start of a series of mysterious accidents and explosions detected across Iran’s critical infrastructure — such as petrochemical plants, nuclear fuel enrichment centers, power plants, ports, and more. More

Uber is facing a new legal complaint filed by drivers who are demanding to see the computational algorithms and data collection practices that shape how they work.  

The legal bid, filed on Monday in Amsterdam, is being brought forward by UK drivers with the support of the International Alliance of App-based Transport Workers (IAATW), Worker Info Exchange, and the App Drivers and Couriers Union (ADCU), a UK-based independent union formed for “app-based drivers and couriers” including Uber and Deliveroo.
Led by Amsterdam-based lawyer Anton Ekker, the complaint claims that Uber has failed to “provide access to data and [an] explanation of algorithmic management as required” by the EU’s General Data Protection Regulation (GDPR). Furthermore, the unions allege that Uber maintains “secret driver profiles” that include work-based performance classifications such as late arrival and rider cancellation rates, general attitudes, and behavioral notes. 
“This runs contrary to Uber’s insistence in many employment misclassification legal challenges across multiple jurisdictions worldwide that drivers are self-employed and not subject to management control,” the complaint says. 
CNET: Twitter says hackers downloaded data from up to 8 accounts

The unions intend to argue that the ride-hailing service is not providing gig economy workers with their data, and without access to their profiles and the algorithms used to determine their work, this could be allowing discriminatory or unfair practices to go unchecked. 
To resolve this issue, the complainants seek the creation of a “data trust” in which information collected by Uber on drivers is made available to unions for the purposes of “collective action [and/or] bargaining.” 
The district court in Amsterdam will also be asked to fine Uber €10,000 for every day the company allegedly does not comply with data protection laws. Uber BV, based in the Netherlands, and Uber Technologies are cited in court documents (.PDF) as joint data controllers. 
TechRepublic: This new open source project could be key to securing database applications
A CrowdJustice campaign has been launched to fund the legal action, and both UK and EU Uber and Uber Eats drivers are being urged to join the case. During a campaign video describing the basis of the complaint, Yaseen Aslam, the president of the IAATW, commented:

“Uber says you are your own boss, but the app makes all the choices for us. We have the right to our data and we have the right to know how Uber machines manage us.” 

See also: Uber: We’re cutting another 3,000 employees over coronavirus struggles
“Our privacy team works hard to provide any requested personal data that individuals are entitled to,” an Uber spokesperson told The Guardian. “We will give explanations when we cannot provide certain data, such as when it doesn’t exist or disclosing it would infringe on the rights of another person under GDPR.”
In 2018, Uber was fined close to $1.2 million by the Dutch Data Protection Authority and UK’s Information Commissioner’s Office (ICO) for failing to protect consumer data during a 2016 security breach. 
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Image: Tencent

Chinese security researchers said they can alter the firmware of fast chargers to cause damage to connected (charging) systems, such as melt components, or even set devices on fire.
The technique, named BadPower, was detailed last week in a report published by Xuanwu Lab, a research unit of Chinese tech giant Tencent.
According to researchers, BadPower works by corrupting the firmware of fast chargers — a new type of charger that was developed in the past few years to speed up charging times.
A fast charger looks like any typical charger but works using special firmware. This firmware “talks” to a connected device and negotiates a charging speed, based on the device’s capabilities.
If a fast-charging feature is not supported, the fast charger delivers the standard 5V, but if the device can handle bigger inputs, the fast charger can deliver up to 12V, 20V, or even more, for faster charging speeds.

The BadPower technique works by altering the default charging parameters to deliver more voltage than the receiving device can handle, which degrades and damages the receiver’s components, as they heat up, bend, melt, or even burn.
BadPower attack is silent and fast
A BadPower attack is silent, as there are no prompts or interactions the attacker needs to go through, but also fast, as the threat actor only needs to connect their attack rig to the fast charger, wait a few seconds, and leave, having modified the firmware.
Furthermore, on some fast charger models, the attacker doesn’t need special equipment, and researchers say the attack code can also be loaded on regular smartphones and laptops.
When the user connects their infected smartphone or laptop to the fast charger, the malicious code modifies the charger’s firmware, and going forward the fast charger will execute a power overload for any subsequently connected devices.
The damage caused by a BadPower attack usually varies depending on the fast charger model and its charging capabilities, but also on the charged device and its protections.
Researchers tested 35 fast chargers, found 18 vulnerable
The Tencent team said they verified their BadPower attack in practice. Researchers said they selected 35 fast chargers from 234 models available on the market and found that 18 models from 8 vendors were vulnerable.
The good news is that “most BadPower problems can be fixed by updating the device firmware.”
The bad news is that the research team also analyzed 34 fast-charging chips, around which the fast charger models had been built. Researchers said that 18 chip vendors did not ship chips with a firmware update option, meaning there was no way to update the firmware on some fast charger chips.
Tencent researchers said they notified all affected vendors about their findings, but also the Chinese National Vulnerabilities Database (CNVD), in an attempt to accelerate the development and promotion of relevant security standards to protect against BadPower attacks.
Suggestions to fix the BadPower problem include hardening firmware to prevent unauthorized modifications, but also deploying overload protection to charged devices.
A demo video of a BadPower attack is available at the bottom of the Tencent report. The video could not be embedded here. More

In this new work-from-anywhere environment that we’re all in thanks to the COVID-19 pandemic, cybersecurity, trust, and protecting customer data is more important than ever. In conjunction with Salesforce TrailheaDX 2020, held completely virtually this year, I had a chance to speak with Jim Alkove, Chief Trust Officer with Salesforce, about many of the data security issues Salesforce customers are facing in this new world. The following transcript of the interview has been edited for readability.
Bill Detwiler: So let’s hit the ground running. What are you hearing from Salesforce customers about the challenges they’re facing with this new normal, where everyone is working from home, where people are taking corporate devices home, where work is happening on home networks? What are you hearing from customers about their concerns?

Jim Alkove, Chief Trust Officer, Salesforce
Credit: Salesforce
Jim Alkove: We saw the largest workforce transmit transformation in history as everyone went remote almost overnight in March. And as the Chief Trust Officer at Salesforce, it’s my job to work with teams across the company to ensure that we’re continuing to seamlessly deliver our services to customers as we adapt to this new environment, but also that our global security teams continue to protect data around the clock. What we’re hearing from customers is really questions about how we’re adapting to the environment so that we can help them with best practices as they’re adapting to this environment. And true to many of the things that Salesforce, our core value of customer success, how do we help our customers be successful in this transformation for their businesses?
Cybersecurity best practices: Focus on the basics
Bill Detwiler: What are some of those best practices? We’ve all sort of known some cybersecurity best practices that we should all be following but I think in moments like this they really rise to the surface. People realize, “Oh, we should have been doing this all along.”
Jim Alkove: Yeah, I think the best thing that any business can do in securing yourself, especially as adapting to this new environment, this new work from anywhere environment, is to nail the basics. There are a small number of really important cybersecurity hygiene actions, so think about it in the current climate as washing your hands from a cybersecurity perspective, that businesses can do to really eliminate the risk associated with a lot of common cybersecurity threats. So some examples of this are enabling strong multi-factor authentication or ensuring that you’re rapidly patching all of your devices to it to inoculate them against known vulnerabilities, to prevent things like ransomware attacks. And then finally, treating cybersecurity like a team sport, building a culture of awareness in your company so that all the employees in your company can act like security trailblazers.

Bill Detwiler: And let’s talk about that concept of trailblazers. How does Salesforce work with its community of developers, admins, product managers, to help them put security first in the work that they’re doing in their companies?

Jim Alkove: Well, I think that we provided an enormous number of tools to our customers to help them secure their data. At Salesforce, when we think about the security of data in Salesforce, we think about it as a shared responsibility between us and our customers. It’s our job to deliver default security, out of the box tools, and educational resources for customers to secure their data, and then we rely on our customers and partner with them to help them turn on those security capabilities so that they can ensure that their data is maximally protected. So some examples of that would be things like monitoring user behavior by analyzing log information or adopting industry compliance requirements in their given industry.
Ethics and integrity are as important as data security
Bill Detwiler: One of the concepts that I think sometimes gets lost in these security conversations is the concept of ethics and how data is used, and I know these overlap quite a bit. What’s the role in working with people who are looking at the ethical use of data? So you maybe have something like least privileged required, a concept of saying, “Hey, look, for security purposes, only a certain number of industries or with certain roles need to have access to this data.” But that also helps with the ethical considerations around, well, maybe these people don’t need to have this data because it could allow them to have unconscious bias creep into the decisions that they make off this data. Talk a little bit about that, just in terms of merging security and ethical use of data.
Jim Alkove: So I agree. I think there’s a strong partnership between security and ethical use, and at Salesforce, we’re one of the companies who was first to have an office of humane and ethical use of technology and my organization and the Office of Humane and Ethical Use of Technology partnered together to help make those decisions about how Salesforce is going to engage and the protection of data for users, but also ensuring that those uses of data our ethical. I think of trust and transparency going together, but also integrity and ethics and being, of course, trust as well.
More security: Ransomware warning: Now attacks are stealing data as well as encrypting it | Identity theft protection policy (TechRepublic Premium) | Russian hackers are targeting coronavirus scientists with phishing and malware attacks | Internet of Things devices: Stick to these security rules or you could face a ban | Twitter says hackers downloaded the data of eight users in Wednesday’s hack
Bill Detwiler: And let’s talk a little bit about that concept of trust too. So you’re the Chief Trust Officer as opposed to a title like CISO or something like that. So is it a recognition that because Salesforce and everyone now basically is sort of a data-driven company that people need to have trust in not just the systems and the integrity of those systems but also in the data that they’re using to make those decisions?
Jim Alkove: Yeah. So I think it’s an acknowledgement that trust has an elevated position in modern companies. At Salesforce, trust is our number one value and we talk a lot about trust and we need to put trust first, and we feel like that trust needs an advocate. In the same way, we have a Chief Equality Officer to advocate for equality at Salesforce, we have a Chief Trust Officer to advocate for our number one value, which is trust.
Empowering employees to be security trailblazers
Bill Detwiler: If there was one or two things that you would recommend, steps that you would recommend companies take right now with this new distributed workforce, and we’ve talked about a few and you mentioned two-factor authentication, some of these best practices, but if there were one or two things that you really think companies should maybe be thinking about for the next five months, six months as we settle into this hybrid working environment where some people go back into the office, some people stay home, or we go through periods of time where people can go back in the office or people stay home, what would those one or two maybe things be?
Jim Alkove: So I think we have to remember that we always have to continue to nail the basics, which means patching your systems. That has got to be one of your top priorities, if not your top priority, and multi-factor authentication is something we’re taking very seriously at Salesforce. We provide a native multi-factor authentication capability in the platform. We enable strong multi-factor authentication using the Salesforce Authenticator App versus, say, a text message or an email, and I think that nailing those basics are super important in this time. But I think that the work from anywhere in the world has also brought to the top things that are now basics but may not have been in the traditional nail the basics category for CISOs in the past. And an example of that is the exponential rise in the use of virtual meetings.

Special feature

Cyberwar and the Future of Cybersecurity
Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.
Read More

And so your web conferencing platform uses at an all time high and I think that while that might not have been a top priority for a lot of CISOs prior to the pandemic, it needs to be now. So ensuring that you take a look at the platforms that you’re using for video conferencing, ensuring that you’re properly taking advantage of the security capabilities that those platforms provide to prevent gatecrashers in meetings, making sure that you’re creating new access codes and links for each of those meetings, I think has become super important thing for CSOs today. And then the last thing I would say is securing your connection. A lot of people were working in offices and they relied on being on office networks, and while we all had VPN for the times that we would go home, it was not something people had created muscle memory for using and I think that users need to build a muscle memory that wherever you are, you should connect to VPN. Even if it’s not gating you accessing the corporate resource that you’re looking for, it provides an enhanced level of security.
Bill Detwiler: How much of securing our data, securing the connections, securing our systems is really reliant on the end user. We’ve always talked about, at least I have been talking about this for 20 some odd years now, that people are often the weakest link when it comes to security. So how do companies help address that now maybe when it’s more important than ever? Because like you said, you don’t have the perimeter security model, which was always a little kind of wonky. But now that people are outside those corporate networks, like you said, they may not know to use the VPN, or the bandwidth overhead on the VPN may make platforms or services like video conferencing difficult to use, depending on what companies are using. So what role does just end user education and mitigating those end user risks play now, maybe more so than in the past?
Jim Alkove: Yeah. I think that I look at it very differently. I look at it as our people are our number one asset in our security program and it’s our job as a trust or security organization to empower them to be security trailblazers. And the way we do that at Salesforce is through a wide variety of training education and enablement for them and we do all of this through Trailhead, our free online learning platform. And the great thing about that training is that the vast majority of it is made available for free on Trailhead to our customers as well for them to leverage the investment that Salesforce has made in protecting our employees to protect their employees. We’ve taken this another step further with a partnership with the World Economic Forum on a cybersecurity learning hub on Trailhead to allow people to become cybersecurity professionals to get the training they need to actually start down the path of a career in cybersecurity via Trailhead as well.
Cybersecurity can be a driver for diversity in IT
Bill Detwiler: Is that still a growth area? I mean, we’ve been talking about that for years, is that cybersecurity as a sector of IT is an area that we don’t have enough professionals in that we need more in. It seems like it may even be more important as we have a more spread out, a more diverse geographically workforce that makes the attack surface bigger as well, so it gives people more places to attack with so many people working from so many locations.
Jim Alkove: Yeah, absolutely. I think it’s an incredible opportunity. I think that depending on which research you read, we’re short several million cybersecurity professionals around the world, and that gap is probably only going to grow, as you pointed out, when we look at the transformation to this all digital work from anywhere environment. I also think that we’re at a tipping point as a global society that we need to all lean in to provide a greater opportunity for all in equity and equality and that I think that when you have an opportunity for skilled high paying jobs like cybersecurity that we have an obligation to ensure that we are using every tool available to us to create that kind of opportunity for all.
Bill Detwiler: Well, Jim, I really appreciate you taking the time and I will do my best to become an optimist as opposed to a pessimist when it comes to end users and being champions of cybersecurity. So thank you for that point. I guess in closing, I would just love to hear your thoughts on what we need in cybersecurity going forward. For a long time, I’ve heard people talk about having a national strategy for cybersecurity, having private companies step up and take the lead, having a public-private partnership when it comes to security, and looking at uses of technology to solve some of our cybersecurity problems. What is the one thing we need that you think going forward to improve our cybersecurity posture, not just in the States, but as you say, we’ve become an increasingly global workforce around the world?
Jim Alkove: Yeah. I think the first thing I would say is that we all need to continue to remember to nail the basics. Never, ever forget to nail the basics. But you hit on something that I think is also incredibly important. It is really the underlying motivation for our partnership. We’re a founding partner in the World Economic Forum’s Center for Cybersecurity and the driving motivation behind that is that we believe that partnership and collaboration is how we ultimately make cybersecurity better for all. And that means that we, as corporations, need to learn to share more, share best practices, share information about threats, but that we also need to partner of between the public sector and the private sector and partner globally. And, again, we’re living in a time where those kinds of partnerships are very strained and I think cybersecurity outcomes are worse when we don’t partner globally. There are no geographic boundaries in cyberspace and it’s really important for us to remember that in order for us to defend all of the users of the internet, that we’re all working collectively together, private companies and public sector, around the world.
ZDNET’S MONDAY MORNING OPENER
The Monday Morning Opener is our opening salvo for the week in tech. Since we run a global site, this editorial publishes on Monday at 8:00am AEST in Sydney, Australia, which is 6:00pm Eastern Time on Sunday in the US. It is written by a member of ZDNet’s global editorial board, which is comprised of our lead editors across Asia, Australia, Europe, and North America.
PREVIOUSLY ON MONDAY MORNING OPENER: More

Three high-ranking US officials have hinted this month that the Trump administration is seriously thinking and working on banning Chinese app TikTok.
The list of officials who made comments of the sort includes Secretary of State Mike Pompeo (in an interview on Fox News’ The Ingraham Angle), National Security Advisor Robert O’Brien (in an interview on Fox News Radio), and Trump Chief of Staff Mark Meadows (speaking to reporters on an Air Force One flight).
The three officials said TikTok is collecting data on US users and sharing the information with the Chinese Communist Party.
Pompeo, who was the first to start the Trump administration’s attack on the Chinese app, said US officials began looking seriously at banning TikTok in the US after the app was banned days before in India.
On June 29, amid a military conflict with Beijing on India’s northern border, the New Delhi government banned 59 Chinese-made applications, including TikTok, under accusations collecting and sharing data on Indian users with Chinese intelligence.

Pompeo’s initial attack on TikTok was followed days later by National Security Advisor Robert O’Brien, who took the accusations a step further, suggesting that TikTok was collecting facial recognition information on US users.
“I don’t think there’s any self-imposed deadline for action, but I think we are looking at weeks, not months,” Trump Chief of Staff Mark Meadows told reporters on a flight from Atlanta to Andrews Base, a few days later, echoing the previous two officials’ comments.
The Chinese app, now managed through US company ByteDance, has been facing these type of allegations for years, amid a rising wave of anti-Chinese sentiment in the US. The company has always denied rumors and accusations, stating multiple times that the app is run separately from its Chinese version, named Douyin, and any data on US users is stored in the US, not in China. However, this hasn’t stopped rumors of TikTok serving as a conduit for Chinese spying from resurfacing again and again.
But while until now TikTok had to deal with mere accusations, usually from the press, the app might soon find itself facing an official ban.
While the month started with comments from government officials, the Trump administration has now gone to social media for its next step.
Over the past week, the Trump re-election campaign has run multiple anti-TikTok ads on Facebook and Instagram, accusing the Chinese app of spying on users, in an effort to get support from the Trump voter base for an impending ban.
The new developments suggest the Trump administration is dead-set on a ban, and the White House is following the same playbook it used against Huawei, slowly chipping away at the public’s confidence until it feels ready to pass on official measures.
However, several experts have warned — both last year and this month — that a ban on TikTok won’t achieve the desired effect, being only a shallow measure that won’t stop “Chinese spying,” as thousands of other apps will remain available to US users.
Furthermore, TikTok is also not the app that officials should be focusing on, according to experts, who believe WeChat is China’s most powerful social media tool.
“I am not saying those are not risks, but when it comes [to] influence and interference in the political processes of foreign governments I think TikTok is a sideshow compared to WeChat,” said Bill Bishop, a reporter who covered China and its policies for the New York Times and other publications.
“WeChat’s overall user base in foreign countries may be small, but it is massive among the overseas Chinese diaspora, many of whom use WeChat as a key if not the primary information channel. Australia and Canada have already seen issues around elections from disinformation via WeChat,” Bishop said. More