A recent increase in U.S. sanctions against ransomware actors helped to slow the effectiveness of cyberattackers and limit their profits, witnesses told the Senate Homeland Security Committee Tuesday. But the U.S. can do more to counter ransomware activity, they said, including working closer with allies to track ransomware payments and collecting better information from industry.
The Treasury Department's Office of Foreign Assets Control added several more Chinese tech firms to its investment blacklist, including drone maker DJI, for allegedly helping Beijing track and detain Muslim minorities in Xinjiang. The move, announced Thursday, also banned investments in Cloudwalk Technology, Dawning Information Industry, Leon Technology, Megvii Technology, Netposa Technologies, Xiamen Meiya Pico Information and Yitu. All were already on the Commerce Department’s Bureau of Industry and Security entity list for export restrictions. The companies, which are now formally designated as having ties to the Chinese military, operate in China’s surveillance technology sector, OFAC said. The agency said DJI, the world’s largest commercial drone producer, supplies drones to the Xinjiang Public Security Bureau, which was added to the entity list in 2019. Technology supplied by the companies helped Xinjiang authorities confine more than a million Uyghurs and other Muslim minorities in detention centers, OFAC said. The companies “actively support the biometric surveillance and tracking of ethnic and religious minorities in China” through the “installation of thousands of neighborhood police kiosks and ubiquitous placement of surveillance cameras, collection of biometric data for identification purposes, and more intrusive monitoring of internet use,” OFAC said. A DJI spokesperson declined to comment. Megvii, CloudWalk, Xiamen Meiya Pico, Yitu, and NetPosa didn’t respond to requests for comment. Dawning and Leon couldn’t be reached. "The attempt of the U.S. to use Xinjiang to contain China will never succeed," said a Chinese Foreign Affairs Ministry spokesperson Friday. "China will take all necessary measures to resolutely safeguard the legitimate rights and interests of Chinese institutions and companies."
The Biden administration "stands ready" to enable Cubans to have “safe and secure access to the free flow of information on the Internet,” it announced Wednesday. FCC Commissioner Brendan Carr, Florida Gov. Ron DeSantis (R), the state's Lt. Gov. Jeanette Nunez (R) and other Republicans urged President Joe Biden to enable U.S. businesses to provide internet service to Cubans (see 2107160065). Commerce's Bureau of Industry and Security (BIS) and Treasury’s Office of Foreign Assets Control (OFAC) issued a joint fact sheet Wednesday detailing the actions. OFAC and BIS “stand ready to engage” with stakeholders to provide “guidance and respond to applications for specific licenses” under relevant regulations which help support Cuban internet access, said the fact sheet. It encourages interested parties to take advantage of general license exemptions for software and services for Cuban internet users and BIS license exemptions for the export and re-export of commodities, software and technology. The Senate’s 50-49 approval Wednesday of Senate Concurrent Resolution 14, the blueprint for a coming $3.5 trillion budget reconciliation measure (see 2108100062), followed voice passage Tuesday of an amendment from Sens. Marco Rubio, R-Fla.; Jerry Moran, R-Kan.; and Rick Scott, R-Fla., aimed at pressing Biden administration facilitation of internet access to Cuba. The nonbinding Rubio-led amendment would create a Deficit Neutral Reserve Fund in the next reconciliation bill that would be used to develop and deploy tech to facilitate internet access to Cuba. Senators frequently propose DNRFs amid a budget reconciliation process to make a statement about myriad issues. “My colleagues sent a clear, bipartisan message that the United States is committed to getting uncensored and unrestricted internet access to the people of Cuba,” Rubio said.
An Atlanta-based Bitcoin service provider was fined more than $500,000 for allowing people in sanctioned countries to use its services. BitPay committed more than 2,000 sanctions violations when it allowed people in Cuba, North Korea, Iran, Sudan, Syria and the Crimea region of Ukraine to use digital currency on the platform to transact with U.S. parties, the Office of Foreign Assets Control said Thursday. OFAC said BitPay allowed $129,000 worth of digital currency transactions that should have been blocked. OFAC said the case highlights the compliance risks faced by digital currency services. Those companies “are responsible for ensuring that they do not engage in unauthorized transactions,” OFAC said, saying they should develop a tailored compliance program that screens “all available information,” including IP addresses and location data. "During the transaction period, and since, BitPay has steadily enhanced its already rigorous compliance program," the company said. "Our commitment to compliance has been continuous and unwavering."
Microsoft's GitHub said it got a U.S. sanctions license to provide services to software developers in Iran. GitHub, which provides hosting for software development, convinced the Treasury Department’s Office of Foreign Assets Controls that its use “advances human progress” and international communication, and improves free speech, the company said Tuesday. GitHub called the two-year process with OFAC “lengthy and intensive” and said it's “in the process” of rolling back “all restrictions on developers in Iran, and reinstating full access.” The company said it's working to secure similar licenses for developers in Crimea and Syria. OFAC didn’t comment Thursday.
The Office of Foreign Assets Control fined Comtech Telecommunications $894,111 for exporting warrantied satellite equipment and providing services and training to the Sudan Civil Aviation Authority, OFAC said. The settlement mandates bolstering its sanctions compliance program, including more frequent risk assessments, stricter internal controls and improved compliance training. From June 2014 to October 2015, Comtech indirectly exported the equipment and “facilitated ongoing telephone support” and training despite knowing the ultimate customer was under sanction by the U.S., OFAC said: Company affiliates signed a sales agreement with a Canadian satellite communications equipment manufacturer that was procuring the equipment for a Sudanese end user. The resolution will strengthen "Comtech’s compliance program," said CEO Fred Kornberg. "Trade compliance has been, and will continue to be, a top priority.” The company didn't comment further Friday.
The Treasury Department Office of Foreign Assets Control fined Amazon more than $130,000 for allegedly violating U.S. sanctions. The company processed online orders sent to a range of sanctioned countries in the Middle East and Asia, and didn't follow reporting requirements for more than 300 transactions done under a Crimea general license, OFAC said Wednesday. The company also processed orders for people “located in or employed by the foreign missions” of Cuba, Iran, North Korea, Sudan and Syria. Amazon’s sanctions screening program “failed to fully analyze all transaction and customer data,” which led to gaps in compliance, the U.S. said. The maximum penalty was more than $1 billion, but OFAC said Amazon self-disclosed the violations. Additional mitigating factors included that Amazon hadn't committed a violation in the previous five years, cooperated with the investigation and conducted an internal probe. The company didn't comment Thursday.
Cybersecurity company Cloudflare submitted “incorrect information” on hardware exports to the Commerce Department and received payments from people and entities on a sanctions list of foreigners, it told the SEC this month. It voluntarily disclosed possible violations to the Bureau of Industry and Security and Office of Foreign Assets Control this year. It took “remedial measures” to prevent future violations, and agencies are reviewing the potential violations, the company said. The firm said it sells products to “certain OFAC-sanctioned regions” through the use of general licenses. The company didn't comment further Friday. The SEC filing involved an initial public offering, which the agency acted on Thursday, the firm said then. In the first day of trading in U.S. markets under the NET ticker Friday, shares closed up 20 percent at $18.
ICANN's status as a California nonprofit headquartered in the U.S. has raised hackles for years, and now a working group is exploring if location affects accountability and policies. In February, the Cross Community Working Group on Enhancing ICANN Accountability's jurisdiction subgroup sought input. It received about 20 responses, most citing no difficulties, and posted a list of proposed issues for the subgroup to consider. Two key concerns are whether U.S. foreign policy hampers ICANN from approving registries and accrediting registrars, and what impact jurisdiction has on delegation of country code top-level domain names (ccTLDs).
"The path is now clear" for the U.S. to "help bring Cuban telecommunications into the [21st century]," said Jamie Barnett, a Venable cybersecurity and telecom lawyer, in an online memo, referring to a recent policy change of the Commerce Department's Bureau of Industry and Security (BIS). The bureau's policy change regarding Cuba -- from a "case-by-case" review of telecommunications license applications to a "general policy of approval" -- became effective in late January, and coincides with recently announced amendments to the Cuban Asset Control Regulations (CACR) made by the Treasury's Office of Foreign Assets Control (OFAC), Barnett said. OFAC's amendments to the CACR "further relax[ed] the restrictions on the economic activities in, and financing exports to, Cuba," he said. Barnett said OFAC took multiple, incremental steps in 2015 to open up U.S. telecom-based services in Cuba, and its most recent action in January continues that trend. "As both OFAC and BIS have made clear, the purpose of the new rules involving trade with Cuba is to engage the private sector in that country to the largest extent possible while supporting the Cuban government as little as practicable in keeping with this purpose," he said. "In the telecom field, the U.S. government appears to appreciate that major infrastructure projects will be required and that these can be accomplished only by working with the Cuban government." Although providers will need BIS licenses to "bring Cuba telecom into par with the U.S.," and U.S. companies will need to carefully negotiate the remaining OFAC sanctions, "U.S. policy is clearly to promote the modernization of Cuba's telecommunications sector."