Srsly Risky Biz: Spain leaves key under mat for Huawei

Summary

Risky Bulletin Podcast Summary

Episode: Srsly Risky Biz: Spain leaves key under mat for Huawei
Host: Amberly Jack
Guest: Tom Uren, Policy and Intelligence Editor
Release Date: July 17, 2025

1. Introduction

In this episode of Risky Bulletin, Amberly Jack hosts a discussion with Tom Uren, the policy and intelligence editor at Risky Biz. With Patrick Gray on holiday, Amberly delves into critical cybersecurity issues, focusing primarily on Spain's longstanding relationship with Huawei regarding its lawful intercept systems and recent developments in cybercrime activities linked to the Scattered Spider group.

2. Spain’s Enduring Partnership with Huawei

The conversation opens with Amberly addressing a surprising revelation about Spain's contractual relationship with Huawei.

Amberly Jack [00:48]:
"You and I were talking earlier this week about recent reporting that Spark Bain had contracted Huawei to manage the storage for the government's lawful intercept systems... it turns out it got a bit worse and they've actually been in a bit of a relationship for many years now."

Tom Uren [01:15]:
"It's a terrible decision. How could anyone make that decision in this day and age? Because there's been a whole lot of concerns about Huawei over the last, I guess, decade in particular."

Tom elaborates on the concerns surrounding Huawei, emphasizing the company's perceived ties to the Chinese government and the inherent risks of entrusting critical national security systems to a vendor under Chinese jurisdiction.

3. Security Implications and Risks

Tom delves deeper into the implications of having Huawei manage Spain's lawful intercept systems.

Tom Uren [02:00]:
"Lawful intercept systems,... have been used to fight crime in particular, but they're also used for counterintelligence... a great place to be if you're both for law enforcement but also for foreign intelligence services."

He highlights historical instances, such as the 2004 Athens Olympics hack, to illustrate the potential vulnerabilities of these systems when managed by high-risk vendors. The lack of renewal or reassessment of Huawei's role over two decades poses significant national security threats.

4. Salt Typhoon and Unauthorized Access Attempts

Amberly brings up another concerning development related to Salt Typhoon, a Chinese-backed cyber threat group.

Amberly Jack [04:37]:
"You also touched on the newsletter about Salt Typhoon hacks on US telcos as another example."

Tom Uren [04:37]:
"Salt Typhoon has been trying to get access... they got access to the portals that we use to task the system... this essentially tips off the Chinese intelligence services about US agencies' interests."

Tom explains that even limited access to tasking portals can provide valuable intelligence to foreign actors, potentially compromising ongoing operations and national security.

5. Long-Term Relationship Between Spain and Huawei

The discussion circles back to Spain's enduring contract with Huawei, spanning over two decades.

Tom Uren [05:49]:
"It turns out that they've actually been involved in Spain's lawful intercept system for almost well over two decades now... between 2004 and today, there should have been a time where you went, okay, next time we revisit this contract, it's time to do something different."

He criticizes the lack of reassessment and the failure to sever ties despite escalating concerns, likening the situation to the "frog boiling" metaphor—where gradual changes go unnoticed until it's too late.

Rob Joyce Quote [07:30]:
"Spain is putting Salt Typhoon out of business because they're just giving it all away."

Rob Joyce, a former NSA cybersecurity leader, underscores the severity of Spain's actions, emphasizing the inadvertent support it provides to Chinese intelligence efforts.

6. Scattered Spider and Recent UK Arrests

Transitioning to cybercrime, Amberly references Tom's newsletter on the Scattered Spider group and recent arrests in the UK.

Amberly Jack [09:15]:
"You wrote about Scattered Spider... four people got arrested in the UK over recent retail hacks."

Tom Uren [12:08]:
"The UK National Crime Agency announced that four people had been arrested... all very young people."

He details the profiles of the arrested individuals, highlighting their involvement in previous cybercrime activities and the challenges in prosecuting such young offenders.

7. The Cybercrime Pipeline and Resilience of Scattered Spider

Tom discusses the resilience and adaptive nature of cybercrime groups like Scattered Spider.

Tom Uren [15:15]:
"Scattered Spider is many of the same people as Lapsus, they just don't have a public presence... there's a pipeline of new people, new spiderlings getting developed and they pick up over time."

He emphasizes that while arrests may temporarily disrupt operations, the inherent structure and recruitment strategies of these groups ensure their continuity and evolution.

Tom Uren [18:24]:
"There's enough of them that there will be these people who want to do this stuff and get a thrill out of it... they are always pushing new boundaries."

This underscores the perpetual threat posed by such groups, driven by the thrill and validation found within their communities.

8. Conclusion and Future Outlook

As the episode wraps up, Amberly and Tom reflect on the broader implications for cybersecurity.

Amberly Jack [20:38]:
"So good to spend the next couple of months where there might be some quiet time just boosting their security."

Tom Uren [20:43]:
"Make the crown jewels a bit more protected."

They agree on the necessity for organizations to bolster their defenses proactively, anticipating the inevitable resurgence of cyber threats.

Key Takeaways

Spain's Huawei Contract: Spain has maintained a contractual relationship with Huawei for its lawful intercept systems since 2004, raising significant national security concerns due to Huawei's perceived ties with the Chinese government.
Security Risks: Entrusting critical intelligence and law enforcement systems to high-risk vendors like Huawei can lead to potential compromises and unauthorized access by foreign intelligence services.
Salt Typhoon Threat: Chinese-backed Salt Typhoon group’s attempts to access lawful intercept portals exemplify the ongoing cyber threats targeting national security infrastructures.
Cybercrime Resilience: Groups like Scattered Spider demonstrate the persistent and adaptive nature of cybercriminal communities, with continuous recruitment and skill development ensuring their longevity despite law enforcement actions.
Proactive Defense: Organizations must prioritize strengthening their cybersecurity measures to protect against sophisticated and evolving threats from both state-backed and independent cybercriminal entities.

For a more in-depth analysis, you can subscribe to the Seriously Risky Business newsletter on the Risky Biz website and stay updated with the latest cybersecurity insights.

Summary

Risky Bulletin Podcast Summary

Episode: Srsly Risky Biz: Spain leaves key under mat for Huawei
Host: Amberly Jack
Guest: Tom Uren, Policy and Intelligence Editor
Release Date: July 17, 2025

1. Introduction

2. Spain’s Enduring Partnership with Huawei

The conversation opens with Amberly addressing a surprising revelation about Spain's contractual relationship with Huawei.

3. Security Implications and Risks

Tom delves deeper into the implications of having Huawei manage Spain's lawful intercept systems.

4. Salt Typhoon and Unauthorized Access Attempts

Amberly brings up another concerning development related to Salt Typhoon, a Chinese-backed cyber threat group.

Amberly Jack [04:37]:
"You also touched on the newsletter about Salt Typhoon hacks on US telcos as another example."

Tom explains that even limited access to tasking portals can provide valuable intelligence to foreign actors, potentially compromising ongoing operations and national security.

5. Long-Term Relationship Between Spain and Huawei

The discussion circles back to Spain's enduring contract with Huawei, spanning over two decades.

Rob Joyce Quote [07:30]:
"Spain is putting Salt Typhoon out of business because they're just giving it all away."

Rob Joyce, a former NSA cybersecurity leader, underscores the severity of Spain's actions, emphasizing the inadvertent support it provides to Chinese intelligence efforts.

6. Scattered Spider and Recent UK Arrests

Transitioning to cybercrime, Amberly references Tom's newsletter on the Scattered Spider group and recent arrests in the UK.

Amberly Jack [09:15]:
"You wrote about Scattered Spider... four people got arrested in the UK over recent retail hacks."

Tom Uren [12:08]:
"The UK National Crime Agency announced that four people had been arrested... all very young people."

He details the profiles of the arrested individuals, highlighting their involvement in previous cybercrime activities and the challenges in prosecuting such young offenders.

7. The Cybercrime Pipeline and Resilience of Scattered Spider

Tom discusses the resilience and adaptive nature of cybercrime groups like Scattered Spider.

He emphasizes that while arrests may temporarily disrupt operations, the inherent structure and recruitment strategies of these groups ensure their continuity and evolution.

Tom Uren [18:24]:
"There's enough of them that there will be these people who want to do this stuff and get a thrill out of it... they are always pushing new boundaries."

This underscores the perpetual threat posed by such groups, driven by the thrill and validation found within their communities.

8. Conclusion and Future Outlook

As the episode wraps up, Amberly and Tom reflect on the broader implications for cybersecurity.

Amberly Jack [20:38]:
"So good to spend the next couple of months where there might be some quiet time just boosting their security."

Tom Uren [20:43]:
"Make the crown jewels a bit more protected."

They agree on the necessity for organizations to bolster their defenses proactively, anticipating the inevitable resurgence of cyber threats.

Key Takeaways

Spain's Huawei Contract: Spain has maintained a contractual relationship with Huawei for its lawful intercept systems since 2004, raising significant national security concerns due to Huawei's perceived ties with the Chinese government.
Security Risks: Entrusting critical intelligence and law enforcement systems to high-risk vendors like Huawei can lead to potential compromises and unauthorized access by foreign intelligence services.
Salt Typhoon Threat: Chinese-backed Salt Typhoon group’s attempts to access lawful intercept portals exemplify the ongoing cyber threats targeting national security infrastructures.
Cybercrime Resilience: Groups like Scattered Spider demonstrate the persistent and adaptive nature of cybercriminal communities, with continuous recruitment and skill development ensuring their longevity despite law enforcement actions.
Proactive Defense: Organizations must prioritize strengthening their cybersecurity measures to protect against sophisticated and evolving threats from both state-backed and independent cybercriminal entities.

For a more in-depth analysis, you can subscribe to the Seriously Risky Business newsletter on the Risky Biz website and stay updated with the latest cybersecurity insights.

wavePod

Powered by Wave AI

Summary

Risky Bulletin Podcast Summary

1. Introduction

2. Spain’s Enduring Partnership with Huawei

3. Security Implications and Risks

4. Salt Typhoon and Unauthorized Access Attempts

5. Long-Term Relationship Between Spain and Huawei

6. Scattered Spider and Recent UK Arrests

7. The Cybercrime Pipeline and Resilience of Scattered Spider

8. Conclusion and Future Outlook

Key Takeaways

Summary

Risky Bulletin Podcast Summary

1. Introduction

2. Spain’s Enduring Partnership with Huawei

3. Security Implications and Risks

4. Salt Typhoon and Unauthorized Access Attempts

5. Long-Term Relationship Between Spain and Huawei

6. Scattered Spider and Recent UK Arrests

7. The Cybercrime Pipeline and Resilience of Scattered Spider

8. Conclusion and Future Outlook

Key Takeaways