The US state of Maryland has banned its agencies from using TikTok and other Chinese and Russian platforms, after reports that China’s state-backed hackers allegedly stole millions of Covid relief funds in the US.
Maryland’s governor Larry Hogan issued an emergency directive on Tuesday prohibiting the use of Chinese and Russian products and platforms including the social media app TikTok, the message app WeChat, as well as Russia’s Kaspersky cybersecurity software.
The governor’s office noted that these products and platforms “present an unacceptable level of cybersecurity risk” to the state, adding that they may be involved in cyber-espionage, and surveillance of government entities, or in the inappropriate collection of sensitive personal information.
“There may be no greater threat to our personal safety and our national security than the cyber vulnerabilities that support our daily lives,” Mr Hogan said in a statement.
“As the cyber capital of America, Maryland has taken bold and decisive actions to prepare for and address cybersecurity threats. To further protect our systems, we are issuing this emergency directive against foreign actors and organizations that seek to weaken and divide us,” he added.
The directive applied to TikTok, Huawei Technologies, ZTE Corp, Tencent QQ, QQ Wallet, WeChat, Alibaba products, AliPay, and Kaspersky.
The state’s agencies were instructed to remove all of these products from networks and implement measures to prevent their installation.
Maryland’s chief information security officer Chip Stewart urged agencies to also implement restrictions to prevent the use of, or access to, these services.
“This action represents a critical step in protecting Maryland State systems from the cybersecurity threats caused by foreign organizations,” Mr Stewart said.
The ban on these apps and platforms follows NBC’s report citing the US Secret Service that the Chinese government-linked hacking group APT41 stole at least $20m in Covid relief benefits, including from unemployment insurance funds and small business administration loans in over a dozen US states since 2020.
While it remains to be seen if the hackers stole the funds for personal gain or on behalf of Beijing, experts say this could be the first instance of pandemic fraud linked to foreign, state-backed cybercriminals.
APT41 has been under the FBI’s watch since before the pandemic with the Secret Service calling it a “Chinese state-sponsored, cyberthreat group that is highly adept at conducting espionage missions and financial crimes for personal gain”.
Over the years they have targeted a number of companies, “representing a broad array of industries to include: social media, telecommunications, government, defense, education, and manufacturing,” according to the FBI.
“The Chinese government has shown a willingness to steal Americans’ data on a scale that dwarfs any other,” FBI Director Christopher Wray said last week, reiterating that TikTok posed a threat to national security.