Australia admits cyber defences 'inadequate' as medical hack hits millions

France24 – AFP, 26 October 2022 

Hackers have accessed millions of medical records at Medibank, one of Australia's
largest private insurers SAEED KHAN AFP/File

Sydney (AFP) – Hackers accessed millions of medical records at one of Australia's largest private health insurers, the company said Wednesday, prompting the government to admit the nation's cyber safeguards were "inadequate". 

This was the latest in a series of hacks targeting millions of people that have brought Australian companies' lax approach to cyber security into sharp relief. 

Medibank chief executive David Koczkar said information about each of the company's 3.9 million policy holders -- some 15 percent of Australia's population -- had been compromised. 

"Our investigation has now established that this criminal has accessed all our private health insurance customers' personal data and significant amounts of their health claims data," he said in a statement to the Australian stock exchange. 

"This is a terrible crime. This is a crime designed to cause maximum harm to the most vulnerable members of our community." 

The cyber attack was revealed last week, but it was not known until now how many people were impacted. 

The hackers have previously threatened to leak the data, starting with 1,000 famous Australians, unless Medibank pays a ransom. 

Medibank on Wednesday also confirmed it was not insured against cyber attacks, estimating the hack could cost the company as much as Au$35 million (US$22 million). 

The Medibank hack followed an attack on telecom company Optus last month that exposed the personal information of some nine million Australians -- almost a third of the population. 

The Optus attack was one of the largest data breaches in Australian history. 

'Inadequate'

Australia's Attorney-General Mark Dreyfus has previously accused companies of stockpiling sensitive customer data they did not need. 

Firms currently face paltry fines -- Au$2.2 million -- for failing to protect customer data. 

Dreyfus last week said these fines would be ratcheted up to Au$50 million. 

"Unfortunately, significant privacy breaches in recent weeks have shown existing safeguards are inadequate," he said. 

"It's not enough for a penalty for a major data breach to be seen as the cost of doing business." 

Home Affairs Minister Clare O'Neil on Tuesday said the fallout from the Medibank hack was "potentially irreparable". 

"One of the reasons why the government is so worried about this is because of the nature of the data," she told Australia's parliament. 

"When it comes to the personal health information of Australians, the damage here is potentially irreparable." 

O'Neil has previously described hacking as a "dog act" -- an Australian phrase reserved for something especially shameful or despicable.

Private psychotherapy notes leaked in major Finnish hack

Yahoo – AFP, 26 October 2020

The confidential treatment records of tens of thousands of psychotherapy patients in Finland have been hacked and some leaked online, in what the interior minister said Monday was "a shocking act." 

Many victims of the hack reported receiving emails with a demand for 200 euros
($236) in bitcoin to prevent the contents of their discussions with therapists
being made public. (Nicolas Asfouri)

Distressed patients flooded victim support services over the weekend as Finnish police revealed hackers accessed records belonging to private company Vastaamo, which runs 25 therapy centres across Finland. 

Thousands have filed police complaints over the breach, they added. 

Many patients reported receiving emails with a demand for 200 euros ($236) in bitcoin to prevent the contents of their discussions with therapists being made public. 

"The Vastaamo data breach is a shocking act which hits all of us deep down," Interior Minister Maria Ohisalo wrote on her website on Monday. 

Finland must be a country where "help for mental health issues is available and it can be accessed without fear." 

Ministers met for crisis talks this weekend, with further emergency discussions tabled for the coming week over the unprecedented data breach. 

"We are investigating an aggravated security breach and aggravated extortion, among other charges," Robin Lardot, the director of Finland's National Bureau of Investigation, told a news conference at the weekend. 

Lardot added that they believed the number of patients whose records had been compromised numbered in the tens of thousands. 

On Monday evening, Vastaamo said it had fired its CEO, Ville Tapio, after an internal enquiry discovered that he had concealed a March 2019 data breach from the board and the firm's parent company. 

The firm admitted flaws in the security of its customer data, "which allowed criminals to break into the database up until March 2019," Vastaamo said in a statement. 

The company's owner, PTK Midco Oy, on Monday launched court proceedings "in relation to its May 2019 purchase of Vastaamo," the statement added. 

'Justifiably worried' 

Security experts reported that a 10-gigabyte data file containing private notes between at least 2,000 patients and their therapists had appeared on websites on the so-called dark web. 

The hack, which targeted some of society's most vulnerable including children, has caused widespread shock in the Nordic country of 5.5 million, with ministers gathering on Sunday to discuss how to support the patients whose sensitive data had been leaked. 

"It is absolutely clear that people are justifiably worried not only about their own security and health but that of their close ones, too," Ohisalo told reporters late on Sunday. 

On Monday, authorities launched a website for victims of the cyberattack, offering advice and telling them not to pay the ransom demand. 

"Do not communicate with the extortionist, the data have most likely already been leaked elsewhere," the "Data Leak Help" site said. 

Mental health and victim support charities reported being overwhelmed with calls from distressed people fearing that their intimate conversations with their therapists would be publicly released. 

Nothing 'to be ashamed of' 

One of the recipients of a blackmail threat, the former MP Kirsi Piha, tweeted a screenshot of the ransom message along with a defiant reply to the hackers. 

"Up yours! Seeking help is never something to be ashamed of," Piha wrote. 

"I've seen a lot, but I haven't seen this," Mikko Hypponen, chief research officer at data security firm F-Secure said in a statement. 

"I don't think there's a crime in our criminal history which would have more victims than this one." 

Hypponen, an internationally renowned cybersecurity specialist, said the perpetrator used the alias "ransom_man", and said he was only aware of one other patient blackmail case, where a cosmetic surgery clinic in Florida had a smaller amount of data stolen in 2019. 

On Monday, Finland's social care regulator said in a statement it was investigating Vastaamo's practices, including how well patients were kept informed of the breach. 

Meanwhile, the head of the state digital services agency DVV, Kimmo Rousku, said that the cyberattack could have been avoided if Vastaamo had used better encryption. 

DVV published a checklist on Monday for firms to make sure their digital security is in order. 

"Management needs to wake up," Rousku told public broadcaster Yle. 

A phone line offering legal advice had also been set up, the country's consumer authority announced.

Vopak goes digital, but staff are unhappy about their movements being monitored

DutchNews, November 20, 2019

The Vopak terminal in Eemshaven. Wutsje via Wikimedia Commons

Workers at chemical storage company Vopak are concerned about a new electronic pass card that all workers will have to carry from next year, which will monitor everything they do, the Financieele Dagblad said on Wednesday. 


The card will record where people are, if they are standing up or sitting down and even if they have a work permit, the paper said.

‘We have our real doubts about this,’ Cees den Breejen, of the company works council, told the paper. ‘We have no problem if this is about safety but this is very privacy-sensitive. Where someone walks, if he has gone to the loo… what is the company going to do with all this data?’ 

Vopak argues that the new system will boost safety and will, for example, send out a signal if the wearer is lying on the ground. ‘If someone is horizontal for some time, then the other badges in the neighbourhood will get a signal,’ CIO Leo Brand said. 

The pass cards will first be tested in January and will also get an update allowing sound to be recorded, the FD said. Visitors to Vopak storage facilities will also be given such a card to wear. 

The personnel monitoring is part of the company’s plans to implement the use of digital technology across all aspects of its operations, including the placement of robots in tanks to monitor for leaks and sensors to check if pumps and taps are working properly. 

‘I think it will be very hard to prove that this monitoring falls within the bounds of privacy legislation,’ lawyer Thomas van Essen told the paper. ‘I’ve not come across a system which goes this far.’

Huawei pushes 5G in SEAsia, brushing off 'tech war' with US

Yahoo – AFP, November 3, 2019

Huawei has emerged as a key protagonist in the wider US-China trade war that
has seen tit-for-tat tariffs imposed on hundreds of billions of dollars worth
of goods (AFP Photo/STEFAN WERMUTH)

Chinese phone giant Huawei said Sunday it was ready to roll out 5G infrastructure across Southeast Asia, dismissing US warnings its tech could be used to hoover up data for Beijing.

The firm has emerged as a key protagonist in the wider US-China trade war that has seen tit-for-tat tariffs imposed on hundreds of billions of dollars worth of goods.

President Donald Trump's administration has warned Huawei's equipment could allow China to spy on other countries and has effectively blocked American companies from selling US technology to the firm.

But the company has repeatedly denied the accusations, saying it is the victim of tech envy.

Thailand and the Philippines have shrugged off the cybersecurity warnings in a rush to exploit the ultra-fast 5G network promised by the China's biggest smartphone maker, while Vietnam has edged away from Huawei.

"China and the US now is in the trade war and also there is some kind of technology war (which) Huawei is very focused on at the moment," said Huawei vice-president Edward Zhou at the Association of Southeast Asian (ASEAN) summit on Sunday.

"We are here to support the ASEAN (in) the development for the 5G."

Encompassing hundreds of millions of people, the 10-member bloc wants the next-level technology to help businesses, infrastructure and transport compete globally.

Host country Thailand has welcomed Huawei with open arms, allowing it to set up a test bed at a major university near the Thai capital.

A Huawei spokesperson previously told AFP it had invested $5 billion in the trials and has been invited to conduct similar tests in other Southeast Asian markets.

Elsewhere the Philippines' Globe Telecom said this summer it was launching Southeast Asia's first 5G broadband service using Huawei technology.

Both Thailand and the Philippines are historic US allies and some see the tangle over 5G as a challenge of influence between the two powers.

But not all countries have been eager to sign up.

Vietnam has quietly sided with the US on the issue, shunning the Chinese firm in favour of alternative providers for 5G technology, including Ericsson and Nokia.

The country's military-owned telecoms giant Viettel hopes to be the first to roll out 5G in Hanoi and Ho Chi Minh City, and has said it plans to to do so without Huawei, citing security concerns.

Zhou reiterated past statements by the company brushing aside the US claims.

"There is not any cybersecurity issues for us. There is no evidence for the US to say that," he said.

Equifax to pay up to $700 mn over data breach: US

Yahoo – AFP, Rob Lever, July 22, 2019

The data breach at credit monitoring firm Equifax exposed highly sensitive data
from tens of millions of consumers (AFP Photo/Kirill KUDRYAVTSEV)

Washington (AFP) - US credit monitoring agency Equifax agreed to pay up to $700 million in a settlement stemming from a data breach that affected nearly 150 million customers, regulators said Monday.

The biggest-ever penalty in a data breach case was announced by the Federal Trade Commission and state regulators following revelations that hackers had stolen the personal details of millions, including names, dates of birth and social security numbers.

"Companies that profit from personal information have an extra responsibility to protect and secure that data," FTC chairman Joe Simons said in a statement announcing the settlement.

"Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers," he added.

The settlement, subject to court approval, calls for at least $300 million of the penalty to go to affected consumers, and to provide extra credit monitoring beyond what the company has already offered.

Additional money will be added to this consumer fund based on the number of claims filed, officials said.

"As part of our settlement, Equifax will provide every American who had their highly sensitive information accessed with the tools they need to battle identity theft in the future," said New York state Attorney General Letitia James, one of the state regulators in the case.

Federal Trade Commission chairman Joe Simons, seen at a hearing in Congress 

this year, announced a settlement with credit monitoring firm Equifax over a 

massive 2017 data breach that exposed personal and financial information (AFP 

Photo/CHIP SOMODEVILLA)

"Equifax put profits over privacy and greed over people, and must be held accountable to the millions of people they put at risk."

Some $175 million will be paid to states joining the litigation and $100 million in civil penalties to the federal government to settle charges of unfair and deceptive practices.

According to documents filed in court, Equifax will offer affected consumers "cash compensation, credit monitoring, and help with identity restoration" and must spend at least $1 billion to improve its data security.

Consumers may receive up to 10 years of free credit monitoring or $125 cash to cover their own monitoring costs, the FTC said. Those who experienced identity theft may receive up to $20,000 in compensation.

'Equifax chose us'

While Equifax does not deal directly with consumers, it handles sensitive information on them to help lenders determine borrowers' creditworthiness in the United States and some other countries including Britain. It is one of three large credit-reporting agencies in the United States.

Maryland state attorney general Brian Frosh said the breach was troublesome because most consumers did not know their data was being collected or consent to it.

The worst thefts of personal data by number of victims (AFP Photo/

Thomas SAINT-CRICQ)

"We did not choose Equifax, Equifax chose us," he told a news conference in Washington with FTC and other officials.

"It collected our personal information... and it sold the product and some of the raw data to other people."

The FTC said that Equifax learned of a vulnerability in its network in March 2017 but failed to patch its network or notify consumers until later in the year.

Origin remains unclear

While not the largest breach -- attacks on Yahoo leaked data on as many as three billion accounts -- the Equifax incident could be the most damaging because of the nature of the data collected: bank and social security numbers and personal information of value to hackers and others.

It remains unclear who was behind the Equifax hack, but some experts said it appeared to be the work of a state-sponsored actor.

Equifax chief executive Mark Begor said in a statement: "This comprehensive settlement is a positive step for US consumers and Equifax as we move forward from the 2017 cybersecurity incident and focus on our transformation investments in technology and security as a leading data, analytics, and technology company."

Hospital fined €460,000 for privacy breaches after Barbie case

DutchNews, July 16, 2019 

The Haga hospital in The Hague has been fined €460,000 for poor patient file security, after it emerged a tv reality soap star’s medical records had been accessed by dozens of unauthorised members of staff. 

The Dutch privacy watchdog Authoriteit Persoonsgegevens said its research showed patient records at the hospital are still not properly secure. 

‘The relationship between a healthcare provider and patient must be completely confidential,’ chairman Aleid Wolfsen said. ‘This should be the same within the walls of a hospital. It does not matter who you are.’ 

The hospital gave 85 members of staff an official warning for looking at the medical files of Samantha de Jong, better known as Barbie, when she was hospitalised after a suicide attempt last year. 

The members of staff were not involved in treating the tv reality star and were therefore not entitled to check her files, the hospital said. 

Concerns about privacy have been one of the major brakes on developing a nationwide digital medical record system in the Netherlands. In 2011 the upper house of parliament pulled the plug on a €300m project to introduce such a system due to privacy concerns. 

The government is now planning to introduce a system allowing patients to ‘manage’ their own medical records on their computer or mobile phone and decide who should have access to what information.

EU adopts powers to respond to cyberattacks

Yahoo – AFP, Lachlan CARMICHAEL, May 17, 2019

EU ministers said the 28-nation group would, for the first time, be able to impose
asset freezes and travel bans on individuals, firms and state bodies implicated
in cyberattacks (AFP Photo/Kirill KUDRYAVTSEV)

Brussels (AFP) - The European Union on Friday adopted powers to punish those outside the bloc who launch cyberattacks that cripple hospitals and banks, sway elections and steal company secrets or funds.

EU ministers meeting in Brussels said the 28-nation group would now, for the first time, be able to impose asset freezes and travel bans on individuals, firms and state bodies implicated in such attacks.

"The Council (of EU countries) established a framework which allows the EU to impose targeted restrictive measures to deter and respond to cyberattacks," it said in a statement.

It added that sanctions will be considered if a cyberattack is determined to have had a "significant impact" on its target.

The goal is to bolster the security of EU institutions, firms and individuals against what Britain called an increase in the "scale and severity" of cyberattacks globally.

"This is decisive action to deter future cyberattacks," British Foreign Secretary Jeremy Hunt said after Britain and its EU partners drafted the measures.

"For too long now, hostile actors have been threatening the EU’s security through disrupting critical infrastructure, attempts to undermine democracy and stealing commercial secrets and money running to billions of euros," Hunt said.

"Our message to governments, regimes and criminal gangs prepared to carry out cyberattacks is clear," Britain's top diplomat added.

"Together, the international community will take all necessary steps to uphold the rule of law and the rules based international system which keeps our societies safe.”

The British government has pledged to continue close cooperation with the EU after it leaves the bloc in line with the 2016 referendum.

'Big step forward'

Under the sanctions regime, diplomats said, the 28 EU countries would have to vote unanimously to impose sanctions after meeting a legal threshold of significant impact.

British Foreign Secretary Jeremy Hunt (pictured April 2019) said that "the international 

community will take all necessary steps to uphold the rule of law" (AFP Photo/Daniel 

LEAL-OLIVAS)

For example, countries would look at the scope and severity of disruption to economic and other activities, essential services, critical state functions, public order or public safety, diplomats said.

They would examine the number of people and EU countries affected and determine how much money, intellectual property and data have been stolen.

EU diplomats told reporters it could also cover the hacking of European elections by a third party or country. Elections for a new European Parliament take place May 23-26.

In line with US intelligence assessments, EU officials highlight in particular the threat of disinformation and election hacking from Russia.

EU countries would also study how much the perpetrator has gained through such action.

A Dutch diplomat told reporters that the powers amount to a "big step forward" toward building a more secure cyberspace.

European leaders in October had called for a regime to impose sanctions against cyberattacks.

US and European police said Thursday they have smashed a huge international cybercrime network that used Russian malware to steal 100 million dollars from tens of thousands of victims worldwide.

EU diplomats said the bloc will now start drawing up a blacklist for potential sanctions in cyberattack cases.

A number of powerful people close to Russian President Vladimir Putin appear on a blacklist of 164 Russians and Ukrainians that was established after Moscow's annexation of the Crimean peninsula in 2014.

Those blacklisted are under travel bans and asset freezes just like those that would be imposed on those implicated in cyberattacks.

Dutch researchers find major vulnerability in Intel chips

DutchNews, May 15, 2019

Photo: Depositphotos.com

Researchers at Amsterdam’s VU university have discovered a major leak in Intel microchips which make it possible to get hold of passwords and other sensitive information. 

The vulnerability, named Rogue In-Flight Data Load, was discovered a year ago but only just made public to give Intel time to develop an acceptable fix. 

The leak covered all Intel processors made since 2008 and would have been extremely easy to abuse, the researchers say. 

‘Even if home users used their browsers to visit a website with an advert or other content with a malware Java programme, the hacker could still steal information,’ the researchers say. There were also problems with cloud services. 

However, Herbert Bos, who was in charge of the research, told broadcaster RTL Z that most consumers should not immediately be very concerned and that specific targets, such as senior employees of a company or senior government officials, were more likely to have been victims. 

Intel has now taken steps to close the leaks and protect users, who are now being recommended to update their processors and software.

WhatsApp patches flaw after spyware revelation

Yahoo – AFP, Rob Lever, May 14, 2019

Spyware injected into the popular messaging application WhatsApp could compromise
smartphones and lead to targeting of human rights activists, journalists and others
(AFP Photo/Kirill KUDRYAVTSEV)

Washington (AFP) - WhatsApp on Tuesday warned users to upgrade the application to plug a security hole that allowed for the injection of sophisticated malware that could be used to spy on journalists, activists and others.

Facebook-owned WhatsApp said it released an update to fix the vulnerability in the messaging app, used by 1.5 billion people around the world.

"WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices," a company statement said.

The WhatsApp spyware is sophisticated and "would be available to only advanced and highly motivated actors," the company said, adding that a "select number of users were targeted."

"This attack has all the hallmarks of a private company that works with a number of governments around the world" according to initial investigations, it added, but did not name the firm.

The spyware appears to be related to the Pegasus software developed by Israeli-based NSO group, which is normally sold to law enforcement and intelligence services, according to Washington-based analyst Joseph Hall.

A security flaw in WhatsApp, now fixed, allowed attackers to install spyware on 

phones (AFP Photo/NICOLAS ASFOURI)

The spyware "could have gotten into someone's hands" outside legitimate channels for nefarious purposes, Hall, chief technologist at the Center for Democracy and Technology, told AFP.

"It's unclear who is doing this."

Security researchers have found that Android and Apple phones can be infected with the spyware with a simple audio call through WhatsApp, even if the user does not answer, according to Hall, making detection more difficult.

Big risks

Hall said the unpatched security flaw opens the door to spying by rogue entities on human rights activists, journalists and others.

"The potential danger is quite large," he said.

"These kinds of apps that do encrypted messaging and encrypted phone calls tend to store the most secretive data that people need to protect."

He said dissidents and pro-democracy activists seeking to remain anonymous rely on these encrypted applications, as do journalists when speaking with sources about sensitive information.

Facebook did not comment on the number of users affected or who targeted them, and said it had reported the matter to US authorities.

It also informed EU authorities in Ireland about the "serious security vulnerability," according to a statement by the country's Data Protection Commission (DPC).

The revelation is the latest in a series of issues troubling WhatsApp's parent Facebook, which has faced intense criticism for allowing users' data to be harvested by research companies and over its slow response to Russia using the platform as a means to spread disinformation during the 2016 US election campaign.

WhatsApp is used by an estimated 1.5 billion people and 

its encryption feature has encouraged activsts, journalists 

and others for sensitive information (AFP Photo/Lionel 

BONAVENTURE)

Highly invasive software

WhatsApp said it has briefed human rights organizations on the matter, but did not identify them.

The NSO Group came to prominence in 2016 when researchers accused it of helping spy on an activist in the United Arab Emirates.

Its best-known product is Pegasus, a highly invasive tool that can reportedly switch on a target's phone camera and microphone, and access data on it.

The firm said Tuesday it only licenses its software to governments for "fighting crime and terror."

The NSO Group "does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions," it said in a statement to AFP.

"We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system."

Researchers at the University of Toronto's Citizen Lab have claimed that despite NSO's statement, Pegasus spyware is being misused by many governments.

The WhatsApp breach is the latest in a series of issues troubling its parent 

Facebook (AFP Photo/JUSTIN SULLIVAN)

"Pegasus appears to be in use by multiple countries with dubious human rights records and histories of abusive behavior by state security services," the researchers said in a report last year,

Amnesty International said meanwhile it would join a legal action this week in Israel by some 30 activists to revoke NSO's export license, claiming that one of its own staff members was targeted by a "particularly invasive" variant of the software in June 2018 via WhatsApp.

"NSO Group sells its products to governments who are known for outrageous human rights abuses, giving them the tools to track activists and critics," said Danna Ingleton, deputy director of Amnesty Tech.

"As long as products like Pegasus are marketed without proper control and oversight, the rights and safety of Amnesty International's staff and that of other activists, journalists and dissidents around the world is at risk."

Probe after 117,000 job seekers’ CVs are skimmed from UWV website

DutchNews, May 6, 2019

An investigation has been ordered after 100,000 CVs have been illegally downloaded from the website of the employees’ insurance agency UWV. 

Social affairs minister Wouter Koolmees said the 117,000 resumes had been accessed over a period of two weeks from the website werk.nl using the account of a UWV staff member. The employee in question claimed to have been unaware of the activity. 

The national cybersecurity centre NCSC and the privacy watchdog Autoriteit Persoonsgevevens have been informed and the incident has been reported to the police. All those involved have been contacted by the UWV to warn them to watch out for phishing scams and other online fraud. 

IT experts said the episode highlighted weak security at the UWV, which uses the werk.nl website to share the CVs of jobseekers with employers. Jobseekers have the option of uploading ‘open’ CVs, which are freely available, or ‘closed’, meaning they are available on request.

‘Every company that has an account with werk.nl can see job seekers’ details,’ René Veldwijk told Trouw. ‘All that’s happened now is that somebody spent two weeks trawling al those details with a computer programme. It could be criminals, but it could also be a company that wants to use the data to connect job seekers with employees.’ 

He added: ‘The fact that it took two weeks for the UWV to notice that so many CVs were being downloaded shows they’re not looking out for it properly. It was all done through one account. If the perpetrators had been a bit more professional in their approach and used several accounts, the UWV probably still wouldn’t have noticed anything.’

5G conference warns on security as Huawei controversy rages

Yahoo – AFP, May 3, 2019

Western governments are deeply suspicious of involving Huawei in their 5G plans
(AFP Photo/Adrian DENNIS)

Experts called on 5G providers Friday to heed supply chain security in light of concerns about technology providers such as China's Huawei, recently banned by the US government.

"The overall risk of influence on a supplier by a third country should be taken into account, notably in relation to its model of governance, the absence of cooperation agreements on security," said a statement published by a 5G security conference in Prague.

"Security and risk assessments of vendors and network technologies should take into account rule of law, security environment, vendor malfeasance, and compliance with open, interoperable, secure standards and industry best practices," it added.

Called "the Prague Proposals," the non-binding statement also singled out the supplier country's adherence to "multilateral, international or bilateral agreements on cybersecurity, the fight against cybercrime, or data protection" as a security criterion.

Responding to the conclusions of the conference, Huawei said in a Friday statement that it was "committed to working with regulators, operators and industry organisations to develop effective rules which can build a stronger, more resilient and safer network."

"As the EU continues its deliberations, we firmly believe that any future security principles should be based on verifiable facts and technical data," Huawei said in the statement forwarded by email.

The United States has banned government agencies from buying equipment from Huawei over fears Beijing could spy on communications and gain access to critical infrastructure if the firm is allowed to develop foreign 5G networks offering instantaneous mobile data transfer.

Washington is adamantly opposed to Huawei's involvement because of its obligation under Chinese law to help Beijing gather intelligence or provide other security services.

Europe in turn has been torn over its approach to the Chinese giant -- while countries such as Britain and Germany have accepted its part in the construction of their networks, other countries including the Czech Republic have warned against Huawei.

In December, the Czech Republic's National Cyber and Information Security Agency said Huawei's software and hardware posed a threat to state security.

However, the EU member's pro-Russian, pro-Chinese president Milos Zeman met a Huawei official in Beijing last week to express his solidarity with the telecoms giant, saying he lacked "material evidence" for the warning.

Ciaran Martin, head of Britain's National Cyber Security Centre, on Friday chaired a working group dealing with security and resilience at the Prague conference organised by the Czech government.

"We discussed a set of issues dealing with the problems arising from the vendors we have now rather than vendors we might like to have in the future," Martin said.

"There are a range of security challenges which we noted, sometimes they are issues of quality -- poor engineering, poor security practices, there are issues and security requirements arising from the need of the vendors to access the operator's network."