Critical internet resources

Hackers target Chrome extensions in data breach campaign

A series of intrusions targeting Chrome browser extensions has compromised multiple companies since mid-December, experts revealed. Among the victims is Cyberhaven, a California-based data protection company. The breach, confirmed by Cyberhaven on Christmas Eve, is reportedly part of a larger campaign aimed at developers of Chrome extensions across various industries.

Cyberhaven stated it is cooperating with federal law enforcement to address the issue. Browser extensions, commonly used to enhance web browsing, can also pose risks when maliciously altered. Cyberhaven’s Chrome extension, for example, is designed to monitor and secure client data within web-based applications.

Experts identified other compromised extensions, including those involving AI and virtual private networks. Jaime Blasco, cofounder of Texas-based Nudge Security, noted that the attacks appear opportunistic, aiming to harvest sensitive data from numerous sources. Some breaches date back to mid-December, indicating an ongoing effort.

Federal authorities, including the US cyber watchdog CISA, have redirected inquiries to the affected companies. Alphabet, maker of the Chrome browser, has yet to respond to requests for comment.

Thirty companies join India’s satellite constellation race

India is taking significant steps to build a home-grown Earth observation satellite network, reducing dependence on foreign data for critical sectors like defence and infrastructure. Thirty Indian companies, forming nine consortiums, have expressed interest in the Indian National Space Promotion and Authorisation Centre’s (IN-SPACe) initiative.

The project, part of a larger strategy to monetise the space sector, aims to bolster the country’s $45 billion small satellite and data services market, projected to thrive by 2030. Major participants include startups Pixxel and SatSure, alongside Tata Advanced Systems. Technical evaluations are set to conclude by January, followed by the selection of a winning bidder.

Applicants must meet strict eligibility requirements, including substantial investment in space activities and establishing operational capabilities within India. The government plans to offer loans of up to 3.5 billion rupees, with private entities covering remaining costs.

India’s broader space programme features plans for crewed missions and interplanetary exploration. However, the immediate focus remains on expanding private sector involvement, supported by a 10-billion-rupee venture fund for startups. By fostering domestic innovation, the nation aims to secure its data sovereignty and commercial space leadership.

New Zealand debuts nationwide satellite texting

One NZ has become the first telecommunications company globally to offer a nationwide satellite text messaging service, thanks to a partnership with SpaceX’s Starlink. This service enables customers with eligible phones and plans to send and receive text messages in areas beyond traditional cell tower coverage, provided they have a clear line of sight to the sky.

Initially, the service supports four specific phone models, with plans to expand compatibility to more devices next year. During the rollout phase, text message delivery times are expected to be within three minutes, though some may take up to ten minutes or longer. The service is available at no extra cost to existing customers on paid monthly plans, with future enhancements potentially including voice calling and data services.

This initiative follows successful tests of Starlink’s satellite text service during hurricane relief efforts in the United States. One NZ’s collaboration with Starlink marks a significant advancement in ensuring connectivity across New Zealand‘s diverse landscapes, particularly in the 40% of the country not covered by cell towers.

Russia strikes Ukraine’s registries with a massive cyberattack, according to the deputy PM

Ukraine‘s Deputy Prime Minister Olha Stefanishyna announced that Russia launched a large-scale cyberattack on Thursday, temporarily crippling the country’s state registries. These registries contain essential citizen data, including information on births, deaths, marriages, and property ownership. The attack forced a suspension of services managed by the Ministry of Justice.

Stefanishyna described the incident as a deliberate attempt by Russia to disrupt Ukraine’s critical infrastructure. While restoration efforts are expected to take about two weeks, some services will resume on Friday. Other state functions appear to be unaffected.

This is the latest in a series of cyberattacks during the ongoing war, including a December 2023 assault on Ukrainian telecom provider Kyivstar and previous attacks on Russian ministries. Ukrainian authorities plan to conduct a thorough investigation to bolster defences against future cyber threats.

Congo lawyers push for accountability from Apple

International lawyers for the Democratic Republic of Congo have welcomed Apple’s recent decision to instruct suppliers to stop sourcing minerals from conflict zones in Congo and Rwanda. However, they remain cautious, pressing ahead with legal complaints in France and Belgium that accuse Apple of using conflict minerals in its supply chain.

Apple strongly disputes these claims, stating that it has taken action to avoid sourcing tin, tantalum, tungsten, and gold from the region due to escalating violence. The company highlighted that most of the minerals used in its devices are recycled and asserted its commitment to rigorous supplier audits and funding initiatives for improved mineral traceability.

Congo’s lawyers argue that Apple benefited from minerals extracted under violent conditions and smuggled through international supply chains. They insist on ground-level verification of Apple’s claims, stating that past crimes tied to conflict minerals cannot be erased. Millions of civilians in eastern Congo have been displaced or killed in decades-long conflicts fuelled by competition over valuable minerals.

While Apple has outlined its high standards for ethical sourcing, legal proceedings in Europe continue as Congo’s representatives demand accountability for alleged complicity in crimes linked to the region’s mining sector.

Dutch tech firms unite for Eindhoven growth

A coalition of Dutch technology firms, including chip equipment maker ASML, has announced plans to contribute approximately $230 million towards infrastructure development in Eindhoven, one of Europe’s fastest-growing technology hubs. This initiative aligns with the Dutch government’s “Operation Beethoven,” a €2.5 billion programme aimed at improving housing, transport, education, and electricity in the region.

The corporate funding will complement public investment, supporting projects coordinated by the regional development agency Brainport. Willem van der Leegte, CEO of manufacturing giant VDL Groep, a key ASML supplier, emphasised the mutual benefits of the collaboration, stating, “What is good for the region is good for the companies, and vice versa.” Other prominent contributors include chipmaker NXP and health technology firm Philips.

Eindhoven’s rapid growth as a technology hub has placed increased demand on local infrastructure. By joining forces, public and private sectors aim to create sustainable development that supports both the region’s workforce and the companies driving innovation.

Starlink inactive in India, Musk confirms

Elon Musk confirmed that Starlink satellite internet is inactive in India, following recent seizures of Starlink devices by Indian authorities. Musk stated on X that Starlink beams were “never on” in the country, addressing concerns raised after a device was confiscated during an armed conflict operation in Manipur and another during a major drug bust at sea.

In Manipur, where ethnic conflict has continued since last year, the Indian Army seized a Starlink dish believed to be used by militants. Officials suspect it was smuggled from Myanmar, where rebel groups reportedly use Starlink despite the company’s lack of operations there.

Earlier this month, Indian police intercepted a Starlink device linked to smugglers transporting $4.2 billion worth of methamphetamine. Authorities believe the internet device was used for navigation, prompting a legal request to Starlink for purchase details.

Starlink is currently seeking approval to operate in India and is working to resolve security concerns as part of the licensing process.

TP-Link faces US ban amid cybersecurity concerns, WSJ reports

US authorities are weighing a potential ban on TP-Link Technology Co., a Chinese router manufacturer, over national security concerns, following reports linking its home internet routers to cyberattacks. According to the Wall Street Journal, the US government is investigating whether TP-Link routers could be used in cyber operations targeting the US, citing concerns raised by lawmakers and intelligence agencies.

In August, two US lawmakers urged the Biden administration to examine TP-Link and its affiliates for possible links to cyberattacks, highlighting fears that the company’s routers could be exploited in future cyber operations. The Commerce, Defence, and Justice departments have launched separate investigations into the company, with reports indicating that a ban on the sale of TP-Link routers in the US could come as early as next year. As part of the investigations, the Commerce Department has reportedly subpoenaed the company.

TP-Link has been under scrutiny since the US Cybersecurity and Infrastructure Agency (CISA) flagged vulnerabilities in the company’s routers, that could potentially allow remote code execution. This comes amid heightened concerns that Chinese-made routers could be used by Beijing to infiltrate and spy on American networks. The US government, along with its allies and Microsoft, has also uncovered a Chinese government-linked hacking campaign, Volt Typhoon, which targeted critical US infrastructure by taking control of private routers.

The Commerce, Defence, and Justice departments, as well as TP-Link, did not immediately respond to requests for comment.

US grants $406 million to boost GlobalWafers production

The US Commerce Department has finalised $406 million in grants to Taiwan’s GlobalWafers to boost silicon wafer production in Texas and Missouri. These funds will support the first large-scale US production of 300-mm wafers, critical components in advanced semiconductors. This initiative is part of the Biden administration’s effort to strengthen the domestic supply chain for chips.

The grant will aid GlobalWafers’ nearly $4 billion investment in building new manufacturing facilities, creating 1,700 construction jobs and 880 permanent manufacturing positions. The company plans to produce wafers for cutting-edge, mature-node, and memory chips in Sherman, Texas, and wafers for defence and aerospace chips in St. Peters, Missouri.

GlobalWafers’ CEO Doris Hsu expressed enthusiasm about collaborating with US-based customers for years to come. Currently, over 80% of the global 300-mm silicon wafer market is controlled by just five companies, with most production concentrated in East Asia.

This funding is part of the $52.7 billion CHIPS and Science Act, aimed at expanding domestic semiconductor manufacturing. Recent grants include $6.165 billion for Micron Technology and significant subsidies for Intel, TSMC, and GlobalFoundries.

Innovation and inclusion drive IGF talks on Global Digital Compact

The discussion at the Internet Governance Forum 2024 in Riyadh on implementing the Global Digital Compact (GDC) delved into the challenges and opportunities surrounding digital transformation, emphasising the need for inclusive and locally grounded strategies. Speakers from UN agencies, governments, and civil society stressed the importance of addressing the worldwide multifaceted digital divides.

An audience member underscored this point, urging attention not only to infrastructural gaps but also to divides in policy, gender, age, and rural-urban access: ‘We’re not just talking about digital divides; we must look at the digital policy divides, digital gender divides, digital rural and urban divides, and digital age divides.’

The discussion also highlighted the need for local action to make global initiatives effective. Olaf Kolkman of the Internet Society captured this sentiment, stating, ‘Think global with the GDC, but really, the action has to be local.’ That approach was echoed by other panellists, who called for integrating GDC implementation with established frameworks such as the World Summit on the Information Society (WSIS).

Cynthia Lesufi from South Africa’s Mission to the UN emphasised aligning the GDC with WSIS+20 to streamline efforts, while Henriette from the Alliance for Progressive Communications advocated for leveraging the review process to assess progress and set future directions.

Capacity development and governance of emerging technologies also emerged as central themes. Robert Opp, Chief Digital Officer of UNDP, stressed the importance of skills development and creating frameworks for technologies like AI and data governance.

Isabel De Sola from the Office of the Tech Envoy added that promoting content diversity in digital spaces is crucial. As noted by Cynthia Lesufi, public-private partnerships are essential to achieving these goals, particularly in bridging the digital divides in the Global South.

Why does it matter?

Despite the progress, significant challenges remain, such as reaching marginalised communities, balancing global initiatives with local needs, and measuring the success of digital transformation. However, the discussion concluded on a hopeful note, emphasising the need to combine global coherence with grassroots efforts. As Kolkman put it, the path forward is ensuring that ‘global frameworks translate into meaningful local action.’

All transcripts from the Internet Governance Forum sessions can be found on dig.watch.