Cyberconflict and warfare

US Army soldier faces charges for selling phone records

A US Army soldier, Cameron John Wagenius, has been charged with selling and attempting to sell stolen confidential phone records. Arrested on 20 December, Wagenius faces two charges of unlawfully transferring confidential information in a Texas federal court. His rank and station have not been disclosed, though he is reportedly based at Fort Cavazos in Texas.

Authorities allege that Wagenius, known online as ‘Kiberphant0m’, claimed involvement in hacking activities, including phone records linked to high-profile figures. The case is connected to a broader investigation involving hackers accused of stealing sensitive personal and financial information. Prosecutors have revealed the involvement of a hacking group targeting data storage firm Snowflake’s customers.

Cybersecurity researchers identified Wagenius after members of the group issued threats against them. Law enforcement acted swiftly following the tip-off, according to Allison Nixon of Unit 221B. The prosecution is being handled in Seattle, where two co-defendants, Connor Moucka and John Binns, face related charges for extensive data breaches.

The Department of Justice and the FBI have yet to comment on the case. Wagenius has been ordered to appear in Seattle, where the investigation continues.

Russian gas flows to Europe through Ukraine stop permanently

Russian gas deliveries to Europe via Ukraine ceased on New Year’s Day, concluding decades of reliance on Moscow’s energy dominance. Gazprom confirmed the halt at 0500 GMT, following Ukraine’s refusal to renew a transit agreement. The stoppage, long anticipated, follows a dramatic shift in European energy dynamics spurred by the war in Ukraine.

Alternative supply arrangements by EU nations such as Slovakia and Austria have ensured that the end of Russian gas transit through Ukraine will not affect consumer prices. Hungary remains connected to Russian gas through the TurkStream pipeline, while Moldova’s pro-Russian Transdniestria region is already facing heating shortages due to the cutoff.

The European Union has significantly reduced its dependence on Russian energy, replacing supplies with liquefied natural gas from Qatar and the US, as well as piped gas from Norway. Ukrainian Energy Minister German Galushchenko hailed the decision as historic, stating that Russia would face substantial financial losses as a result.

Both sides are set to incur economic setbacks. Ukraine is losing $800 million annually in transit fees, while Gazprom faces a $5 billion drop in sales. Once dominant in Europe’s energy markets, Russia’s share has plummeted from 35% to near irrelevance, marking the end of an era shaped by Soviet-era pipeline projects.

US sanctions Iranian and Russian entities over election meddling

Sanctions have been imposed by the US on organisations in Iran and Russia accused of attempting to influence the 2024 presidential election. The Treasury Department stated these entities, linked to Iran’s Revolutionary Guard Corps (IRGC) and Russia’s military intelligence agency (GRU), aimed to exploit socio-political tensions among voters.

Russia’s accused group utilised AI tools to create disinformation, including manipulated videos targeting a vice-presidential candidate. A network of over 100 websites mimicking credible news outlets was reportedly used to disseminate false narratives. The GRU is alleged to have funded and supported these operations.

Iran’s affiliated entity allegedly planned influence campaigns since 2023, focused on inciting divisions within the US electorate. While Russia’s embassy denied interference claims as unfounded, Iran’s representatives did not respond to requests for comment.

A recent US threat assessment has underscored growing concerns about foreign attempts to disrupt American democracy, with AI emerging as a critical tool for misinformation. Officials reaffirmed their commitment to safeguarding the electoral process.

China accused of hacking US Treasury systems

Chinese hackers have been accused of infiltrating the US Treasury Department in a significant cyber attack. The breach, described as a ‘major incident’, allowed attackers to access employee workstations and unclassified documents, raising concerns over national security. The intrusion reportedly involved a third-party service provider’s compromised security key.

Officials confirmed that BeyondTrust, the affected service provider, had been taken offline. Investigations suggest a China-based Advanced Persistent Threat group was responsible. The Treasury has since partnered with the FBI and other agencies to assess the damage, while third-party forensic investigators are analysing the breach’s full impact.

China’s foreign ministry dismissed the allegations as baseless, reiterating its opposition to hacking. Accusations of Chinese cyber espionage have become more frequent, with recent incidents involving critical infrastructure and telecom companies. Officials claim the Treasury hack sought information rather than financial theft.

The incident comes amidst heightened scrutiny of Chinese cyber activities, with two prominent hacking groups linked to espionage and potential disruption campaigns. A supplemental report on the Treasury breach is expected within 30 days, as investigators continue their inquiries.

US government targets healthcare data breaches with new cybersecurity proposals

Healthcare organizations in the US may face stricter cybersecurity rules to address the growing threat of data breaches. Proposals introduced by the Biden administration seek to prevent sensitive patient information from being leaked through hacking or ransomware attacks. Measures include mandatory encryption and compliance checks to enhance network security.

Data breaches have exposed the healthcare information of over 167 million people in 2023 alone, according to Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology. The updated standards, introduced by the Office for Civil Rights under the Health Insurance Portability and Accountability Act (HIPAA), are estimated to cost $9 billion in the first year and $6 billion annually in subsequent years.

Officials highlighted the rising danger of healthcare cyberattacks, with hacking and ransomware incidents increasing by 89% and 102% respectively since 2019. Hospitals often face operational disruption, while leaked data can lead to blackmail. A 60-day public comment period will allow stakeholders to provide input before finalising the rules.

The new standards are designed to safeguard healthcare networks and protect Americans’ private information, including mental health records. Strengthened cybersecurity is expected to reduce vulnerabilities and ensure the safety of critical healthcare systems.

US charges Russian-Israeli citizen over Lockbit ransomware

The United States has charged Rostislav Panev, a Russian-Israeli dual citizen, for his alleged role as a developer for the Lockbit ransomware group, which authorities describe as one of the world’s most destructive cybercrime operations. Panev, arrested in Israel in August, awaits extradition.

Lockbit, active since 2019, targeted over 2,500 victims across 120 countries, including critical infrastructure and businesses, extorting $500 million. Recent arrests, guilty pleas, and international law enforcement efforts have significantly disrupted the group’s activities.

Experts say law enforcement actions have tarnished Lockbit’s reputation, reducing its attacks and deterring affiliates. Authorities emphasise the importance of holding cybercriminals accountable.

Tech giants join forces for US defence contracts, FT says

Data analytics firm Palantir Technologies and defence tech company Anduril Industries are leading efforts to form a consortium of technology companies to bid jointly for US government contracts, according to a report from the Financial Times. The group is expected to include SpaceX, OpenAI, Scale AI, autonomous shipbuilder Saronic, and other key players, with formal agreements anticipated as early as January.

The consortium aims to reshape the defence contracting landscape by combining cutting-edge technologies from some of Silicon Valley’s most innovative firms. A member involved in the initiative described it as a move toward creating “a new generation of defence contractors.” This collective effort seeks to enhance the efficiency of supplying advanced defence systems, leveraging technologies like AI, autonomous vehicles, and other innovations.

The initiative aligns with President-elect Donald Trump’s push for greater government efficiency, spearheaded in part by Elon Musk, who has been outspoken about reforming Pentagon spending priorities. Musk and others have criticised traditional defence programs, such as Lockheed Martin’s F-35 fighter jet, advocating instead for the development of cost-effective, AI-driven drones, missiles, and submarines.

With these partnerships, the consortium hopes to challenge the dominance of established defence contractors like Boeing, Northrop Grumman, and Lockheed Martin, offering a modernised approach to defence technology and procurement in the US.

Russia strikes Ukraine’s registries with a massive cyberattack, according to the deputy PM

Ukraine‘s Deputy Prime Minister Olha Stefanishyna announced that Russia launched a large-scale cyberattack on Thursday, temporarily crippling the country’s state registries. These registries contain essential citizen data, including information on births, deaths, marriages, and property ownership. The attack forced a suspension of services managed by the Ministry of Justice.

Stefanishyna described the incident as a deliberate attempt by Russia to disrupt Ukraine’s critical infrastructure. While restoration efforts are expected to take about two weeks, some services will resume on Friday. Other state functions appear to be unaffected.

This is the latest in a series of cyberattacks during the ongoing war, including a December 2023 assault on Ukrainian telecom provider Kyivstar and previous attacks on Russian ministries. Ukrainian authorities plan to conduct a thorough investigation to bolster defences against future cyber threats.

Parliamentary panel at IGF discusses ICTs and AI in counterterrorism efforts

At the 2024 Internet Governance Forum (IGF) in Riyadh, a panel of experts explored how parliaments can harness information and communication technologies (ICTs) and AI to combat terrorism while safeguarding human rights. The session, titled ‘Parliamentary Approaches to ICT and UN SC Resolution 1373,’ emphasised the dual nature of these technologies—as tools for both law enforcement and malicious actors—and highlighted the pivotal role of international collaboration.

Legislation and oversight in a digital era

David Alamos, Chief of the UNOCT programme on Parliamentary Engagement, set the stage by underscoring the responsibility of parliaments to translate international frameworks like UN Security Council Resolution 1373 into national laws. ‘Parliamentarians must allocate budgets and exercise oversight to ensure counterterrorism efforts are both effective and ethical,’ Alamos stated.

Akvile Giniotiene of the UN Office of Counterterrorism echoed this sentiment, emphasising the need for robust legal frameworks to empower law enforcement in leveraging new technologies responsibly.

Opportunities and risks in emerging technologies

Panelists examined the dual role of ICTs and AI in counterterrorism. Abdelouahab Yagoubi, a member of Algeria’s National Assembly, highlighted AI’s potential to enhance threat detection and predictive analysis.

At the same time, Jennifer Bramlette from the UN Counterterrorism Committee stressed the importance of digital literacy in fortifying societal resilience. On the other hand, Kamil Aydin and Emanuele Loperfido of the OSCE Parliamentary Assembly cautioned against the misuse of these technologies, pointing to risks like deepfakes and cybercrime-as-a-service, enabling terrorist propaganda and disinformation campaigns.

The case for collaboration

The session spotlighted the critical need for international cooperation and public-private partnerships to address the cross-border nature of terrorist threats. Giniotiene called for enhanced coordination mechanisms among nations, while Yagoubi praised the Parliamentary Assembly of the Mediterranean for fostering knowledge-sharing on AI’s implications.

‘No single entity can tackle this alone,’ Alamos remarked, advocating for UN-led capacity-building initiatives to support member states.

Balancing security with civil liberties

A recurring theme was the necessity of balancing counterterrorism measures with the protection of human rights. Loperfido warned against the overreach of security measures, noting that ethical considerations must guide the development and deployment of AI in law enforcement.

An audience query on the potential misuse of the term ‘terrorism’ further underscored the importance of safeguarding civil liberties within legislative frameworks.

Looking ahead

The panel concluded with actionable recommendations, including updating the UN Parliamentary Handbook on Resolution 1373, investing in digital literacy, and ensuring parliamentarians are well-versed in emerging technologies.

‘Adapting to the rapid pace of technological advancement while maintaining a steadfast commitment to the rule of law is paramount,’ Alamos said, encapsulating the session’s ethos. The discussion underscored the indispensable role of parliaments in shaping a global counterterrorism strategy that is both effective and equitable.

Rhode Island suffers major data breach

Rhode Island officials have confirmed a major data breach in the state’s social services system, potentially exposing the personal and financial details of hundreds of thousands of residents. The hackers, believed to be an international cybercriminal group, accessed sensitive information through RIBridges, the state’s portal for government assistance programmes, including Social Security numbers and banking details.

The breach, which was detected earlier this month, affects users of the Supplemental Nutrition Assistance Program, Temporary Assistance for Needy Families, and healthcare services accessed through HealthSource RI since 2016. The attackers have demanded an undisclosed ransom, threatening to release the stolen data if unpaid. Deloitte, the system’s vendor, confirmed the breach on Friday, prompting the state to shut down the portal temporarily.

Residents impacted by the breach will be notified via letters detailing steps to secure their personal information and protect their bank accounts. For now, new applicants for state benefits must use paper applications as authorities work to secure the compromised system. Governor Dan McKee described the incident as extortion, calling for swift remediation and protection for affected citisens.