Cybercrime

IGF 2024 addresses cybercrime laws in Africa and the Middle East

Discussions at the IGF 2024 in Riyadh shed light on growing challenges to freedom of expression in Africa and the Middle East. Experts from diverse organisations highlighted how restrictive cybercrime legislation and content regulation have been used to silence dissent, marginalise communities, and undermine democracy. Examples from Tunisia and Nigeria revealed how critics and activists often face criminalisation under these laws, fostering fear and self-censorship.

Panellists included Annelies Riezebos from the Dutch Ministry of Foreign Affairs, Jacqueline Rowe of the University of Edinburgh, Adeboye Adegoke from Paradigm Initiative, and Aymen Zaghdoudi of AccessNow. They discussed the negative effects of vague cybercrime regulations and overly broad restrictions on online speech, which frequently suppress political discourse. Maria Paz Canales from Global Partners Digital added that content governance frameworks need urgent reform to balance addressing online harms with protecting fundamental rights.

The speakers emphasised that authoritarian values are being enforced through legislation that criminalises disinformation and imposes ambiguous rules on online platforms. These measures, they argued, contribute to a deteriorating climate for free expression across the region. They also pointed out the need for online platforms to adopt responsible content moderation practices while resisting pressures to conform to repressive local laws.

Panellists proposed several strategies to counter these trends, including engaging with parliamentarians, building capacity among legal professionals, and ensuring civil society’s involvement during the early stages of policy development. The importance of international collaboration was underlined, with the UN Cybercrime Treaty cited as a key opportunity for collective advocacy against repressive measures.

Participants also stressed the urgency of increased representation of Global South organisations in global policy discussions. Flexible funding for civil society initiatives was described as essential for supporting grassroots efforts to defend digital rights. Such funding would enable local groups to challenge restrictive laws effectively and amplify their voices in international debates.

The event concluded with a call for multi-stakeholder approaches to internet governance. Collaborative efforts involving governments, civil society, and online platforms were deemed critical to safeguarding freedom of expression. The discussions underscored the pressing need to balance addressing legitimate online harms with protecting democratic values and the voices of vulnerable communities.

All transcripts from the Internet Governance Forum sessions can be found on dig.watch.

TP-Link faces US ban amid cybersecurity concerns, WSJ reports

US authorities are weighing a potential ban on TP-Link Technology Co., a Chinese router manufacturer, over national security concerns, following reports linking its home internet routers to cyberattacks. According to the Wall Street Journal, the US government is investigating whether TP-Link routers could be used in cyber operations targeting the US, citing concerns raised by lawmakers and intelligence agencies.

In August, two US lawmakers urged the Biden administration to examine TP-Link and its affiliates for possible links to cyberattacks, highlighting fears that the company’s routers could be exploited in future cyber operations. The Commerce, Defence, and Justice departments have launched separate investigations into the company, with reports indicating that a ban on the sale of TP-Link routers in the US could come as early as next year. As part of the investigations, the Commerce Department has reportedly subpoenaed the company.

TP-Link has been under scrutiny since the US Cybersecurity and Infrastructure Agency (CISA) flagged vulnerabilities in the company’s routers, that could potentially allow remote code execution. This comes amid heightened concerns that Chinese-made routers could be used by Beijing to infiltrate and spy on American networks. The US government, along with its allies and Microsoft, has also uncovered a Chinese government-linked hacking campaign, Volt Typhoon, which targeted critical US infrastructure by taking control of private routers.

The Commerce, Defence, and Justice departments, as well as TP-Link, did not immediately respond to requests for comment.

US sanctions UAE individuals and companies linked to North Korean illicit digital assets

The US Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on two individuals and a company based in the United Arab Emirates (UAE) for allegedly aiding North Korea’s use of digital assets in illegal activities.

The sanctions target Lu Huaying and Zhang Jian, along with Green Alpine Trading, LLC, a front company linked to a broader scheme of money laundering. These actions aim to disrupt a network that, according to US authorities, funnels millions of dollars to North Korea’s nuclear weapons and missile programs.

North Korea has a history of using digital assets and cybercrimes to fund its military efforts, employing IT workers and hackers to generate funds that are often obscured through complex laundering operations. The sanctions focus on Sim Hyon Sop, a representative of North Korea’s state-run Korea Kwangson Banking Corporation, who has been previously sanctioned. Sim is accused of using a mix of cryptocurrency cash-outs and money mules to move funds back to the regime for its military projects.

Under the new sanctions, any property owned by the designated individuals or entities in the US is blocked, and US citizens and companies are prohibited from engaging in transactions with them. Non-compliance could lead to further enforcement actions, even against those outside the US. The move reflects a coordinated effort with the UAE to combat North Korea’s destabilizing activities. It highlights the importance of international cooperation in tackling illicit financial networks that exploit new technologies, including cryptocurrencies.

Hundreds arrested in Nigerian fraud bust targeting victims globally

Nigerian authorities have arrested 792 people in connection with an elaborate scam operation based in Lagos. The suspects, including 148 Chinese and 40 Filipino nationals, were detained during a raid on the Big Leaf Building, a luxury seven-storey complex that allegedly housed a call centre targeting victims in the Americas and Europe.

The fraudsters reportedly used social media platforms such as WhatsApp and Instagram to lure individuals with promises of romance or lucrative investment opportunities. Victims were then coerced into transferring funds for fake cryptocurrency ventures. Nigeria’s Economic and Financial Crimes Commission (EFCC) revealed that local accomplices were recruited to build trust with targets, before handing them over to foreign organisers to complete the scams.

The EFCC spokesperson stated that agents had seized phones, computers, and vehicles during the raid and were working with international partners to investigate links to organised crime. This operation highlights the growing use of sophisticated technology in transnational fraud, as well as Nigeria’s commitment to combating such criminal activities.

Rhode Island suffers major data breach

Rhode Island officials have confirmed a major data breach in the state’s social services system, potentially exposing the personal and financial details of hundreds of thousands of residents. The hackers, believed to be an international cybercriminal group, accessed sensitive information through RIBridges, the state’s portal for government assistance programmes, including Social Security numbers and banking details.

The breach, which was detected earlier this month, affects users of the Supplemental Nutrition Assistance Program, Temporary Assistance for Needy Families, and healthcare services accessed through HealthSource RI since 2016. The attackers have demanded an undisclosed ransom, threatening to release the stolen data if unpaid. Deloitte, the system’s vendor, confirmed the breach on Friday, prompting the state to shut down the portal temporarily.

Residents impacted by the breach will be notified via letters detailing steps to secure their personal information and protect their bank accounts. For now, new applicants for state benefits must use paper applications as authorities work to secure the compromised system. Governor Dan McKee described the incident as extortion, calling for swift remediation and protection for affected citisens.

Global fight against ransomware: collaboration is the key to resilience

Diplo is actively reporting from the 2024 Internet Governance Forum (IGF) in Riyadh, while the forum’s day one is still, and another essential panel of international experts shed light on the relentless rise of ransomware attacks and the global efforts to counter this growing cyber threat. Moderated by Jennifer Bachus of the US State Department, the session featured cybersecurity leaders Elizabeth Vish, Daniel Onyanyai, and Nils Steinhoff, who highlighted the scale of the crisis and the collaborative response through the Counter Ransomware Initiative (CRI).

Ransomware, described as ‘cybercrime as a service,’ has evolved from simple data encryption to complex extortion schemes targeting critical infrastructure worldwide. ‘Emerging markets are now increasingly in the crosshairs,’ noted Elizabeth Vish, pointing to growing vulnerabilities in developing economies that lack robust cybersecurity resources. With over $1.1 billion in crypto payments extracted by attackers in 2023 alone, ransomware continues to prove profitable, its impacts often crippling public services like hospitals and government institutions.

Established in 2021, the CRI is a coalition of nearly 70 nations dedicated to building collective cyber resilience. Operating under four pillars—policy development, capacity development, public-private partnerships, and the International Counter-Ransomware Task Force—the CRI offers platforms for real-time threat sharing, technical support, and global cooperation. Onyanyai emphasised the initiative’s mentorship model: ‘Advanced nations can guide less-prepared countries, ensuring no one faces this threat alone.’

Public-private cooperation emerged as a cornerstone of the fight. Vish stressed that private companies, often the first to detect attacks, ‘own critical infrastructure and can contribute threat intelligence and resilience strategies.’ Additionally, the role of cyber insurance was discussed as a tool for incentivising better cybersecurity hygiene while facilitating incident recovery.

The panellists underscored the need for collective preparation, emphasising proactive measures like multi-factor authentication and data backups. Vish coined the mantra: ‘Prepare, don’t pay.’ While CRI officially advocates a ‘no ransom’ stance, some countries still grapple with policies on payments.

The session concluded with a stark reminder: no country is immune to ransomware. Whether through emerging AI capabilities or evolving tactics, ransomware remains a persistent, global threat. As Jennifer Bachus aptly summarised: ‘Only through cooperation, capacity building, and resilience will we turn the tide against these cybercriminals.

All transcripts from the Internet Governance Forum sessions can be found on dig.watch.

Trump administration plans stronger response to cyber attacks

The incoming Trump administration is set to explore ways to impose higher costs on adversaries and private actors behind cyber attacks, according to Representative Mike Waltz, the pick for national security adviser. Waltz’s statement follows US allegations that a widespread Chinese cyberespionage operation, known as Salt Typhoon, targeted senior American officials and stole significant amounts of metadata.

The White House has revealed that at least eight telecommunications and infrastructure firms in the US were compromised during this campaign. While Waltz did not specify potential actions against Salt Typhoon, he emphasised the need to go beyond defensive measures and start taking offensive actions to deter cyber threats.

Waltz also highlighted the role of the US tech industry in strengthening national defence and exposing vulnerabilities in adversaries. Meanwhile, Chinese officials continue to deny involvement, dismissing the accusations as disinformation and asserting that Beijing opposes cyber attacks in all forms.

Serbian spyware targets activists and journalists, Amnesty says

Serbia has been accused of using spyware to target journalists and activists, according to a new Amnesty International report. Investigations revealed that ‘NoviSpy,’ a homegrown spyware, extracted private data from devices and uploaded it to a government-controlled server. Some cases also involved the use of technology provided by Israeli firm Cellebrite to unlock phones before infecting them.

Activists reported unusual phone activity following meetings with Serbian authorities. Forensic experts confirmed NoviSpy exported contact lists and private photos to state-controlled servers. The Serbian government has yet to respond to requests for comment regarding these allegations.

Cellebrite, whose phone-cracking devices are widely used by law enforcement worldwide, stated it is investigating the claims. The company’s representative noted that misuse of their technology could violate end-user agreements, potentially leading to a suspension of use by Serbian officials.

Concerns over these practices are heightened due to Serbia’s EU integration programme, partially funded by Norway and administered by the UN Office for Project Services (UNOPS). Norway expressed alarm over the findings and plans to meet with Serbian authorities and UNOPS for clarification.

Krispy Kreme hit by IT disruption affecting US online orders

Krispy Kreme has reported a cybersecurity incident that disrupted online ordering systems across the United States. The doughnut chain discovered the unauthorised activity on 29 November and immediately launched an investigation with external cybersecurity experts.

While the company’s stores remain open for in-person orders, it warned that revenue losses from digital sales could materially impact its financial results. Shares of Krispy Kreme fell by around 2% in premarket trading following the announcement.

The company said it is actively working to mitigate the effects of the incident while maintaining operations at its global locations.

Serie A takes action against piracy with Meta

Serie A has partnered with Meta to combat illegal live streaming of football matches, aiming to protect its broadcasting rights. Under the agreement, Serie A will gain access to Meta’s tools for real-time detection and swift removal of unauthorised streams on Facebook and Instagram.

Broadcasting revenue remains vital for Serie A clubs, including Inter Milan and Juventus, with €4.5 billion secured through deals with DAZN and Sky until 2029. The league’s CEO urged other platforms to follow Meta’s lead in fighting piracy.

Italian authorities have ramped up anti-piracy measures, passing laws that enable swift takedowns of illegal streams. Earlier this month, police dismantled a network with 22 million users, highlighting the scale of the issue.