Cybercrime

Tanzania embraces AI to tackle rising cybercrime

Tanzanian President Samia Suluhu Hassan has called for the integration of AI into the strategies of the Tanzania Police Force to address the escalating threat of cybercrime. Speaking at the 2024 Annual Senior Police Officers’ Meeting and the 60th Anniversary of the Tanzania Police Force, President Samia emphasised that in today’s digital age, leveraging advanced technology is crucial for effectively combating online threats. She highlighted the necessity for the police to adapt technologically to stay ahead of sophisticated cybercriminals, underlining the importance of embracing these advancements.

In her address, President Samia also drew attention to a troubling surge in cybercrime, with incidents increasing by 36.1% from 2022 to 2023. She noted that crimes such as fraud, false information dissemination, pornography distribution, and harassment have become more prevalent, with offenders frequently operating from outside Tanzania. The President’s remarks underscore the urgency of adopting advanced technological tools to address these growing challenges effectively and to enhance the police’s capability to counteract such threats.

Furthermore, President Samia emphasised the need to maintain peace and stability during the upcoming local government and general elections. She tasked the police with managing election-related challenges, including defamatory statements and misinformation, without resorting to internet shutdowns. President Samia underscored that while elections are temporary, safeguarding a stable environment is essential for ongoing development and progress by stressing the importance of preserving national peace amidst political activities.

FBI takes down another Chinese hacking group ‘Flax Typhoon’

The US Federal Bureau of Investigation has disrupted another major Chinese hacking group, dubbed ‘Flax Typhoon,’ which had compromised thousands of devices globally. The FBI and officials from several allied countries accused a Chinese company, the Integrity Technology Group, of running the operation under the guise of an IT firm. FBI Director Christopher Wray revealed that the group was gathering intelligence and conducting surveillance for Chinese security agencies, targeting critical infrastructure as well as corporations, media organisations, and universities.

Cybersecurity officials from the UK, Canada, Australia, and New Zealand also joined the US in condemning the hacking group, noting that over 250,000 devices had been compromised as of June. The operation involved hijacking devices through a botnet—a network of infected cameras and storage devices—and was reportedly part of China’s broader cyber-sabotage efforts. Flax Typhoon’s activities mirrored those of another China-backed group, Volt Typhoon, which has been scrutinised for targeting US infrastructure.

The Chinese Embassy in Washington denied the accusations, claiming that the US had made baseless allegations. Despite China’s dismissal, the FBI remains firm, with Wray emphasising that this takedown is only one part of a longer struggle to counter Chinese cyberattacks. The operation faced some retaliation from the hackers, who launched a cyberattack in response but eventually retreated, leaving the FBI in control of the botnet’s infrastructure.

CISA launches FOCAL plan to strengthen federal cybersecurity

The American Cybersecurity and Infrastructure Security Agency (CISA) has introduced the Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) Plan, a key initiative designed to enhance federal cybersecurity across over 100 FCEB agencies. That plan establishes a framework for coordinated support and services, aiming to reduce cyber risks through a unified defence strategy.

The FOCAL Plan prioritises five key areas to advance operational cybersecurity: Asset Management, which focuses on understanding and managing the cyber environment and interconnected assets; Vulnerability Management, aimed at proactively protecting against threats and assessing defensive capabilities; Defensible Architecture, which emphasises building resilient infrastructure; Cyber Supply Chain Risk Management (C-SCRM), to identify and mitigate risks from third parties; and Incident Detection and Response, designed to enhance Security Operations Centers (SOCs) in managing and limiting the impact of security incidents.

The US Cybersecurity and Infrastructure Security Agency (CISA) also notes that while the FOCAL Plan is tailored for federal agencies, it provides valuable insights for public and private sector organisations. It is a practical guide for developing effective cybersecurity strategies and improving coordination across enterprise security capabilities. Rather than offering an exhaustive checklist, the FOCAL Plan prioritises key actions that will drive significant advancements in cybersecurity and alignment goals within the federal sector.

Drone technology smuggling: Russian man charged in US

A Russian national has been arrested in Florida on charges of illegally exporting drone-related technology to Russia. Authorities allege that 44-year-old Denis Postovoy, residing in Sarasota, smuggled microelectronic components with military applications to Russia following the 2022 invasion of Ukraine.

Postovoy is accused of violating US law by shipping technology that could enhance Russia’s military capabilities in the conflict. The Department of Justice stated that the exported components are used in drones and have dual-use potential for military purposes.

To conceal his activities, Postovoy allegedly worked through a network of companies in Russia and Hong Kong. He is said to have purchased the components from US distributors and sent them to intermediary locations before reaching Russia.

While the Russian embassy has acknowledged Postovoy’s detention, it noted no official communication from US law enforcement regarding the arrest has been received.

US CISA urges to address vulnerable Ivanti appliance

The Cybersecurity and Infrastructure Security Agency (CISA) have urged federal agencies to either remove or upgrade an outdated Ivanti appliance that has been exploited in recent attacks.

Ivanti updated its advisory, warning that a ‘limited number of customers’ had been breached due to the vulnerability CVE-2024-8190, which was disclosed earlier in the week. The flaw affects Ivanti’s Cloud Service Appliance (CSA), a tool used for secure internet communication and managing devices connected to central consoles. Exploitation of this bug, which the CISA confirmed, allows hackers to gain access to the affected device.

CISA has mandated that all federal civilian agencies remove the appliance or upgrade to version 5.0 by October 4. Ivanti advised customers to check for any new or modified administrative users, which could indicate exploitation of the bug, and to monitor security alerts with specific tools.

This advisory came just one day after another Ivanti vulnerability raised concerns. The company, which faced significant scrutiny after a series of high-profile nation-state attacks exploited its products earlier this year, has committed to a security overhaul.

Senators call for action to tackle Bitcoin ATM scams

A group of US Senate Democrats has called on the nation’s largest Bitcoin ATM operators to step up efforts in preventing fraud targeting elderly Americans. The Senators, led by Senate Judiciary Committee Chair Dick Durbin, addressed the growing number of scams using Bitcoin ATMs, urging companies to take immediate action to protect vulnerable populations.

Data from the Federal Trade Commission reveals that in the first half of this year alone, Bitcoin ATM-linked fraud amounted to $65 million. Older adults, particularly those aged 60 and over, were disproportionately affected, being three times more likely to report financial losses than younger users. Senators, including Elizabeth Warren, pointed to recent reports showing scammers coercing elderly individuals into sending funds through Bitcoin ATMs.

The Senators have asked major Bitcoin ATM firms to respond by early October, detailing their measures to combat fraud. This comes amid broader concerns over the rise in crypto scams, with the FBI reporting a significant increase in overall crypto-related fraud this year.

Meta bans Russian state media over covert online operations

Meta, the parent company of Facebook, has banned several Russian state media outlets, including RT (Russia Today) and Rossiya Segodnya, from its platforms due to their involvement in covert online influence operations. The censorship decision significantly escalates Meta’s actions against Russian media, as it previously restricted their activities by limiting ad access and post visibility. Meta explained that after reviewing ongoing foreign interference by these outlets, it expanded its enforcement to ban them from all its apps, which include Instagram, WhatsApp, and Threads. The company expects the ban to take full effect in the coming days.

The decision follows recent charges by US authorities against two RT employees accused of money laundering in connection with efforts to influence the 2024 US elections. US Secretary of State Antony Blinken has urged countries to treat RT’s activities as covert intelligence operations rather than legitimate journalism. Despite these developments, RT has criticised the US government’s actions, accusing them of stifling the media outlet’s ability to function as a journalistic organisation.

Meta also shared that Russian state media outlets have attempted to conceal their online activities before, and it anticipates further attempts to evade the newly imposed restrictions. The Russian embassy and the White House have yet to comment on Meta’s decision.

Telegram’s Pavel Durov faces criminal probe in France under LOPMI law

France has taken a bold legal step with its new law, targeting tech executives whose platforms enable illegal activities. The pioneering legislation, enacted in January 2023, puts France at the forefront of efforts to curb cybercrime. The law allows for criminal charges against tech leaders, like Telegram CEO Pavel Durov, for complicity in crimes committed through their platforms. Durov is under formal investigation in France, facing potential charges that could carry a 10-year prison sentence and a €500,000 fine. He denies Telegram’s role in facilitating illegal transactions, stating the platform complies with the EU regulations.

The so-called LOPMI (Loi d’Orientation et de Programmation du Ministère de l’Intérieur) 2023-22 law, unique in its scope, is yet to be tested in court, making France the first country to target tech executives in this way directly. Legal experts point out that no similar laws exist in the US or elsewhere in the Western world.

What is LOPMI?

The LOPMI law for the Ministry of the Interior outlines a €15 billion plan over five years to address future security challenges by enhancing human, legal, and budgetary resources. It aims to modernise operations through digital transformation, with nearly half the budget dedicated to digitising services, modernising investigative tools, and improving cybercrime response. The law plans to create 8,500 new jobs, improve recruitment diversity, and double police and gendarme presence by 2030. It emphasises crisis management, especially for civil security and climate events, and strengthens public order for major international events like the 2024 Olympics. Additionally, it aims to improve border security through advanced technology and cooperation.

While the US has prosecuted individuals like Ross Ulbricht, founder of the Silk Road marketplace, those cases required proof of active involvement in criminal activity. However, French law seeks to hold platform operators accountable for illegal actions facilitated through their sites, even if they were not directly involved.

Prosecutors in Paris, led by Laure Beccuau, have praised the law as a powerful tool in their fight against organised cybercrime, including child exploitation, credit card trafficking, and denial-of-service attacks. The recent high-profile arrest of Durov and the shutdown of other criminal platforms like Coco highlight France’s aggressive stance in combating online crime. The J3 cybercrime unit overseeing Durov’s case has been involved in other relevant investigations, including the notorious case of Dominique Pelicot, who used the anonymous chat forum Coco to orchestrate heinous crimes.

While the law gives French authorities unprecedented power, legal and academic experts caution that its untested nature could lead to challenges in court. Nonetheless, France’s new cybercrime law seriously escalates the global battle against online criminal activity.

Illegal gun parts from China seized by US authorities

US authorities have taken down over 350 websites selling gun silencers and parts from China used to convert semiautomatic pistols into fully automatic machine guns. The move follows an investigation that started in August 2023, targeting illegal sales of these dangerous devices.

Undercover operations revealed shipments from China, falsely labelled as items such as ‘necklaces’ or ‘toys’. Instead, these packages contained machine gun conversion devices, known as ‘switches’, and ‘silencers’, both banned under the National Firearms Act. Some websites even sold counterfeit goods, misusing the trademark of gun manufacturer Glock Inc.

Acting US Attorney Joshua Levy emphasised the importance of seizing these websites to halt the influx of illegal and dangerous contraband. Law enforcement has so far seized over 700 machine gun conversion devices, 87 illegal suppressors, 59 handguns, and 46 long guns.

Officials highlighted the growing problem of such devices being easily accessible, posing a serious threat to public safety. The seizures are part of a broader effort to tackle the illegal gun parts trade and protect communities.

Surge in cyberattacks targets US utilities

Cyberattacks targeting US utilities surged nearly 70% this year, according to data from Check Point Research. The energy sector is particularly vulnerable, with outdated software systems making utilities easier targets. Despite the spike in incidents, none of the attacks have yet caused severe damage, but experts warn that a coordinated effort could be disastrous, affecting essential services and resulting in major financial losses.

Check Point data showed an average of 1,162 cyberattacks through August, compared to 689 in 2023. These figures highlight the increasing risks as the US power grid rapidly expands to meet higher energy demand, particularly from new sectors such as AI data centres. Experts say the grid’s rapid growth creates more potential entry points for attackers.

Outdated Internet of Things (IoT) and Incident Command Systems (ICS) used by many utilities are not as secure as other industries’ advanced software, putting critical infrastructure at heightened risk. Regulations like NERC’s Critical Infrastructure Protection provide only a basic level of security, which some experts argue is insufficient given the growing threats.

The financial impact of cyber breaches in the energy sector has been significant. In 2022, IBM reported the average cost of a data breach in the sector reached $4.72 million. With the 2024 US election approaching, cybersecurity experts expect an even greater surge in cyberattacks on essential infrastructure.