Cybersecurity

Oman’s TRA to safeguard children online

Telecommunications Regulatory Authority (TRA) in Oman has launched several initiatives to protect children’s internet usage in Oman, responding to alarming statistics revealing that nearly 86% of children in the Sultanate engage with the internet. Recognising that a substantial portion of this demographic spends considerable time online, 43.5% using it for information searches and 34% for entertainment and communication, the authority is actively pursuing a proposed law to regulate children’s internet activities.

The initiative aligns with ITU’s definition of a child, per Oman’s Child Protection Law No. 22/2014, which defines children as individuals under 18. Among these initiatives are the ‘Be Aware’ national awareness campaign, aimed at educating families on safe internet practices, the Secure Net program developed in partnership with Omantel and UNICEF to offer parental control features, and the Safe Net service designed to protect users from online threats such as viruses and phishing attacks.

Through these efforts, the TRA is committed to promoting a safe and responsible digital environment for children in Oman. By addressing the growing challenges of internet usage among minors, the authority aims to foster a culture of awareness and security that empowers families and protects the well-being of the younger generation in the digital landscape.

Google terminates Kaspersky developer account

Kaspersky has announced that its developer account on the Google Play store has been terminated, resulting in the removal of all its apps. This decision follows recent US government actions that restrict the distribution and sales of Kaspersky products within the United States after September 29. While these restrictions have no legal impact outside the country, Google has preemptively removed Kaspersky’s products, limiting global access to its cybersecurity solutions.

Kaspersky believes Google’s decision stems from a misinterpretation of US restrictions, which are not confirmed by the US Department of Commerce. The company asserts that these measures do not prohibit the sale or distribution of its products and services beyond US borders. Kaspersky has communicated this understanding to the Department of Commerce and is awaiting further guidance.

For users with already-installed Kaspersky apps on Android, the apps will continue to function normally and receive database updates via Kaspersky’s cloud infrastructure. All paid features will remain operational. However, users will no longer be able to update or reinstall the apps directly from the Google Play store.

Ex-lawyer admits role in crypto Ponzi scheme

David Kagel, an 86-year-old former California attorney, has been sentenced to five years probation and ordered to pay nearly $14 million after admitting to his role in a crypto Ponzi scheme. Kagel, who is currently in hospice care, pleaded guilty to conspiracy to commit commodity fraud, according to a ruling by Las Vegas Federal Court Judge Gloria Navarro.

Prosecutors revealed that Kagel, along with two accomplices, ran the fraudulent scheme from December 2017 to June 2022, luring investors with promises of high returns through a crypto bot trading programme. Victims were convinced their investments were secure, with claims of guaranteed profits and no risk. Kagel even drafted letters on his law firm’s official letterhead to build trust among investors, falsely claiming to hold significant amounts of Bitcoin in escrow.

Kagel’s law license had been revoked by the California Supreme Court in 2023 after misappropriating client funds, with previous suspensions in 1997 and 2012. His co-conspirators, David Saffron and Vincent Mazzotta, have pleaded not guilty and await trial next year.

New wave of online scams targeting young crypto users

Coinbase has warned Gen Z users about the increasing threat of online scams, particularly those targeting cryptocurrency investors. In a recent blog post, the platform highlighted four major risks – social media fraud, romance scams, fake websites, and recovery schemes. The company stressed the importance of personal responsibility when securing crypto assets, as users are their own safeguards in the decentralised crypto world.

Among the scams discussed, fraudsters frequently use social media platforms like Instagram and TikTok to lure victims by impersonating public figures or promoting fake investment opportunities. Romance scams, also known as ‘pig butchering’ scams, were another key threat, with scammers building fake relationships to steal funds from their victims. A recent scam in Vietnam saw victims lose over $700,000 through a fraudulent investment platform.

Coinbase also pointed out the dangers of fake websites that mimic legitimate companies to trick users into providing sensitive information or funds. The platform encourages users to stay vigilant and report suspicious activity to law enforcement or platforms like Coinbase, helping prevent others from falling victim to similar fraud.

Ghana to launch new cybersecurity policy

Ghana has launched its revised National Cybersecurity Policy and Strategy (NCPS) to tackle the escalating cybersecurity threats arising from its rapid digital transformation. The comprehensive framework is designed to address current cyber risks and anticipate emerging ones, ensuring that Ghana’s digital infrastructure remains resilient and secure over the next five years.

The initiative was officially unveiled during the opening ceremony of the 2024 National Cybersecurity Awareness Month (NCSAM) in Accra, which, notably, saw significant participation from high-ranking officials, including the leadership of the Ghana Armed Forces and key stakeholders in cybersecurity. Moreover, the policy is anchored on five essential pillars – Legal Measures, Technical Measures, Organisational Measures, Capacity Building, and Cooperation.

Why does it matter?

The NCPS addresses the rapid digitalisation occurring across critical sectors such as finance, healthcare, education, and commerce at a pivotal moment for the nation. While these advancements offer substantial socioeconomic benefits, they also expose the nation to significant cyber risks that could jeopardise economic stability and public safety.

Therefore, by implementing the NCPS, Ghana aims to strengthen its defences against these threats, protect its digital achievements and ensure sustainable technological progress. Furthermore, Minister Ursula Owusu-Ekuful emphasised that the policy serves as a vital roadmap for addressing current and future cyber threats. In addition, that underscores the importance of enhancing public-private collaboration to bolster the country’s overall digital resilience.

Discord banned in Turkey following court ruling

Turkey has blocked access to the messaging platform Discord after the company refused to share information requested by the government. A court in Ankara issued the decision, citing concerns over child sexual abuse and obscene content being shared by users on the platform. The Information Technologies and Communication Authority confirmed the ban.

The action follows outrage after a 19-year-old in Istanbul murdered two women, with Discord users allegedly praising the incident online. Justice Minister Yilmaz Tunc explained that there was sufficient suspicion of illegal activity linked to the platform, which prompted the court to intervene.

Transport Minister Abdulkadir Uraloglu added that monitoring platforms like Discord is difficult, as security forces can only act when users report content. Discord’s refusal to provide data, such as IP addresses, further complicated the situation, leading to the decision to block the service.

The ban in Turkey coincides with a similar action in Russia, where Discord was blocked for violating local laws after failing to remove prohibited content. The platform has faced growing scrutiny over its handling of illegal activity.

Japan’s move toward active cyber defence: a strategic shift in national security

On 10 September, the Liberal Democratic Party (LDP) proposed a groundbreaking system of ‘active cyber defence’ (Nōdō-teki saibā bōgyo) for Japan. This initiative, presented to Prime Minister Fumio Kishida by former Defense Minister Itsunori Onodera, aims to bolster national cybersecurity by allowing the government to collect and analyse metadata from domestic telecom providers. The goal is to detect potential cyber threats early and take pre-emptive actions to prevent attacks.

Onodera, who chairs the LDP’s Security Research Commission, emphasised the critical importance of this system for Japan’s national security. The proposal acknowledges the need to limit data collection to comply with Japan’s constitutional protection of ‘secrecy of communications’ under Article 21.

The push for heightened cyber defences gained momentum in April 2022, when former US Director of National Intelligence Dennis C. Blair warned Tokyo that Japan’s cybersecurity measures lagged behind its allies, especially the US. Blair’s recommendations called for Japan to establish stronger cyber leadership, create institutions akin to the US National Security Agency (NSA) and Cyber Command, and enhance collaboration with the US Joint Cyber Defense Collaborative (JCDC).

The current LDP’s proposal is a key part of Japan’s broader national security overhaul, as reflected in the revised National Security Strategy (NSS), National Defense Strategy (NDS), and Defense Buildup Program (DBP), approved by the Japanese government in December 2022. The NSS acknowledges the growing cyber threats, particularly from China and Russia, and emphasises the need for active cyber defence, the procurement of counterattack capabilities, and investment in advanced technologies like AI and unmanned weapons systems.

In the cyber domain, the shift toward ‘active cyber defence’ marks a significant change. Japan plans to create a new organisation to oversee cybersecurity policies and coordinate efforts. The Ministry of Defense will increase its cyber personnel from 1,000 to 4,000 ‘cyber warriors’ and provide training to 16,000 JSDF members over the next five years.

To implement these changes, revisions to existing laws, such as the Telecommunications Law and Unauthorized Computer Access Prohibition Law, are expected. This will enable Japan to carry out administrative interception, bringing it in line with practices in other Western nations. With these measures, Japan aims to strengthen its cybersecurity posture and safeguard critical infrastructure from growing cyber threats.

FTC pushes Marriott to improve cybersecurity after data breaches

Marriott International will implement an information security program following a settlement with the US Federal Trade Commission (FTC) over data breaches that impacted more than 344 million customers between 2014 and 2020. The settlement requires Marriott and its subsidiary, Starwood Hotels & Resorts Worldwide, to address the vulnerabilities that led to multiple breaches over several years.

The hotel chain also agreed to provide US customers with a way to request deletion of their personal data linked to their email address or loyalty rewards account. In addition, Marriott will review loyalty rewards accounts upon request and restore stolen points. A separate settlement sees Marriott paying $52 million to resolve similar data security claims across 49 states and the District of Columbia.

Marriott has stated that protecting guests’ personal data remains a top priority and that the company continues to invest heavily in improving its cybersecurity measures. However, Marriott did not admit liability for the breaches in either the FTC settlement or the agreements with state Attorneys General.

In 2020, the company faced a class action lawsuit in London brought by millions of former guests seeking compensation after their personal information was compromised during the breaches, considered one of the largest in history.

Top diplomat warns of serious fallout if US fails to back UN cybercrime treaty

A senior US diplomat has warned of significant consequences if the United States does not support a newly adopted draft for the UN cybercrime treaty, which would establish the first global cybersecurity legal framework agreed upon by all UN member states. Despite unanimous approval from the UN’s Ad Hoc Committee on Cybercrime in August, concerns have been raised by human rights groups and the tech industry about the treaty’s potential to enable mass surveillance and violate individual privacy.

Lead US negotiator Ambassador Deborah McCarthy emphasised the risks of the US backing out after leading the treaty’s development, warning of a potential divide at the UN if the US withdraws. She also highlighted the treaty’s role in fostering global cooperation on cybercrime investigations and information-sharing, while acknowledging legitimate concerns from various sectors.

Critics, however, argue that the treaty’s provisions on serious crimes—those carrying sentences of four years or more—could empower authoritarian regimes to abuse surveillance powers and violate human rights. Human Rights Watch’s Deborah Brown expressed concern that the treaty lacks robust safeguards and could be used to suppress protected activities like protests and investigative journalism.

While McCarthy stressed that the treaty could spotlight misuse and encourage global cooperation, US Senate ratification remains uncertain. With privacy advocates like Sen. Ron Wyden opposing the treaty, calling it a potential tool for authoritarian regimes, securing the two-thirds Senate vote required for US participation will be challenging.

In her remarks, McCarthy acknowledged that the treaty is not perfect but called it ‘definitely an advancement.’ The treaty’s provision, which automatically allows for the extradition of cyber criminals ‘without having to negotiate country by country,’ is a win, McCarthy said.

TikTok faces legal challenges from 13 US states over youth safety concerns

TikTok is facing multiple lawsuits from 13 US states and the District of Columbia, accusing the platform of harming and failing to protect young users. The lawsuits, filed in New York, California, and other states, allege that TikTok uses intentionally addictive software to maximise user engagement and profits, particularly targeting children who lack the ability to set healthy boundaries around screen time.

California Attorney General Rob Bonta condemned TikTok for fostering social media addiction to boost corporate profits, while New York Attorney General Letitia James connected the platform to mental health issues among young users. Washington D.C. Attorney General Brian Schwalb further accused TikTok of operating an unlicensed money transmission service through its live streaming and virtual currency features and claimed that the platform enables the sexual exploitation of minors.

TikTok, in response, denied the allegations and expressed disappointment in the legal action taken, arguing that the states should collaborate on solutions instead. The company pointed to safety measures, such as screen time limits and privacy settings for users under 16.

These lawsuits are part of a broader set of legal challenges TikTok is facing, including a prior lawsuit from the U.S. Justice Department over children’s privacy violations. The company is also dealing with efforts to ban the app in the US due to concerns about its Chinese ownership.

Diplo chatbot can make mistakes. Consider checking important information.