Cybersecurity

Cyberattack disrupts Wi-Fi at major UK railway stations

British police announced on Thursday that they are investigating a cyberattack that displayed an Islamophobic message on Wi-Fi services at major railway stations. Passengers trying to connect to the Wi-Fi encountered a message referencing terror attacks, leading to the immediate shutdown of the system managed by communications group Telent. The British Transport Police reported that they received notifications about the incident at approximately 5:03 p.m. on September 25.

The incident occurred amid heightened tensions in Britain, where anti-Muslim riots erupted over the summer following the tragic killing of three young girls. Misinformation initially blamed the attack on an Islamist migrant, further inflaming community tensions. In response, the police are working closely with Network Rail to investigate the cyberattack promptly.

Following the incident, which impacted 19 stations including London Bridge, London Euston, Manchester Piccadilly, and Edinburgh Waverley, Network Rail confirmed that the Wi-Fi service remained offline. Telent stated that no personal data was compromised in the hack, explaining that an unauthorised change was made to the Network Rail landing page using a legitimate administrator account. As a precaution, Telent temporarily suspended all Global Reach services to verify that other customers were not affected. Network Rail expects the Wi-Fi service to be restored over the weekend after conducting final security checks.

US bolsters digital security with the ROUTERS Act to counter foreign cyber threats

The United States is making a pivotal move to bolster its digital security by introducing the ROUTERS Act, a bill specifically designed to address vulnerabilities in consumer internet routers and wireless infrastructure. Since these devices are crucial in connecting users to the internet, they have increasingly become prime targets for cyberattacks, particularly by foreign adversaries such as China.

Consequently, the legislation, which has already passed the House of Representatives, focuses on hardware developed or manufactured by companies based in countries of concern, including China, Iran, Russia, North Korea, and Venezuela. Notably, Chinese-made routers, such as those from TP-Link, are widely used in American households and even government agencies, presenting significant security risks.

To counter these threats, the ROUTERS Act mandates that the Department of Commerce conduct a study to assess the national security dangers posed by these devices. This crucial step could pave the way for future legislative actions to mitigate the vulnerabilities that threaten the US’s digital infrastructure.

Furthermore, the United States has already experienced the damaging effects of cyberattacks, particularly from Chinese-backed hacker groups exploiting router vulnerabilities to infiltrate networks and conduct espionage. Various reports and investigations have consistently highlighted the dangers posed by outdated and insecure routers, particularly those from manufacturers like TP-Link, which remain used by consumers and critical government agencies, including the Department of Defense.

As a result, the ROUTERS Act seeks to address these threats by requiring a comprehensive study of the national security risks posed by such devices, particularly those originating from adversarial nations. As the Senate prepares to review the bill, there is bipartisan support to strengthen it further by designating the National Telecommunications and Information Administration (NTIA) as the lead agency overseeing the study.

Given its expertise in managing digital infrastructure and cybersecurity threats, the NTIA is well-positioned to ensure a thorough evaluation of the risks. Ultimately, this would enable the United States to coordinate better efforts across federal agencies to secure its digital infrastructure and safeguard against foreign cyber threats.

Assange seeks Bitcoin support for post-release travel costs

Julian Assange, the former Wikileaks editor-in-chief, has secured a plea deal, with his sentence commuted to time served. He is now set to travel to Saipan before returning to Australia. Despite his release, the financial burden remains, with his fiancée, Stella Assange, disclosing that the cost of his journey to freedom is estimated at $520,000. The family is urgently appealing for funds to cover travel and recovery expenses.

To help raise these funds, a BTCPay Server has been set up, enabling donations through Bitcoin or the Lightning Network. Assange’s brother, Gabriel, confirmed the platform, allowing secure, decentralised contributions. Julian’s connection to Bitcoin is long-standing, having been part of the cryptocurrency’s history, including discussions with its creator, Satoshi Nakamoto, regarding its use for Wikileaks when PayPal froze their accounts.

As Assange embarks on the next chapter of his life, the Bitcoin community continues to rally behind him, with a recent donation of 8 Bitcoins (around $500,000) further showcasing the role of cryptocurrency in supporting his cause.

Truflation loses $5.2 million in malware attack

Truflation, a blockchain-based inflation data platform, has confirmed falling victim to a malware attack. The project reported detecting abnormal activity on 25 September, which led to an estimated loss of up to $5.2 million. Blockchain analysts have tracked the losses from Truflation’s treasury and personal wallets on Ethereum, with additional losses spread across seven other blockchains.

The team is now working with law enforcement and industry partners to resolve the issue. They have also reached out to the hacker, seeking negotiation, while offering rewards to white-hat hackers who can assist. Despite the breach, Truflation has reassured its customers that their funds and staking operations remain secure.

Truflation’s token, TRUF, fell by 15.6% following the incident, though it has since partly recovered. Truflation provides real-time economic data and recently launched a marketplace that tracks commodity indexes such as sugar, petroleum, and wheat.

X moves to comply with Brazil’s court amid misinformation crackdown

After months of defiance, Elon Musk’s social media platform, X, has told Brazil’s Supreme Court that it has complied with orders to curb the spread of misinformation. The direction shift comes as Musk seeks to lift a ban on the platform following a prolonged battle with the Brazilian judiciary over what he called ‘censorship.’ The court had suspended access to X in late August, leaving Brazilians needing the platform in one of its largest global markets.

The dispute revolves around Justice Alexandre de Moraes, who has been leading a crackdown on what he perceives as threats to democracy and the political use of disinformation. After Musk closed X’s office in Brazil, the judge banned the platform. Moraes also froze accounts of Musk’s satellite company, Starlink, prompting Musk to label him a ‘dictator.’

X, which boasts 21.5 million users in Brazil, attempted to circumvent the ban by using third-party cloud services, allowing temporary access. However, the effort was short-lived, especially after Moraes threatened heavy fines. In a more conciliatory move, X recently appointed a local legal representative in Brazil, signalling a shift in its approach.

In documents submitted to the court, X confirmed that it had blocked nine accounts linked to a hate speech and misinformation investigation. The action reflects a change in Musk’s strategy, as sources close to him suggest he now plans to comply with local laws while continuing to defend free speech through legal avenues.

Why does it matter?

Musk’s battle with the Brazilian judiciary mirrors similar tensions in countries like Australia and the UK, where governments are working to curb online misinformation. Despite his stance as a free speech advocate, Musk’s recent actions in Brazil indicate a more pragmatic approach to navigating regulatory challenges in key markets.

As X awaits the court’s decision, which could restore access within days, analysts believe that Musk’s surprising backtracking demonstrates a recognition that fighting the law in Brazil could have further damaged his standing in the country. Now, the company appears ready to respect legal boundaries, even if it means fighting battles in the courtroom rather than on the platform.

Vietnam considers SpaceX’s $1.5 billion investment proposal

SpaceX is set to invest $1.5 billion in Vietnam, boosting Starlink’s satellite internet services in the country. The government has restarted discussions after talks paused at the end of 2023. Officials are now working closely with SpaceX to finalise plans.

The investment could improve internet access in mountainous regions and strengthen infrastructure for activities such as education and disaster response. SpaceX is particularly interested in supporting the country’s development and improving connectivity.

Disputes over strict regulations on foreign ownership of internet service firms previously stalled discussions. Vietnam limits foreign control to 50%, whereas SpaceX had sought a controlling stake, which may still pose challenges.

Vietnam is becoming an important market for major US companies like SpaceX and Apple, both looking to expand their operations. SpaceX’s Starlink service could also help this country maintain a stronger presence in the contested South China Sea.

MoneyGram faces challenges amid cybersecurity outage

MoneyGram has acknowledged that its recent multiday outage is due to a cybersecurity issue, and the firm is progressing in restoring its services. The company revealed on X that it had identified the problem affecting certain systems and launched an investigation after users reported disruptions beginning on 20 September.

The Dallas-based financial services company stated that it took immediate protective measures, including taking some systems offline to address the connectivity issues. MoneyGram is collaborating with law enforcement and external cybersecurity experts to mitigate the impact of the breach. In a follow-up post on 24th September, the firm announced that it is successfully restoring some key transactional systems.

Although MoneyGram has assured users that pending transactions will be processed once systems are back online, it has not disclosed details about the nature of the cybersecurity issue, including whether any sensitive data may have been compromised. Additionally, there is no timeline yet for when full service will be resumed.

This incident occurs amid a notable increase in crypto-related ransomware attacks, with reports indicating a significant rise in ransom payments this year. MoneyGram, a major player in money transmission, recently ventured into the crypto space, launching fiat exchange services and partnering with CEX.io to offer fiat-to-stablecoin options.

South Korea’s semiconductor dependence on China grows

While South Korean memory giants Samsung Electronics and SK hynix experienced a significant sales increase in China during the first half of this year, the report by the Korea Eximbank Overseas Economic Research Institute indicates that South Korea’s reliance on China for critical semiconductor raw materials is also growing. Key materials such as silicon, germanium, gallium, and indium have seen notable increases in demand, with South Korea’s dependence on silicon rising from 68.8% to 75.4% in 2022.

The report emphasises an increasing reliance on rare earth elements, crucial for semiconductor abrasives, and a slight uptick in dependence on tungsten, which is vital for semiconductor wiring. This trend is occurring against the backdrop of export restrictions enacted by the Chinese government on critical minerals such as germanium and gallium, in response to US sanctions. Currently, China dominates the global supply, producing 98% of the world’s gallium and 60% of its germanium, underscoring its pivotal role in the semiconductor supply chain.

Dependence on germanium rose significantly by 17.4 percentage points to 74.3% in 2022, and reliance on gallium and indium also increased by 20.5 percentage points to 46.7%. Despite the Chinese government’s export restrictions, local production among major Chinese firms has remained stable. For example, Samsung’s NAND flash facility in Xi’an has boosted its share of the company’s total NAND capacity from 29% in 2021 to 37% in 2023, with expectations to reach 40% this year.

AI-written police reports spark efficiency debate

Several police departments in the United States have begun using AI to write incident reports, aiming to reduce time spent on paperwork. Oklahoma City’s police department was an early adopter of the AI-powered Draft One software, but paused its use to address concerns raised by the District Attorney’s office. The software analyses bodycam footage and radio transmissions to draft reports, potentially speeding up processes, although it may raise legal concerns.

Paul Mauro, a former NYPD inspector, noted that the technology could significantly reduce the burden on officers, who often spend hours writing various reports. However, he warned that officers must still review AI-generated reports carefully to avoid errors. The risk of inaccuracies or ‘AI hallucinations’ means oversight remains crucial, particularly when reports are used as evidence in court.

Mauro suggested that AI-generated reports could help standardise police documentation and assist in data analysis across multiple cases. This could improve efficiency in investigations by identifying patterns more quickly than manual methods. He also recommended using the technology for minor crimes while legal experts ensure compliance with regulations.

The potential for AI to transform police work has drawn comparisons to the initial resistance to bodycams, which are now widely accepted. While there are challenges, the introduction of AI in police reporting may offer long-term benefits for law enforcement, if implemented thoughtfully and responsibly.

Microsoft ramps up cybersecurity efforts following critical review

Microsoft has made significant strides in enhancing its security culture following critical feedback from the United States Cyber Safety Review Board. The company launched its Secure Future Initiative (SFI) in late 2023, leading to the involvement of 34,000 engineers dedicated to cybersecurity efforts. CEO Satya Nadella has prioritised security across the organisation, even tying employee performance reviews to security goals in recent months.

Microsoft has implemented several changes to its security processes, including improvements to its Entra ID and Microsoft Account systems, reducing inactive tenants, and enhancing network tracking for better compliance. The company has also introduced stricter controls, such as limiting personal access tokens and eliminating SSH access for internal engineering repositories.

In its push for greater transparency, Microsoft is now publishing CVEs even when customer action is not required. It has also introduced new standards with a ‘Start Right, Stay Right, and Get Right’ approach to ensure that security protocols are integrated throughout its projects.

To oversee its cybersecurity efforts, Microsoft has established a Cybersecurity Governance Council and appointed several new deputy CISOs. The company has also launched a security skilling academy for employee training, reinforcing its long-term commitment to building a robust security culture.

Diplo chatbot can make mistakes. Consider checking important information.