Cybersecurity Archives | Page 353 of 392 | Digital Watch Observatory

Meta bans Russian state media over covert online operations

Meta, the parent company of Facebook, has banned several Russian state media outlets, including RT (Russia Today) and Rossiya Segodnya, from its platforms due to their involvement in covert online influence operations. The censorship decision significantly escalates Meta’s actions against Russian media, as it previously restricted their activities by limiting ad access and post visibility. Meta explained that after reviewing ongoing foreign interference by these outlets, it expanded its enforcement to ban them from all its apps, which include Instagram, WhatsApp, and Threads. The company expects the ban to take full effect in the coming days.

The decision follows recent charges by US authorities against two RT employees accused of money laundering in connection with efforts to influence the 2024 US elections. US Secretary of State Antony Blinken has urged countries to treat RT’s activities as covert intelligence operations rather than legitimate journalism. Despite these developments, RT has criticised the US government’s actions, accusing them of stifling the media outlet’s ability to function as a journalistic organisation.

Meta also shared that Russian state media outlets have attempted to conceal their online activities before, and it anticipates further attempts to evade the newly imposed restrictions. The Russian embassy and the White House have yet to comment on Meta’s decision.

Telegram’s Pavel Durov faces criminal probe in France under LOPMI law

France has taken a bold legal step with its new law, targeting tech executives whose platforms enable illegal activities. The pioneering legislation, enacted in January 2023, puts France at the forefront of efforts to curb cybercrime. The law allows for criminal charges against tech leaders, like Telegram CEO Pavel Durov, for complicity in crimes committed through their platforms. Durov is under formal investigation in France, facing potential charges that could carry a 10-year prison sentence and a €500,000 fine. He denies Telegram’s role in facilitating illegal transactions, stating the platform complies with the EU regulations.

The so-called LOPMI (Loi d’Orientation et de Programmation du Ministère de l’Intérieur) 2023-22 law, unique in its scope, is yet to be tested in court, making France the first country to target tech executives in this way directly. Legal experts point out that no similar laws exist in the US or elsewhere in the Western world.

What is LOPMI?

The LOPMI law for the Ministry of the Interior outlines a €15 billion plan over five years to address future security challenges by enhancing human, legal, and budgetary resources. It aims to modernise operations through digital transformation, with nearly half the budget dedicated to digitising services, modernising investigative tools, and improving cybercrime response. The law plans to create 8,500 new jobs, improve recruitment diversity, and double police and gendarme presence by 2030. It emphasises crisis management, especially for civil security and climate events, and strengthens public order for major international events like the 2024 Olympics. Additionally, it aims to improve border security through advanced technology and cooperation.

While the US has prosecuted individuals like Ross Ulbricht, founder of the Silk Road marketplace, those cases required proof of active involvement in criminal activity. However, French law seeks to hold platform operators accountable for illegal actions facilitated through their sites, even if they were not directly involved.

Prosecutors in Paris, led by Laure Beccuau, have praised the law as a powerful tool in their fight against organised cybercrime, including child exploitation, credit card trafficking, and denial-of-service attacks. The recent high-profile arrest of Durov and the shutdown of other criminal platforms like Coco highlight France’s aggressive stance in combating online crime. The J3 cybercrime unit overseeing Durov’s case has been involved in other relevant investigations, including the notorious case of Dominique Pelicot, who used the anonymous chat forum Coco to orchestrate heinous crimes.

While the law gives French authorities unprecedented power, legal and academic experts caution that its untested nature could lead to challenges in court. Nonetheless, France’s new cybercrime law seriously escalates the global battle against online criminal activity.

Malta launches public consultation to establish legal protections for ethical hackers

The Government of Malta has initiated a public consultation to establish a comprehensive legal framework for ethical hackers, also known as security researchers, who identify and disclose vulnerabilities in ICT systems to bolster cybersecurity. That initiative aims to clearly define the role of ethical hackers, ensuring that their activities are regulated and protected by law, enabling them to operate within a transparent and legitimate framework.

In addition, the Government of Malta has proposed that ICT system owners, especially those managing critical infrastructure, implement Coordinated Vulnerability Disclosure Policies (CVDP) to handle better the detection and resolution of security flaws identified by ethical hackers. Overseen by the Directorate for Critical Infrastructure Protection (CIPD), this policy comes in response to an incident where four computer science students were arrested after discovering a vulnerability in the FreeHour app.

Despite acting in good faith, the students faced legal consequences, highlighting the urgent need for clearer protections and legal guidance for ethical hackers. The proposed framework aims to formalise the process, encouraging cooperation between public and private entities and ensuring that cybersecurity research is conducted safely and responsibly.

Open to public input until 7 October 2024, the consultation is expected to lead to legislative reforms that distinguish ethical hacking from illegal activities, providing much-needed clarity for those working to enhance cybersecurity.

SITA launches advanced NAC solution for enhanced airport security

SITA has intro d uced its new cybersecurity solution, SITA Managed NAC (Network Access Control), designed to enhance airport and airline digital infrastructure security. That innovative solution addresses the increasing threats to digital networks in complex environments like airports, providing essential protection for critical communication systems.

SITA Managed NAC offers advanced security features for Local Area Network (LAN) and Wireless LAN communications. Specifically, it incorporates additional layers of identification checks and network segmentation, which ensure compliance with industry standards while safeguarding passenger systems and operational efficiency.

Furthermore, the solution provides granular control over network access, including detailed logging capabilities and the ability to quarantine non-compliant devices. As a result, it supports airports and airlines in meeting stringent cybersecurity recommendations from authorities such as the US Transportation Security Agency (TSA) and the Airports Council International (ACI).

Moreover, SITA Managed NAC integrates seamlessly with the existing SITA Campus Network product, leveraging Cisco’s Identity Services Engine (ISE) platform to enforce identity-based access controls and policies. Adopting a Zero Trust security model, the solution continuously authenticates and authorises access requests, significantly reducing the risk of unauthorised access and potential breaches.

Dubai to introduce AI security policy

Dubai has introduced a pioneering AI security policy through the Dubai Electronic Security Center, led by H.E. Amer Sharaf. This landmark initiative is designed to address the unique challenges and vulnerabilities associated with AI. The policy focuses on three critical pillars: data integrity, protection of critical infrastructure, and ethical AI usage.

By establishing robust guidelines and best practices, Dubai aims to ensure that AI systems are resilient against emerging threats and operate securely. This comprehensive approach not only sets a high standard for AI security but also positions Dubai as a global leader in digital innovation in accordance with the UAE National Strategy for Artificial Intelligence 2031.

As part of its broader strategy to drive digital transformation, Dubai has implemented a pioneering AI security policy that plays a crucial role in its ambition to become a leading global digital city. Integrating advanced security measures into its AI initiatives allows Dubai to mitigate risks while effectively creating an environment conducive to innovation. That policy underpins ambitious projects such as self-driving vehicles and smart health systems, highlighting Dubai’s commitment to fostering a secure and dynamic digital landscape that aligns with its forward-looking vision.

FCC pushes for new players in space economy

The chair of the Federal Communications Commission (FCC), Jessica Rosenworcel, has called for increased competition to SpaceX’s Starlink satellite internet service. Starlink currently operates nearly two-thirds of all active satellites and is responsible for a significant portion of space-based internet traffic.

Rosenworcel highlighted that monopolies do not benefit the economy, emphasising the need to bring in more companies to develop satellite constellations and drive innovation in space. She stressed that competition in communications markets typically leads to lower prices and more innovation, and the space sector should not be an exception.

The FCC has been working to support new entrants in the space economy, offering guidance on licensing processes and promoting outreach efforts. Rosenworcel aims to encourage more players to enter the market and challenge Starlink’s dominant position.

In 2022, the FCC withdrew $885.5 million in rural broadband subsidies from Starlink, citing the service’s inability to meet basic program requirements. SpaceX had originally agreed to deliver high-speed internet to over 600,000 rural homes and businesses across 35 US states.

Experts warn of AI dangers in Oprah Winfrey special

Oprah Winfrey aired a special titled ‘AI and the Future of Us,’ featuring guests like OpenAI CEO Sam Altman, tech influencer Marques Brownlee, and FBI director Christopher Wray. The discussion was largely focused on the potential risks and ethical concerns surrounding AI. Winfrey highlighted the need for humanity to adapt to AI’s rapid development, while Altman emphasised the importance of safety regulations.

Altman defended AI’s learning capabilities but acknowledged the need for government involvement in safety testing. However, his company has opposed California’s AI safety bill, which experts believe would provide essential safeguards. He also discussed the dangers of deepfakes and urged caution as AI technology advances.

Wray pointed out AI’s role in rising cybercrimes like sextortion and disinformation. He warned of its potential to be exploited for election interference, urging the public to remain vigilant in the face of increasing AI-generated content.

For balance, Bill Gates expressed optimism about AI’s positive impact on education and healthcare. He envisioned AI improving medical transcription and classroom learning, though concerns about bias and misuse remain.

China amends law to tackle data fraud

Top legislative body in China has approved changes to its statistics law to combat data fraud. The move addresses growing concerns over the reliability of economic figures in the world’s second-largest economy. Amended regulations aim to prevent statistical manipulation and penalise officials involved in falsifying economic reports.

Authorities have acknowledged persistent problems with statistical fraud, which has led to public mistrust in economic data. The issue has become a major focus for lawmakers, as many believe it harms the accuracy of important economic indicators.

External analysts have long questioned the authenticity of Chinese data, particularly as the country grapples with an economic slowdown. The new law is part of ongoing efforts to restore confidence by cracking down on fraudulent reporting.

Government in China has vowed to investigate and penalise officials involved in data manipulation, seeking to improve transparency and the overall quality of economic statistics.

Thousands impacted by Microsoft 365 service disruption

Microsoft’s productivity software suite experienced an outage affecting more than 16,000 users on Thursday, as reported by Downdetector. The disruption impacted access to Microsoft 365 services, with reports peaking at around 23,000 before signs of recovery emerged.

The company acknowledged the issue, stating it was investigating problems affecting multiple services. Microsoft‘s Azure cloud platform added that connectivity issues might have been related to AT&T networks, though AT&T had not yet responded to queries.

This outage followed a similar incident two months ago when a faulty update from CrowdStrike disrupted operations on 8.5 million Windows devices. While the number of affected users began decreasing, some reported on social media that services had returned to normal.

Downdetector showed more than 16,500 users struggling with Microsoft 365 access, and around 4,000 AT&T users reported issues. The exact cause and timeline for a full recovery had yet to be clarified by Microsoft.

Illegal gun parts from China seized by US authorities

US authorities have taken down over 350 websites selling gun silencers and parts from China used to convert semiautomatic pistols into fully automatic machine guns. The move follows an investigation that started in August 2023, targeting illegal sales of these dangerous devices.

Undercover operations revealed shipments from China, falsely labelled as items such as ‘necklaces’ or ‘toys’. Instead, these packages contained machine gun conversion devices, known as ‘switches’, and ‘silencers’, both banned under the National Firearms Act. Some websites even sold counterfeit goods, misusing the trademark of gun manufacturer Glock Inc.

Acting US Attorney Joshua Levy emphasised the importance of seizing these websites to halt the influx of illegal and dangerous contraband. Law enforcement has so far seized over 700 machine gun conversion devices, 87 illegal suppressors, 59 handguns, and 46 long guns.

Officials highlighted the growing problem of such devices being easily accessible, posing a serious threat to public safety. The seizures are part of a broader effort to tackle the illegal gun parts trade and protect communities.