Five individuals, alleged members of the hacking group Scattered Spider, face criminal charges in the US. Prosecutors accuse the group of orchestrating phishing schemes to steal sensitive data and cryptocurrency. Victims include at least 12 companies from industries such as gaming and telecommunications, alongside individual cryptocurrency holders.
The suspects, aged in their teens or 20s during the offences, allegedly deceived employees into sharing login details through fraudulent messages. These actions enabled them to access corporate systems and drain millions from personal accounts. The group’s notoriety grew following high-profile hacks of casino operators in 2023, though connections to those incidents remain unclear.
Officials claim Scattered Spider operates as a loose collective of cybercriminals, often collaborating temporarily for specific crimes. Industry experts have long called for stronger enforcement against such groups. Recent arrests signal intensified efforts, with cybersecurity professionals warning young hackers of severe consequences if caught.
The defendants, including individuals from Scotland, Texas, and North Carolina, face charges of conspiracy, identity theft, and wire fraud. Arrests have taken place in the US and Spain, with extradition proceedings underway. Investigations continue as authorities pursue other suspected members of the group.
Australia’s government introduced a bill to parliament aiming to ban social media use for children under 16, with potential fines of up to A$49.5 million ($32 million) for platforms that fail to comply. The law would enforce age verification, possibly using biometrics or government IDs, setting the highest global age limit for social media use without exemptions for parental consent or existing accounts.
Prime Minister Anthony Albanese described the reforms as a response to the physical and mental health risks social media poses, particularly for young users. Harmful content, such as body image issues targeting girls and misogynistic content aimed at boys, has fueled the government’s push for strict measures. Messaging services, gaming, and educational platforms like Google Classroom and Headspace would remain accessible under the proposal.
While opposition parties support the bill, independents and the Greens are calling for more details. Communications Minister Michelle Rowland emphasised that the law places responsibility on platforms, not parents or children, to implement robust age-verification systems. Privacy safeguards, including mandatory destruction of collected data, are also part of the proposed legislation. Australia’s policy would be among the world’s strictest, surpassing similar efforts in France and the US.
Privacy-focused search engine DuckDuckGo has urged the European Commission to launch three new investigations into Google’s compliance with the EU’s Digital Markets Act (DMA). DuckDuckGo argues that the rules, designed to curb Big Tech dominance, have not yet delivered meaningful change in the search market.
The Digital Markets Act, adopted in 2022, requires major tech firms to ensure users can switch services easily and prohibits practices that favour their own products. DuckDuckGo’s senior vice-president, Kamyl Bazbaz, claimed in a blog post that Google’s measures fall short of the law’s requirements, calling for formal probes to drive compliance.
Google is already under two DMA-related investigations concerning its app store rules and alleged discrimination against third-party services. A spokesperson for the company stated that Google is cooperating with the Commission and has made significant adjustments to its services. They emphasised consumer choice and data protection as key priorities while rejecting claims of non-compliance.
DuckDuckGo also accused Google of proposing to share anonymised search data with competitors that excludes the vast majority of search queries, rendering it ineffective. Additional allegations include failing to make switching search engines straightforward. Companies breaching the DMA could face fines up to 10% of their global annual revenue.
EU antitrust regulators are expected to announce their decision on Nvidia’s proposed acquisition of Israeli AI startup Run by 20 December. The European Commission has flagged concerns that the $700 million deal, announced in April, could harm competition in the AI and chip sectors. Nvidia must gain regulatory approval before proceeding.
The watchdog will either approve the deal, with or without conditions, or open a four-month investigation if concerns persist. The scrutiny reflects broader fears about ‘killer acquisitions’, where large firms acquire startups to stifle innovation.
Nvidia‘s processors are crucial for AI applications, including tools like ChatGPT, making this acquisition significant for the tech and AI industries. The decision will have implications for competition in rapidly evolving AI markets.
The United States Department of Justice (DOJ) is reportedly pushing for Alphabet’s Google to divest its Chrome browser, escalating efforts to curb the company’s alleged monopolistic practices in digital markets. This follows a prior ruling that Google illegally dominated the search market. The DOJ also plans to address Google’s control over AI and the Android operating system.
Google, which commands two-thirds of the global browser market, denies the claims, arguing that its success stems from user preference and robust competition. It also criticises the DOJ’s proposals as extreme and potentially harmful to consumers. Prosecutors have suggested a range of remedies, including ending exclusive search agreements with companies like Apple or enforcing Chrome’s divestiture if market competition does not improve.
A trial to finalise the remedies is set for April, with a ruling expected by August 2025. Google intends to appeal any decision to divest Chrome, citing the browser’s integral role in its ad revenue and user experience.
Dell Technologies and Iron Bow Technologies have agreed to pay over $2 million each to settle allegations of overcharging the US Army under a computing contract, according to the Justice Department.
Dell will pay $2.3 million, while Iron Bow will pay $2.05 million to resolve claims of violating the False Claims Act. The DOJ accused the companies of submitting non-competitive bids that inflated costs under the Army Desktop and Mobile Computing contract.
The settlement highlights government efforts to enforce accountability in defence contracts, ensuring fair pricing and compliance with procurement laws.
Catalonia‘s decision to eliminate 10,000 holiday lets in Barcelona over the next five years has sparked a legal challenge from the European Holiday Home Association (EHHA). The industry group filed a complaint with the European Commission, arguing that the ban, introduced in June, violates EU law by breaching the provision of services directive. The EHHA claims the restrictions are disproportionate and politically motivated, particularly given the housing crisis in Barcelona, where locals struggle to find affordable housing.
Catalan authorities have not granted new tourist flat licenses since 2014, but this has not alleviated the city’s housing shortage. The European Commission has expressed concerns that the new measures are excessive and could be harming the local economy. EHHA representatives argue that other factors, such as empty dwellings, are contributing more to the housing crisis than short-term rentals like Airbnb.
Barcelona’s move is part of a broader trend of European cities combating overtourism, following similar actions by places like Venice and Amsterdam. However, the issue is now reaching the EU’s political stage, with the European Commission weighing in on the matter and preparing to tackle short-term rental regulation.
Senator Richard Blumenthal has reaffirmed that ByteDance must divest TikTok’s US operations by January 19 or risk a ban. The measure, driven by security concerns over potential Chinese surveillance, was signed into law in April. A one-time extension of 90 days is available if significant progress is made, but Blumenthal emphasised that laws cannot be disregarded.
Blumenthal also raised alarms over China’s influence on US technology companies. Tesla’s production in China and the US military’s reliance on SpaceX were flagged as security risks. He pointed to Elon Musk’s economic ties with China as a potential vulnerability, warning that such dependencies could compromise national interests.
Apple faced criticism for complying with Chinese censorship and surveillance demands while generating significant revenue from the country. Concerns were voiced that major tech companies might prioritise profits over US security. Neither Apple nor Tesla has commented on these claims.
TikTok and ByteDance are challenging the divestment law in court. A decision is expected soon, but restrictions will tighten for app stores and hosting services if compliance is not achieved. The Biden administration has clarified that it supports ending Chinese ownership of TikTok rather than an outright ban.
California Governor Gavin Newsom has signed Assembly Bill 3030 (AB 3030) into law, which will regulate the use of generative AI (GenAI) in healthcare. Effective 1 January 2025, the law mandates that any AI-generated communications related to patient care must include a clear disclaimer informing patients of its AI origin. It also instructs patients to contact human healthcare providers for further clarification.
The bill is part of a larger effort to ensure patient transparency and mitigate risks linked to AI in healthcare, especially as AI tools become increasingly integrated into clinical environments. However, AI-generated communications that have been reviewed by licensed healthcare professionals are exempt from these disclosure requirements. The law focuses on clinical communications and does not apply to non-clinical matters like appointment scheduling or billing.
AB 3030 also introduces accountability for healthcare providers who fail to comply, with physicians facing oversight from the Medical Board of California. The law aims to balance AI’s potential benefits, such as reducing administrative burdens, with the risks of inaccuracies or biases in AI-generated content. California’s move is part of broader efforts to regulate AI in healthcare, aligning with initiatives like the federal AI Bill of Rights.
As the law takes effect, healthcare providers in California will need to adapt to these new rules, ensuring that AI-generated content is flagged appropriately while maintaining the quality of patient care.
The EU Council, along with its member states, has adopted a declaration for the first time on this specific topic establishing a unified understanding of how international law applies to cyberspace. This declaration underscores that cyberspace is not a lawless realm and reaffirms that international law, including the UN Charter, international human rights law, and international humanitarian law, is fully applicable to activities conducted in cyberspace.
The declaration highlights the escalating threat of malicious cyber activities, such as ransomware, which have grown in scale, sophistication, and impact, posing significant risks to European societies and economies. Recognising these challenges, the EU emphasizes that adherence to the UN framework of responsible state behavior in cyberspace is essential for preserving international peace, security, and stability.
In the declaration, the EU and its member states have commented on principle of non-intervention, state sovereignty, due diligence, attribution, and countermeasures. In particular, the document highlights that “States exercise territorial jurisdiction over Information and Communications Technology (ICT) infrastructure located in their territory, and persons engaged in cyber activities, within their territory”.
The official press release notes that the declaration’s foundation was laid in April 2024, when the European External Action Service (EEAS) presented a non-paper on the topic. After careful deliberation and collaboration between the Horizontal Working Party on Cyber Issues (HWPCI) and the Working Party on Public International Law (COJUR), the text was finalized and approved by the Permanent Representatives Committee (COREPER) on 13 November 2024.
