Jurisdiction

US Department of Justice charges Russian hacker in cyberattack plot against Ukraine

The US Department of Justice has charged a Russian individual for allegedly conspiring to sabotage Ukrainian government computer systems as part of a broader hacking scheme orchestrated by Russia in anticipation of its unlawful invasion of Ukraine.

In a statement released by US prosecutors in Maryland, it was disclosed that Amin Stigal, aged 22, stands accused of aiding in the establishment of servers used by Russian state-backed hackers to carry out destructive cyber assaults on Ukrainian government ministries in January 2022, a month preceding the Kremlin’s invasion of Ukraine.

The cyber campaign, dubbed ‘WhisperGate,’ employed wiper malware posing as ransomware to intentionally and irreversibly corrupt data on infected devices. Prosecutors asserted that the cyberattacks were orchestrated to instil fear across Ukrainian civil society regarding the security of their government’s systems.

The indictment notes that the Russian hackers pilfered substantial volumes of data during the cyber intrusions, encompassing citizens’ health records, criminal histories, and motor insurance information from Ukrainian government databases. Subsequently, the hackers purportedly advertised the stolen data for sale on prominent cybercrime platforms.

Stigal is moreover charged with assisting hackers affiliated with Russia’s military intelligence unit, the GRU, in targeting Ukraine’s allies, including the United States. US prosecutors highlighted that the Russian hackers repeatedly targeted an unspecified US government agency situated in Maryland between 2021 and 2022 before the invasion, granting jurisdiction to prosecutors in the district to pursue charges against Stigal.

In a subsequent development in October 2022, the same servers arranged by Stigal were reportedly employed by the Russian hackers to target the transportation sector of an undisclosed central European nation, which allegedly provided civilian and military aid to Ukraine post-invasion. The incident aligns with a cyberattack in Denmark during the same period, resulting in widespread disruptions and delays across the country’s railway network.

The US government has announced a $10 million reward for information leading to the apprehension of Stigal, who is currently evading authorities and believed to be in Russia. If convicted, Stigal could face a maximum sentence of five years in prison.

Chinese AI companies respond to OpenAI restrictions

Chinese AI companies are swiftly responding to reports that OpenAI intends to restrict access to its technology in certain regions, including China. OpenAI, the creator of ChatGPT, is reportedly planning to block access to its API for entities in China and other countries. While ChatGPT is not directly available in mainland China, many Chinese startups have used OpenAI’s API platform to develop their applications. Users in China have received emails warning about restrictions, with measures set to take effect from 9 July.

In light of these developments, Chinese tech giants like Baidu and Alibaba Cloud are stepping in to attract users affected by OpenAI’s restrictions. Baidu announced an ‘inclusive Program,’ offering free migration to its Ernie platform for new users and additional Ernie 3.5 flagship model tokens to match their OpenAI usage. Similarly, Alibaba Cloud provides free tokens and migration services for OpenAI API users through its AI platform, offering competitive pricing compared to GPT-4.

Zhipu AI, another prominent player in China’s AI sector, has also announced a ‘Special Migration Program’ for OpenAI API users. The company emphasises its GLM model as a benchmark against OpenAI’s ecosystem, highlighting its self-developed technology for security and controllability. Over the past year, numerous Chinese companies have launched chatbots powered by their proprietary AI models, indicating a growing trend towards domestic AI development and innovation.

ByteDance challenges US TikTok ban in court

ByteDance and its subsidiary company TikTok are urging a US court to overturn a law that would ban the popular app in the USA by 19 January. The new legal act, signed by President Biden in April, demands ByteDance divest TikTok’s US assets or face a ban, which the company argues is impractical on technological, commercial, and legal grounds.

ByteDance contends that the law, driven by concerns over potential Chinese access to American data, violates free speech rights and unfairly targets TikTok while ‘ignores many applications with substantial operations in China that collect large amounts of US user data, as well as the many US companies that develop software and employ engineers in China.’ They argue that the legislation represents a substantial departure from the US tradition of supporting an open internet and sets a dangerous precedent.

The US Court of Appeals for the District of Columbia will hear oral arguments on this case on 16 September, a decision that could shape the future of TikTok in the US. ByteDance claims lengthy negotiations with the US government, which ended abruptly in August 2022, proposed various measures to protect US user data, including a ‘kill switch’ for the government to suspend TikTok if necessary. Additionally, the company made public a 100-plus page draft national security agreement to protect US TikTok user data and claims it has spent more than $2 billion on the effort. However, they believe the administration prefers to shut down the app rather than finalise a feasible agreement.

The Justice Department, defending the law, asserted that it addresses national security concerns appropriately. Moreover, the case follows a similar attempt by former President Trump to ban TikTok, which was blocked by the courts in 2020. This time, the new law would prohibit app stores and internet hosting services from supporting TikTok unless ByteDance divests it.

Meta to face US lawsuit by Australian billionaire over scam crypto ads on Facebook

A US judge has denied Meta Platforms’ attempt to dismiss a lawsuit filed by Australian billionaire Andrew Forrest. The lawsuit accuses Meta of negligence for allowing scam advertisements featuring Forrest’s likeness, promoting fake cryptocurrency and fraudulent investments, to appear on Facebook. Judge Casey Pitts ruled that Forrest could proceed with claims that Meta’s actions breached its duty to operate responsibly and that Meta misappropriated Forrest’s name and likeness for profit.

Meta had argued that it was protected under Section 230 of the Communications Decency Act, which typically shields online platforms from liability for third-party content. However, the judge determined that Forrest’s allegations raised questions about whether Meta’s advertising tools actively contributed to the misleading content rather than simply hosting it neutrally.

Forrest alleges that over 1,000 fraudulent ads featuring him appeared on Facebook in Australia from April to November 2023, resulting in millions of dollars in losses for victims. The lawsuit marks a significant step, challenging the usual immunity social media companies claim under Section 230 for their advertising practices. Forrest is seeking compensatory and punitive damages from Meta.

The following decision follows Australian prosecutors’ refusal to pursue criminal charges against Meta over similar scam ads. Forrest, the executive chairman of Fortescue Metals Group, considers the judge’s ruling a strategic victory in holding social media companies accountable for fraudulent advertising.

International Criminal Court investigates cyberattacks on Ukraine as possible war crimes

The International Criminal Court (ICC) is examining alleged Russian cyberattacks on Ukrainian civilian infrastructure as potential war crimes, marking the first instance of such an investigation by international prosecutors. According to sources, this could lead to arrest warrants if sufficient evidence is collected. The investigation focuses on cyberattacks that have endangered lives by disrupting power and water supplies, hindering emergency response communications, and disabling mobile data services used for air raid warnings.

Ukraine is actively gathering evidence to support the ICC investigation. Although the ICC prosecutor’s office has declined to comment on specific details, it has previously stated its jurisdiction over cybercrimes and its policy of not discussing ongoing cases. It should also be noted that since the invasion began, the ICC has issued four arrest warrants against senior Russian officials, including President Vladimir Putin, for war crimes related to the deportation of Ukrainian children to Russia. Russia, which is not a member of the ICC, has rejected these warrants as illegitimate. Despite not being a member state, Ukraine has granted the ICC jurisdiction over crimes committed within its borders.

In April, the ICC issued arrest warrants for two Russian commanders accused of crimes against humanity for their roles in attacks on civilian infrastructure. The Russian defense ministry did not respond to requests for comment. Sources indicated that at least four major attacks on energy infrastructure are being investigated.

Why does it matter?

The ICC case could set a significant precedent in international law. The Geneva Conventions prohibit attacks on civilian objects, but there is no universally accepted definition of cyber war crimes. The Tallinn Manual, a 2017 handbook on the application of international law to cyberwarfare, addresses this issue, but experts remain divided on whether data can be considered an ‘object’ under international humanitarian law and whether its destruction can be classified as a war crime. Professor Michael Schmitt of the University of Reading, who leads the Tallinn Manual initiative, emphasised the importance of the ICC’s potential ruling on this issue. He argued that the cyberattack on Kyivstar could be considered a war crime due to its foreseeable consequences for human safety.

Clearview AI reaches unusual settlement in privacy lawsuit

Facial recognition company Clearview AI has reached a groundbreaking class action settlement to address allegations of violating the privacy rights of millions of Americans. Filed in Chicago federal court on Wednesday, the agreement is notably unconventional as it does not specify a monetary payout upfront. Instead, it ties compensation to Clearview AI’s future financial outcomes, such as its potential IPO or merger valuation.

The lawsuit, rooted in Clearview AI’s alleged scraping of billions of facial images from the internet without consent, invoked Illinois’ biometric privacy law. Although Clearview denies any wrongdoing, the proposed settlement now awaits approval from US District Judge Sharon Johnson Coleman.

In a related development earlier this year, Clearview AI agreed with the ACLU to restrict access to its facial recognition database for private entities and government agencies in Illinois for five years. The plaintiffs’ attorneys acknowledged that this prior agreement influenced their approach to the class action settlement, adopting a structure that allows class members to share in potential future profits of Clearview AI.

The novel settlement approach, spearheaded by Loevy & Loevy, aims to provide meaningful relief to affected individuals while navigating Clearview AI’s financial constraints. Attorney Jon Loevy highlighted that this solution allows class members to reclaim some ownership over their biometric data, reflecting a unique attempt to compensate for privacy violations in the digital age.

Google settles allegations of digital advertising dominance in US, avoids jury trial

Alphabet’s Google will avoid a jury trial over allegations of digital advertising dominance after paying $2.3 million to settle the US government’s monetary damages claim. The payment means the case, involving non-monetary demands, will be heard directly by a judge. Initially, the Justice Department and several states had sued Google, accusing it of monopolising digital advertising and overcharging users, seeking primarily to break up its advertising business.

US District Judge Leonie Brinkema scheduled the non-jury trial for 9 September, where she will directly hear arguments and decide the case. Google criticised the Justice Department’s damages claim as contrived, denying any wrongdoing and not admitting liability by making the payment. A Justice Department spokesperson declined to comment on the matter.

The Justice Department initially claimed more than $100 million in damages but later reduced the demand to less than $1 million. Google’s $2.3 million payment covers the interest and potential tripling of damages under US antitrust law. Google accused the government of inflating its damages claim to secure a jury trial, while the government contended that Google has worked to keep its anticompetitive conduct hidden from public scrutiny.

EU court backs Google, Amazon, and Airbnb in dispute over Italian regulation

Europe’s top court has ruled in favour of tech giants Google, Amazon, and Airbnb in their legal battle against an Italian regulation requiring them to disclose information about themselves. The dispute arose over provisions implemented in 2020 and 2021, which compelled online service providers operating in Italy to register and furnish various details, along with paying a financial contribution or facing penalties.

The companies contested this requirement, arguing that it contradicted the EU law, which stipulates that online service providers are subject only to the regulations of the country where they are established. The Court of Justice of the European Union (CJEU) in Luxembourg concurred, stating that member states cannot impose additional obligations on online service providers established in other EU countries.

The ruling has significant implications, with Google and Airbnb having their European headquarters in Ireland and Amazon in Luxembourg. Expedia, a US-based online travel services provider headquartered in Spain, also objected to the requirement. The CJEU’s decision, which is final and not subject to appeal, has far-reaching implications for cross-border online services within the EU.

Why does it matter?

This ruling underscores the importance of adhering to the EU laws and regulations regarding online services. It sets a precedent for maintaining consistency in regulations across member states and reinforces the principle of mutual recognition among EU countries. As technology continues to transcend borders, legal clarity and harmonisation are essential for fostering a conducive environment for digital innovation and commerce across Europe.

Canada orders shutdown of two tech firms over security concerns

Due to national security concerns, Canada has ordered the dissolution of two technology companies, Bluvec Technologies Inc and Pegauni Technology Inc. According to a statement from the innovation ministry, the companies were directed to cease all operations under the Investment Canada Act. As Innovation Minister Francois-Philippe Champagne stated, the decision followed an extensive review by Canada’s national security and intelligence community.

Minister Champagne emphasised that while Canada remains open to foreign direct investment, it will take decisive action when such investments threaten national security. The statement did not provide specific details about the security concerns or the nature of the investments involved. Bluvec Technologies is identified as a maker of drone detection devices, while Pegauni Technology, which appears to produce wireless security products, could not be reached for comment.

The Investment Canada Act, revised earlier this year, now includes stricter national security reviews for proposed foreign investments. The law applies to foreigners acquiring control of a Canadian business or establishing a new business within the country. Additionally, the enforcement of these regulations underscores Canada’s commitment to safeguarding its national security in the face of potential foreign threats.

Do Kwon approved for extradition to South Korea in connection with Terra collapse

Cryptocurrency entrepreneur Do Kwon has been approved for extradition from Montenegro to South Korea by the appeals court in Montenegro. This decision comes as a result of allegations of fraud linked to the collapse of his cryptocurrency company, Terra, which resulted in the loss of around $40 billion of investors’ money and shook global crypto markets. Kwon, whose real name is Kwon Do-hyung, had been on the run for months before being arrested in Montenegro in March last year for using a fake passport.

The Montenegrin appeals court rejected the appeal made by Kwon’s lawyers and upheld the extradition order issued by the Podgorica High Court. However, no specific timeline for the extradition transfer has been mentioned. This decision follows a previous court’s ruling against extraditing Do Kwon to the United States.

Kwon’s business partner, identified by his initials J.C.H., has already been deported to South Korea in early February, highlighting Montenegro’s cooperation with South Korea in this matter. The collapse of TerraUSD, a stablecoin, and its sister token Luna in May 2022 resulted in significant financial losses for many investors. Experts have described the collapse as a glorified Ponzi scheme set up by Kwon, which caused numerous investors to lose their life savings.

The news text also mentions the increasing scrutiny faced by cryptocurrencies, including the high-profile collapse of the exchange FTX, as regulators have become more vigilant in light of various controversies in the past year. This highlights the need for stricter regulations in the cryptocurrency sector to protect investors and ensure the legitimacy of these digital assets.