Network security

Gemini AI caught accessing private Google Drive documents

Google’s Gemini AI has been discovered scanning PDF files on Google Drive without user consent, sparking concerns over AI safety and privacy. Senior Advisor Kevin Bankston revealed that the AI generated a summary of a private tax return without permission, raising significant privacy issues.

Bankston shared his struggles to disable the feature, which continued to operate despite attempts to find the correct controls. The difficulty in managing Gemini’s integration in Google Drive has led to questions about Google’s handling of user data and privacy settings.

Google previously assured users that Workspace data would not be used to train AI or target ads. However, this incident has raised doubts about data hygiene and privacy.

Bankston’s experience suggests that prior participation in Google Workspace Labs might have influenced Gemini’s behaviour, highlighting the need for better user control and consent as AI technology advances.

Germany to exclude Huawei and ZTE from 5G network by 2029

Germany has finalised a significant agreement with telecom providers to exclude Chinese firms like Huawei and ZTE from its 5G network by 2029, announced Interior Minister Nancy Faeser. The decision, hailed as crucial for digital security in Europe’s largest economy, follows intensive negotiations with Deutsche Telekom, Vodafone, and Telefonica Deutschland. The aim is to safeguard Germany’s critical infrastructure from potential security risks associated with Chinese technology.

Faeser emphasised that Berlin informed Beijing about the agreement and did not anticipate retaliatory actions despite China’s embassy warning Germany of the consequences. The embassy criticised the move as an attempt to stifle competition, asserting that no conclusive evidence has been provided by any country regarding Huawei’s security risks.

The phased-out approach, initially removing Chinese technology from 5G core networks by 2026 and extending to components like antennas by 2029, marks Germany’s delayed adherence to the EU security measures. While telecom operators have resisted the costly transition, Huawei has condemned the politicisation of cybersecurity in Germany. The minister did not disclose further details of the agreement.

NATO unveils new Cyber Defence Centre

NATO has announced the establishment of the NATO Integrated Cyber Defence Centre (NICC) at its headquarters in Belgium, aimed at bolstering the alliance’s cyber defence capabilities. The following move, unveiled during the 2024 NATO Summit in Washington, DC, comes as NATO marks its 75th anniversary. The NICC will serve to alert military commanders about potential cyber threats and vulnerabilities, enhancing the protection of NATO’s networks and operational use of cyberspace.

The decision to create the NICC is driven by the increasing frequency and sophistication of cyberattacks targeting NATO and its member nations, especially following the Russian invasion of Ukraine in 2022. Notable Russian cyber threat actors like APT 29 and APT 28, along with various hacktivist groups, have been responsible for major cyberattacks, including the 2020 SolarWinds hack and recent attacks on tech companies and the EU diplomatic entities.

NATO spokesperson Farah Dakhlallah announced the creation of the NICC on social media, highlighting its role in leveraging advanced technologies to boost situational awareness in cyberspace and enhance collective resilience and defence. The new centre will integrate civilian and military personnel from NATO countries and involve experts from the cybersecurity industry. Additionally, it will incorporate privately owned civilian critical infrastructure to support NATO’s military activities.

The NICC will be based at NATO’s Supreme Headquarters Allied Powers Europe (SHAPE) in Belgium, home to NATO’s Allied Command Operations. Further details about the NICC and its operations are expected to be disclosed in the coming months.

AWS unveils studio for rapid AI-driven app development

Amazon Web Services (AWS) has announced AWS App Studio, a new generative AI service designed to enable financial institutions, fintech firms, and other organisations to create applications in minutes, a task that would typically take professional developers days.

Revealed at the AWS Summit New York, the service is intended for IT project managers, data engineers, and enterprise architects without software development skills, allowing them to quickly develop and manage internal apps using AWS.

Development resources for custom applications are often scarce, pushing users towards low-code tools, which can have a steep learning curve and may not meet security requirements. AWS App Studio addresses these issues by enabling users to describe the desired application, its functions, and the data sources it should integrate with. Users can make modifications through a point-and-click interface, guided by a generative AI-powered assistant.

AWS App Studio empowers individuals with some technical experience to build enterprise-grade applications without needing to write underlying code. The service generates an outline to verify the user’s intent, creating a multi-page UI, a data model, and business logic.

Dilip Kumar, vice president of applications at AWS, stated that AWS App Studio opens application development to a new set of builders, enhancing productivity for businesses of all sizes by allowing technical professionals to create custom applications tailored to their unique needs.

Government entities in Australia to assess foreign control risks in tech

Australia has instructed all government entities to review their technology assets for risks of foreign control or influence. The directive aims to address increasing cyber threats from hostile states and financially motivated attacks. The Australian Signals Directorate (ASD) recently warned of state-sponsored Chinese hacking targeting Australian networks.

The Department of Home Affairs has issued three legally-binding instructions requiring over 1,300 government entities to identify Foreign Ownership, Control or Influence (FOCI) risks in their technology, including hardware, software, and information systems. The organisations in question must report their findings by June 2025.

Additionally, government entities are mandated to audit all internet-facing systems and services, developing specific security risk management plans. They must also engage with the ASD for threat intelligence sharing by the end of the month, ensuring better visibility and enhanced cybersecurity.

The new cybersecurity measures are part of the Protective Security Policy Framework, following Australia’s ban on TikTok from government devices in April 2023 due to security risks. The head of the Australian Security Intelligence Organisation (ASIO) has highlighted the growing espionage and cyber sabotage threats, emphasising the interconnected vulnerabilities in critical infrastructure.

National blockchain ‘Nigerium’ aims to boost Nigeria’s tech security

The Nigerian Government has announced the development of a locally-made blockchain called ‘Nigerium’, designed to secure national data and enhance cybersecurity. The National Information Technology Development Agency (NITDA) is leading this initiative to address concerns about reliance on foreign blockchain technologies, such as Ethereum, which may not align with Nigeria’s interests.

NITDA Director General Kashifu Abdullahi introduced the ‘Nigerium’ project during a visit from the University of Hertfordshire Law School delegation in Abuja. He highlighted the need for a blockchain under Nigeria’s control to maintain data sovereignty and position the country as a leader in the competitive global tech landscape. The project, proposed by the University of Hertfordshire, aims to create a blockchain tailored to Nigeria’s unique requirements and regulatory framework.

The indigenous blockchain offers several advantages, including enhanced security, data control, and economic growth. By managing its own blockchain, Nigeria can safeguard sensitive information, improve cyber defence capabilities, and promote trusted transactions within its digital economy. The collaboration between the private and public sectors is crucial for the success of ‘Nigerium’, marking a significant step towards technological autonomy.

If successful, ‘Nigerium’ could place Nigeria at the forefront of blockchain technology in Africa, ensuring a secure and prosperous digital future. This initiative represents a strategic move towards maintaining data sovereignty and fostering innovation, positioning Nigeria to better control its technological destiny.

Macau government websites hit by cyberattack

Several Macau government websites were hacked, prompting a criminal investigation, Chinese state media reported on Wednesday. The hacked sites included those of the office of the secretary for security, the public security police, the fire services department, and the security forces services bureau, causing service disruptions.

Security officials in Macau’s Special Administrative Region believe the cyberattack originated from overseas. However, no further details have been disclosed at this time.

In response, authorities collaborated with telecommunications operators to restore the affected services as quickly as possible. The investigation into the source of the intrusion is ongoing.

Bumble fights AI scammers with new reporting tool

With the instances of scammers using AI-generated photos and videos on dating apps, Bumble has added a new feature that lets users report suspected AI-generated profiles. Now, users can select ‘Fake profile’ and then choose ‘Using AI-generated photos or videos’ among other reporting options such as inappropriate content, underage users, and scams. By allowing users to report such profiles, Bumble aims to reduce the misuse of AI in creating misleading profiles.

Earlier in February this year, Bumble introduced the ‘Deception Detector’, which combines AI and human moderators to detect and eliminate fake profiles and scammers. Following this measure, Bumble has witnessed a 45% overall reduction in reported spam and scams. Another notable feature of Bumble is its ‘Private Detector‘ AI tool that blurs unsolicited nude photos.

Risa Stein, Bumble’s VP of Product, emphasised the importance of creating a safe space and stated, ‘We are committed to continually improving our technology to ensure that Bumble is a safe and trusted dating environment. By introducing this new reporting option, we can better understand how bad actors and fake profiles are using AI disingenuously so our community feels confident in making connections.’

US authorities disrupt Russian AI-powered disinformation campaign

Authorities from multiple countries have issued warnings about a sophisticated disinformation campaign backed by Russia that leverages AI-powered software to spread false information both in the US and internationally. The operation, known as Meliorator, is reportedly being carried out by affiliates of RT (formerly Russia Today), a Russian state-sponsored media outlet, to create fake online personas and disseminate misleading content. Since at least 2022, Meliorator has been employed to spread disinformation targeting the US, Poland, Germany, the Netherlands, Spain, Ukraine, and Israel, as detailed in a joint advisory released by US, Canadian, and Dutch security services.

Meliorator is designed to create fake social media profiles that appear to be real individuals, primarily from the US. These bots can generate original posts, follow users, like, comment, repost, and gain followers. They are capable of mirroring and amplifying existing Russian disinformation narratives. The identities of these bots are crafted based on specific parameters like location, political ideologies, and biographical data. Meliorator can also group bots with similar ideologies to enhance their personas.

Moreover, most bot accounts had over 100,000 followers to avoid detection and followed genuine accounts aligned with their fabricated political leanings. As of June 2024, Meliorator was only operational on X, but there are indications that its functionality might have expanded to other social media networks.

The US Justice Department (DOJ) announced the seizure of two domain names and the search of nearly a thousand social media accounts used by Russian actors to establish an AI-enhanced bot farm with Meliorator’s assistance. The bot farm operators registered fictitious social media accounts using private email servers linked to the seized domain names. The FBI took control of these domains, while social media platform X (formerly Twitter) voluntarily suspended the remaining identified bot accounts for violating terms of service.

FBI Director Christopher Wray emphasised that this marks a significant step in disrupting a Russian-sponsored AI-enhanced disinformation bot farm. The goal of the bot farm was to use AI to scale disinformation efforts, undermining partners in Ukraine and influencing geopolitical narratives favouring the Russian government. These accounts commonly posted pro-Kremlin content, including videos of President Vladimir Putin and criticism of the Ukrainian government.

US authorities have linked the development of Meliorator to a former deputy editor-in-chief at RT in early 2022. RT viewed this bot farm as an alternative means of distributing information beyond its television broadcasts, especially after going off the air in the US in early 2022. The Kremlin approved and financed the bot farm, with Russia’s Federal Security Service (FSB) having access to the software to advance its goals.

The DOJ highlighted that the use of US-based domain names by the FSB violates the International Emergency Economic Powers Act, and the associated payments breach US money laundering laws. Deputy Attorney General Lisa Monaco stated that the DOJ and its partners will not tolerate the use of AI by Russian government actors to spread disinformation and sow division among Americans.

Why does it matter?

The disruption of the Russian operation comes just four months before the US presidential election, a period during which security experts anticipate heightened hacking and covert social media influence attempts by foreign adversaries. Attorney General Merrick Garland noted that this is the first public accusation against a foreign government for using generative AI in a foreign influence operation.

Australia accuses China-backed APT40 of cyberattacks on national networks

Australia’s government cybersecurity agency has pointed fingers at a China-backed hacker group, APT40, for pilfering passwords and usernames from two undisclosed Australian networks back in 2022. The Australian Cyber Security Centre, in collaboration with leading cybersecurity agencies from the US, Britain, Canada, New Zealand, Japan, South Korea, and Germany, released a joint report attributing these malicious cyber operations to China’s Ministry of State Security, the primary agency overseeing foreign intelligence. Despite these claims, China’s embassy in Australia refrained from immediate comments on the matter, dismissing the hacking allegations as ‘political manoeuvring’.

The accusations against APT40 come in the wake of previous allegations by US and British officials in March, implicating Beijing in a large-scale cyberespionage campaign that targeted a wide range of individuals and entities, including lawmakers, academics, journalists, and defence contractors.  Moreover, New Zealand also reported on APT40’s targeting of its parliamentary services and parliamentary counsel office in 2021, which resulted in unauthorised access to critical information.

In response to these cyber threats, Defence Minister Richard Marles emphasised the commitment of the Australian government to safeguard its organisations and citizens in the cyber sphere. The attribution of cyber attacks marks a significant step for Australia, signalling its proactive stance in addressing cybersecurity challenges. The timing of this report is noteworthy as Australia and China are in the process of repairing strained relations following tensions that peaked in 2020 over the origins of COVID-19, leading to retaliatory tariffs imposed by Beijing on Australian exports, most of which have now been lifted.

The identification of APT40’s cyber activities stresses the persistent threat posed by state-sponsored hacker groups and the critical importance of robust cybersecurity measures to protect sensitive information and national security. The incident serves as a reminder of the importance of joint attribution networks and international cooperation in combating cyber threats.