Russia opened a criminal case against Meta Platforms over Meta’s temporary change in policy, which allows Facebook and Instagram users in some countries to call for violence against Russian soldiers.Russia’s Investigative Committee confirmed that a criminal case has been initiated, noting that ‘The company’s spokesperson Andy Stone said on the social network that Meta has temporarily lifted a ban on calls for violence against Russian troops on its platforms, describing it as a form of political self-expression.’ The committee added that ‘The aforementioned actions contain elements of crimes under articles 280 and 205.1 of the Russian Criminal Code (public calls for extremist actions and abetting terrorism),’ and that actions of Andy Stone and other Meta employees are under investigation.
Ukraine conflict
YouTube starts blocking Russian state-funded media worldwide, stops monetization in Russia
YouTube announced that it will begin blocking YouTube channels funded by the Russian government. The company further explained that it would remove content about the Russian invasion of Ukraine that denies, minimises or trivialises, ‘well-documented violent events’.
The removal of content that violates this policy has begun. The changes are expected to take effect immediately, according to a tweet from YouTube. However, the company stated it expects its systems to take time to implement. YouTube did not specify how many channels have been blocked worldwide or whether they will be restored. YouTube is also pausing all ways to monetize on the platform in Russia.
Rostec says its website came under cyberattack
Russia’s state corporation Rostec revealed that its website was exposed to a cyberattack. The statement said the website had been temporarily inaccessible, and the attack was repulsed. Rostec added that cyberattacks on their website have been occurring almost daily since the end of February.
Rostec attributed the cyberattacks to ‘radicals from Ukraine’. The ‘radicals’ are presumably the newly-formed Ukrainian IT Army, a volunteer group that targets Russian state organisations,since Rostec domains and resources were previously designated as targets for distributed denial of service (DDoS) assaults by the Ukrainian IT Army Telegram channel.
Golos, Amnesty International, IStories, Colta websites blocked for Ukraine fakes – Roskomnadzor
Roskomnadzor blocked the websites of several groups and media outlets for publishing fake news about the situation in Ukraine.
‘These resources systemically posted falsehoods [on topics] of substantial public interest regarding the special military operation carried out by the Russian Armed Forces jointly with a group of troops from the Donetsk and Luhansk people’s republics, its uniform, warfare methods, Russian military losses, civilian casualties, and urged citizens to join mass (public) gatherings in violation of the rules established on Russian territory,’ Roskomnadzor said in reply to a query from Interfax.
Facebook and Instagram advertisers may be prosecuted if Russia recognises Meta as extremist organisation
If Meta is named an extremist organisation, advertisers on Facebook and Instagram could be prosecuted for financing extremism, stated Anton Gorelkin, deputy head of the State Duma Information Policy, Information Technology and Communications Committee. This would exclude current users of these social networks who paid for their ads, and applies only to Meta employees, top managers and founders, Gorelkin stated via his Telegram channel. Meta’s minority or even large shareholders cannot be prosecuted as they do not influence Meta policies or decisions directly, clarified Alexander Khinshtein, Russian State Duma Information Policy Committee head. He also confirmed that this decision is supported by both the prosecutor general’s office and Roskomnadzor.
Twitter to limit the spread Belarusian state media posts
Twitter announced that it will place labels on and limit the spread of posts by Belarus state media and top officials found to be engaging in ‘information warfare’ and ‘employing media and other assets that they control to propagate favorable narratives and to confuse and distract the public.’ Twitter will label about 15 Belurasian outlets, the largest among them news agency BelTa, noted Twitter’s Head of Site Integrity and Director of Trust & Safety Yoel Roth.
China’s computers hacked to launch cyberattacks on Russia, Ukraine and Belarus
IP addresses in the USA, Germany, and the Netherlands were used to take control of Chinese computers to attack Belarus, Russia, and Ukraine, reported Chinese state news agency Xinhua.
Xinhua cited a statement by the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC), which notes: ‘Monitoring by the CNCERT/CC found that since late February, China’s internet has continuously faced cyberattacks from abroad. These overseas groups attacked by taking control of computers in the country to carry out cyber attacks on Russia, Ukraine and Belarus.’ Xinhua stated 87% of the attacks are targeting Russia.
RIPE NCC responds to Ukrainian request to withdraw the right to use IPv4 and IPv6 addresses by all Russian members of the RIPE NCC
RIPE Network Coordination Centre (RIPE NCC) – the regional Internet registry for Europe – responded to the request made by the Ukrainian government that the organisation withdraw the right to use IPv4 and IPv6 addresses by all Russian members of the RIPE NCC. In a letter signed by Managing Director Hans Petter Holen, RIPE NCC says that it does not have the mandate to take such actions unilaterally. It further argues that ‘Internet number resource registrations should not be used as a means to enforce political outcomes, and that doing so would have serious implications for the Internet’. Blocking or withdrawing IP resources – RIPE also notes – ‘would be unlikely to have immediate impact on interconnection or traffic in Russia, but it could have unpredictable consequences in terms of harming the global coordination that is necessary for stable Internet operations’. Last, but not least, removing entries from the registry ‘would diminish the ability of Internet operators to identify the source of Internet traffic, and consequently undermine their ability to make effective choices about who they should accept or block traffic from’.
At the same time, RIPE NCC expressed its commitment to help ensure that its Ukrainian members can continue their operations, even if, for instance, they cannot pay invoices or comply with certain administrative requests.
Russia creates its own TLS certificate authority to bypass sanctions
Russia has created its own Transport Layer Security (TLS) certificate authority (CA) to help bypass website access issues caused by the sanctions. To provide context a TLS certificate allows a web browser to confirm that a domain is a verified entity and that there is encryption between the user and the server. Once certificates expire, browsers will display warnings that the pages are not secure.
The domestic certificate authority will replace the foreign security certificate if it is revoked or expires, explained the Russian public service portal, Gosuslugi. The only web browsers that currently recognize the new CA as trustworthy are the Yandex browser and Atom products, and users are advised to utilise these instead. Users of other browsers will need to manually add the new certificate in order to continue surfing Russian sites (that have the certificate).
Russian authorities have already started recommending the transition to the new CA, and so far it has been confirmed that the sites of Sberbank, VTB, and the Russian Central Bank use these certificates.
Experts argue that the Russian certificate will not be on the list of approved certificates for most browsers, which would ultimately mean blocked access to sites that feature the new certificate. Experts also caution that CA root certificates could be abused by Russia to perform HTTPS traffic interception and man-in-the-middle attacks.
Ukrainian IT army targeted with malware disguised as security tool
According to a report by Cisco Talos, threat actors are distributing malware to volunteers in the Ukrainian IT army by promoting a false distributed denial of service DDoS tool on Telegram. The threat actors are mimicking a DDoS tool known as the ‘Liberator’, which is used against Russian propaganda outlets, and is not inherently malicious. However, once users download the altered file which is promoted on Telegram, it instals a password and data-stealing trojan on their computers.