US

Meta uncovers hack attempts on US officials’ WhatsApp accounts

Meta recently announced that it had detected attempts to hack WhatsApp accounts belonging to US officials from both the Biden and Trump administrations. The company linked these efforts to an Iranian hacker group, APT42, which has previously been connected to breaches in the Trump campaign. Meta described the attempts as a small-scale operation using social engineering tactics, where hackers posed as technical support from major companies like AOL, Google, Yahoo, and Microsoft.

After users flagged these suspicious activities, Meta blocked the accounts and confirmed that none of the targeted WhatsApp accounts had been compromised. The company explained that APT42 is known for deploying surveillance software on victims’ mobile devices, enabling them to access calls and text messages and even activate cameras and microphones without detection.

These hacking attempts are reportedly part of a broader campaign targeting US presidential campaigns earlier this month, just ahead of the upcoming presidential election. While Meta did not disclose the identities of those targeted, it indicated that the hackers focused on political and diplomatic figures, as well as business leaders from several countries, including the US, UK, Israel, the Palestinian territories, and Iran.

Meta’s findings underscore the ongoing risks of cyber-attacks targeting political figures and highlight the need for increased vigilance as the US heads into a critical election period.

Tech groups urge US Congress to pass SAMOSA Act

Tech industry groups are pressing US congressional leaders to pass the Strengthening Agency Management and Oversight of Software Assets (SAMOSA) Act before the current congressional term concludes. The legislation has been awaiting passage for over a year and aims to improve federal agency oversight and management of software purchases.

The bill seeks to reduce unnecessary technology costs by mandating comprehensive assessments of current software management practices in federal agencies. The SAMOSA Act’s supporters argue that current practices, such as inflexible licensing agreements and limited integration capabilities, prevent agencies from adopting the most cost-effective solutions. In this case, the inefficiency can lead to waste, fraud, and abuse of taxpayer dollars. The Government Accountability Office has also emphasised the need for better software purchasing practices, highlighting redundancies and over-purchasing in the federal government’s IT spending, which exceeds $100 billion annually.

Why does this matter?

Given the potential cost savings and operational efficiencies, the bill has garnered broad support from major tech advocacy organisations, including the Coalition for Fair Software Licensing and the Alliance for Digital Innovation. Despite this, the passage of the SAMOSA Act remains to be determined due to the increasingly partisan nature of Congress. Advocates hope the bill will be attached to a must-pass piece of legislation, such as the National Defense Authorization Act, to ensure its enactment. However, concerns remain about potential implications for national security, which may affect the bill’s progress.

Amazon and rivals supply Chinese firms with US tech

Chinese entities linked to the state are turning to cloud services from Amazon and its rivals to access advanced US chips and AI capabilities that are otherwise restricted. Over the past year, at least 11 Chinese organisations have sought cloud services to bypass US export restrictions on high-end AI chips, according to tender documents.

Amazon Web Services (AWS) was specifically mentioned as a provider in several cases, though Chinese intermediaries were used to access the services. US regulations focus on the export or transfer of physical technology, leaving a loophole for cloud-based access. This has allowed US companies to profit from China’s growing demand for computing power.

Efforts to close this loophole are ongoing. US legislators have expressed concerns, and the Commerce Department is considering new rules to tighten control over remote access to advanced technology. AWS has stated that it complies with all applicable laws, including trade regulations in the countries where it operates.

Microsoft’s cloud services have also been sought by Chinese universities for AI projects. These activities highlight the increasing demand for US technology in China and the challenges in enforcing export controls. Both Amazon and Microsoft declined to comment on specific deals, but the implications for US-China tech relations are significant.

Amazon cloud aids Chinese access to banned US technology

Several Chinese state-linked entities are turning to cloud services to access restricted US technology, according to recent public tender documents. By using cloud platforms like Amazon Web Services (AWS), these entities gain access to advanced chips and AI capabilities that would otherwise be unavailable due to US trade restrictions.

Entities like Zhejiang Lab and the National Center of Technology Innovation for EDA have expressed interest in using AWS for AI development. Others, such as Shenzhen University and Fujian Chuanzheng Communications College, have reportedly utilised Nvidia chips through cloud services, circumventing US export bans.

Microsoft’s Azure platform has also attracted attention from Chinese institutions like Chongqing Changan Automobile Co and Sichuan University, which are exploring generative AI technology. The ability to integrate these advanced tools into their systems is seen as critical for maintaining competitiveness.

Concerns remain over the use of US technology by Chinese organisations, especially those with potential military applications. Universities such as Southern University of Science and Technology and Tsinghua University have pursued cloud access to Nvidia chips, despite US efforts to restrict such technology transfers.

AI ammo vending machines spark safety concerns in US

Two US Senators, Ed Markey and Elizabeth Warren, have raised alarms about AI-enabled ammunition vending machines recently appearing in some states’ grocery stores. The machines, developed by Texas-based American Rounds, use facial recognition and card scanning technology to verify a buyer’s identity and age. However, the Senators argue that these machines could potentially allow people with criminal convictions, who are legally barred from purchasing ammunition, to bypass federal restrictions.

The vending machines have been installed in supermarkets in Alabama, Texas, and Oklahoma since July. They do not impose limits on the quantity of ammunition a person can buy at one time, which has added to the concerns about their potential misuse. Markey and Warren sent a letter to the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) urging the agency to closely scrutinise these machines, warning that their easy access could exacerbate the country’s gun violence epidemic, which claims over 44,000 lives annually.

The Senators’ letter highlights the risks associated with removing face-to-face sales, noting that human clerks at gun shops can often detect suspicious behaviour, such as straw purchases or signs that a person might use ammunition for self-harm or violence. The vending machines, lacking this human oversight, could facilitate unlawful purchases and increase the risk of ammunition falling into the wrong hands.

Moreover, the letter criticises the facial recognition technology used by the machines, citing studies that show higher error rates in identifying women and people of colour compared to white men. The inaccuracies, they argue, could lead to false approvals, with serious legal consequences for both buyers and vendors.

The Senators have requested that the ATF provide a detailed response to their concerns by the end of August. While the ATF has acknowledged that commercial ammunition sales must comply with state and federal laws, it has yet to respond publicly to the Senators’ concerns.

US court revives Chrome users’ privacy lawsuit against Google

A US appeals court has reinstated a lawsuit against Google, allowing Chrome users to pursue claims that the company collected their data without permission. The case centres on users who chose not to synchronise their Chrome browsers with their Google accounts yet allege that Google still gathered their information.

The 9th US Circuit Court of Appeals in San Francisco determined that a lower court had prematurely dismissed the case without adequately considering whether users had consented to the data collection. The decision follows a previous settlement where Google agreed to destroy billions of records in a similar lawsuit, which accused the company of tracking users who believed they were browsing privately in Chrome’s ‘Incognito’ mode.

Google has expressed disagreement with the ruling, asserting confidence in its privacy controls and the benefits of Chrome Sync, which helps users maintain a consistent experience across devices. However, the plaintiffs’ lawyer welcomed the court’s decision and is preparing for a trial.

Why does this matter?

Initially dismissed in December 2022, the lawsuit has now been sent back to the district court for further proceedings. The case could impact thousands of Chrome users using the browser since July 2016 without enabling the sync function, raising broader questions about the clarity and transparency of Google’s privacy policies.

Misinformation fuels boycotts of major US companies

Amid the heated political landscape in the United States, major companies like Google and Netflix are facing calls for boycotts due to alleged political affiliations. These online campaigns, mainly driven by false information, suggest that these companies support Kamala Harris in the upcoming election. However, these claims are baseless and have been debunked by fact-checkers.

The boycott calls have gained traction on platforms like X, owned by Elon Musk, who has shown support for Donald Trump. Fake accounts on X have broadly spread these false narratives, leading to widespread calls for users to cancel their Netflix subscriptions and avoid Google’s services. Despite Netflix’s clarification that any donations were personal and not connected to the company, the misinformation has continued to spread, illustrating the vulnerability of brands in today’s politically charged environment.

The disinformation campaigns highlight how quickly false information can manipulate public opinion and consumer behaviour, especially in the lead-up to an election. Musk’s influence on X and his criticisms of companies like Google have fueled these misleading narratives.

Surveys indicate that many consumers prefer companies to stay neutral in political matters, yet the polarised environment makes this difficult. The controversy has also led to a decline in advertising on X as brands seek to distance themselves from platforms that enable disinformation.

The impact of these boycotts and the broader disinformation campaigns underscores the challenges companies face in maintaining their reputation and trust in an increasingly divided society. As the election approaches, the risk of such campaigns influencing public opinion and consumer actions remains high.

TikTok challenges US law over China ties in court

TikTok has contested claims made by the US Department of Justice in a federal appeals court, asserting that the government has inaccurately characterised the app’s ties to China. The company is challenging a law that mandates its Chinese parent company, ByteDance, to divest TikTok’s US assets by January 19 or face a ban. TikTok argues that the app’s content recommendation engine and user data are securely stored in the US, with content moderation conducted domestically.

The law, signed by President Joe Biden in April, reflects concerns over potential national security risks, with accusations that TikTok allows Chinese authorities to access American data and influence content. TikTok, however, contends that the law infringes on free speech rights, arguing that its content curation should be protected by the US Constitution.

Oral arguments for the case are scheduled for September 16, just before the presidential election on November 5. As the debate heats up, both Republican and Democratic presidential candidates have expressed contrasting views on TikTok, with Donald Trump opposing a ban and Kamala Harris embracing the platform as part of her campaign.

The legislation also impacts app stores and internet hosting services, barring support for TikTok unless it is sold. The swift passage of the measure in Congress highlights ongoing fears regarding data security and espionage risks associated with the app.

Call for US investigation of TP-Link amid cybersecurity fears

Two US lawmakers have called on the Biden administration to investigate Chinese company TP-Link Technology Co. over concerns that its WiFi routers could pose a national security risk. The request was made in a letter to the Commerce Department, highlighting the potential for cyber attacks using vulnerabilities in TP-Link firmware. The company, a global leader in WiFi router sales, has not yet responded to the inquiry.

Concerns were raised after reports surfaced that TP-Link routers were exploited in cyber attacks targeting government officials in Europe. The lawmakers expressed fears that similar attacks could be carried out against the US infrastructure. They have urged the Commerce Department to assess the threat posed by Chinese-affiliated routers, particularly TP-Link’s, given its market dominance.

TP-Link, founded in China in 1996, has been linked to cybersecurity concerns before. Last year, the US Cybersecurity and Infrastructure Agency flagged vulnerabilities in the company’s routers that could be used for remote attacks. Around the same time, a Chinese state-sponsored hacking group was found to have targeted European officials using malicious implants in TP-Link routers.

The Commerce Department has the authority to impose bans or restrictions on technology transactions with companies from nations considered adversarial to US interests, including China. The investigation could lead to new measures aimed at preventing potential security risks from Chinese-made equipment in critical US infrastructure.

US penalises T-Mobile for data violations with $60 million fine

T-Mobile has been fined $60 million by a US committee focused on national security for failing to prevent and report unauthorised access to sensitive data. The penalty, imposed by the Committee on Foreign Investment in the US (CFIUS), is linked to violations of a mitigation agreement T-Mobile signed during its 2020 acquisition of Sprint Corp.

The data breach occurred in 2020 and 2021, during the integration of Sprint into T-Mobile’s operations. T-Mobile, controlled by Deutsche Telekom, explained that technical issues affected a small number of law enforcement data requests, but emphasised that the information never left the law enforcement community and was swiftly addressed.

The $60 million fine is the largest ever imposed by CFIUS, signalling a stronger approach to enforcement. Officials noted that the transparency of the penalty is intended to deter future violations, highlighting the committee’s commitment to holding companies accountable.

In the past 18 months, CFIUS has issued six penalties, including the one against T-Mobile, far surpassing the number of fines levied in the previous decades. The delay in T-Mobile’s reporting hampered the committee’s efforts to investigate and mitigate potential risks to US national security.