Cybersecurity

Denmark raises threat level for destructive cyber attacks

Denmark has raised its threat level for destructive cyber attacks from ‘low’ to ‘middle’ due to growing threats from Russia, the Danish Centre for Cyber Security (CFCS) announced on Tuesday. The new level, three on a five-level scale, indicates that while there are actors with the intention and capacity to carry out attacks, there are no specific indications of planned activity.

Defense Minister Troels Lund Poulsen highlighted the increased willingness of Russia to challenge NATO countries through various means, including sabotage and cyber attacks. Despite the heightened cyber threat, Poulsen emphasised that there is no direct military threat to Denmark, based on Danish Defence Intelligence Service assessments.

Microsoft notes little AI impact on EU election disinformation

Microsoft’s president, Brad Smith, announced that the company has yet to observe significant use of AI to create disinformation campaigns in the upcoming European Parliament elections. This comes as Microsoft plans to invest 33.7 billion Swedish crowns ($3.21 billion) to expand its cloud and AI infrastructure in Sweden over the next two years. Smith acknowledged the risks of AI-generated deepfakes and abusive content but noted that the European elections have not been targeted heavily by such efforts.

Smith highlighted that while AI-generated fakes have been increasingly used in elections in countries like India, the United States, Pakistan, and Indonesia, the European context appears less affected. For instance, in India, deepfake videos of Bollywood actors criticising Prime Minister Narendra Modi and supporting the opposition went viral. In the EU, a Russian-language video falsely claimed that citizens were fleeing Poland for Belarus, but the EU’s disinformation team debunked it.

Ahead of the European Parliament elections from June 6-9, Microsoft’s training for candidates to monitor AI-related disinformation seems to be paying off. Despite not declaring victory prematurely, Smith emphasised that current threats focus more on events like the Olympics than the elections. This development follows the International Olympic Committee’s ban on the Russian Olympic Committee for recognising councils in Russian-occupied regions of Ukraine. Microsoft plans to release a detailed report on this issue soon.

Poland allocates $760 million to counter Russian cyber threats

Poland has announced plans to allocate over 3 billion zlotys ($760 million) towards strengthening its cybersecurity measures following a suspected Russian cyberattack on the state news agency PAP. The attack, which authorities believe originated from Russia, has raised concerns ahead of the European Parliament elections in Poland. These fears escalated after a false article about military mobilisation appeared on PAP, prompting heightened vigilance against potential interference from Moscow.

Krzysztof Gawkowski, Poland’s digitalisation minister, emphasised the country’s commitment to defending against cyber threats, describing Poland as being on the frontline of the cyber fight against Russia. Gawkowski revealed that Poland had thwarted several cyber attacks on critical infrastructure over the weekend, underscoring the urgency of bolstering cybersecurity measures in the face of ongoing threats.

Amid accusations of Russian attempts to destabilise Poland, the Russian embassy in Warsaw has denied knowledge of the cyberattack on PAP and dismissed allegations of Russian interference. However, Poland has cited incidents of sabotage and arson on its soil, linking them to Russia. Additionally, Polish authorities assert that Russian secret services are actively gathering information on weapons deliveries to Ukraine following Russia’s invasion in February 2022. In response, Poland has announced the re-establishment of a commission to investigate Russian influence, highlighting the country’s efforts to address security concerns and safeguard against external threats.

Cyberattack can be the act of war according to NATO

Cyber-attack can be the act of war. According to the chair of NATO’s military committee, Admiral Rob Bauer,

‘In NATO, we have agreed amongst all allies that, in principle, a cyberattack can be the start of an Article 5 procedure’,

which is a collective defence clause of the North Atlantic Treaty, stating that an armed attack against one or more of the member states is considered an attack against all.’

Admiral Bauer emphasized in his statement at the Shangri-La Dialogue, an annual security conference run by the International Institute for Strategic Studies (IISS) in Singapore, that

‘you come close to the point where you will act upon it in a way that is close to acting on a physical attack.’

It is the major development in ongoing legal and policy debate if countries can take military self-defence actions in the case of cyber-attacks.

In the UN Cybersecurity debates, this discussion is centred around the use of self-defence, according to Article 51 of the UN Charter.

Cyberattacks as triggers for real-life war will open entirely new dynamics in the digital field with far-reaching consequences of applying existing law, protecting critical infrastructure, assuming the responsibility of states for cyber activities on their territory, and regulating tech platforms and other digital actors.

Taiwan accuses Chinese firms of illegal operations and talent poaching

Taiwanese authorities have accused Luxshare Precision Industry, a Chinese Apple supplier, of illegally operating in Taiwan and attempting to poach tech talent. The Ministry of Justice Investigation Bureau identified Luxshare as one of eight companies from China engaging in these illegal activities but provided no further details. The crackdown is part of Taiwan’s broader efforts to protect its high-tech industry from Chinese firms trying to steal expertise and talent.

Additionally, the investigation bureau named Zhejiang Dahua Technology, a video surveillance equipment maker blacklisted by the US in 2019 for its role in the treatment of Muslim minorities in Xinjiang. Zhejiang Dahua allegedly set up covert operations in Taiwan and attempted to obscure its activities by listing employees under a different company name. Both Luxshare and Zhejiang Dahua have not responded to these accusations.

Taiwan, home to semiconductor giant TSMC and a leader in advanced chip manufacturing views these Chinese efforts as a significant threat to its technological edge. The bureau emphasised its commitment to cracking down on illegal operations and talent poaching, warning that it will enforce the law resolutely. This announcement follows a sweep conducted earlier this month targeting suspected illegal activities by Chinese tech firms.

OpenAI uncovers misuse of AI in deceptive campaigns

OpenAI, led by Sam Altman, announced it had disrupted five covert influence operations that misused its AI models for deceptive activities online. Over the past three months, actors from Russia, China, Iran, and Israel used AI to generate fake comments, articles, and social media profiles. These operations targeted issues such as Russia’s invasion of Ukraine, the Gaza conflict, Indian elections, and politics in Europe and the US, aiming to manipulate public opinion and influence political outcomes.

Despite these efforts, OpenAI stated that the deceptive campaigns did not see increased audience engagement. The company emphasised that these operations included both AI-generated and manually-created content. OpenAI’s announcement highlights ongoing concerns about using AI technology to spread misinformation.

In response to these threats, OpenAI has formed a Safety and Security Committee, led by CEO Sam Altman and other board members, to oversee the training of its next AI model. Additionally, Meta Platforms reported similar findings of likely AI-generated content used deceptively on Facebook and Instagram, underscoring the broader issue of AI misuse in digital platforms.

TikTok aims to address US security concerns with new algorithm

TikTok is developing a separate recommendation algorithm for its 170 million US users to address concerns from American lawmakers who are pushing to ban the app. The following action, initiated by ByteDance, TikTok’s Chinese parent company, involves separating millions of lines of code to create an independent US version, potentially paving the way for divestiture of US assets.

The initiative, which predates a bill mandating TikTok’s US operations’ sale, is a response to bipartisan concerns that the app could provide Beijing with access to extensive user data. Despite ByteDance’s legal challenge to the new law, engineers continue to work on the complex and lengthy process of code separation, which is expected to take over a year.

TikTok has stated that selling its US assets is not feasible, citing commercial, technological, and legal constraints. However, the company is exploring options to demonstrate its US operations’ independence, including possibly open-sourcing parts of its algorithm. The success of this separation project could impact TikTok US’s performance, which currently relies on ByteDance’s engineering resources.

Indonesia plans to integrate 27,000 existing government apps

Indonesia’s President Joko Widodo has mandated a halt on the development of new government mobile applications, aiming to streamline and integrate the existing 27,000 apps managed by various ministries and regional administrations. This directive is part of a broader initiative to enhance public service efficiency and reduce bureaucratic complexities. Widodo highlighted the redundancy of creating new applications with each change in leadership and emphasised the importance of simplifying public service access.

At the launch of INA Digital, a platform designed to consolidate these services, Widodo noted that this integration could save significant government funds previously allocated for new app development. The INA Digital initiative is not a new application but a system intended to unify access to various government services through a single sign-in process. Although users will still need different apps for specific services, the integration aims to ease the overall user experience.

Minister of State Apparatus Utilisation and Bureaucratic Reform Abdullah Azwar Anas mentioned that INA Digital would integrate services from at least 15 ministries by September. The development of this super application is spearheaded by 400 local digital talents under GovTech Indonesia, led by Perum Peruri, in collaboration with various government entities. The project is expected to be available to the public within four months following its trial phase.

The initiative is part of a strategic move to improve digital governance and public service delivery in Indonesia, addressing efficiency and cybersecurity concerns. The country has faced significant cybersecurity threats, with a notable breach of the General Elections Commission’s database in November 2023, underscoring the urgent need for robust digital infrastructure.

Chinese national behind 911 S5 botnet arrested in Singapore

The US Department of Justice (DOJ) announced the arrest of a Chinese national, Wang Yunhe, in an international operation targeting cybercrime. Wang, aged 35, was apprehended in Singapore on 24 May for allegedly creating and using malware responsible for cyberattacks, large-scale fraud, and child exploitation. This arrest comes on the heels of a similar high-profile sweep last August, involving 10 Chinese citizens charged with laundering over $2 billion through Singapore.

According to the US Treasury Department, the botnet, known as ‘911 S5,’ was used by criminals to compromise personal devices to further conduct identity theft, financial fraud, and child exploitation.

The Treasury’s Office of Foreign Assets Control has now imposed sanctions on three Chinese nationals behind the platform—Yunhe Wang, Jingping Liu, and Yanni Zheng—and on three entities owned or controlled by Yunhe Wang. FBI Director Christopher Wray described the ‘911 S5’ botnet as likely the world’s largest, comprising malware-infected computers in nearly 200 countries.

According to the DOJ, Wang and unnamed accomplices developed and distributed malware that compromised millions of residential Windows computers worldwide. From 2018 to July 2022, Wang accrued $99 million from selling access to hijacked IP addresses, facilitating cybercriminals in bypassing financial fraud detection systems. These criminals committed fraud, resulting in losses exceeding $5.9 billion, including 560,000 fraudulent unemployment insurance claims.

Wang used the illicitly obtained proceeds to acquire assets globally, spanning properties in the USA, Saint Kitts and Nevis, China, Singapore, Thailand, and the UAE. His possessions included luxury sports cars, numerous bank accounts, cryptocurrency wallets, luxury watches, and 21 properties across multiple countries. Matthew S. Axelrod from the US Department of Commerce’s Bureau of Industry and Security described the case as resembling a screenplay, highlighting the extensive criminal enterprise and lavish expenditures financed by nearly $100 million in profits.

The operation is a collaborative effort led by law enforcement agencies from the US, Singapore, Thailand, and Germany. It underscores the international cooperation required to combat cybercrime effectively.

The FBI has published information at fbi.gov/911S5 to help identify and remove 911 S5’s VPN applications from infected devices.

Meta discovers ‘likely AI-generated’ content praising Israel

Meta reported finding likely AI-generated content used deceptively on Facebook and Instagram, praising Israel’s handling of the Gaza conflict in comments under posts from global news organisations and US lawmakers. This campaign, linked to the Tel Aviv-based political marketing firm STOIC, targeted audiences in the US and Canada by posing as various concerned citizens. STOIC has not commented on the allegations.

Meta’s quarterly security report marks the first disclosure of text-based generative AI technology used in influence operations since its emergence in late 2022. While AI-generated profile photos have been identified in past operations, the use of text-based AI raises concerns about more effective disinformation campaigns. Despite this, Meta’s security team successfully disrupted the Israeli campaign early and maintained confidence in their ability to detect such networks.

The report detailed six covert influence operations disrupted in the first quarter, including an Iran-based network focused on the Israel-Hamas conflict, which did not use generative AI. As Meta and other tech giants continue to address potential AI misuse, upcoming elections in the EU and the US will test their defences against AI-generated disinformation.