In just over two months, Paris will host the eagerly awaited 2024 Summer Olympics, welcoming athletes from around the globe. These athletes had a condensed preparation period due to the COVID-related delay of the 2020 Summer Olympics, which took place in Tokyo in 2021. While athletes hone their skills for the upcoming games, organisers diligently fortify their defences against cybersecurity threats.
As cyber threats become increasingly sophisticated, there’s a growing focus on leveraging AI to combat them. Blackbird.AI has developed Constellation, an AI-powered narrative intelligence platform that identifies and analyses disinformation-driven narratives. By assessing the risk and adding context to these narratives, Constellation equips organisations with invaluable insights for informed decision-making.
The platform’s real-time monitoring capability allows for early detection and mitigation of narrative attacks, which can inflict significant financial and reputational damage. With the ability to analyse various forms of content across multiple platforms and languages, Constellation offers a comprehensive approach to combating misinformation and safeguarding against online threats.
Meanwhile, the International Olympic Committee (IOC) is also embracing AI, recognising its potential to enhance various aspects of sports. From talent identification to improving judging fairness and protecting athletes from online harassment, the IOC is leveraging AI to innovate and enhance the Olympic experience. With cybersecurity concerns looming, initiatives like Viginum, spearheaded by French President Emmanuel Macron, aim to counter online interference and ensure the security of major events like the Olympics.
An Israeli private investigator, Amit Forlit, who is wanted by the US over hack-for-hire allegations, had reportedly been questioned by FBI agents regarding his work for the Washington public affairs firm DCI Group, according to sources familiar with the matter. This revelation sheds light on a broader US probe into cyber-mercenary activities, suggesting a deeper investigation than previously acknowledged.
Forlit was arrested at London’s Heathrow Airport on 30 April on cybercrime and wire fraud charges related to a ‘hack for hire scheme’ allegedly conducted on behalf of various clients. Following a procedural error by British authorities, he was released two days later but was rearrested on the same charges on Thursday. Forlit has since been released on bail, with conditions including surrendering his passport and remaining in the country.
Despite Forlit’s denial of commissioning or paying for hacking, his connection to convicted Israeli private investigator Aviram Azari, who was sentenced last year, raises questions. Forlit allegedly expressed concern about potential arrest by American law enforcement following Azari’s case. Additionally, Forlit is facing a separate lawsuit in New York federal court over allegations of email theft in 2016, although he denies any involvement. Court records suggest Forlit had business ties with DCI Group, further implicating him in the ongoing investigations.
Due to national security concerns, Canada has ordered the dissolution of two technology companies, Bluvec Technologies Inc and Pegauni Technology Inc. According to a statement from the innovation ministry, the companies were directed to cease all operations under the Investment Canada Act. As Innovation Minister Francois-Philippe Champagne stated, the decision followed an extensive review by Canada’s national security and intelligence community.
Minister Champagne emphasised that while Canada remains open to foreign direct investment, it will take decisive action when such investments threaten national security. The statement did not provide specific details about the security concerns or the nature of the investments involved. Bluvec Technologies is identified as a maker of drone detection devices, while Pegauni Technology, which appears to produce wireless security products, could not be reached for comment.
The Investment Canada Act, revised earlier this year, now includes stricter national security reviews for proposed foreign investments. The law applies to foreigners acquiring control of a Canadian business or establishing a new business within the country. Additionally, the enforcement of these regulations underscores Canada’s commitment to safeguarding its national security in the face of potential foreign threats.
The FCC has proposed a $6 million fine against a scammer who used voice-cloning technology to impersonate US President Biden in a series of illegal robocalls during the New Hampshire primary election. This incident serves as a stern warning to other potential high-tech scammers about the misuse of generative AI in such schemes. In January, many New Hampshire voters received fraudulent calls mimicking President Biden, urging them not to vote in the primary. The voice-cloning technology, which has become widely accessible, enabled this deception with just a few minutes of Biden’s publicly available speeches.
The FCC and other law enforcement agencies have made it clear that using fake voices to suppress votes or for other malicious activities is strictly prohibited. Loyaan Egal, the chief of the FCC’s Enforcement Bureau, emphasised their commitment to preventing the misuse of telecommunications networks for such purposes. The primary perpetrator, political consultant Steve Kramer, collaborated with the disreputable Life Corporation and telecom company Lingo, among others, to execute the robocall scheme.
While Kramer faces violations of several rules, there are currently no criminal charges against him or his associates. The FCC’s power is limited to civil penalties, requiring cooperation with local or federal law enforcement for further action. Although the $6 million fine represents a significant penalty, the actual amount paid may be lower due to various factors. Kramer has the opportunity to respond to the allegations, and additional actions are being taken against Lingo, which could lead to further fines or the loss of licenses.
Following this case, the FCC officially declared in February that AI-generated voices are illegal to use in robocalls. This decision underscores the agency’s stance on generative AI and its potential for abuse, aiming to prevent future incidents of voter suppression and other fraudulent activities.
Microsoft’s recent deal with UAE-backed AI firm G42 could involve the transfer of advanced AI technology, raising concerns about national security implications. Microsoft President Brad Smith highlighted that the agreement might eventually include exporting sophisticated chips and AI model weights, although this phase has no set timeline. The deal, which necessitates US Department of Commerce approval, includes safeguards to prevent the misuse of technology by Chinese entities. However, details of these measures remain undisclosed, prompting scepticism among US lawmakers about their adequacy.
Concerns about the agreement have been voiced by senior US officials, who warn of the potential national security risks posed by advanced AI systems, such as the ease of engineering dangerous weapons. Representative Michael McCaul expressed frustration over the lack of a comprehensive briefing for Congress, citing fears of Chinese espionage through UAE channels. Current regulations require notifications and export licenses for AI chips, but gaps exist regarding the export of AI models, leading to legislative efforts to grant US officials more explicit control over such exports.
Why does it matter?
The deal, valued at $1.5 billion, was framed as a strategic move to extend US technology influence amid global competition, particularly with China. Although the exact technologies and security measures involved are not fully disclosed, the agreement aims to enhance AI capabilities in regions like Kenya and potentially Turkey and Egypt. Microsoft asserts that G42 will adhere to US regulatory requirements and has implemented a ‘know your customer’ rule to prevent Chinese firms from using the technology for training AI models.
Microsoft emphasises its commitment to ensuring secure global technology transfers, with provisions for imposing financial penalties on G42 through arbitration courts in London if compliance issues arise. While the US Commerce Department will oversee the deal under existing and potential future export controls, how Commerce Secretary Gina Raimondo will handle the approval process remains uncertain. Smith anticipates that the regulatory framework developed for this deal will likely be applied broadly across the industry.
The EU regulators announced on Thursday that Meta Platforms’ social media platforms, Facebook and Instagram, will undergo investigation for potential violations of the EU online content rules about child safety, potentially resulting in significant fines. The scrutiny follows the EU’s implementation of the Digital Services Act (DSA) last year, which places greater responsibility on tech companies to address illegal and harmful content on their platforms.
The European Commission has expressed concerns that Facebook and Instagram have not adequately addressed risks to children, prompting an in-depth investigation. Issues highlighted include the potential for the platforms’ systems and algorithms to promote behavioural addictions among children and facilitate access to inappropriate content, leading to what the Commission refers to as ‘rabbit-hole effects’. Additionally, concerns have been raised regarding Meta’s age assurance and verification methods.
Why does it matter?
Meta, formerly known as Facebook, is already under the EU scrutiny over election disinformation, particularly concerning the upcoming European Parliament elections. Violations of the DSA can result in fines of up to 6% of a company’s annual global turnover, indicating the seriousness with which the EU regulators are approaching these issues. Meta’s response to the investigation and any subsequent actions will be closely monitored as the EU seeks to enforce stricter regulations on tech giants to protect online users, especially children, from harm.
According to confidential findings by UN sanctions monitors, North Korea utilised the virtual currency platform Tornado Cash to launder $147.5 million in March, following its theft from a cryptocurrency exchange last year. The monitors revealed to a UN Security Council sanctions committee that they had been investigating 97 suspected cyberattacks by North Korea on cryptocurrency companies between 2017 and 2024, totalling approximately $3.6 billion.
As can be seen in these confidential findings, one notable incident involved the theft of $147.5 million from the HTX cryptocurrency exchange late last year, which was then laundered in March. The monitors cited information from crypto analytics firm PeckShield and blockchain research firm Elliptic. In 2024 alone, they investigated 11 cryptocurrency thefts valued at $54.7 million, suggesting possible involvement by North Korean IT workers hired by small crypto-related companies.
North Korea, officially known as the Democratic People’s Republic of Korea (DPRK), has faced UN sanctions since 2006, aimed at curbing funding for its ballistic missile and nuclear programs. The US has previously sanctioned Tornado Cash over alleged support for North Korea, with two co-founders charged with facilitating money laundering. Virtual currency ‘mixer’ platforms like Tornado Cash blend cryptocurrencies to obscure their source and ownership.
Additionally, the monitors highlighted ongoing concerns about illicit arms trade between North Korea and Russia, with suspected shipments between North Korea’s Rajin port and Russian ports. There were also reports of North Korean cargo ships offloading coal in Chinese waters, potentially evading sanctions. Both China and Russia declined to comment on the monitors’ findings.
This potential measure follow broader US restrictions over export of AI chips and manufacturing tools to China. In the same context the US proposed a “know your customer” rule that would require national cloud companies to inform the government when their services are used by foreign entities to train AI models that could potentially be deployed for cyberattacks. The new area of restriction aims to cover AI models and their core software.
The Biden administration’s proposal involves establishing regulatory controls over the export of proprietary or closed source AI models , which are developed and kept confidential by companies like OpenAI and Google DeepMind. Currently, nothing is stopping US AI giants, which have developed some of the most powerful closed source AI models, from selling them to almost anyone in the world without government oversight.
The Commerce Department is reportedly discussing the use of a computing power threshold, which was outlined in a recent AI executive order, to determine which AI models would be subject to export controls. This move is part of a broader effort to maintain technological superiority and manage the risks associated with AI advancements. The proposed controls would primarily target new models that have not yet been released, as existing technologies have not reached the defined thresholds.
These considerations come in response to the rapid development and potential misuse of AI technologies that could be used to enhance cyber and biological warfare capabilities. Recent discussions highlighted by researchers from Gryphon Scientific and the Rand Corporation emphasize that advanced AI models could assist in the development of biological weapons. Additionally, the Department of Homeland Security’s 2024 threat assessment warns that cyber actors are likely to leverage AI to conduct more sophisticated cyberattacks. The U.S. aims to establish a regulatory framework that can keep pace with technological advancements while addressing the complex challenges of effectively implementing export controls. The Commerce Department has yet to finalize any rules, indicating that the discussions are ongoing and that feedback from industry stakeholders will be essential in shaping the final regulatory approach.
Following a major cyberattack last year that saw China-linked hackers infiltrate the US Department of State’s network, the agency has expanded its cybersecurity efforts beyond its reliance on Microsoft. This reinforcement of the defence strategy comes after the breach compromised around 60,000 State Department emails, including those of high-profile officials like Commerce Secretary Gina Raimondo. Criticism was directed at Microsoft, with the Cyber Safety Review Board questioning the company’s transparency regarding the incident.
Kelly Fletcher, the department’s chief information officer, highlighted concerns about the security of corporate networks, emphasising the importance of all vendors ensuring secure systems. The hacking group, identified by Microsoft as Storm-558, obtained access to a digital key, allowing them to breach government inboxes. Despite tensions, the embassy of China in Washington denied any involvement of Chinese government-linked hackers in the attack.
In response to the breach, the US State Department has diversified its vendor portfolio, incorporating companies like Palo Alto, Zscaler, and Cisco alongside Microsoft. While Microsoft managed to revoke the hackers’ access, Fletcher expressed concerns over the potential broader impact of the breach. The department has since bolstered its security measures, including multifactor authentication and data encryption, significantly increasing cybersecurity fundamentals across its systems.
Despite criticism, Microsoft remains a key player in the State Department’s cybersecurity framework. The agency thoroughly analysed its communications with Microsoft following a separate breach linked to Russian hackers, concluding that sensitive information was not compromised. With ongoing efforts to fortify its cybersecurity posture, the State Department aims to mitigate future threats and maintain the integrity of its digital infrastructure.
Ukraine has issued a warning about Russia’s escalating use of TikTok to challenge President Volodymyr Zelenskiy’s legitimacy and erode national morale amid Russia’s military actions. Russian influencers and bots are reportedly behind viral TikTok videos targeting 20 May, the date when Zelenskiy’s first term would have ended if not for election disruptions due to martial law. Andriy Kovalenko, a senior official focused on countering Russian misinformation, highlighted Russia’s systematic approach to TikTok, exploiting the platform to sway public opinion.
As Russia continues its military campaign against Ukraine, it has expanded its information warfare to platforms like TikTok alongside traditional battlegrounds. The use of TikTok to disseminate misinformation represents a strategic shift in Russia’s multifaceted approach to influencing public perception and leveraging its advantage in cyberspace. TikTok, owned by ByteDance, has responded by enhancing safety measures and removing harmful misinformation in Ukraine amid broader scrutiny over data security and misinformation concerns from the US and the EU.
In response to these challenges, Ukraine advocates for greater cooperation from social media companies like TikTok by urging them to establish full-scale offices in Kyiv to combat disinformation effectively. Kovalenko, who actively uses TikTok to counter false narratives, emphasised the need to adapt Ukraine’s approach to this influential platform. The call for action by Kovalenko comes as TikTok reports uncovering covert influence operations related to Ukraine conflict and removing millions of problematic videos during the last quarter.
Why does it matter?
Ukraine’s efforts to confront Russia’s information campaign on TikTok reflect broader concerns over the app’s influence and security. While governments like the US and the EU take measures to safeguard against potential threats posed by platforms like TikTok, the ongoing geopolitical dynamics and the use of social media as a battleground highlight the complex challenges digital technologies pose in the modern information landscape.
